ID KB4571689 Type mskb Reporter Microsoft Modified 2020-08-11T17:41:39
Description
<html><body><p>Learn more about update KB4571689, including improvements and fixes, any known issues, and how to get the update.</p><h2></h2><div class="alert-band"><div class="alert alert-warning" role="alert"><div class="row"><div class="col-xs-24"><p><strong>Current status of Windows 10, version 1703 </strong></p><p>Windows 10, version 1703 has reached end of service for all editions. To continue receiving security and quality updates, Microsoft recommends updating to the latest version of Windows 10<em>.</em></p><p>Surface Hub devices remain in support. Starting on November 12, 2019, updates for Windows 10, version 1703 will be available only for Surface Hub devices. Update information and Surface Hub known issues will be listed on this page.</p><p>For information about servicing timelines, see the <a href="https://support.microsoft.com/help/13853/windows-lifecycle-fact-sheet" managed-link="" target="_blank">Windows lifecycle fact sheet</a>.</p></div></div></div></div><div class="alert-band"><div class="alert alert-info" role="alert"><div class="row"><div class="col-xs-24"><p><span><span><span><span><span><strong>IMPORTANT </strong></span></span></span></span>Starting in July 2020, all Windows Updates will disable the <a href="https://docs.microsoft.com/en-us/windows-server/virtualization/hyper-v/deploy/deploy-graphics-devices-using-remotefx-vgpu" managed-link="" target="_blank">RemoteFX vGPU</a> feature because of a security vulnerability. For more information about the vulnerability, see<a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1036" managed-link="" target="_blank"> CVE-2020-1036</a> and <a data-content-id="4570006" data-content-type="article" href="" managed-link="" target="_blank">KB4570006</a>. After you install this update, attempts to start virtual machines (VM) that have RemoteFX vGPU enabled will fail, and messages such as the following will appear:</span></p><ul><li><span><span><span>“The virtual machine cannot be started because all the RemoteFX-capable GPUs are disabled in Hyper-V Manager.”</span></span></span></li><li><span><span><span>“The virtual machine cannot be started because the server has insufficient GPU resources.”</span></span></span></li></ul><p class="indent-4"><span> </span><span>If you <a href="https://docs.microsoft.com/en-us/windows-server/virtualization/hyper-v/plan/plan-for-gpu-acceleration-in-windows-server" managed-link="" target="_blank">re-enable</a> RemoteFX vGPU, a message similar to the following will appear:</span></p><ul><li><span> "We no longer support the RemoteFX 3D video adapter. If you are still using this adapter, you may become vulnerable to security risk. Learn more (https://go.microsoft.com/fwlink/?linkid=2131976)”</span></li></ul></div></div></div></div><h2>Highlights</h2><ul><li>Updates to improve security when using Internet Explorer and Microsoft Edge Legacy.</li><li>Updates to improve security when Windows performs basic operations.</li><li><span><span><span>Updates for storing and managing files.</span></span></span></li></ul><h2>Improvements and fixes</h2><div><p>This security update includes quality improvements. Key changes include:</p><ul><li>Addresses an issue that causes certain applications to stop responding when under load if they rely on the JScript Scripting Engine. </li><li>Addresses an issue that prevents you from installing some .msi apps. This occurs when a device is managed by a Group Policy that redirects the AppData folder to a network folder. </li><li>Addresses an issue in Universal Windows Platform (UWP) apps that allows single sign-on authentication when an app does not have the Enterprise Authentication capability. With the release of <a data-content-id="" data-content-type="" href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1509" managed-link="" target="_blank">CVE-2020-1509</a>, UWP applications might begin prompting the user for credentials. </li><li>Security updates to Internet Explorer, the Microsoft Scripting Engine, Windows Graphics, Windows Media, Windows Shell, the Windows Wallet Service, Microsoft Edge Legacy, Windows Cloud Infrastructure, Windows AI Platform, Windows Fundamentals, Windows Kernel, Windows Core Networking, Windows Storage and Filesystems, Windows Hybrid Storage Services, and the Microsoft JET Database Engine.</li></ul><p>If you installed earlier updates, only the new fixes contained in this package will be downloaded and installed on your device.</p><p>For more information about the resolved security vulnerabilities, please refer to the <a href="https://portal.msrc.microsoft.com/security-guidance">Security Update Guide</a>.</p><div class="alert-band"><div class="alert alert-info" role="alert"><p class="alert-title">Windows Update Improvements</p><div class="row"><div class="col-xs-24"><p>Microsoft has released an update directly to the Windows Update client to improve reliability. Any device running Windows 10 configured to receive updates automatically from Windows Update, including Enterprise and Pro editions, will be offered the latest Windows 10 feature update based on device compatibility and Windows Update for Business deferral policy. This doesn't apply to long-term servicing editions.</p></div></div></div></div></div><h2>Known issues in this update</h2><div><p>Microsoft is currently not aware of any issues with this update.</p></div><h2>How to get this update</h2><p><strong>Before installing this update</strong></p><p>Microsoft strongly recommends you install the latest servicing stack update (SSU) for your operating system before installing the latest cumulative update (LCU). SSUs improve the reliability of the update process to mitigate potential issues while installing the LCU and applying Microsoft security fixes. For general information about SSUs, see <a aria-live="assertive" data-bi-name="content-anchor-link" href="https://docs.microsoft.com/en-us/windows/deployment/update/servicing-stack-updates" managed-link="" tabindex="0" target="_blank">Servicing stack updates</a> and <a aria-live="assertive" data-bi-name="content-anchor-link" data-content-id="4535697" data-content-type="article" href="" managed-link="" tabindex="0" target="_blank">Servicing Stack Updates (SSU): Frequently Asked Questions</a>.</p><p>If you are using Windows Update, the latest SSU (<a data-content-id="4565551" data-content-type="article" href="" managed-link="" target="_blank">KB4565551</a>) will be offered to you automatically. To get the standalone package for the latest SSU, search for it in the <a href="http://www.catalog.update.microsoft.com/home.aspx" managed-link="" target="_blank">Microsoft Update Catalog</a>. </p><p><strong>Install this update</strong></p><table class="table"><tbody><tr><td><strong>Release Channel</strong></td><td align="center"><strong>Available</strong></td><td><strong>Next Step</strong></td></tr><tr><td>Windows Update and Microsoft Update</td><td align="center">Yes</td><td>None. This update will be downloaded and installed automatically from Windows Update.</td></tr><tr><td>Microsoft Update Catalog</td><td align="center">Yes</td><td>To get the standalone package for this update, go to the <a data-content-id="" data-content-type="" href="https://www.catalog.update.microsoft.com/Search.aspx?q=KB4571689" managed-link="" target="">Microsoft Update Catalog</a> website.</td></tr><tr><td>Windows Server Update Services (WSUS)</td><td align="center">Yes</td><td><p>This update will automatically sync with WSUS if you configure <strong>Products and Classifications</strong> as follows:</p><p><strong>Product</strong>: Windows 10</p><strong>Classification</strong>: Security Updates</td></tr></tbody></table><p> </p><p><strong>File information</strong></p><p>For a list of the files that are provided in this update, download the <a data-content-id="" data-content-type="" href="https://download.microsoft.com/download/1/a/2/1a2c0938-7fee-425f-9fc9-55b87d1cf2c6/4571689.csv" managed-link="" target="">file information for cumulative update 4571689</a>. </p></body></html>
{"id": "KB4571689", "bulletinFamily": "microsoft", "title": "August 11, 2020\u2014KB4571689 (OS Build 15063.2467)", "description": "<html><body><p>Learn more about update KB4571689, including improvements and fixes, any known issues, and how to get the update.</p><h2></h2><div class=\"alert-band\"><div class=\"alert alert-warning\" role=\"alert\"><div class=\"row\"><div class=\"col-xs-24\"><p><strong>Current status of Windows 10, version 1703 </strong></p><p>Windows 10, version 1703 has reached end of service for all editions. To continue receiving security and quality updates, Microsoft recommends updating to the latest version of Windows 10<em>.</em></p><p>Surface Hub devices remain in support.\u00a0Starting on November 12, 2019, updates for Windows 10, version 1703 will be available only for Surface Hub devices.\u00a0Update information and Surface Hub known issues will be listed on this page.</p><p>For information about servicing timelines, see the <a href=\"https://support.microsoft.com/help/13853/windows-lifecycle-fact-sheet\" managed-link=\"\" target=\"_blank\">Windows lifecycle fact sheet</a>.</p></div></div></div></div><div class=\"alert-band\"><div class=\"alert alert-info\" role=\"alert\"><div class=\"row\"><div class=\"col-xs-24\"><p><span><span><span><span><span><strong>IMPORTANT\u00a0</strong></span></span></span></span>Starting in July 2020, all Windows Updates will disable the <a href=\"https://docs.microsoft.com/en-us/windows-server/virtualization/hyper-v/deploy/deploy-graphics-devices-using-remotefx-vgpu\" managed-link=\"\" target=\"_blank\">RemoteFX vGPU</a> feature because of a security vulnerability. For more information about the vulnerability, see<a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1036\" managed-link=\"\" target=\"_blank\"> CVE-2020-1036</a> and <a data-content-id=\"4570006\" data-content-type=\"article\" href=\"\" managed-link=\"\" target=\"_blank\">KB4570006</a>. After you install this update, attempts to start virtual machines (VM) that have RemoteFX vGPU enabled will fail, and messages such as the following will appear:</span></p><ul><li><span><span><span>\u201cThe virtual machine cannot be started because all the RemoteFX-capable GPUs are disabled in Hyper-V Manager.\u201d</span></span></span></li><li><span><span><span>\u201cThe virtual machine cannot be started because the server has insufficient GPU resources.\u201d</span></span></span></li></ul><p class=\"indent-4\"><span> </span><span>If you <a href=\"https://docs.microsoft.com/en-us/windows-server/virtualization/hyper-v/plan/plan-for-gpu-acceleration-in-windows-server\" managed-link=\"\" target=\"_blank\">re-enable</a> RemoteFX vGPU, a message similar to the following will appear:</span></p><ul><li><span> \"We no longer support the RemoteFX 3D video adapter. If you are still using this adapter, you may become vulnerable to security risk. Learn more (https://go.microsoft.com/fwlink/?linkid=2131976)\u201d</span></li></ul></div></div></div></div><h2>Highlights</h2><ul><li>Updates to improve security when using Internet Explorer and Microsoft Edge Legacy.</li><li>Updates to improve security when Windows performs basic operations.</li><li><span><span><span>Updates for storing and managing files.</span></span></span></li></ul><h2>Improvements and fixes</h2><div><p>This security update includes quality improvements. Key changes include:</p><ul><li>Addresses an issue that causes certain applications to stop responding when under load if they rely on the JScript Scripting Engine.\u00a0</li><li>Addresses an issue that prevents you from installing some .msi apps. This occurs when a device is managed by a Group Policy that redirects the AppData folder to a network folder.\u00a0</li><li>Addresses an issue in Universal Windows Platform (UWP) apps that allows single sign-on authentication when an app does not have the Enterprise Authentication capability. With the release of <a data-content-id=\"\" data-content-type=\"\" href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1509\" managed-link=\"\" target=\"_blank\">CVE-2020-1509</a>, UWP applications might begin prompting the user for credentials.\u00a0</li><li>Security updates to Internet Explorer, the Microsoft Scripting Engine, Windows Graphics, Windows Media, Windows Shell, the Windows Wallet Service, Microsoft Edge Legacy, Windows Cloud Infrastructure, Windows AI Platform, Windows Fundamentals, Windows Kernel, Windows Core Networking, Windows Storage and Filesystems, Windows Hybrid Storage Services, and the Microsoft JET Database Engine.</li></ul><p>If you installed earlier updates, only the new fixes contained in this package will be downloaded and installed on your device.</p><p>For more information about the resolved security vulnerabilities, please refer to the <a href=\"https://portal.msrc.microsoft.com/security-guidance\">Security Update Guide</a>.</p><div class=\"alert-band\"><div class=\"alert alert-info\" role=\"alert\"><p class=\"alert-title\">Windows Update Improvements</p><div class=\"row\"><div class=\"col-xs-24\"><p>Microsoft has released an update directly to the Windows Update client to improve reliability. Any device running Windows 10 configured to receive updates automatically from Windows Update, including Enterprise and Pro editions, will be offered the latest Windows 10 feature update based on device compatibility and Windows Update for Business deferral policy. This doesn't apply to long-term servicing editions.</p></div></div></div></div></div><h2>Known issues in this update</h2><div><p>Microsoft is currently not aware of any issues with this update.</p></div><h2>How to get this update</h2><p><strong>Before installing this update</strong></p><p>Microsoft strongly recommends you install the latest servicing stack update (SSU) for your operating system before installing the latest cumulative update (LCU). SSUs improve the reliability of the update process to mitigate potential issues while installing the LCU and applying Microsoft security fixes.\u00a0For general information about SSUs,\u00a0see <a aria-live=\"assertive\" data-bi-name=\"content-anchor-link\" href=\"https://docs.microsoft.com/en-us/windows/deployment/update/servicing-stack-updates\" managed-link=\"\" tabindex=\"0\" target=\"_blank\">Servicing stack updates</a>\u00a0and\u00a0<a aria-live=\"assertive\" data-bi-name=\"content-anchor-link\" data-content-id=\"4535697\" data-content-type=\"article\" href=\"\" managed-link=\"\" tabindex=\"0\" target=\"_blank\">Servicing Stack Updates (SSU): Frequently Asked Questions</a>.</p><p>If you are using Windows Update, the latest SSU\u00a0(<a data-content-id=\"4565551\" data-content-type=\"article\" href=\"\" managed-link=\"\" target=\"_blank\">KB4565551</a>) will be offered to you automatically.\u00a0To get the standalone package for the latest\u00a0SSU, search for it in the <a href=\"http://www.catalog.update.microsoft.com/home.aspx\" managed-link=\"\" target=\"_blank\">Microsoft Update Catalog</a>.\u00a0</p><p><strong>Install this update</strong></p><table class=\"table\"><tbody><tr><td><strong>Release Channel</strong></td><td align=\"center\"><strong>Available</strong></td><td><strong>Next Step</strong></td></tr><tr><td>Windows Update and Microsoft Update</td><td align=\"center\">Yes</td><td>None. This update will be downloaded and installed automatically from Windows Update.</td></tr><tr><td>Microsoft Update Catalog</td><td align=\"center\">Yes</td><td>To get the standalone package for this update, go to the\u00a0<a data-content-id=\"\" data-content-type=\"\" href=\"https://www.catalog.update.microsoft.com/Search.aspx?q=KB4571689\" managed-link=\"\" target=\"\">Microsoft Update Catalog</a>\u00a0website.</td></tr><tr><td>Windows Server Update Services (WSUS)</td><td align=\"center\">Yes</td><td><p>This update will automatically sync\u00a0with WSUS if you configure <strong>Products and Classifications</strong> as follows:</p><p><strong>Product</strong>: Windows 10</p><strong>Classification</strong>: Security Updates</td></tr></tbody></table><p>\u00a0</p><p><strong>File information</strong></p><p>For a list of the files that are provided in this update, download the\u00a0<a data-content-id=\"\" data-content-type=\"\" href=\"https://download.microsoft.com/download/1/a/2/1a2c0938-7fee-425f-9fc9-55b87d1cf2c6/4571689.csv\" managed-link=\"\" target=\"\">file information for cumulative update 4571689</a>.\u00a0</p></body></html>", "published": "2020-08-11T00:00:00", "modified": "2020-08-11T17:41:39", "cvss": {"score": 7.7, "vector": "AV:A/AC:L/Au:S/C:C/I:C/A:C"}, "href": "https://support.microsoft.com/en-us/help/4571689/", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2020-1036", "CVE-2020-1509"], "type": "mskb", "lastseen": "2021-01-01T22:42:43", "edition": 5, "viewCount": 8, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2020-1509", "CVE-2020-1036"]}, {"type": "mskb", "idList": ["KB4571703", "KB4577021", "KB4565351", "KB4571709", "KB4565349", "KB4571736", "KB4571692", "KB4571741", "KB4566782", "KB4571694"]}, {"type": "mscve", "idList": ["MS:CVE-2020-1036", "MS:CVE-2020-1509"]}, {"type": "talos", "idList": ["TALOS-2020-0979"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:F343178EEC11B54CFAFBD0B4D505010B"]}, {"type": "nessus", "idList": ["SMB_NT_MS20_AUG_4571692.NASL", "SMB_NT_MS20_AUG_4566782.NASL", "SMB_NT_MS20_AUG_4571709.NASL", "SMB_NT_MS20_AUG_4571741.NASL", "SMB_NT_MS20_AUG_4571694.NASL", "SMB_NT_MS20_AUG_4571703.NASL", "SMB_NT_MS20_AUG_4565351.NASL", "SMB_NT_MS20_AUG_4565349.NASL", "SMB_NT_MS20_AUG_4571736.NASL"]}, {"type": "kaspersky", "idList": ["KLA11863", "KLA11931", "KLA11865"]}, {"type": "avleonov", "idList": ["AVLEONOV:F17F36C3CC642EBDC27E43900FE3905E", "AVLEONOV:7DAB33D28205885E8979C4C664958CDC"]}], "modified": "2021-01-01T22:42:43", "rev": 2}, "score": {"value": 5.2, "vector": "NONE", "modified": "2021-01-01T22:42:43", "rev": 2}, "vulnersScore": 5.2}, "kb": "KB4571689", "msrc": "", "mscve": "", "msfamily": "", "msplatform": "", "msproducts": [], "supportAreaPaths": ["8343388f-5658-9fc4-7c56-12aa484159ba"], "supportAreaPathNodes": [{"id": "8343388f-5658-9fc4-7c56-12aa484159ba", "name": "Windows 10, version 1703, all editions", "parent": "6ae59d69-36fc-8e4d-23dd-631d98bf74a9", "tree": [], "type": "productversion"}], "primarySupportAreaPath": [{"id": "1267d68d-d9f7-6020-0726-166b153ccbeb", "name": "Windows", "tree": [], "type": "productfamily"}, {"id": "6ae59d69-36fc-8e4d-23dd-631d98bf74a9", "name": "Windows 10", "parent": "1267d68d-d9f7-6020-0726-166b153ccbeb", "tree": [], "type": "productname"}, {"id": "8343388f-5658-9fc4-7c56-12aa484159ba", "name": "Windows 10, version 1703, all editions", "parent": "6ae59d69-36fc-8e4d-23dd-631d98bf74a9", "tree": [], "type": "productversion"}], "superseeds": ["KB4487020", "KB4467696", "KB4493474", "KB4503279", "KB4499181", "KB4489871", "KB4520010", "KB4471327", "KB4525245", "KB4540705", "KB4534296", "KB4462937", "KB4483230", "KB4524151", "KB4556804", "KB4561605", "KB4507450", "KB4512507", "KB4516068", "KB4550939", "KB4565499", "KB4537765", "KB4480973", "KB4530711"], "parentseeds": ["KB4586782", "KB4577021", "KB4580370", "KB4592473"], "msimpact": "", "msseverity": "", "scheme": null}
{"cve": [{"lastseen": "2021-02-02T07:36:59", "description": "An elevation of privilege vulnerability exists in the Local Security Authority Subsystem Service (LSASS) when an authenticated attacker sends a specially crafted authentication request, aka 'Local Security Authority Subsystem Service Elevation of Privilege Vulnerability'.", "edition": 6, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-08-17T19:15:00", "title": "CVE-2020-1509", "type": "cve", "cwe": ["CWE-269"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1509"], "modified": "2020-08-21T16:26:00", "cpe": ["cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_10:1903", "cpe:/o:microsoft:windows_10:1709", "cpe:/o:microsoft:windows_server_2016:1909", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_server_2016:1903"], "id": "CVE-2020-1509", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1509", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T07:36:54", "description": "A remote code execution vulnerability exists when Hyper-V RemoteFX vGPU on a host server fails to properly validate input from an authenticated user on a guest operating system, aka 'Hyper-V RemoteFX vGPU Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1032, CVE-2020-1040, CVE-2020-1041, CVE-2020-1042, CVE-2020-1043.", "edition": 7, "cvss3": {"exploitabilityScore": 2.3, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.0, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 6.0}, "published": "2020-07-14T23:15:00", "title": "CVE-2020-1036", "type": "cve", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 5.1, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.7, "vectorString": "AV:A/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1036"], "modified": "2020-07-21T14:28:00", "cpe": ["cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_server_2016:-"], "id": "CVE-2020-1036", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1036", "cvss": {"score": 7.7, "vector": "AV:A/AC:L/Au:S/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:*:*:*:*:*:x64:*"]}], "mskb": [{"lastseen": "2021-01-01T22:50:31", "bulletinFamily": "microsoft", "cvelist": ["CVE-2020-1036", "CVE-2020-1509"], "description": "<html><body><p>Learn more about this monthly update, including improvements and fixes, any known issues, and how to get the update.</p><h2></h2><div class=\"alert-band\"><div class=\"alert alert-info\" role=\"alert\"><div class=\"row\"><div class=\"col-xs-24\"><p><strong>IMPORTANT</strong> Windows Server 2012 has reached the end of mainstream support and is now in extended support. <span>Starting in July 2020, there will no longer be optional releases (known as <span>\"</span>C<span>\"</span> or <span>\"</span>D<span>\"</span> releases) for this operating system. Operating systems in extended support have <span>only</span> cumulative monthly security updates (known as the \"B\" or Update Tuesday release).</span></p></div></div></div></div><div class=\"alert-band\"><div class=\"alert alert-info\" role=\"alert\"><div class=\"row\"><div class=\"col-xs-24\"><p><span><span><span><span><span><strong>IMPORTANT\u00a0</strong></span></span></span></span>Starting in July 2020, all Windows Updates will disable the <a href=\"https://docs.microsoft.com/en-us/windows-server/virtualization/hyper-v/deploy/deploy-graphics-devices-using-remotefx-vgpu\" managed-link=\"\" target=\"_blank\">RemoteFX vGPU</a> feature because of a security vulnerability. For more information about the vulnerability, see<a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1036\" managed-link=\"\" target=\"_blank\"> CVE-2020-1036</a> and <a data-content-id=\"4570006\" data-content-type=\"article\" href=\"\" managed-link=\"\" target=\"_blank\">KB4570006</a>. After you install this update, attempts to start virtual machines (VM) that have RemoteFX vGPU enabled will fail, and messages such as the following will appear:</span></p><ul><li><span><span><span>\u201cThe virtual machine cannot be started because all the RemoteFX-capable GPUs are disabled in Hyper-V Manager.\u201d</span></span></span></li><li><span><span><span>\u201cThe virtual machine cannot be started because the server has insufficient GPU resources.\u201d</span></span></span></li></ul><p class=\"indent-4\"><span> </span><span>If you <a href=\"https://docs.microsoft.com/en-us/windows-server/virtualization/hyper-v/plan/plan-for-gpu-acceleration-in-windows-server\" managed-link=\"\" target=\"_blank\">re-enable</a> RemoteFX vGPU, a message similar to the following will appear:</span></p><ul><li><span> \"We no longer support the RemoteFX 3D video adapter. If you are still using this adapter, you may become vulnerable to security risk. Learn more (https://go.microsoft.com/fwlink/?linkid=2131976)\u201d</span></li></ul></div></div></div></div><div class=\"alert-band\"><div class=\"alert alert-info\" role=\"alert\"><div class=\"row\"><div class=\"col-xs-24\"><p>As of February 11, 2020, Internet Explorer 10 is no longer in support. To get Internet Explorer 11 for Windows Server 2012 or Windows 8 Embedded Standard, see <a data-content-id=\"4492872\" data-content-type=\"article\" href=\"\" managed-link=\"\" target=\"_blank\">KB4492872</a>. Install one of the following applicable updates to stay updated with the latest security fixes:</p><ul><li><p>Cumulative Update for Internet Explorer 11 for Windows Server 2012.</p></li><li><p>Cumulative Update for Internet Explorer 11 for Windows 8 Embedded Standard.</p></li><li><p>The August 2020 Monthly Rollup.</p></li></ul></div></div></div></div><h2>Improvements and fixes</h2><div><p>This security update includes improvements and fixes that were a part of update <a data-content-id=\"\" data-content-type=\"\" href=\"https://support.microsoft.com/help/4565537\" managed-link=\"\" target=\"_blank\">KB4565537</a>\u00a0(released July 14, 2020) and addresses the following issues:</p><ul><li><span><span><span><span><span>Addresses an issue that prevents you from installing some .msi apps. This occurs when a device is managed by a Group Policy that redirects the AppData folder to a network folder.</span></span></span></span></span></li><li><span>Addresses an issue in Universal Windows Platform (UWP) apps that allows single sign-on authentication when an app does not have the Enterprise Authentication capability. With the release of <a data-content-id=\"\" data-content-type=\"\" href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1509\" managed-link=\"\" target=\"_blank\">CVE-2020-1509</a>, UWP applications might begin prompting the user for credentials.</span></li><li><span><span><span><span><span><span>Addresses an issue in Microsoft Edge IE Mode when opening multiple documents from a SharePoint site.</span></span></span></span></span></span></li><li><span><span><span><span><span><span>Addresses an issue in Microsoft Edge IE Mode that occurs when you browse using anchor links.</span></span></span></span></span></span></li><li><span><span><span><span><span><span>Addresses an issue with loading Browser Helper Objects in Microsoft Edge IE Mode.</span></span></span></span></span></span></li><li><span><span><span><span><span><span>Addresses an issue where certain applications that rely on the JScript Scripting Engine become unresponsive under load.</span></span></span></span></span></span></li><li>Addresses an issue in which error 0x8007000E can occur during a Windows Update scan.</li><li>Addresses an issue with printing to a local port that is configured as a Universal Naming Convention (UNC) path or a shared network printer. These ports no longer appear in Control Panel on the <strong>Ports</strong> tab of the <strong>Print Server Properties</strong> dialog box. This issue occurs after installing Windows Updates released between May 2020 and July 2020.</li><li><span>Security updates to Windows App Platform and Frameworks, Windows Graphics, Windows Media, Windows Shell, Windows Cloud Infrastructure, Windows Authentication, Windows Kernel, Windows Hybrid Cloud Networking, Windows Peripherals, Windows Network Security and Containers, Windows Storage and Filesystems, Windows File Server and Clustering, Windows Hybrid Storage Services, Windows SQL components,\u00a0Microsoft Scripting Engine,\u00a0and Windows Remote Desktop.</span></li></ul><p>For more information about the resolved security vulnerabilities, please refer to the <a href=\"https://portal.msrc.microsoft.com/security-guidance\">Security Update Guide</a>.</p></div><h2>Known issues in this update</h2><div><table class=\"table\"><tbody><tr><td><strong>Symptom</strong></td><td><strong>Workaround</strong></td></tr><tr><td>Certain operations, such as <strong>rename</strong>, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, \u201cSTATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\u201d. This occurs when you perform the operation on a CSV owner node from a process that doesn\u2019t have administrator privilege.</td><td><p>Do one of the following:</p><ul><li>Perform the operation from a process that has administrator privilege.</li><li>Perform the operation from a node that doesn\u2019t have CSV ownership.</li></ul><p>Microsoft is working on a resolution and will provide an update in an upcoming release.</p></td></tr></tbody></table></div><h2>How to get this update</h2><p><strong>Before installing this update</strong></p><p>We strongly recommend that\u00a0you install the latest servicing stack update (SSU) for your operating system before installing the latest Rollup. SSUs improve the reliability of the update process to mitigate potential issues while installing the Rollup and applying Microsoft security fixes.\u00a0For general information about SSUs,\u00a0see <a aria-live=\"assertive\" data-bi-name=\"content-anchor-link\" href=\"https://docs.microsoft.com/en-us/windows/deployment/update/servicing-stack-updates\" managed-link=\"\" tabindex=\"0\" target=\"_blank\">Servicing stack updates</a>\u00a0and\u00a0<a aria-live=\"assertive\" data-bi-name=\"content-anchor-link\" data-content-id=\"4535697\" data-content-type=\"article\" href=\"\" managed-link=\"\" tabindex=\"0\" target=\"_blank\">Servicing Stack Updates (SSU): Frequently Asked Questions</a>.</p><p>If you use\u00a0Windows Update, the latest SSU\u00a0(<a data-content-id=\"\" data-content-type=\"\" href=\"https://support.microsoft.com/help/4566426\" managed-link=\"\" target=\"_blank\">KB4566426</a>) will be offered to you automatically.\u00a0To get the standalone package for the latest\u00a0SSU, search for it in the\u00a0<a aria-live=\"assertive\" data-bi-name=\"content-anchor-link\" data-content-id=\"\" data-content-type=\"\" href=\"http://www.catalog.update.microsoft.com/home.aspx\" managed-link=\"\" tabindex=\"0\" target=\"_blank\">Microsoft Update Catalog</a>.\u00a0</p><p><strong>Install this update</strong></p><table class=\"table\"><tbody><tr><td><strong>Release Channel</strong></td><td align=\"center\"><strong>Available</strong></td><td><strong>Next Step</strong></td></tr><tr><td>Windows Update and Microsoft Update</td><td align=\"center\">Yes</td><td>None. This update will be downloaded and installed automatically from Windows Update.</td></tr><tr><td>Microsoft Update Catalog</td><td align=\"center\">Yes</td><td>To get the standalone package for this update, go to the\u00a0<a data-content-id=\"\" data-content-type=\"\" href=\"https://www.catalog.update.microsoft.com/Search.aspx?q=KB4571736\" managed-link=\"\" target=\"_blank\">Microsoft Update Catalog</a>\u00a0website.</td></tr><tr><td>Windows Server Update Services (WSUS)</td><td align=\"center\">Yes</td><td><p>This update will automatically sync\u00a0with WSUS if you configure <strong>Products and Classifications</strong> as follows:</p><p><strong>Product</strong>: Windows Server 2012, Windows Embedded 8 Standard</p><strong>Classification</strong>: Security Updates</td></tr></tbody></table><p>\u00a0</p><p><strong>File information</strong></p><p>For a list of the files that are provided in this update, download the\u00a0<a data-content-id=\"\" data-content-type=\"\" href=\"https://download.microsoft.com/download/f/2/6/f26cf98e-6381-4cf7-b399-273a6a857f95/4571736.csv\" managed-link=\"\" target=\"_blank\">file information for update 4571736</a>.\u00a0</p></body></html>", "edition": 4, "modified": "2020-09-18T23:36:51", "id": "KB4571736", "href": "https://support.microsoft.com/en-us/help/4571736/", "published": "2020-08-11T00:00:00", "title": "August 11, 2020\u2014KB4571736 (Monthly Rollup)", "type": "mskb", "cvss": {"score": 7.7, "vector": "AV:A/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T22:48:53", "bulletinFamily": "microsoft", "cvelist": ["CVE-2020-1036", "CVE-2020-1509"], "description": "<html><body><p>Learn more about update KB4566782, including improvements and fixes, any known issues, and how to get the update.</p><h2></h2><div class=\"alert-band\"><div class=\"alert alert-info\" role=\"alert\"><div class=\"row\"><div class=\"col-xs-24\"><p><span><span><span><span><strong>IMPORTANT\u00a0</strong></span></span></span></span>Starting in July 2020, we will resume non-security releases\u00a0for Windows 10 and Windows Server, version 1809 and later. There is no change to the cumulative monthly security updates (also referred to as the \"B\" release or Update Tuesday release). For more information, see the blog post\u00a0<a data-content-id=\"\" data-content-type=\"\" href=\"https://aka.ms/resuming-optional-monthly-updates\" managed-link=\"\" target=\"_blank\">Resuming optional Windows 10 and Windows Server non-security monthly updates</a>.</p></div></div></div></div><div class=\"alert-band\"><div class=\"alert alert-info\" role=\"alert\"><div class=\"row\"><div class=\"col-xs-24\"><p><span><span><span><span><span><strong>IMPORTANT\u00a0</strong></span></span></span></span>Starting in July 2020, all Windows Updates will disable the <a href=\"https://docs.microsoft.com/en-us/windows-server/virtualization/hyper-v/deploy/deploy-graphics-devices-using-remotefx-vgpu\" managed-link=\"\" target=\"_blank\">RemoteFX vGPU</a> feature because of a security vulnerability. For more information about the vulnerability, see<a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1036\" managed-link=\"\" target=\"_blank\"> CVE-2020-1036</a> and <a data-content-id=\"4570006\" data-content-type=\"article\" href=\"\" managed-link=\"\" target=\"_blank\">KB4570006</a>. After you install this update, attempts to start virtual machines (VM) that have RemoteFX vGPU enabled will fail, and messages such as the following will appear:</span></p><ul><li><span><span><span>\u201cThe virtual machine cannot be started because all the RemoteFX-capable GPUs are disabled in Hyper-V Manager.\u201d</span></span></span></li><li><span><span><span>\u201cThe virtual machine cannot be started because the server has insufficient GPU resources.\u201d</span></span></span></li></ul><p class=\"indent-4\"><span> </span><span>If you <a href=\"https://docs.microsoft.com/en-us/windows-server/virtualization/hyper-v/plan/plan-for-gpu-acceleration-in-windows-server\" managed-link=\"\" target=\"_blank\">re-enable</a> RemoteFX vGPU, a message similar to the following will appear:</span></p><ul><li><span> \"We no longer support the RemoteFX 3D video adapter. If you are still using this adapter, you may become vulnerable to security risk. Learn more (https://go.microsoft.com/fwlink/?linkid=2131976)\u201d</span></li></ul></div></div></div></div><div class=\"alert-band\"><div class=\"alert alert-info\" role=\"alert\"><div class=\"row\"><div class=\"col-xs-24\"><p>For more information about the various types of Windows updates, such as critical, security, driver, service packs, and so on, please see the following <a data-content-id=\"824684\" data-content-type=\"article\" href=\"\" managed-link=\"\">article</a>.</p><p><strong>Note\u00a0</strong>Follow <a href=\"https://twitter.com/windowsupdate\" rel=\"noreferrer noopener\" tabindex=\"-1\" target=\"_blank\" title=\"https://twitter.com/windowsupdate\">@WindowsUpdate</a> to find out when new content is published to the release information dashboard.</p></div></div></div></div><div class=\"alert-band\"><div class=\"alert alert-info\" role=\"alert\"><div class=\"row\"><div class=\"col-xs-24\"><p><strong>Note </strong>This release also contains updates for Microsoft HoloLens (OS Build 19041.1113) released August 11,\u00a02020.\u00a0Microsoft will release an update directly to the Windows Update Client to improve Windows Update reliability on Microsoft HoloLens that have not updated to this most recent OS Build.</p></div></div></div></div><h2>Highlights</h2><ul><li>Updates to improve security when using input devices (such as a mouse, keyboard, or pen).</li><li>Updates to improve security when Windows performs basic operations.</li><li>Updates for storing and managing files.</li><li>Updates to improve security when using Internet Explorer and Microsoft Edge Legacy.</li><li><span><span>Updates to improve security when using Microsoft Office products.</span></span></li><li><span><span><span>Updates for verifying usernames and passwords.</span></span></span></li></ul><h2>Improvements and fixes</h2><div><p>This security update includes quality improvements. Key changes include:</p><ul><li>Addresses an issue in Universal Windows Platform (UWP) apps that allows single sign-on authentication when an app does not have the Enterprise Authentication capability. With the release of <a data-content-id=\"\" data-content-type=\"\" href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1509\" managed-link=\"\" target=\"_blank\">CVE-2020-1509</a>, UWP applications might begin prompting the user for credentials.\u00a0</li><li>Addresses an issue with printing to a local port that is configured as a Universal Naming Convention (UNC) path or a shared network printer. These ports no longer appear in Control Panel on the <strong>Ports</strong> tab of the <strong>Print Server Properties</strong> dialog box. This issue occurs after installing Windows Updates released between May 2020 and July 2020.</li><li>Security updates to the Microsoft Scripting Engine, Internet Explorer, Windows Graphics, Microsoft Graphics Component, Windows Kernel, Windows Input and Composition, Windows Media, Windows Shell, the Windows Wallet Service, Microsoft Edge Legacy, Windows Cloud Infrastructure, Windows Authentication, the Windows AI Platform, Windows Fundamentals, Windows Storage and Filesystems, Windows Update Stack, Windows File Server and Clustering, Windows Hybrid Storage Services, Windows App Platform and Frameworks, Microsoft JET Database Engine, and Windows SQL components.</li></ul><p>If you installed earlier updates, only the new fixes contained in this package will be downloaded and installed on your device.</p><p>For more information about the resolved security vulnerabilities, please refer to the <a href=\"https://portal.msrc.microsoft.com/security-guidance\">Security Update Guide</a>.</p><div class=\"alert-band\"><div class=\"alert alert-info\" role=\"alert\"><p class=\"alert-title\">Windows Update Improvements</p><div class=\"row\"><div class=\"col-xs-24\"><p>Microsoft has released an update directly to the Windows Update client to improve reliability. Any device running Windows 10 configured to receive updates automatically from Windows Update, including Enterprise and Pro editions, will be offered the latest Windows 10 feature update based on device compatibility and Windows Update for Business deferral policy. This doesn't apply to long-term servicing editions.</p></div></div></div></div></div><h2>Known issues in this update</h2><div><table class=\"table\"><tbody><tr><td><strong>Symptoms</strong></td><td><strong>Workaround</strong></td></tr><tr><td><p>When using some apps, such as Microsoft Excel, users of the Microsoft Input Method Editor (IME) for Chinese and Japanese might receive an error, or the app might stop responding or close when attempting to drag using the mouse.</p></td><td>This issue is resolved in <a data-content-id=\"4571744\" data-content-type=\"article\" href=\"\" managed-link=\"\" target=\"_blank\">KB4571744</a>.</td></tr><tr><td>Users of the Microsoft Input Method Editor (IME) for Japanese or Chinese languages might experience issues when attempting various tasks. You might have issues with input, receive unexpected results, or might not be able to enter text.</td><td>All IME issues listed in <a data-content-id=\"4564002\" data-content-type=\"article\" href=\"\" managed-link=\"\" target=\"_blank\">KB4564002</a>\u00a0were resolved in\u00a0<a data-content-id=\"4586853\" data-content-type=\"article\" href=\"\" managed-link=\"\" target=\"_blank\">KB4586853</a>.</td></tr></tbody></table></div><h2>How to get this update</h2><p><strong>Before installing this update</strong></p><p>Microsoft strongly recommends you install the latest servicing stack update (SSU) for your operating system before installing the latest cumulative update (LCU). SSUs improve the reliability of the update process to mitigate potential issues while installing the LCU\u00a0and applying Microsoft security fixes. For general information about SSUs,\u00a0see <a aria-live=\"assertive\" data-bi-name=\"content-anchor-link\" href=\"https://docs.microsoft.com/en-us/windows/deployment/update/servicing-stack-updates\" managed-link=\"\" tabindex=\"0\" target=\"_blank\">Servicing stack updates</a>\u00a0and\u00a0<a aria-live=\"assertive\" data-bi-name=\"content-anchor-link\" data-content-id=\"4535697\" data-content-type=\"article\" href=\"\" managed-link=\"\" tabindex=\"0\" target=\"_blank\">Servicing Stack Updates (SSU): Frequently Asked Questions</a>.</p><p>If you are using Windows Update, the latest SSU (<a data-content-id=\"4570334\" data-content-type=\"article\" href=\"\" managed-link=\"\" target=\"_blank\">KB4570334</a>) will be offered to you automatically. To get the standalone package for the latest SSU, search for it in the <a data-content-id=\"\" data-content-type=\"\" href=\"http://www.catalog.update.microsoft.com/home.aspx\" managed-link=\"\" target=\"_blank\">Microsoft Update Catalog</a>.</p><table class=\"table\"><tbody><tr><td><strong>Release Channel</strong></td><td align=\"center\"><strong>Available</strong></td><td><strong>Next Step</strong></td></tr><tr><td>Windows Update and Microsoft Update</td><td align=\"center\">Yes</td><td>None. This update will be downloaded and installed automatically from Windows Update.</td></tr><tr><td>Microsoft Update Catalog</td><td align=\"center\">Yes</td><td>To get the standalone package for this update, go to the\u00a0<a data-content-id=\"\" data-content-type=\"\" href=\"https://www.catalog.update.microsoft.com/Search.aspx?q=KB4566782\" managed-link=\"\" target=\"\">Microsoft Update Catalog</a>\u00a0website.</td></tr><tr><td>Windows Server Update Services (WSUS)</td><td align=\"center\">Yes</td><td><p>This update will automatically sync\u00a0with WSUS if you configure <strong>Products and Classifications</strong> as follows:</p><p><strong>Product</strong>: Windows 10, version 1903 and later</p><strong>Classification</strong>: Security Updates</td></tr></tbody></table><p>\u00a0</p><p><strong>File information</strong></p><p>For a list of the files that are provided in this update, download the\u00a0<a data-content-id=\"\" data-content-type=\"\" href=\"https://download.microsoft.com/download/5/c/b/5cb90c87-f1dd-4274-9ed4-5ee09827a75c/4566782.csv\" managed-link=\"\" target=\"\">file information for cumulative update 4566782</a>.\u00a0</p><p><strong>Note</strong>\u00a0Some files erroneously have \u201cNot applicable\u201d in the \u201cFile version\u201d column of the CSV file. This might lead to false positives or false negatives when using some third-party scan detection tools to validate the build.</p></body></html>", "edition": 6, "modified": "2020-12-04T19:49:53", "id": "KB4566782", "href": "https://support.microsoft.com/en-us/help/4566782/", "published": "2020-08-11T00:00:00", "title": "August 11, 2020\u2014KB4566782 (OS Build 19041.450)", "type": "mskb", "cvss": {"score": 7.7, "vector": "AV:A/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T22:52:49", "bulletinFamily": "microsoft", "cvelist": ["CVE-2020-1036", "CVE-2020-1509"], "description": "<html><body><p>Learn more about update KB4571709, including improvements and fixes, any known issues, and how to get the update.</p><h2></h2><div class=\"alert-band\"><div class=\"alert alert-info\" role=\"alert\"><div class=\"row\"><div class=\"col-xs-24\"><p><strong>IMPORTANT</strong> Windows 10, version 1803 has reached the end of mainstream support and is now in extended support. <span>Starting in July 2020, there will no longer be optional, non-security releases (known as <span>\"</span>C<span>\"\u00a0</span>releases) for this operating system. Operating systems in extended support have <span>only</span> cumulative monthly security updates (known as the \"B\" or Update Tuesday release).</span></p></div></div></div></div><div class=\"alert-band\"><div class=\"alert alert-info\" role=\"alert\"><div class=\"row\"><div class=\"col-xs-24\"><p><span><span><span><span><span><strong>IMPORTANT\u00a0</strong></span></span></span></span>Starting in July 2020, all Windows Updates will disable the <a href=\"https://docs.microsoft.com/en-us/windows-server/virtualization/hyper-v/deploy/deploy-graphics-devices-using-remotefx-vgpu\" managed-link=\"\" target=\"_blank\">RemoteFX vGPU</a> feature because of a security vulnerability. For more information about the vulnerability, see<a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1036\" managed-link=\"\" target=\"_blank\"> CVE-2020-1036</a> and <a data-content-id=\"4570006\" data-content-type=\"article\" href=\"\" managed-link=\"\" target=\"_blank\">KB4570006</a>. After you install this update, attempts to start virtual machines (VM) that have RemoteFX vGPU enabled will fail, and messages such as the following will appear:</span></p><ul><li><span><span><span>\u201cThe virtual machine cannot be started because all the RemoteFX-capable GPUs are disabled in Hyper-V Manager.\u201d</span></span></span></li><li><span><span><span>\u201cThe virtual machine cannot be started because the server has insufficient GPU resources.\u201d</span></span></span></li></ul><p class=\"indent-4\"><span> </span><span>If you <a href=\"https://docs.microsoft.com/en-us/windows-server/virtualization/hyper-v/plan/plan-for-gpu-acceleration-in-windows-server\" managed-link=\"\" target=\"_blank\">re-enable</a> RemoteFX vGPU, a message similar to the following will appear:</span></p><ul><li><span> \"We no longer support the RemoteFX 3D video adapter. If you are still using this adapter, you may become vulnerable to security risk. Learn more (https://go.microsoft.com/fwlink/?linkid=2131976)\u201d</span></li></ul></div></div></div></div><div class=\"alert-band\"><div class=\"alert alert-info\" role=\"alert\"><div class=\"row\"><div class=\"col-xs-24\"><p>Windows\u00a010,\u00a0version\u00a01803\u00a0(the April 2018 Update) Home and Pro editions have reached end of service. For\u00a0Windows\u00a010\u00a0devices that are at, or within several months of reaching end of service,\u00a0Windows\u00a0Update will automatically initiate a feature update (with users having the ability to choose a convenient time). This keeps\u00a0those devices supported and receiving the monthly updates that are critical to device security and ecosystem health.</p></div></div></div></div><h2>Highlights</h2><ul><li>Updates to improve security when using Internet Explorer and Microsoft Edge Legacy.</li><li>Updates to improve security when Windows performs basic operations.</li><li>Updates to improve security when using input devices (such as a mouse, keyboard, or pen).</li><li><span><span><span>Updates for storing and managing files.</span></span></span></li></ul><h2>Improvements and fixes</h2><div><p>This security update includes quality improvements. Key changes include:</p><ul><li>Addresses an issue in Microsoft Edge IE mode that occurs when you open multiple documents from a SharePoint site.\u00a0</li><li>Addresses an issue in Microsoft Edge IE mode that occurs when you browse using anchor links.\u00a0</li><li>Addresses an issue with loading Browser Helper Objects in Microsoft Edge IE mode.\u00a0</li><li>Addresses an issue that causes certain applications to stop responding when under load if they rely on the JScript Scripting Engine.</li><li>Addresses an issue that prevents you from installing some .msi apps. This occurs when a device is managed by a Group Policy that redirects the AppData folder to a network folder.</li><li>Addresses an issue in Universal Windows Platform (UWP) apps that allows single sign-on authentication when an app does not have the Enterprise Authentication capability. With the release of <a data-content-id=\"\" data-content-type=\"\" href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1509\" managed-link=\"\" target=\"_blank\">CVE-2020-1509</a>, UWP applications might begin prompting the user for credentials.</li><li>Addresses an issue with printing to a local port that is configured as a Universal Naming Convention (UNC) path or a shared network printer. These ports no longer appear in Control Panel on the <strong>Ports</strong> tab of the <strong>Print Server Properties</strong> dialog box. This issue occurs after installing Windows Updates released between May 2020 and July 2020.</li><li>Security updates to the Microsoft Scripting Engine, Internet Explorer, Windows Graphics, Windows Input and Composition, Windows Media, Windows Shell, the Windows Wallet Service, Microsoft Edge Legacy, Windows Cloud Infrastructure, the Windows AI Platform, Windows Fundamentals, Windows Kernel, Windows Storage and Filesystems, Windows Update Stack, Windows Hybrid Storage Services, and the Microsoft JET Database Engine.</li></ul><p>If you installed earlier updates, only the new fixes contained in this package will be downloaded and installed on your device.</p><p>For more information about the resolved security vulnerabilities, please refer to the <a href=\"https://portal.msrc.microsoft.com/security-guidance\">Security Update Guide</a>.</p></div><h2>Known issues in this update</h2><div><p>Microsoft is currently not aware of any issues with this update.</p></div><h2>How to get this update</h2><p><strong>Before installing this update</strong></p><p>Microsoft strongly recommends you install the latest servicing stack update (SSU) for your operating system before installing the latest cumulative update (LCU). SSUs improve the reliability of the update process to mitigate potential issues while installing the LCU and applying Microsoft security fixes.\u00a0For general information about SSUs,\u00a0see <a aria-live=\"assertive\" data-bi-name=\"content-anchor-link\" href=\"https://docs.microsoft.com/en-us/windows/deployment/update/servicing-stack-updates\" managed-link=\"\" tabindex=\"0\" target=\"_blank\">Servicing stack updates</a>\u00a0and\u00a0<a aria-live=\"assertive\" data-bi-name=\"content-anchor-link\" data-content-id=\"4535697\" data-content-type=\"article\" href=\"\" managed-link=\"\" tabindex=\"0\" target=\"_blank\">Servicing Stack Updates (SSU): Frequently Asked Questions</a>.</p><p>If you are using Windows Update, the latest SSU (<a data-content-id=\"4565552\" data-content-type=\"article\" href=\"\" managed-link=\"\" target=\"_blank\">KB4565552</a>) will be offered to you automatically.\u00a0To get the standalone package for the latest\u00a0SSU, search for it in the\u00a0<a aria-live=\"assertive\" data-bi-name=\"content-anchor-link\" href=\"http://www.catalog.update.microsoft.com/home.aspx\" managed-link=\"\" tabindex=\"0\" target=\"_blank\">Microsoft Update Catalog</a>.\u00a0</p><p><strong>Install this update</strong></p><table class=\"table\"><tbody><tr><td><strong>Release Channel</strong></td><td align=\"center\"><strong>Available</strong></td><td><strong>Next Step</strong></td></tr><tr><td>Windows Update and Microsoft Update</td><td align=\"center\">Yes</td><td>None. This update will be downloaded and installed automatically from Windows Update.</td></tr><tr><td>Microsoft Update Catalog</td><td align=\"center\">Yes</td><td>To get the standalone package for this update, go to the\u00a0<a data-content-id=\"\" data-content-type=\"\" href=\"https://www.catalog.update.microsoft.com/Search.aspx?q=KB4571709\" managed-link=\"\" target=\"\">Microsoft Update Catalog</a>\u00a0website.</td></tr><tr><td>Windows Server Update Services (WSUS)</td><td align=\"center\">Yes</td><td><p>This update will automatically sync\u00a0with WSUS if you configure <strong>Products and Classifications</strong> as follows:</p><p><strong>Product</strong>: Windows 10</p><strong>Classification</strong>: Security Updates</td></tr></tbody></table><p>\u00a0</p><p><strong>File information</strong></p><p>For a list of the files that are provided in this update, download the\u00a0<a data-content-id=\"\" data-content-type=\"\" href=\"https://download.microsoft.com/download/f/1/e/f1e623ec-2a10-4d81-bc69-be9708968929/4571709.csv\" managed-link=\"\" target=\"\">file information for cumulative update 4571709</a>.\u00a0</p></body></html>", "edition": 5, "modified": "2020-09-18T23:25:36", "id": "KB4571709", "href": "https://support.microsoft.com/en-us/help/4571709/", "published": "2020-08-11T00:00:00", "title": "August 11, 2020\u2014KB4571709 (OS Build 17134.1667)", "type": "mskb", "cvss": {"score": 7.7, "vector": "AV:A/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T22:42:37", "bulletinFamily": "microsoft", "cvelist": ["CVE-2020-1036", "CVE-2020-1509"], "description": "<html><body><p>Learn more about this monthly update, including improvements and fixes, any known issues, and how to get the update.</p><h2></h2><div class=\"alert-band\"><div class=\"alert alert-info\" role=\"alert\"><div class=\"row\"><div class=\"col-xs-24\"><p><strong>IMPORTANT</strong> Windows 8.1 and Windows Server 2012 R2 have\u00a0reached the end of mainstream support and are\u00a0now in extended support. <span>Starting in July 2020, there will no longer be optional, non-security releases (known as <span>\"</span>C<span>\"\u00a0</span>releases) for this operating system. Operating systems in extended support have <span>only</span> cumulative monthly security updates (known as the \"B\" or Update Tuesday release).</span></p></div></div></div></div><div class=\"alert-band\"><div class=\"alert alert-info\" role=\"alert\"><div class=\"row\"><div class=\"col-xs-24\"><p><span><span><span><span><span><strong>IMPORTANT\u00a0</strong></span></span></span></span>Starting in July 2020, all Windows Updates will disable the <a href=\"https://docs.microsoft.com/en-us/windows-server/virtualization/hyper-v/deploy/deploy-graphics-devices-using-remotefx-vgpu\" managed-link=\"\" target=\"_blank\">RemoteFX vGPU</a> feature because of a security vulnerability. For more information about the vulnerability, see<a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1036\" managed-link=\"\" target=\"_blank\"> CVE-2020-1036</a> and <a data-content-id=\"4570006\" data-content-type=\"article\" href=\"\" managed-link=\"\" target=\"_blank\">KB4570006</a>. After you install this update, attempts to start virtual machines (VM) that have RemoteFX vGPU enabled will fail, and messages such as the following will appear:</span></p><ul><li><span><span><span>\u201cThe virtual machine cannot be started because all the RemoteFX-capable GPUs are disabled in Hyper-V Manager.\u201d</span></span></span></li><li><span><span><span>\u201cThe virtual machine cannot be started because the server has insufficient GPU resources.\u201d</span></span></span></li></ul><p class=\"indent-4\"><span> </span><span>If you <a href=\"https://docs.microsoft.com/en-us/windows-server/virtualization/hyper-v/plan/plan-for-gpu-acceleration-in-windows-server\" managed-link=\"\" target=\"_blank\">re-enable</a> RemoteFX vGPU, a message similar to the following will appear:</span></p><ul><li><span> \"We no longer support the RemoteFX 3D video adapter. If you are still using this adapter, you may become vulnerable to security risk. Learn more (https://go.microsoft.com/fwlink/?linkid=2131976)\u201d</span></li></ul></div></div></div></div><h2>Improvements and fixes</h2><div><p>This security update includes improvements and fixes that were a part of update <a data-content-id=\"\" data-content-type=\"\" href=\"https://support.microsoft.com/help/4565541\" managed-link=\"\" target=\"_blank\">KB4565541</a> (released July 14, 2020) and addresses the following issues:</p><ul><li><span><span><span><span><span>Addresses an issue that prevents you from installing some .msi apps. This occurs when a device is managed by a Group Policy that redirects the AppData folder to a network folder.</span></span></span></span></span></li><li><span><span><span>Addresses an issue in Universal Windows Platform (UWP) apps that allows single sign-on authentication when an app does not have the Enterprise Authentication capability. With the release of <a data-content-id=\"\" data-content-type=\"\" href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1509\" managed-link=\"\" target=\"_blank\">CVE-2020-1509</a>, UWP applications might begin prompting the user for credentials.</span></span></span></li><li><span><span><span><span><span><span>Addresses an issue in Microsoft Edge IE Mode when opening multiple documents from a SharePoint site.</span></span></span></span></span></span></li><li><span><span><span><span><span><span>Addresses an issue in Microsoft Edge IE Mode that occurs when you browse using anchor links.</span></span></span></span></span></span></li><li><span><span><span><span><span><span>Addresses an issue with loading Browser Helper Objects in Microsoft Edge IE Mode.</span></span></span></span></span></span></li><li><span><span><span><span><span><span>Addresses an issue where certain applications that rely on the JScript Scripting Engine become unresponsive under load.</span></span></span></span></span></span></li><li>Addresses an issue with printing to a local port that is configured as a Universal Naming Convention (UNC) path or a shared network printer. These ports no longer appear in Control Panel on the <strong>Ports</strong> tab of the <strong>Print Server Properties</strong> dialog box. This issue occurs after installing Windows Updates released between May 2020 and July 2020.</li><li><span>Security updates to Windows App Platform and Frameworks, Windows Graphics, Windows Media, Windows Shell, Windows Cloud Infrastructure, Windows Authentication, Windows Kernel, Windows Hybrid Cloud Networking, Windows Peripherals, Windows Network Security and Containers, Windows Storage and Filesystems, Windows File Server and Clustering, Windows Hybrid Storage Services,\u00a0Windows SQL components,\u00a0Microsoft Scripting Engine,\u00a0and Windows Remote Desktop.</span></li></ul><p>For more information about the resolved security vulnerabilities, please refer to the <a href=\"https://portal.msrc.microsoft.com/security-guidance\">Security Update Guide</a>.</p></div><h2>Known issues in this update</h2><div><table class=\"table\"><tbody><tr><td><strong>Symptom</strong></td><td><strong>Workaround</strong></td></tr><tr><td>Certain operations, such as <strong>rename</strong>, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, \u201cSTATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\u201d. This occurs when you perform the operation on a CSV owner node from a process that doesn\u2019t have administrator privilege.</td><td><p>Do one of the following:</p><ul><li>Perform the operation from a process that has administrator privilege.</li><li>Perform the operation from a node that doesn\u2019t have CSV ownership.</li></ul><p>Microsoft is working on a resolution and will provide an update in an upcoming release.</p></td></tr></tbody></table></div><h2>How to get this update</h2><p><strong>Before installing this update</strong></p><p>We strongly recommend\u00a0that you install the latest servicing stack update (SSU) for your operating system before you install\u00a0the latest Rollup. SSUs improve the reliability of the update process to mitigate potential issues while installing the Rollup and applying Microsoft security fixes.\u00a0For general information about SSUs,\u00a0see <a aria-live=\"assertive\" data-bi-name=\"content-anchor-link\" href=\"https://docs.microsoft.com/en-us/windows/deployment/update/servicing-stack-updates\" managed-link=\"\" tabindex=\"0\" target=\"_blank\">Servicing stack updates</a>\u00a0and\u00a0<a aria-live=\"assertive\" data-bi-name=\"content-anchor-link\" data-content-id=\"\" data-content-type=\"\" href=\"https://support.microsoft.com/help/4535697\" managed-link=\"\" tabindex=\"0\" target=\"_blank\">Servicing Stack Updates (SSU): Frequently Asked Questions</a>.</p><p>If you use\u00a0Windows Update, the latest SSU\u00a0(<a data-content-id=\"\" data-content-type=\"\" href=\"https://support.microsoft.com/help/4566425\" managed-link=\"\" target=\"_blank\">KB4566425</a>) will be offered to you automatically.\u00a0To get the standalone package for the latest\u00a0SSU, search for it in the\u00a0<a aria-live=\"assertive\" data-bi-name=\"content-anchor-link\" data-content-id=\"\" data-content-type=\"\" href=\"http://www.catalog.update.microsoft.com/home.aspx\" managed-link=\"\" tabindex=\"0\" target=\"_blank\">Microsoft Update Catalog</a>.\u00a0</p><p><strong>Install this update</strong></p><table class=\"table\"><tbody><tr><td><strong>Release Channel</strong></td><td align=\"center\"><strong>Available</strong></td><td><strong>Next Step</strong></td></tr><tr><td>Windows Update and Microsoft Update</td><td align=\"center\">Yes</td><td>None. This update will be downloaded and installed automatically from Windows Update.</td></tr><tr><td>Microsoft Update Catalog</td><td align=\"center\">Yes</td><td>To get the standalone package for this update, go to the\u00a0<a data-content-id=\"\" data-content-type=\"\" href=\"https://www.catalog.update.microsoft.com/Search.aspx?q=KB4571703\" managed-link=\"\" target=\"_blank\">Microsoft Update Catalog</a>\u00a0website.</td></tr><tr><td>Windows Server Update Services (WSUS)</td><td align=\"center\">Yes</td><td><p>This update will automatically sync\u00a0with WSUS if you configure <strong>Products and Classifications</strong> as follows:</p><p><strong>Product</strong>: Windows 8.1, Windows Server 2012 R2,\u00a0Windows Embedded 8.1 Industry Enterprise, Windows Embedded 8.1 Industry Pro</p><strong>Classification</strong>: Security Updates</td></tr></tbody></table><p>\u00a0</p><p><strong>File information</strong></p><p>For a list of the files that are provided in this update, download the\u00a0<a data-content-id=\"\" data-content-type=\"\" href=\"https://download.microsoft.com/download/b/f/b/bfbab488-6b5b-413c-9c9a-216acd7eae1d/4571703.csv\" managed-link=\"\" target=\"_blank\">file information for update 4571703</a>.\u00a0</p></body></html>", "edition": 5, "modified": "2020-09-18T23:34:43", "id": "KB4571703", "href": "https://support.microsoft.com/en-us/help/4571703/", "published": "2020-08-11T00:00:00", "title": "August 11, 2020\u2014KB4571703 (Monthly Rollup)", "type": "mskb", "cvss": {"score": 7.7, "vector": "AV:A/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T22:40:54", "bulletinFamily": "microsoft", "cvelist": ["CVE-2020-1036", "CVE-2020-1509"], "description": "<html><body><p>Learn more about update KB4571692, including improvements and fixes, any known issues, and how to get the update.</p><h2></h2><div class=\"alert-band\"><div class=\"alert alert-info\" role=\"alert\"><div class=\"row\"><div class=\"col-xs-24\"><p>For more information about the various types of Windows updates, such as critical, security, driver, service packs, and so on, please see the following <a data-content-id=\"824684\" data-content-type=\"article\" href=\"\" managed-link=\"\">article</a>.</p></div></div></div></div><div class=\"alert-band\"><div class=\"alert alert-info\" role=\"alert\"><div class=\"row\"><div class=\"col-xs-24\"><p><span><span><span><span><span><strong>IMPORTANT\u00a0</strong></span></span></span></span>Starting in July 2020, all Windows Updates will disable the <a href=\"https://docs.microsoft.com/en-us/windows-server/virtualization/hyper-v/deploy/deploy-graphics-devices-using-remotefx-vgpu\" managed-link=\"\" target=\"_blank\">RemoteFX vGPU</a> feature because of a security vulnerability. For more information about the vulnerability, see<a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1036\" managed-link=\"\" target=\"_blank\"> CVE-2020-1036</a> and <a data-content-id=\"4570006\" data-content-type=\"article\" href=\"\" managed-link=\"\" target=\"_blank\">KB4570006</a>. After you install this update, attempts to start virtual machines (VM) that have RemoteFX vGPU enabled will fail, and messages such as the following will appear:</span></p><ul><li><span><span><span>\u201cThe virtual machine cannot be started because all the RemoteFX-capable GPUs are disabled in Hyper-V Manager.\u201d</span></span></span></li><li><span><span><span>\u201cThe virtual machine cannot be started because the server has insufficient GPU resources.\u201d</span></span></span></li></ul><p class=\"indent-4\"><span> </span><span>If you <a href=\"https://docs.microsoft.com/en-us/windows-server/virtualization/hyper-v/plan/plan-for-gpu-acceleration-in-windows-server\" managed-link=\"\" target=\"_blank\">re-enable</a> RemoteFX vGPU, a message similar to the following will appear:</span></p><ul><li><span> \"We no longer support the RemoteFX 3D video adapter. If you are still using this adapter, you may become vulnerable to security risk. Learn more (https://go.microsoft.com/fwlink/?linkid=2131976)\u201d</span></li></ul></div></div></div></div><h2>Highlights</h2><ul><li>Updates to improve security when using Internet Explorer and Microsoft Edge Legacy.</li><li>Updates to improve security when Windows performs basic operations.</li><li><span><span><span>Updates for verifying usernames and passwords.</span></span></span></li><li><span><span><span>Updates for storing and managing files.</span></span></span></li></ul><h2>Improvements and fixes</h2><div><p>This security update includes quality improvements. Key changes include:</p><ul><li>Addresses an issue in Microsoft Edge IE mode that occurs when you open multiple documents from a SharePoint site.\u00a0</li><li>Addresses an issue in Microsoft Edge IE mode that occurs when you browse using anchor links.\u00a0</li><li>Addresses an issue with loading Browser Helper Objects in Microsoft Edge IE mode.</li><li>Addresses an issue that causes certain applications to stop responding when under load if they rely on the JScript Scripting Engine.\u00a0</li><li>Addresses an issue that prevents you from installing some .msi apps. This occurs when a device is managed by a Group Policy that redirects the AppData folder to a network folder.\u00a0</li><li>Addresses an issue in Universal Windows Platform (UWP) apps that allows single sign-on authentication when an app does not have the Enterprise Authentication capability. With the release of <a data-content-id=\"\" data-content-type=\"\" href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1509\" managed-link=\"\" target=\"_blank\">CVE-2020-1509</a>, UWP applications might begin prompting the user for credentials.\u00a0</li><li>Addresses an issue with printing to a local port that is configured as a Universal Naming Convention (UNC) path or a shared network printer. These ports no longer appear in Control Panel on the <strong>Ports</strong> tab of the <strong>Print Server Properties</strong> dialog box. This issue occurs after installing Windows Updates released between May 2020 and July 2020.</li><li>Security updates to Internet Explorer, the Microsoft Scripting Engine, Windows Graphics, Windows Media, Windows Shell, the Windows Wallet Service, Microsoft Edge Legacy, Windows Cloud Infrastructure, Windows Authentication, Windows Fundamentals, Windows Kernel, Windows Core Networking, Windows Storage and Filesystems, Windows Hybrid Storage Services, and the Microsoft JET Database Engine.</li></ul><p>If you installed earlier updates, only the new fixes contained in this package will be downloaded and installed on your device.</p><p>For more information about the resolved security vulnerabilities, please refer to the <a href=\"https://portal.msrc.microsoft.com/security-guidance\">Security Update Guide</a>.</p><div class=\"alert-band\"><div class=\"alert alert-info\" role=\"alert\"><p class=\"alert-title\">Windows Update Improvements</p><div class=\"row\"><div class=\"col-xs-24\"><p>Microsoft has released an update directly to the Windows Update client to improve reliability. Any device running Windows 10 configured to receive updates automatically from Windows Update, including Enterprise and Pro editions, will be offered the latest Windows 10 feature update based on device compatibility and Windows Update for Business deferral policy. This doesn't apply to long-term servicing editions.</p></div></div></div></div></div><h2>Known issues in this update</h2><div><p>Microsoft is currently not aware of any issues with this update.</p></div><h2>How to get this update</h2><p><strong>Before installing this update</strong></p><p>Microsoft strongly recommends that you install the latest servicing stack update (SSU) for your operating system before installing the latest cumulative update (LCU). SSUs improve the reliability of the update process to mitigate potential issues while installing the LCU and applying Microsoft security fixes.\u00a0For general information about SSUs,\u00a0see <a aria-live=\"assertive\" data-bi-name=\"content-anchor-link\" href=\"https://docs.microsoft.com/en-us/windows/deployment/update/servicing-stack-updates\" managed-link=\"\" tabindex=\"0\" target=\"_blank\">Servicing stack updates</a>\u00a0and\u00a0<a aria-live=\"assertive\" data-bi-name=\"content-anchor-link\" data-content-id=\"4535697\" data-content-type=\"article\" href=\"\" managed-link=\"\" tabindex=\"0\" target=\"_blank\">Servicing Stack Updates (SSU): Frequently Asked Questions</a>.</p><p>If you are using Windows Update, the latest SSU (<a data-content-id=\"4565911\" data-content-type=\"article\" href=\"\" managed-link=\"\" target=\"_blank\">KB4565911</a>) will be offered to you automatically. To get the standalone package for the latest SSU, search for it in the <a data-content-id=\"\" data-content-type=\"\" href=\"http://www.catalog.update.microsoft.com/home.aspx\" managed-link=\"\" target=\"_blank\">Microsoft Update Catalog</a>.</p><p><strong>Install this update</strong></p><table class=\"table\"><tbody><tr><td><strong>Release Channel</strong></td><td align=\"center\"><strong>Available</strong></td><td><strong>Next Step</strong></td></tr><tr><td>Windows Update and Microsoft Update</td><td align=\"center\">Yes</td><td>None. This update will be downloaded and installed automatically from Windows Update.</td></tr><tr><td>Microsoft Update Catalog</td><td align=\"center\">Yes</td><td>To get the standalone package for this update, go to the\u00a0<a data-content-id=\"\" data-content-type=\"\" href=\"https://www.catalog.update.microsoft.com/Search.aspx?q=KB4571692\" managed-link=\"\" target=\"\">Microsoft Update Catalog</a>\u00a0website.</td></tr><tr><td>Windows Server Update Services (WSUS)</td><td align=\"center\">Yes</td><td><p>This update will automatically sync\u00a0with WSUS if you configure <strong>Products and Classifications</strong> as follows:</p><p><strong>Product</strong>: Windows 10</p><strong>Classification</strong>: Security Updates</td></tr></tbody></table><p>\u00a0</p><p><strong>File information</strong></p><p>For a list of the files that are provided in this update, download the\u00a0<a data-content-id=\"\" data-content-type=\"\" href=\"https://download.microsoft.com/download/3/d/8/3d89dd6f-9ea4-4cd3-a88e-1a1dfa19f1bc/4571692.csv\" managed-link=\"\" target=\"\">file information for cumulative update 4571692</a>.\u00a0</p></body></html>", "edition": 5, "modified": "2020-09-18T23:32:30", "id": "KB4571692", "href": "https://support.microsoft.com/en-us/help/4571692/", "published": "2020-08-11T00:00:00", "title": "August 11, 2020\u2014KB4571692 (OS Build 10240.18666)", "type": "mskb", "cvss": {"score": 7.7, "vector": "AV:A/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T22:39:47", "bulletinFamily": "microsoft", "cvelist": ["CVE-2020-1036", "CVE-2020-1509"], "description": "<html><body><p>Learn more about update KB4571741, including improvements and fixes, any known issues, and how to get the update.</p><h2></h2><div class=\"alert-band\"><div class=\"alert alert-info\" role=\"alert\"><div class=\"row\"><div class=\"col-xs-24\"><p><span><span><span><span><span><strong>IMPORTANT\u00a0</strong></span></span></span></span>Starting in July 2020, all Windows Updates will disable the <a href=\"https://docs.microsoft.com/en-us/windows-server/virtualization/hyper-v/deploy/deploy-graphics-devices-using-remotefx-vgpu\" managed-link=\"\" target=\"_blank\">RemoteFX vGPU</a> feature because of a security vulnerability. For more information about the vulnerability, see<a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1036\" managed-link=\"\" target=\"_blank\"> CVE-2020-1036</a> and <a data-content-id=\"4570006\" data-content-type=\"article\" href=\"\" managed-link=\"\" target=\"_blank\">KB4570006</a>. After you install this update, attempts to start virtual machines (VM) that have RemoteFX vGPU enabled will fail, and messages such as the following will appear:</span></p><ul><li><span><span><span>\u201cThe virtual machine cannot be started because all the RemoteFX-capable GPUs are disabled in Hyper-V Manager.\u201d</span></span></span></li><li><span><span><span>\u201cThe virtual machine cannot be started because the server has insufficient GPU resources.\u201d</span></span></span></li></ul><p class=\"indent-4\"><span> </span><span>If you <a href=\"https://docs.microsoft.com/en-us/windows-server/virtualization/hyper-v/plan/plan-for-gpu-acceleration-in-windows-server\" managed-link=\"\" target=\"_blank\">re-enable</a> RemoteFX vGPU, a message similar to the following will appear:</span></p><ul><li><span> \"We no longer support the RemoteFX 3D video adapter. If you are still using this adapter, you may become vulnerable to security risk. Learn more (https://go.microsoft.com/fwlink/?linkid=2131976)\u201d</span></li></ul></div></div></div></div><div class=\"alert-band\"><div class=\"alert alert-info\" role=\"alert\"><div class=\"row\"><div class=\"col-xs-24\"><p><strong>IMPORTANT </strong>We have been evaluating the public health situation, and we understand the impact this is having on you, our valued customers. To ease one of the many burdens you are currently facing, we have decided to delay the scheduled end of service date for the Enterprise, Education, and IoT Enterprise editions of Windows 10, version 1709. This means devices will receive monthly security updates only from May to October. The final security update for these editions of Windows 10, version 1709 will be released on October 13, 2020 instead of April 14, 2020. \u00a0For more information, please see the blog post on <a data-content-id=\"\" data-content-type=\"\" href=\"https://aka.ms/blog/1709lifecycle\" managed-link=\"\" target=\"_blank\">Tech Community</a>.</p></div></div></div></div><div class=\"alert-band\"><div class=\"alert alert-info\" role=\"alert\"><div class=\"row\"><div class=\"col-xs-24\"><p><strong>Reminder\u00a0</strong>March 12, 2019 and April 9, 2019 were the last two Delta updates for Windows 10, version\u00a01709. Security and quality updates will continue to be available using the express and full cumulative update packages. For more information on this change please visit our <a href=\"https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Windows-10-quality-updates-explained-amp-the-end-of-delta/ba-p/214426\" managed-link=\"\" target=\"_blank\">blog</a>.</p></div></div></div></div><div class=\"alert-band\"><div class=\"alert alert-info\" role=\"alert\"><div class=\"row\"><div class=\"col-xs-24\"><p><strong><span>Reminder</span></strong><span>\u00a0Windows 10, version 1709, reached end of service on April 9, 2019 for devices running Windows 10 Home, Pro, Pro for Workstation, and IoT Core editions. These devices will no longer receive monthly security and quality updates that contain protection from the latest security threats. To continue receiving security and quality updates, Microsoft recommends updating to the latest version of Windows 10.</span></p></div></div></div></div><div class=\"alert-band\"><div class=\"alert alert-info\" role=\"alert\"><div class=\"row\"><div class=\"col-xs-24\"><p><strong><span><span>IMPORTANT\u00a0</span></span></strong><span><span>Windows 10 Enterprise, Education, </span></span><span>and IoT Enterprise</span><span><span> editions will </span></span><span>continue to <span>receive </span>servicing <span>at no cost</span></span>\u00a0per the\u00a0lifecycle announcement on October 2018.</p></div></div></div></div><div class=\"alert-band\"><div class=\"alert alert-info\" role=\"alert\"><p class=\"alert-title\">ePub support ended in Microsoft Edge</p><div class=\"row\"><div class=\"col-xs-24\"><p>Microsoft Edge has ended support for e-books that use the .epub file extension. For more information, see <a href=\"https://support.microsoft.com/help/4517840\" managed-link=\"\" target=\"_blank\">Download an ePub app to keep reading e-books</a>.</p></div></div></div></div><div class=\"alert-band\"><div class=\"alert alert-info\" role=\"alert\"><div class=\"row\"><div class=\"col-xs-24\"><p>For more information about the various types of Windows updates, such as critical, security, driver, service packs, and so on, please see the following <a data-content-id=\"824684\" data-content-type=\"article\" href=\"\" managed-link=\"\">article</a>.</p></div></div></div></div><h2>Highlights</h2><ul><li>Updates to improve security when using Internet Explorer and Microsoft Edge Legacy.</li><li>Updates to improve security when Windows performs basic operations.</li><li><span><span><span>Updates for storing and managing files.</span></span></span></li><li>Updates to improve security when using\u00a0input devices (such as a mouse, keyboard, or pen).</li></ul><h2>Improvements and fixes</h2><div><p>This security update includes quality improvements. Key changes include:</p><ul><li>Addresses an issue that causes certain applications to stop responding when under load if they rely on the JScript Scripting Engine.\u00a0</li><li>Addresses an issue that prevents you from installing some .msi apps. This occurs when a device is managed by a Group Policy that redirects the AppData folder to a network folder.</li><li>Addresses an issue in Universal Windows Platform (UWP) apps that allows single sign-on authentication when an app does not have the Enterprise Authentication capability. With the release of <a data-content-id=\"\" data-content-type=\"\" href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1509\" managed-link=\"\" target=\"_blank\">CVE-2020-1509</a>, UWP applications might begin prompting the user for credentials.\u00a0</li><li>Addresses an issue with printing to a local port that is configured as a Universal Naming Convention (UNC) path or a shared network printer. These ports no longer appear in Control Panel on the <strong>Ports</strong> tab of the <strong>Print Server Properties</strong> dialog box. This issue occurs after installing Windows Updates released between May 2020 and July 2020.</li><li>Security updates to the Microsoft Scripting Engine, Internet Explorer, Windows Graphics, Windows Input and Composition, Windows Media, Windows Shell, the Windows Wallet Service, Microsoft Edge Legacy, Windows Cloud Infrastructure, Windows AI Platform, Windows Fundamentals, Windows Kernel, Windows Core Networking, Windows Storage and Filesystems, Windows Hybrid Storage Services, and the Microsoft JET Database Engine.</li></ul><p>If you installed earlier updates, only the new fixes contained in this package will be downloaded and installed on your device.</p><p>For more information about the resolved security vulnerabilities, please refer to the <a href=\"https://portal.msrc.microsoft.com/security-guidance\">Security Update Guide</a>.</p></div><h2>Known issues in this update</h2><div><p>Microsoft is currently not aware of any issues with this update.</p></div><h2>How to get this update</h2><p><strong>Before installing this update</strong></p><p>Microsoft strongly recommends you install the latest servicing stack update (SSU) for your operating system before installing the latest cumulative update (LCU). SSUs improve the reliability of the update process to mitigate potential issues while installing the LCU and applying Microsoft security fixes. For general information about SSUs,\u00a0see <a aria-live=\"assertive\" data-bi-name=\"content-anchor-link\" href=\"https://docs.microsoft.com/en-us/windows/deployment/update/servicing-stack-updates\" managed-link=\"\" tabindex=\"0\" target=\"_blank\">Servicing stack updates</a>\u00a0and\u00a0<a aria-live=\"assertive\" data-bi-name=\"content-anchor-link\" data-content-id=\"4535697\" data-content-type=\"article\" href=\"\" managed-link=\"\" tabindex=\"0\" target=\"_blank\">Servicing Stack Updates (SSU): Frequently Asked Questions</a>.</p><p>If you are using Windows Update, the latest SSU (<a data-content-id=\"4565553\" data-content-type=\"article\" href=\"\" managed-link=\"\" target=\"_blank\">KB4565553</a>) will be offered to you automatically. To get the standalone package for the latest SSU, search for it in the <a data-content-id=\"\" data-content-type=\"\" href=\"http://www.catalog.update.microsoft.com/home.aspx\" managed-link=\"\" target=\"\">Microsoft Update Catalog</a>.</p><p><strong>Install this update</strong></p><table class=\"table\"><tbody><tr><td><strong>Release Channel</strong></td><td align=\"center\"><strong>Available</strong></td><td><strong>Next Step</strong></td></tr><tr><td>Windows Update and Microsoft Update</td><td align=\"center\">Yes</td><td>None. This update will be downloaded and installed automatically from Windows Update.</td></tr><tr><td>Microsoft Update Catalog</td><td align=\"center\">Yes</td><td>To get the standalone package for this update, go to the\u00a0<a data-content-id=\"\" data-content-type=\"\" href=\"https://www.catalog.update.microsoft.com/Search.aspx?q=KB4571741\" managed-link=\"\" target=\"\">Microsoft Update Catalog</a>\u00a0website.</td></tr><tr><td>Windows Server Update Services (WSUS)</td><td align=\"center\">Yes</td><td><p>This update will automatically sync\u00a0with WSUS if you configure <strong>Products and Classifications</strong> as follows:</p><p><strong>Product</strong>: Windows 10</p><strong>Classification</strong>: Security Updates</td></tr></tbody></table><p>\u00a0</p><p><strong>File information</strong></p><p>For a list of the files that are provided in this update, download the\u00a0<a data-content-id=\"\" data-content-type=\"\" href=\"https://download.microsoft.com/download/3/9/5/39533ff3-1aaa-4ae2-8073-46ae8639a93d/4571741.csv\" managed-link=\"\" target=\"\">file information for cumulative update 4571741</a>.\u00a0</p></body></html>", "edition": 5, "modified": "2020-09-18T23:27:15", "id": "KB4571741", "href": "https://support.microsoft.com/en-us/help/4571741/", "published": "2020-08-11T00:00:00", "title": "August 11, 2020\u2014KB4571741 (OS Build 16299.2045)", "type": "mskb", "cvss": {"score": 7.7, "vector": "AV:A/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T22:38:19", "bulletinFamily": "microsoft", "cvelist": ["CVE-2020-1036", "CVE-2020-1509"], "description": "<html><body><p>Learn more about update KB4565351, including improvements and fixes, any known issues, and how to get the update.</p><h2></h2><div class=\"alert-band\"><div class=\"alert alert-info\" role=\"alert\"><div class=\"row\"><div class=\"col-xs-24\"><p><span><span><span><span><strong>IMPORTANT\u00a0</strong></span></span></span></span>Starting in July 2020, we will resume non-security releases\u00a0for Windows 10 and Windows Server, version 1809 and later. There is no change to the cumulative monthly security updates (also referred to as the \"B\" release or Update Tuesday release). For more information, see the blog post\u00a0<a data-content-id=\"\" data-content-type=\"\" href=\"https://aka.ms/resuming-optional-monthly-updates\" managed-link=\"\" target=\"_blank\">Resuming optional Windows 10 and Windows Server non-security monthly updates</a>.</p></div></div></div></div><div class=\"alert-band\"><div class=\"alert alert-info\" role=\"alert\"><div class=\"row\"><div class=\"col-xs-24\"><p><span><span><span><span><span><strong>IMPORTANT\u00a0</strong></span></span></span></span>Starting in July 2020, all Windows Updates will disable the <a href=\"https://docs.microsoft.com/en-us/windows-server/virtualization/hyper-v/deploy/deploy-graphics-devices-using-remotefx-vgpu\" managed-link=\"\" target=\"_blank\">RemoteFX vGPU</a> feature because of a security vulnerability. For more information about the vulnerability, see<a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1036\" managed-link=\"\" target=\"_blank\"> CVE-2020-1036</a> and <a data-content-id=\"4570006\" data-content-type=\"article\" href=\"\" managed-link=\"\" target=\"_blank\">KB4570006</a>. After you install this update, attempts to start virtual machines (VM) that have RemoteFX vGPU enabled will fail, and messages such as the following will appear:</span></p><ul><li><span><span><span>\u201cThe virtual machine cannot be started because all the RemoteFX-capable GPUs are disabled in Hyper-V Manager.\u201d</span></span></span></li><li><span><span><span>\u201cThe virtual machine cannot be started because the server has insufficient GPU resources.\u201d</span></span></span></li></ul><p class=\"indent-4\"><span> </span><span>If you <a href=\"https://docs.microsoft.com/en-us/windows-server/virtualization/hyper-v/plan/plan-for-gpu-acceleration-in-windows-server\" managed-link=\"\" target=\"_blank\">re-enable</a> RemoteFX vGPU, a message similar to the following will appear:</span></p><ul><li><span> \"We no longer support the RemoteFX 3D video adapter. If you are still using this adapter, you may become vulnerable to security risk. Learn more (https://go.microsoft.com/fwlink/?linkid=2131976)\u201d</span></li></ul></div></div></div></div><div class=\"alert-band\"><div class=\"alert alert-info\" role=\"alert\"><div class=\"row\"><div class=\"col-xs-24\"><p class=\"ng-scope\"><strong>What's new for Windows 10, version 1909 and Windows 10, version 1903 release notes</strong></p><p class=\"ng-scope\"><span>Windows 10, versions 1903 and 1909 share a common core operating system and an identical set of system files. As a result, the new features in Windows 10, version 1909 were included in the recent monthly quality update for Windows 10, version 1903 (released October 8, 2019), but are currently in a dormant state. These new features will remain dormant until they are turned on using an <em>enablement package</em>,\u00a0which is a small, quick-to-install \u201cmaster switch\u201d that simply activates the Windows 10, version 1909 features.</span></p><p class=\"ng-scope\"><span>To reflect this change, the release notes for Windows 10, version 1903 and Windows 10, version 1909 will share an update history page. Each release page will contain a list of addressed issues for both 1903 and 1909 versions. Note that the 1909 version will always contain the fixes for 1903;\u00a0however, 1903 will not contain the fixes for 1909. This page will provide you with the build numbers for both 1909 and 1903 versions so that it will be easier for support to assist you if you encounter issues.</span></p><p class=\"ng-scope\"><span>For more details about the enablement package and how to get the feature update, see the <a aria-live=\"assertive\" class=\"managed-link content-anchor-link\" data-bi-name=\"content-anchor-link\" href=\"https://aka.ms/1909mechanics\" managed-link=\"\" tabindex=\"0\" target=\"_self\"><span>Windows 10, version 1909 delivery options</span></a> blog.</span></p></div></div></div></div><div class=\"alert-band\"><div class=\"alert alert-info\" role=\"alert\"><div class=\"row\"><div class=\"col-xs-24\"><p>For more information about the various types of Windows updates, such as critical, security, driver, service packs, and so on, please see the following <a data-content-id=\"824684\" data-content-type=\"article\" href=\"\" managed-link=\"\">article</a>.</p><p><strong>Note\u00a0</strong>Follow <a href=\"https://twitter.com/windowsupdate\" rel=\"noreferrer noopener\" tabindex=\"-1\" target=\"_blank\" title=\"https://twitter.com/windowsupdate\">@WindowsUpdate</a> to find out when new content is published to the release information dashboard.</p></div></div></div></div><h2>Highlights</h2><ul><li>Updates to improve security when using Internet Explorer and Microsoft Edge Legacy.</li><li>Updates to improve security when using input devices (such as a mouse, keyboard, or pen).</li><li>Updates to improve security when Windows performs basic operations.</li><li><span><span><span>Updates for verifying usernames and passwords.</span></span></span></li></ul><h2>Improvements and fixes</h2><div><div class=\"faq-section\" faq-section=\"\"><div class=\"faq-panel\"><div class=\"faq-panel-heading\" faq-panel-heading=\"\"><span class=\"link-expand-image\"><span class=\"faq-chevron win-icon win-icon-ChevronUpSmall\"></span></span><span class=\"bold btn-link link-expand-text\">Windows 10, version 1909</span></div><div class=\"faq-panel-body\" faq-panel-body=\"\"><p>This security update includes quality improvements. Key changes include:</p><ul><li>This build includes all the improvements from Windows 10, version 1903.</li><li>No additional issues were documented for this release.</li></ul></div></div></div><div class=\"faq-section\" faq-section=\"\"><div class=\"faq-panel\"><div class=\"faq-panel-heading\" faq-panel-heading=\"\"><span class=\"link-expand-image\"><span class=\"faq-chevron win-icon win-icon-ChevronUpSmall\"></span></span><span class=\"bold btn-link link-expand-text\">Windows 10, version 1903</span></div><div class=\"faq-panel-body\" faq-panel-body=\"\"><div class=\"alert-band\"><div class=\"alert alert-info\" role=\"alert\"><div class=\"row\"><div class=\"col-xs-24\"><p><strong>Note </strong>This release also contains updates for Microsoft HoloLens (OS Build 18362.1074) released August 11,\u00a02020.\u00a0Microsoft will release an update directly to the Windows Update Client to improve Windows Update reliability on Microsoft HoloLens that have not updated to this most recent OS Build.</p></div></div></div></div><p>\u00a0This security update includes quality improvements. Key changes include:</p><ul><li>Addresses an issue in Universal Windows Platform (UWP) apps that allows single sign-on authentication when an app does not have the Enterprise Authentication capability. With the release of <a data-content-id=\"\" data-content-type=\"\" href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1509\" managed-link=\"\" target=\"_blank\">CVE-2020-1509</a>, UWP applications might begin prompting the user for credentials.\u00a0</li><li>Addresses an issue with printing to a local port that is configured as a Universal Naming Convention (UNC) path or a shared network printer. These ports no longer appear in Control Panel on the <strong>Ports</strong> tab of the <strong>Print Server Properties</strong> dialog box. This issue occurs after installing Windows Updates released between May 2020 and July 2020.</li><li>Security updates to the Microsoft Scripting Engine, Internet Explorer, Windows Graphics, Windows Input and Composition, Windows Media, Windows Shell, the Windows Wallet Service, Microsoft Edge Legacy, Windows Cloud Infrastructure, Windows Authentication, Windows AI Platform, Windows Fundamentals, Windows Kernel, Windows Update Stack, Windows File Server and Clustering, Windows Hybrid Storage Services, Windows App Platform and Frameworks, and the Microsoft JET Database Engine.</li></ul></div></div></div><ul></ul><p>If you installed earlier updates, only the new fixes contained in this package will be downloaded and installed on your device.</p><p>For more information about the resolved security vulnerabilities, please refer to the <a href=\"https://portal.msrc.microsoft.com/security-guidance\">Security Update Guide</a>.</p><div class=\"alert-band\"><div class=\"alert alert-info\" role=\"alert\"><p class=\"alert-title\">Windows Update Improvements</p><div class=\"row\"><div class=\"col-xs-24\"><p>Microsoft has released an update directly to the Windows Update client to improve reliability. Any device running Windows 10 configured to receive updates automatically from Windows Update, including Enterprise and Pro editions, will be offered the latest Windows 10 feature update based on device compatibility and Windows Update for Business deferral policy. This doesn't apply to long-term servicing editions.</p></div></div></div></div></div><h2>Known issues in this update</h2><div><table class=\"table\"><tbody><tr><td><strong>Symptom</strong></td><td><strong>Workaround</strong></td></tr><tr><td>When updating to Windows 10, version 1903 or Windows 10, version 1909 from any previous version of Windows 10, you might receive a compatibility report dialog with \"What needs your attention\" at the top and the error, \"Continuing with the installation of Windows will remove some optional features. You may need to add them back in Settings after the installation completes.\" You might receive this compatibility warning when LOCAL SYSTEM accounts are blocked in a firewall from accessing the internet via HTTP. This is caused by the Windows 10\u00a0Setup Dynamic Update (DU) being unable to download required packages.</td><td><p>This issue is resolved in <a data-content-id=\"4579919\" data-content-type=\"article\" href=\"\" managed-link=\"\" target=\"_blank\">KB4579919</a>.</p><span><span></span></span></td></tr></tbody></table><p>\u00a0</p></div><h2>How to get this update</h2><p><strong>Before installing this update</strong></p><p>Microsoft strongly recommends you install the latest servicing stack update (SSU) for your operating system before installing the latest cumulative update (LCU). SSUs improve the reliability of the update process to mitigate potential issues while installing the LCU\u00a0and applying Microsoft security fixes. For general information about SSUs,\u00a0see <a aria-live=\"assertive\" data-bi-name=\"content-anchor-link\" href=\"https://docs.microsoft.com/en-us/windows/deployment/update/servicing-stack-updates\" managed-link=\"\" tabindex=\"0\" target=\"_blank\">Servicing stack updates</a>\u00a0and\u00a0<a aria-live=\"assertive\" data-bi-name=\"content-anchor-link\" data-content-id=\"4535697\" data-content-type=\"article\" href=\"\" managed-link=\"\" tabindex=\"0\" target=\"_blank\">Servicing Stack Updates (SSU): Frequently Asked Questions</a>.</p><p>If you are using Windows Update, the latest SSU (<a data-content-id=\"4569073\" data-content-type=\"article\" href=\"\" managed-link=\"\" target=\"_blank\">KB4569073</a>) will be offered to you automatically. To get the standalone package for the latest SSU, search for it in the <a data-content-id=\"\" data-content-type=\"\" href=\"http://www.catalog.update.microsoft.com/home.aspx\" managed-link=\"\" target=\"_blank\">Microsoft Update Catalog</a>.</p><p><strong>Install this update</strong></p><table class=\"table\"><tbody><tr><td><strong>Release Channel</strong></td><td align=\"center\"><strong>Available</strong></td><td><strong>Next Step</strong></td></tr><tr><td>Windows Update and Microsoft Update</td><td align=\"center\">Yes</td><td>None. This update will be downloaded and installed automatically from Windows Update.</td></tr><tr><td>Microsoft Update Catalog</td><td align=\"center\">Yes</td><td>To get the standalone package for this update, go to the\u00a0<a data-content-id=\"\" data-content-type=\"\" href=\"https://www.catalog.update.microsoft.com/Search.aspx?q=KB4565351\" managed-link=\"\" target=\"\">Microsoft Update Catalog</a>\u00a0website.</td></tr><tr><td>Windows Server Update Services (WSUS)</td><td align=\"center\">Yes</td><td><p>This update will automatically sync\u00a0with WSUS if you configure <strong>Products and Classifications</strong> as follows:</p><p><strong>Product</strong>: Windows 10, version 1903 and later</p><strong>Classification</strong>: Security Updates</td></tr></tbody></table><p>\u00a0</p><p><strong>File information</strong></p><p>For a list of the files that are provided in this update, download the\u00a0<a data-content-id=\"\" data-content-type=\"\" href=\"https://download.microsoft.com/download/8/6/6/86675c3e-a5c4-43c9-9afd-ef8159a41f48/4565351.csv\" managed-link=\"\" target=\"\">file information for cumulative update 4565351</a>.\u00a0</p><p><strong>Note</strong>\u00a0Some files erroneously have \u201cNot applicable\u201d in the \u201cFile version\u201d column of the CSV file. This might lead to false positives or false negatives when using some third-party scan detection tools to validate the build.</p></body></html>", "edition": 4, "modified": "2020-10-22T21:52:50", "id": "KB4565351", "href": "https://support.microsoft.com/en-us/help/4565351/", "published": "2020-08-11T00:00:00", "title": "August 11, 2020\u2014KB4565351 (OS Builds 18362.1016 and 18363.1016)", "type": "mskb", "cvss": {"score": 7.7, "vector": "AV:A/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T22:37:55", "bulletinFamily": "microsoft", "cvelist": ["CVE-2020-1036", "CVE-2020-1509"], "description": "<html><body><p>Learn more about update KB4565349, including improvements and fixes, any known issues, and how to get the update.</p><h2></h2><div class=\"alert-band\"><div class=\"alert alert-info\" role=\"alert\"><div class=\"row\"><div class=\"col-xs-24\"><p><span><span><span><span><strong>IMPORTANT\u00a0</strong></span></span></span></span>Starting in July 2020, we will resume non-security releases\u00a0for Windows 10 and Windows Server, version 1809 and later. There is no change to the cumulative monthly security updates (also referred to as the \"B\" release or Update Tuesday release). For more information, see the blog post\u00a0<a data-content-id=\"\" data-content-type=\"\" href=\"https://aka.ms/resuming-optional-monthly-updates\" managed-link=\"\" target=\"_blank\">Resuming optional Windows 10 and Windows Server non-security monthly updates</a>.</p></div></div></div></div><div class=\"alert-band\"><div class=\"alert alert-info\" role=\"alert\"><div class=\"row\"><div class=\"col-xs-24\"><p><span><span><span><span><span><strong>IMPORTANT\u00a0</strong></span></span></span></span>Starting in July 2020, all Windows Updates will disable the <a href=\"https://docs.microsoft.com/en-us/windows-server/virtualization/hyper-v/deploy/deploy-graphics-devices-using-remotefx-vgpu\" managed-link=\"\" target=\"_blank\">RemoteFX vGPU</a> feature because of a security vulnerability. For more information about the vulnerability, see<a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1036\" managed-link=\"\" target=\"_blank\"> CVE-2020-1036</a> and <a data-content-id=\"4570006\" data-content-type=\"article\" href=\"\" managed-link=\"\" target=\"_blank\">KB4570006</a>. After you install this update, attempts to start virtual machines (VM) that have RemoteFX vGPU enabled will fail, and messages such as the following will appear:</span></p><ul><li><span><span><span>\u201cThe virtual machine cannot be started because all the RemoteFX-capable GPUs are disabled in Hyper-V Manager.\u201d</span></span></span></li><li><span><span><span>\u201cThe virtual machine cannot be started because the server has insufficient GPU resources.\u201d</span></span></span></li></ul><p class=\"indent-4\"><span> </span><span>If you <a href=\"https://docs.microsoft.com/en-us/windows-server/virtualization/hyper-v/plan/plan-for-gpu-acceleration-in-windows-server\" managed-link=\"\" target=\"_blank\">re-enable</a> RemoteFX vGPU, a message similar to the following will appear:</span></p><ul><li><span> \"We no longer support the RemoteFX 3D video adapter. If you are still using this adapter, you may become vulnerable to security risk. Learn more (https://go.microsoft.com/fwlink/?linkid=2131976)\u201d</span></li></ul></div></div></div></div><div class=\"alert-band\"><div class=\"alert alert-info\" role=\"alert\"><div class=\"row\"><div class=\"col-xs-24\"><p><span><span><span><span><strong>IMPORTANT </strong></span></span></span></span>We have been evaluating the public health situation and understand the impact this is having on many of our customers. To help ease some of the burdens customers are facing, we are going to delay the scheduled end of service date for the Home, Pro, Pro Education, Pro for Workstations, and IoT Core editions of Windows 10, version 1809 to November 10, 2020. This means devices will receive monthly security updates only from May to November. The final security update for these editions of Windows 10, version 1809 will be released on November 10, 2020 instead of May 12, 2020.</p></div></div></div></div><div class=\"alert-band\"><div class=\"alert alert-info\" role=\"alert\"><div class=\"row\"><div class=\"col-xs-24\"><p><span><strong>Note </strong>This release also contains updates for Microsoft HoloLens (OS Build 17763.1395) released August 11,\u00a02020.\u00a0</span>Microsoft will release an update directly to the Windows Update Client to improve Windows Update reliability on Microsoft HoloLens that have not updated to this most recent OS Build.</p></div></div></div></div><div class=\"alert-band\"><div class=\"alert alert-info\" role=\"alert\"><div class=\"row\"><div class=\"col-xs-24\"><p>For more information about the various types of Windows updates, such as critical, security, driver, service packs, and so on, please see the following <a href=\"https://support.microsoft.com/en-us/help/824684/description-of-the-standard-terminology-that-is-used-to-describe-micro\" managed-link=\"\" target=\"_blank\">article</a>.</p></div></div></div></div><h2>Highlights</h2><ul><li>Updates to improve security when using Internet Explorer and Microsoft Edge Legacy.</li><li>Updates to improve security when Windows performs basic operations.</li><li>Updates to improve security when using\u00a0input devices (such as a mouse, keyboard, or pen).</li><li><span><span><span>Updates for verifying usernames and passwords.</span></span></span></li><li><span><span><span>Updates for storing and managing files.</span></span></span></li></ul><h2>Improvements and fixes</h2><p><span>This security update includes quality improvements. Key changes include:</span></p><ul><li><span>Addresses an issue in Universal Windows Platform (UWP) apps that allows single sign-on authentication when an app does not have the Enterprise Authentication capability. With the release of <a data-content-id=\"\" data-content-type=\"\" href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1509\" managed-link=\"\" target=\"_blank\">CVE-2020-1509</a>, UWP applications might begin prompting the user for credentials.\u00a0</span></li><li>Provides the ability for a Windows Embedded Compact 2013 OS instance and applications to operate on top of Windows 10 IoT Core using\u00a0<a data-bi-name=\"content-anchor-link\" href=\"https://docs.microsoft.com/en-us/windows/iot-core/windows-ce-app-container\" managed-link=\"\" tabindex=\"0\" target=\"_blank\">Windows CE App Container</a>.\u00a0</li><li>Addresses an issue with printing to a local port that is configured as a Universal Naming Convention (UNC) path or a shared network printer. These ports no longer appear in Control Panel on the <strong>Ports</strong> tab of the <strong>Print Server Properties</strong> dialog box. This issue occurs after installing Windows Updates released between May 2020 and July 2020.</li><li><span>Security updates to the Microsoft Scripting Engine, Internet Explorer, Windows Graphics, Windows Input and Composition, Windows Media, Windows Shell, the Windows Wallet Service, Microsoft Edge Legacy, Windows Cloud Infrastructure, Windows Authentication, the Windows AI Platform, Windows Fundamentals, Windows Kernel, Windows Storage and Filesystems, Windows Update Stack, Windows File Server and Clustering, Windows Hybrid Storage Services, Windows App Platform and Frameworks, the Microsoft JET Database Engine, <span>and\u00a0</span>Windows Remote Desktop.</span></li></ul><p>If you installed earlier updates, only the new fixes contained in this package will be downloaded and installed on your device.</p><p>For more information about the resolved security vulnerabilities, please refer to the <a href=\"https://portal.msrc.microsoft.com/security-guidance\">Security Update Guide</a>.</p><div class=\"alert-band\"><div class=\"alert alert-info\" role=\"alert\"><p class=\"alert-title\">Windows Update Improvements</p><div class=\"row\"><div class=\"col-xs-24\"><p>Microsoft has released an update directly to the Windows Update client to improve reliability. Any device running Windows 10 configured to receive updates automatically from Windows Update, including Enterprise and Pro editions, will be offered the latest Windows 10 feature update based on device compatibility and Windows Update for Business deferral policy. This doesn't apply to long-term servicing editions.</p></div></div></div></div><h2>Known issues in this update</h2><table class=\"table\"><tbody><tr><td><strong>Symptom</strong></td><td><strong>Workaround</strong></td></tr><tr><td>After installing <a data-content-id=\"4493509\" data-content-type=\"article\" href=\"\" managed-link=\"\" target=\"\">KB4493509</a>, devices with some Asian language packs installed may receive the error, \"0x800f0982 - PSFX_E_MATCHING_COMPONENT_NOT_FOUND.\"</td><td><ol><li>Uninstall and reinstall any recently added language packs. For instructions, see <a data-content-id=\"4496404\" data-content-type=\"article\" href=\"\" managed-link=\"\">Manage the input and display language settings in Windows 10</a>.</li><li>Select\u00a0<strong>Check for Updates</strong> and install the April 2019 Cumulative Update. For instructions, see <a data-content-id=\"4027667\" data-content-type=\"ia\" href=\"\" managed-link=\"\">Update Windows 10</a>.</li></ol><p><strong>Note</strong> If reinstalling the language pack does not mitigate the issue, reset your PC as follows:</p><ol><li>Go to the <strong>Settings </strong>app > <strong>Recovery</strong>.</li><li>Select <strong>Get Started</strong> under the <strong>Reset this PC</strong> recovery option.</li><li>Select <strong>Keep my Files</strong>.</li></ol><p>Microsoft is working on a resolution and will provide an update in an upcoming release.</p></td></tr><tr><td>After installing KB4550969 or later, when using Microsoft Edge Legacy, you might receive the error,\u201d0x80704006. Hmmmm\u2026can\u2019t reach this page\u201d when attempting to reach websites on non-standard ports. Any website that uses a port listed in the Fetch Standard specification under bad ports or port blocking might cause this issue.</td><td><p>This issue is resolved in <a data-content-id=\"4577069\" data-content-type=\"article\" href=\"\" managed-link=\"\" target=\"_blank\">KB4577069</a>.</p></td></tr></tbody></table><h2>How to get this update</h2><p><strong>Before installing this update</strong></p><p>Microsoft strongly recommends you install the latest servicing stack update (SSU) for your operating system before installing the latest cumulative update (LCU). SSUs improve the reliability of the update process to mitigate potential issues while installing the LCU and applying Microsoft security fixes. For general information about SSUs,\u00a0see <a aria-live=\"assertive\" data-bi-name=\"content-anchor-link\" href=\"https://docs.microsoft.com/en-us/windows/deployment/update/servicing-stack-updates\" managed-link=\"\" tabindex=\"0\" target=\"_blank\">Servicing stack updates</a>\u00a0and\u00a0<a aria-live=\"assertive\" data-bi-name=\"content-anchor-link\" data-content-id=\"4535697\" data-content-type=\"article\" href=\"\" managed-link=\"\" tabindex=\"0\" target=\"_blank\">Servicing Stack Updates (SSU): Frequently Asked Questions</a>.</p><p>If you are using Windows Update, the latest SSU (<a data-content-id=\"4566424\" data-content-type=\"article\" href=\"\" managed-link=\"\" target=\"_blank\">KB4566424</a>) will be offered to you automatically. To get the standalone package for the latest SSU, search for it in the <a data-content-id=\"\" data-content-type=\"\" href=\"http://www.catalog.update.microsoft.com/home.aspx\" managed-link=\"\" target=\"_blank\">Microsoft Update Catalog</a>.</p><p><strong>Install this update</strong></p><table class=\"table\"><tbody><tr><td><strong>Release Channel</strong></td><td align=\"center\"><strong>Available</strong></td><td><strong>Next Step</strong></td></tr><tr><td>Windows Update and Microsoft Update</td><td align=\"center\">Yes</td><td>None. This update will be downloaded and installed automatically from Windows Update.</td></tr><tr><td>Microsoft Update Catalog</td><td align=\"center\">Yes</td><td>To get the standalone package for this update, go to the\u00a0<a data-content-id=\"\" data-content-type=\"\" href=\"https://www.catalog.update.microsoft.com/Search.aspx?q=KB4565349\" managed-link=\"\" target=\"\">Microsoft Update Catalog</a>\u00a0website.</td></tr><tr><td>Windows Server Update Services (WSUS)</td><td align=\"center\">Yes</td><td><p>This update will automatically sync\u00a0with WSUS if you configure <strong>Products and Classifications</strong> as follows:</p><p><strong>Product</strong>: Windows 10</p><strong>Classification</strong>: Security Updates</td></tr></tbody></table><p>\u00a0</p><p><strong>File information</strong></p><p>For a list of the files that are provided in this update, download the\u00a0<a data-content-id=\"\" data-content-type=\"\" href=\"https://download.microsoft.com/download/2/d/9/2d96e68f-824a-47b7-9f6f-8a01d8ba471d/4565349.csv\" managed-link=\"\" target=\"\">file information for cumulative update 4565349</a>.\u00a0</p><p><strong>Note</strong>\u00a0Some files erroneously have \u201cNot applicable\u201d in the \u201cFile version\u201d column of the CSV file. This might lead to false positives or false negatives when using some third-party scan detection tools to validate the build.</p></body></html>", "edition": 6, "modified": "2020-09-18T23:24:00", "id": "KB4565349", "href": "https://support.microsoft.com/en-us/help/4565349/", "published": "2020-08-11T00:00:00", "title": "August 11, 2020\u2014KB4565349 (OS Build 17763.1397)", "type": "mskb", "cvss": {"score": 7.7, "vector": "AV:A/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T22:49:49", "bulletinFamily": "microsoft", "cvelist": ["CVE-2020-1036", "CVE-2020-1509"], "description": "<html><body><p>Learn more about update KB4571694, including improvements and fixes, any known issues, and how to get the update.</p><h2></h2><div class=\"alert-band\"><div class=\"alert alert-info\" role=\"alert\"><div class=\"row\"><div class=\"col-xs-24\"><p><strong>IMPORTANT</strong> Windows 10, version 1607 has reached the end of mainstream support and is now in extended support. <span>Starting in July 2020, there will no longer be optional, non-security releases (known as <span>\"</span>C<span>\"</span>\u00a0releases) for this operating system. Operating systems in extended support have <span>only</span> cumulative monthly security updates (known as the \"B\" or Update Tuesday release).</span></p></div></div></div></div><div class=\"alert-band\"><div class=\"alert alert-info\" role=\"alert\"><div class=\"row\"><div class=\"col-xs-24\"><p><span><span><span><span><span><strong>IMPORTANT\u00a0</strong></span></span></span></span>Starting in July 2020, all Windows Updates will disable the <a href=\"https://docs.microsoft.com/en-us/windows-server/virtualization/hyper-v/deploy/deploy-graphics-devices-using-remotefx-vgpu\" managed-link=\"\" target=\"_blank\">RemoteFX vGPU</a> feature because of a security vulnerability. For more information about the vulnerability, see<a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1036\" managed-link=\"\" target=\"_blank\"> CVE-2020-1036</a> and <a data-content-id=\"4570006\" data-content-type=\"article\" href=\"\" managed-link=\"\" target=\"_blank\">KB4570006</a>. After you install this update, attempts to start virtual machines (VM) that have RemoteFX vGPU enabled will fail, and messages such as the following will appear:</span></p><ul><li><span><span><span>\u201cThe virtual machine cannot be started because all the RemoteFX-capable GPUs are disabled in Hyper-V Manager.\u201d</span></span></span></li><li><span><span><span>\u201cThe virtual machine cannot be started because the server has insufficient GPU resources.\u201d</span></span></span></li></ul><p class=\"indent-4\"><span> </span><span>If you <a href=\"https://docs.microsoft.com/en-us/windows-server/virtualization/hyper-v/plan/plan-for-gpu-acceleration-in-windows-server\" managed-link=\"\" target=\"_blank\">re-enable</a> RemoteFX vGPU, a message similar to the following will appear:</span></p><ul><li><span> \"We no longer support the RemoteFX 3D video adapter. If you are still using this adapter, you may become vulnerable to security risk. Learn more (https://go.microsoft.com/fwlink/?linkid=2131976)\u201d</span></li></ul></div></div></div></div><div class=\"alert-band\"><div class=\"alert alert-info\" role=\"alert\"><div class=\"row\"><div class=\"col-xs-24\"><p><strong><span>Reminder</span></strong><span>\u00a0The additional servicing for Windows 10 Enterprise,\u00a0<span>Education, and\u00a0</span>IoT Enterprise editions ended\u00a0on April 9, 2019 and doesn't extend beyond this date. To continue receiving security and quality updates, Microsoft recommends updating to the latest version of Windows 10.</span></p></div></div></div></div><div class=\"alert-band\"><div class=\"alert alert-info\" role=\"alert\"><div class=\"row\"><div class=\"col-xs-24\"><p><strong>Reminder\u00a0</strong>March 12, 2019\u00a0and April 9, 2019 were the last two Delta updates for Windows 10, version\u00a01607. For Long-Term Servicing Branch (LTSB) customers, security and quality updates will continue to be available via the express and full cumulative update packages. For more information on this change please visit our <a href=\"https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Windows-10-quality-updates-explained-amp-the-end-of-delta/ba-p/214426\" managed-link=\"\" target=\"_blank\">blog</a>.</p></div></div></div></div><div class=\"alert-band\"><div class=\"alert alert-info\" role=\"alert\"><div class=\"row\"><div class=\"col-xs-24\"><p><span><em>Windows 10, version 1607, reached end of service on April 10, 2018. Devices running Windows 10 Home or Pro editions will no longer receive monthly security and quality updates that contain protection from the latest security threats. </em><em>To continue receiving security and quality updates, Microsoft recommends updating to the latest version of Windows 10.</em></span></p><p><strong><span><span><span>IMPORTANT</span></span></span><span><span><span>\u00a0</span></span></span></strong><span><span>Windows 10 Enterprise and Windows 10 Education editions will receive\u00a0 additional servicing at no cost until April 9, 2019. Devices on the Long-Term Servicing Channels (LTSC) will continue to receive updates until October 2026\u00a0per the <a data-content-id=\"\" data-content-type=\"\" href=\"https://support.microsoft.com/lifecycle/search?alpha=Windows%2010\" managed-link=\"\" target=\"\">Lifecycle Policy page</a>. Windows 10 Anniversary Update (v. 1607) devices running the Intel \u201cClovertrail\u201d chipset will continue to receive updates until January 2023 per the <a data-content-id=\"\" data-content-type=\"\" href=\"https://answers.microsoft.com/{lang-locale}/windows/forum/windows_10-windows_install/intel-clover-trail-processors-are-not-supported-on/ed1823d3-c82c-4d7f-ba9d-43ecbcf526e9?auth=1\" managed-link=\"\" target=\"_blank\">Microsoft Community blog</a>.</span></span></p></div></div></div></div><div class=\"alert-band\"><div class=\"alert alert-info\" role=\"alert\"><div class=\"row\"><div class=\"col-xs-24\"><p><em><span>Windows Server 2016 Standard edition, Nano Server installation option and Windows Server 2016 Datacenter edition, Nano Server installation option </span></em><em><span><span>reached end of service on October 9, 2018</span></span></em><span><span>.<em> These editions will no longer receive monthly security and quality updates that contain protection from the latest security threats. To continue receiving security and quality updates, Microsoft recommends updating to the latest version of Windows 10.</em></span></span></p></div></div></div></div><div class=\"alert-band\"><div class=\"alert alert-info\" role=\"alert\"><div class=\"row\"><div class=\"col-xs-24\"><p><em><span><span><span>Windows 10 Mobile, version 1607, reached end of service on October 8, 2018. Devices running Windows 10 Mobile and Windows 10 Mobile Enterprise will no longer receive monthly security and quality updates that contain protection from the latest security threats. To continue receiving security and quality updates, Microsoft recommends updating to the latest version of Windows 10.</span></span></span></em></p></div></div></div></div><div class=\"alert-band\"><div class=\"alert alert-info\" role=\"alert\"><div class=\"row\"><div class=\"col-xs-24\"><p>For more information about the various types of Windows updates, such as critical, security, driver, service packs, and so on, please see the following <a data-content-id=\"824684\" data-content-type=\"article\" href=\"\" managed-link=\"\">article</a>.</p></div></div></div></div><h2>Highlights</h2><ul><li>Updates an issue that causes File Explorer to close unexpectedly when creating shortcuts.\u00a0</li><li><span><span><span>Updates for verifying usernames and passwords.</span></span></span></li><li><span>Updates to improve security when Windows performs basic operations.</span></li><li><span><span><span>Updates for storing and managing files.</span></span></span></li></ul><h2>Improvements and fixes</h2><div><p>This security update includes quality improvements. Key changes include:</p><ul><li>Addresses an issue in Microsoft Edge IE mode that occurs when you open multiple documents from a SharePoint site.\u00a0</li><li>Addresses an issue in Microsoft Edge IE mode that occurs when you browse using anchor links.\u00a0</li><li>Addresses an issue with loading Browser Helper Objects in Microsoft Edge IE mode.\u00a0</li><li>Addresses an issue that causes certain applications to stop responding when under load if they rely on the JScript Scripting Engine.\u00a0</li><li>Addresses an issue that causes new child windows to flicker and appear as white squares on server devices that are configured for stark visual contrast.\u00a0</li><li>Addresses an issue that causes File Explorer to close unexpectedly when creating shortcuts.\u00a0</li><li>Addresses an issue that causes Remote Server Administration Tools (RSAT) to stop working on Windows 10 machines. This occurs when you create or edit a Group Policy Object that contains a Scheduled Task.\u00a0</li><li>Addresses a race condition that occurs when you run multiple PowerShell scripts simultaneously.\u00a0</li><li>Addresses an issue in Universal Windows Platform (UWP) apps that allows single sign-on authentication when an app does not have the Enterprise Authentication capability. With the release of <a data-content-id=\"\" data-content-type=\"\" href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1509\" managed-link=\"\" target=\"_blank\">CVE-2020-1509</a>, UWP applications might begin prompting the user for credentials.\u00a0</li><li>Addresses an issue in cluster scenarios that causes handles to .vmcx and .vmrs files to become invalid after storage failover. As a result, live migration and other virtual machine (VM) maintenance activities fail with STATUS_UNEXPECTED_NETWORK_ERROR.</li><li>Updates the message users receive that tells them to check their phone for notifications from the Microsoft Authenticator application. This message only appears when authentication is done using the AD FS Azure Multi-Factor Authentication (MFA) adapter.\u00a0</li><li>Addresses an issue that might cause a stop error (0xC00002E3) at startup. This issue occurs after installing certain Windows Updates that were released on or after April 21, 2020.</li><li>Addresses an issue with printing to a local port that is configured as a Universal Naming Convention (UNC) path or a shared network printer. These ports no longer appear in Control Panel on the <strong>Ports</strong> tab of the <strong>Print Server Properties</strong> dialog box. This issue occurs after installing Windows Updates released between May 2020 and July 2020.</li><li>Security updates to the Microsoft Scripting Engine, Windows Media, Windows Cloud Infrastructure, Windows Authentication, Windows Kernel, Windows Storage and Filesystems, Windows File Server and Clustering, Windows App Platform and Frameworks, Windows Hybrid Storage Services, Microsoft JET Database Engine, and Windows Remote Desktop.</li></ul><p>If you installed earlier updates, only the new fixes contained in this package will be downloaded and installed on your device.</p><p>For more information about the resolved security vulnerabilities, please refer to the <a href=\"https://portal.msrc.microsoft.com/security-guidance\">Security Update Guide</a>.</p><div class=\"alert-band\"><div class=\"alert alert-info\" role=\"alert\"><p class=\"alert-title\">Windows Update Improvements</p><div class=\"row\"><div class=\"col-xs-24\"><p>Microsoft has released an update directly to the Windows Update client to improve reliability. Any device running Windows 10 configured to receive updates automatically from Windows Update, including Enterprise and Pro editions, will be offered the latest Windows 10 feature update based on device compatibility and Windows Update for Business deferral policy. This doesn't\u00a0apply to long-term servicing editions.</p></div></div></div></div></div><h2>Known issues in this update</h2><div><table class=\"table\"><tbody><tr><td><strong>Symptom</strong></td><td><strong>Workaround</strong></td></tr><tr><td>After installing <a data-content-id=\"4467684\" data-content-type=\"article\" href=\"\" managed-link=\"\">KB4467684</a>, the cluster service may fail to start with the error \u201c2245 (NERR_PasswordTooShort)\u201d if the group policy \u201cMinimum Password Length\u201d is configured with greater than 14 characters.</td><td><p>Set the domain default \"Minimum Password Length\" policy to less than or equal to 14 characters.</p><p>Microsoft is working on a resolution and will provide an update in an upcoming release.</p></td></tr></tbody></table></div><h2>How to get this update</h2><p><strong>Before installing this update</strong></p><p>Microsoft strongly recommends you install the latest servicing stack update (SSU) for your operating system before installing the latest cumulative update (LCU). SSUs improve the reliability of the update process to mitigate potential issues while installing the LCU and applying Microsoft security fixes.\u00a0For general information about SSUs,\u00a0see <a aria-live=\"assertive\" data-bi-name=\"content-anchor-link\" href=\"https://docs.microsoft.com/en-us/windows/deployment/update/servicing-stack-updates\" managed-link=\"\" tabindex=\"0\" target=\"_blank\">Servicing stack updates</a>\u00a0and\u00a0<a aria-live=\"assertive\" data-bi-name=\"content-anchor-link\" data-content-id=\"4535697\" data-content-type=\"article\" href=\"\" managed-link=\"\" tabindex=\"0\" target=\"_blank\">Servicing Stack Updates (SSU): Frequently Asked Questions</a>.</p><p>If you are using Windows Update, the latest SSU\u00a0(<a data-content-id=\"4565912\" data-content-type=\"article\" href=\"\" managed-link=\"\" target=\"_blank\">KB4565912</a>) will be offered to you automatically.\u00a0To get the standalone package for the latest\u00a0SSU, search for it in the\u00a0<a aria-live=\"assertive\" data-bi-name=\"content-anchor-link\" data-content-id=\"\" data-content-type=\"\" href=\"http://www.catalog.update.microsoft.com/home.aspx\" managed-link=\"\" tabindex=\"0\" target=\"_blank\">Microsoft Update Catalog</a>.\u00a0</p><p><strong>Install this update</strong></p><table class=\"table\"><tbody><tr><td><strong>Release Channel</strong></td><td align=\"center\"><strong>Available</strong></td><td><strong>Next Step</strong></td></tr><tr><td>Windows Update and Microsoft Update</td><td align=\"center\">Yes</td><td>None. This update will be downloaded and installed automatically from Windows Update.</td></tr><tr><td>Microsoft Update Catalog</td><td align=\"center\">Yes</td><td>To get the standalone package for this update, go to the\u00a0<a data-content-id=\"\" data-content-type=\"\" href=\"https://www.catalog.update.microsoft.com/Search.aspx?q=KB4571694\" managed-link=\"\" target=\"\">Microsoft Update Catalog</a>\u00a0website.</td></tr><tr><td>Windows Server Update Services (WSUS)</td><td align=\"center\">Yes</td><td><p>This update will automatically sync\u00a0with WSUS if you configure <strong>Products and Classifications</strong> as follows:</p><p><strong>Product</strong>: Windows 10</p><strong>Classification</strong>: Security Updates</td></tr></tbody></table><p>\u00a0</p><p><strong>File information</strong></p><p>For a list of the files that are provided in this update, download the\u00a0<a data-content-id=\"\" data-content-type=\"\" href=\"https://download.microsoft.com/download/a/1/9/a198e6cc-3807-4e17-8196-0e60812ef612/4571694.csv\" managed-link=\"\" target=\"\">file information for cumulative update 4571694</a>.\u00a0</p></body></html>", "edition": 4, "modified": "2020-09-18T23:30:46", "id": "KB4571694", "href": "https://support.microsoft.com/en-us/help/4571694/", "published": "2020-08-11T00:00:00", "title": "August 11, 2020\u2014KB4571694 (OS Build 14393.3866)", "type": "mskb", "cvss": {"score": 7.7, "vector": "AV:A/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T22:45:51", "bulletinFamily": "microsoft", "cvelist": ["CVE-2020-1036"], "description": "<html><body><p>Learn more about this security-only update, including improvements and fixes, any known issues, and how to get the update.</p><h2></h2><div class=\"alert-band\"><div class=\"alert alert-info\" role=\"alert\"><div class=\"row\"><div class=\"col-xs-24\"><p><sup><strong>NEW</strong></sup><br/><strong>IMPORTANT </strong>Release notes are changing! To learn about the new URL, metadata updates, and more, see\u00a0<a href=\"https://techcommunity.microsoft.com/t5/windows-it-pro-blog/what-s-next-for-windows-release-notes/ba-p/1754399\" managed-link=\"\" target=\"_blank\">What\u2019s next for Windows release notes</a>.</p></div></div></div></div><div class=\"alert-band\"><div class=\"alert alert-info\" role=\"alert\"><div class=\"row\"><div class=\"col-xs-24\"><p><strong>IMPORTANT</strong> Windows 8.1 and Windows Server 2012 R2 have\u00a0reached the end of mainstream support and are\u00a0now in extended support. <span>Starting in July 2020, there will no longer be optional, non-security releases (known as <span>\"</span>C<span>\"</span> releases) for this operating system. Operating systems in extended support have <span>only</span> cumulative monthly security updates (known as the \"B\" or Update Tuesday release).</span></p></div></div></div></div><div class=\"alert-band\"><div class=\"alert alert-info\" role=\"alert\"><div class=\"row\"><div class=\"col-xs-24\"><p><span><span><span><span><span><strong>IMPORTANT\u00a0</strong></span></span></span></span>Starting in July 2020, all Windows Updates will disable the <a href=\"https://docs.microsoft.com/en-us/windows-server/virtualization/hyper-v/deploy/deploy-graphics-devices-using-remotefx-vgpu\" managed-link=\"\" target=\"_blank\">RemoteFX vGPU</a> feature because of a security vulnerability. For more information about the vulnerability, see<a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1036\" managed-link=\"\" target=\"_blank\"> CVE-2020-1036</a> and <a data-content-id=\"4570006\" data-content-type=\"article\" href=\"\" managed-link=\"\" target=\"_blank\">KB4570006</a>. After you install this update, attempts to start virtual machines (VM) that have RemoteFX vGPU enabled will fail, and messages such as the following will appear:</span></p><ul><li><span><span><span>\u201cThe virtual machine cannot be started because all the RemoteFX-capable GPUs are disabled in Hyper-V Manager.\u201d</span></span></span></li><li><span><span><span>\u201cThe virtual machine cannot be started because the server has insufficient GPU resources.\u201d</span></span></span></li></ul><p class=\"indent-4\"><span> </span><span>If you <a href=\"https://docs.microsoft.com/en-us/windows-server/virtualization/hyper-v/plan/plan-for-gpu-acceleration-in-windows-server\" managed-link=\"\" target=\"_blank\">re-enable</a> RemoteFX vGPU, a message similar to the following will appear:</span></p><ul><li><span> \"We no longer support the RemoteFX 3D video adapter. If you are still using this adapter, you may become vulnerable to security risk. Learn more (https://go.microsoft.com/fwlink/?linkid=2131976)\u201d</span></li></ul></div></div></div></div><p>\u00a0</p><h2>Improvements and fixes</h2><p>This security update includes quality improvements. Key changes include:</p><ul><li>Corrects the end date for daylight savings time (DST) in 2021 for the Fiji Islands. For more information, see\u00a0<a aria-live=\"assertive\" data-bi-name=\"content-anchor-link\" data-content-id=\"\" data-content-type=\"\" href=\"https://support.microsoft.com/help/4578623\" managed-link=\"\" tabindex=\"0\" target=\"_blank\">DST correction in Windows for the Fiji Islands: October 13, 2020</a>.</li><li><span>Security updates to Windows App Platform and Frameworks, Windows Graphics, Windows Shell, Windows Silicon Platform, Windows Cloud Infrastructure, Windows Fundamentals, Windows Authentication, Windows Virtualization, Windows Kernel, Windows Core Networking, Windows Network Security and Containers, Windows Remote Desktop, and Windows SQL components.</span></li></ul><p>For more information about the resolved security vulnerabilities, please refer to the <a href=\"https://portal.msrc.microsoft.com/security-guidance\">Security Update Guide</a>.</p><h2>Known issues in this update</h2><table class=\"table\"><tbody><tr><td><strong>Symptom</strong></td><td><strong>Workaround</strong></td></tr><tr><td>Certain operations, such as <strong>rename</strong>, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, \u201cSTATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\u201d. This occurs when you perform the operation on a CSV owner node from a process that doesn\u2019t have administrator privilege.</td><td><p>Do one of the following:</p><ul><li>Perform the operation from a process that has administrator privilege.</li><li>Perform the operation from a node that doesn\u2019t have CSV ownership.</li></ul><p>Microsoft is working on a resolution and will provide an update in an upcoming release.</p></td></tr><tr><td width=\"312\"><p><span><span><span>When installing a third-party driver, you might receive the error, </span></span></span><span><span><span>\u201cWindows can\u2019t verify the publisher of this driver software\u201d. You may also see the error \u201cNo signature was present in the subject\u201d when attempting to view the signature properties using Windows Explorer.</span></span></span></p></td><td width=\"312\"><p><span><span></span></span></p><p>This issue occurs when one or more of the following is present in a driver package:</p><ul><li>An improperly formatted catalog file is identified during validation by Windows. Starting with this release, Windows will require the validity of DER encoded PKCS#7 content in catalog files. Catalogs files must be signed per section 11.6 of describing DER-encoding for SET OF members in\u00a0<a aria-live=\"assertive\" data-bi-name=\"content-anchor-link\" data-content-id=\"\" data-content-type=\"\" href=\"https://www.itu.int/rec/T-REC-X.690/\" managed-link=\"\" tabindex=\"0\" target=\"_blank\">X.690</a>.</li><li>A driver catalog file extension is not one of supported extensions.</li></ul><p>If this happens you should contact the driver vendor or device manufacturer (OEM) and ask them for an updated driver to correct the issue.</p><p><span></span></p></td></tr></tbody></table><h2>How to get this update</h2><p><strong>Before installing this update</strong></p><p>We strongly recommend that\u00a0you install the latest servicing stack update (SSU) for your operating system before you install\u00a0the latest Rollup. SSUs improve the reliability of the update process to mitigate potential issues while installing the Rollup and applying Microsoft security fixes.\u00a0For general information about SSUs,\u00a0see <a aria-live=\"assertive\" data-bi-name=\"content-anchor-link\" href=\"https://docs.microsoft.com/en-us/windows/deployment/update/servicing-stack-updates\" managed-link=\"\" tabindex=\"0\" target=\"_blank\">Servicing stack updates</a>\u00a0and\u00a0<a aria-live=\"assertive\" data-bi-name=\"content-anchor-link\" data-content-id=\"4535697\" data-content-type=\"article\" href=\"\" managed-link=\"\" tabindex=\"0\" target=\"_blank\">Servicing Stack Updates (SSU): Frequently Asked Questions</a>.</p><p>If you use\u00a0Windows Update, the latest SSU\u00a0(<a data-content-id=\"\" data-content-type=\"\" href=\"https://support.microsoft.com/help/4566425\" managed-link=\"\" target=\"_blank\">KB4566425</a>) will be offered to you automatically.\u00a0To get the standalone package for the latest\u00a0SSU, search for it in the\u00a0<a aria-live=\"assertive\" data-bi-name=\"content-anchor-link\" data-content-id=\"\" data-content-type=\"\" href=\"http://www.catalog.update.microsoft.com/home.aspx\" managed-link=\"\" tabindex=\"0\" target=\"_blank\">Microsoft Update Catalog</a>.\u00a0</p><div class=\"alert-band\"><div class=\"alert alert-info\" role=\"alert\"><div class=\"row\"><div class=\"col-xs-24\"><p><span><strong>REMINDER\u00a0</strong>If you are using Security-only updates, you will also need to install <span><span>all previous Security-only updates and</span></span> the latest cumulative update for Internet Explorer\u00a0(<a href=\"https://support.microsoft.com/help/4577010\" managed-link=\"\" target=\"_blank\">KB4577010</a>).</span></p></div></div></div></div><p>\u00a0</p><p><strong>Install this update</strong></p><table class=\"table\"><tbody><tr><td><strong>Release Channel</strong></td><td align=\"center\"><strong>Available</strong></td><td><strong>Next Step</strong></td></tr><tr><td>Windows Update and Microsoft Update</td><td align=\"center\">No</td><td>See the other options below.</td></tr><tr><td>Microsoft Update Catalog</td><td align=\"center\">Yes</td><td>To get the standalone package for this update, go to the\u00a0<a data-content-id=\"\" data-content-type=\"\" href=\"https://www.catalog.update.microsoft.com/Search.aspx?q=KB4580358\" managed-link=\"\" target=\"_blank\">Microsoft Update Catalog</a>\u00a0website.</td></tr><tr><td>Windows Server Update Services (WSUS)</td><td align=\"center\">Yes</td><td><p>This update will automatically sync\u00a0with WSUS if you configure <strong>Products and Classifications</strong> as follows:</p><p><strong>Product</strong>: Windows 8.1, Windows Server 2012 R2,\u00a0Windows Embedded 8.1 Industry Enterprise, Windows Embedded 8.1 Industry Pro</p><strong>Classification</strong>: Security Updates</td></tr></tbody></table><p>\u00a0</p><p><strong>File information</strong></p><p>For a list of the files that are provided in this update, download the\u00a0<a data-content-id=\"\" data-content-type=\"\" href=\"https://download.microsoft.com/download/c/8/a/c8a94772-fe4a-4dea-bbc5-dfceef34fa7c/4580358.csv\" managed-link=\"\" target=\"_blank\">file information for update 4580358</a>.\u00a0</p></body></html>", "edition": 2, "modified": "2020-10-24T00:45:05", "id": "KB4580358", "href": "https://support.microsoft.com/en-us/help/4580358/", "published": "2020-10-13T00:00:00", "title": "October 13, 2020\u2014KB4580358 (Security-only update)", "type": "mskb", "cvss": {"score": 7.7, "vector": "AV:A/AC:L/Au:S/C:C/I:C/A:C"}}], "mscve": [{"lastseen": "2020-08-22T11:58:43", "bulletinFamily": "microsoft", "cvelist": ["CVE-2020-1509"], "description": "An elevation of privilege vulnerability exists in the Local Security Authority Subsystem Service (LSASS) when an authenticated attacker sends a specially crafted authentication request. A remote attacker who successfully exploited this vulnerability could cause an elevation of privilege on the target system's LSASS service.\n\nThe security update addresses the vulnerability by changing the way that LSASS handles specially crafted authentication requests.\n", "edition": 2, "modified": "2020-08-11T07:00:00", "id": "MS:CVE-2020-1509", "href": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1509", "published": "2020-08-11T07:00:00", "title": "Local Security Authority Subsystem Service Elevation of Privilege Vulnerability", "type": "mscve", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2020-08-07T11:48:21", "bulletinFamily": "microsoft", "cvelist": ["CVE-2020-1036"], "description": "A remote code execution vulnerability exists when Hyper-V RemoteFX vGPU on a host server fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker could run a specially crafted application on a guest operating system, attacking certain third-party video drivers running on the Hyper-V host. This could then cause the host operating system to execute arbitrary code.\n\nAn attacker who successfully exploited the vulnerability could execute arbitrary code on the host operating system.\n\nThere is no patch to fix this vulnerability, and the update listed will forcibly disable RemoteFX when applied. More information can be found in the FAQ below.\n\nThe software listed in the Security Updates table indicates those operating systems for which RemoteFX vGPU is currently available. RemoteFX vGPU has been deprecated in Windows Server 2019 and customers are advised to use Discrete Device Assignment (DDA) instead of RemoteFX vGPU. DDA was introduced in Windows Server 2016.\n", "edition": 3, "modified": "2020-07-14T07:00:00", "id": "MS:CVE-2020-1036", "href": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1036", "published": "2020-07-14T07:00:00", "title": "Hyper-V RemoteFX vGPU Remote Code Execution Vulnerability", "type": "mscve", "cvss": {"score": 7.7, "vector": "AV:A/AC:L/Au:S/C:C/I:C/A:C"}}], "talos": [{"lastseen": "2020-07-23T15:26:52", "bulletinFamily": "info", "cvelist": ["CVE-2020-1036"], "description": "# Talos Vulnerability Report\n\n### TALOS-2020-0979\n\n## Intel IGC64.DLL shader functionality ATOMIC_ADD code execution vulnerability\n\n##### July 14, 2020\n\n##### CVE Number\n\nMicrosoft Hyper-V/RemoteFX: CVE-2020-1036\n\n### Summary\n\nAn exploitable memory corruption vulnerability exists in Intel\u2019s IGC64.DLL graphics driver, version 26.20.100.7584. A specially crafted vertex shader can cause an out-of-bounds write, which could lead to arbitrary code execution. An attacker can provide a specially crafted shader file to trigger this vulnerability. This vulnerability could potentially be triggered from guest machines running on virtualization environments (e.g. VMware, QEMU, VirtualBox etc.) to perform guest-to-host escape - as it was demonstrated before in TALOS-2018-0533, TALOS-2018-0568, etc. Theoretically, this vulnerability could be also triggered from a web browser (using WebGL and WebAssembly) but Talos has not been able to confirm this.\n\n### Tested Versions\n\nIntel IGC64.DLL (Intel Graphics Shader Compiler for Intel(R) Graphics Accelerator), version 26.20.100.7584 \nMicrosoft Hyper-V with RemoteFX enabled (CVE-2020-1036)\n\n### Product URLs\n\n[http://intel.com](<https://intel.com>)\n\n### CVSSv3 Score\n\n8.5 - CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H\n\n### CWE\n\nCWE-787: Out-of-bounds Write\n\n### Details\n\nThis vulnerability can be triggered by supplying a malformed vertex shader, leading to an out-of-bounds write in the Intel IGC64 driver (this driver is mapped by the affected component, e.g. VMware\u2019s `vmware-vmx.exe`).\n\nExample of pixel shader triggering the bug (can include only one instruction to trigger the bug):\n \n \n LEN:0004 ad 00 00 01 atomic_iadd\n \n\n`ATOMIC_ADD` is an instruction included in Shader Model 5 language and it is designed to atomically add integer to memory. \nBy emitting this single instruction it is possible to cause an arbitrary memory write:\n \n \n igc64!OpenCompiler12+338c0\n 00007ffc`7133b050 c681d000000000 mov byte ptr [rcx+0D0h],0\n WRITE_ADDRESS: 00000173c8c800d0 \n \n\nStack trace:\n \n \n 0:000> kb\n # RetAddr : Args to Child : Call Site\n 00 00007ffc`713344e3 : 00000173`c67ef750 00000173`c67e760c 00000173`c67e7624 00000173`c67e7628 : igc64!OpenCompiler12+0x338c0\n 01 00007ffc`713341a3 : 00000000`00000000 00000173`c67f0da0 00000173`c67ef750 00000173`c67e760c : igc64!OpenCompiler12+0x2cd53\n 02 00007ffc`7133406f : 00000173`c67e760c 00000173`c67e760c 00000173`c67e760c 00000173`c67eee50 : igc64!OpenCompiler12+0x2ca13\n 03 00007ffc`7130c37a : 00000173`c67e98e0 00000173`c67e9a00 00000173`c67e9a00 00000173`c67e9a00 : igc64!OpenCompiler12+0x2c8df\n 04 00007ffc`7130b6cd : 00000000`00000000 00000173`c67e80c8 00000067`b20fcac0 00007ffc`837dbabb : igc64!OpenCompiler12+0x4bea\n 05 00007ffc`7130cbf3 : 00000173`c67e8098 00007ffc`75013537 00000173`c67e8150 00000000`00000000 : igc64!OpenCompiler12+0x3f3d\n 06 00007ffc`748f7946 : 00000173`c67e7fb0 00000000`00000000 00000173`c6720d50 00000000`00000001 : igc64!OpenCompiler12+0x5463\n 07 00007ffc`750bb966 : 00000173`bfa16080 00000173`c67e7a50 00000173`c67e9720 00000067`b20fc620 : igd10iumd64!OpenAdapter10_2+0x30326\n 08 00007ffc`7cc28edc : 00000000`00000000 00000173`c67e7a38 00000173`c6716e30 00000000`00000000 : igd10iumd64!OpenAdapter10_2+0x7f4346\n 09 00007ffc`7cc3295f : 00000067`00000001 00000173`c6720d48 00000173`c67e7a38 00000173`c6716e30 : d3d11!CPixelShader::CLS::FinalConstruct+0x23c\n 0a 00007ffc`7cc3289a : 00000067`b20fe3e0 00007ffc`3ff47a18 00000173`c67e7660 00000173`bf990320 : d3d11!CLayeredObjectWithCLS<CPixelShader>::FinalConstruct+0xa3\n 0b 00007ffc`7cc1ee58 : 00000173`c67e7928 00000067`b20fe3e0 00000067`b20fe360 00007ffc`3ff47a18 : d3d11!CLayeredObjectWithCLS<CPixelShader>::CreateInstance+0x152\n 0c 00007ffc`7cc2b17d : 00000000`00000040 00000173`c67e76a8 00000173`bf989a70 00000067`0c040109 : d3d11!CDevice::CreateLayeredChild+0xc88\n 0d 00007ffc`3fed3ade : 00000173`c67e76a8 00000000`00000000 00000000`00000000 00000000`00000009 : d3d11!NDXGI::CDevice::CreateLayeredChild+0x6d\n 0e 00007ffc`3fec0d83 : 00000173`c67e7758 00000000`00000000 00000000`00000000 00000173`c67e7660 : D3D11_3SDKLayers!NDebug::CDeviceChild<ID3D11PixelShader>::FinalConstruct+0x82\n 0f 00007ffc`3fe7da23 : 00000173`c67e7690 00000173`c67e7688 00000173`c67e7688 00000173`c67e7660 : D3D11_3SDKLayers!CLayeredObject<NDebug::CPixelShader>::CreateInstance+0x167\n 10 00007ffc`7cc2b950 : 00000173`c67e7660 00000000`00000030 00000067`b20fe4d0 00000173`bf990000 : D3D11_3SDKLayers!NDebug::CDevice::CreateLayeredChild+0x773\n 11 00007ffc`7cc114f4 : 00000173`c670e350 00000067`00000009 00000173`c67e7570 00000173`c670f1e8 : d3d11!NOutermost::CDevice::CreateLayeredChild+0x1b0\n 12 00007ffc`7cc11463 : 00000173`c67e7570 00000000`0000c100 00000000`00000000 00000000`00000001 : d3d11!CDevice::CreateAndRecreateLayeredChild<SD3D11LayeredPixelShaderCreationArgs>+0x64\n 13 00007ffc`7cc111e8 : 00000173`c670f1e8 00000173`c67e7570 00000000`000000b8 00000000`00000000 : d3d11!CDevice::CreatePixelShader_Worker+0x203\n 14 00007ffc`3fea9f85 : 00000173`c670e3a8 00000173`00000001 00000173`c670e3a8 00000173`c670e3b0 : d3d11!CDevice::CreatePixelShader+0x28\n \n\n### Crash Information\n \n \n 0:000> !analyze -v\n *******************************************************************************\n * *\n * Exception Analysis *\n * *\n *******************************************************************************\n \n \n KEY_VALUES_STRING: 1\n \n \tKey : AV.Fault\n \tValue: Write\n \n \tKey : Analysis.CPU.Sec\n \tValue: 1\n \n \tKey : Analysis.Elapsed.Sec\n \tValue: 96\n \n \tKey : Analysis.Memory.CommitPeak.Mb\n \tValue: 72\n \n \tKey : Timeline.OS.Boot.DeltaSec\n \tValue: 126392\n \n \tKey : Timeline.Process.Start.DeltaSec\n \tValue: 46\n \n \n PROCESSES_ANALYSIS: 1\n \n SERVICE_ANALYSIS: 1\n \n STACKHASH_ANALYSIS: 1\n \n TIMELINE_ANALYSIS: 1\n \n Timeline: !analyze.Start\n \tName: <blank>\n \tTime: 2020-01-12T14:36:38.911Z\n \tDiff: 88 mSec\n \n Timeline: Dump.Current\n \tName: <blank>\n \tTime: 2020-01-12T14:36:39.0Z\n \tDiff: 0 mSec\n \n Timeline: Process.Start\n \tName: <blank>\n \tTime: 2020-01-12T14:35:53.0Z\n \tDiff: 46000 mSec\n \n Timeline: OS.Boot\n \tName: <blank>\n \tTime: 2020-01-11T03:30:07.0Z\n \tDiff: 126392000 mSec\n \n \n DUMP_CLASS: 2\n \n DUMP_QUALIFIER: 0\n \n MODLIST_WITH_TSCHKSUM_HASH: 68520726b589446b188e9a1fa156e8f36ea4808b\n \n MODLIST_SHA1_HASH: a128a094da68947a63ade4a350e9f21c32a899c7\n \n NTGLOBALFLAG: 70\n \n APPLICATION_VERIFIER_FLAGS: 0\n \n PRODUCT_TYPE: 1\n \n SUITE_MASK: 272\n \n DUMP_TYPE: fe\n \n FAULTING_IP: \n igc64!OpenCompiler12+338c0\n 00007ffc`7133b050 c681d000000000 mov byte ptr [rcx+0D0h],0\n \n EXCEPTION_RECORD: (.exr -1)\n ExceptionAddress: 00007ffc7133b050 (igc64!OpenCompiler12+0x00000000000338c0)\n ExceptionCode: c0000005 (Access violation)\n ExceptionFlags: 00000000\n NumberParameters: 2\n Parameter[0]: 0000000000000001\n Parameter[1]: 00000173c8c800d0\n Attempt to write to address 00000173c8c800d0\n \n FAULTING_THREAD: 00003b00\n \n DEFAULT_BUCKET_ID: INVALID_POINTER_WRITE\n \n PROCESS_NAME: SimpleBezier11.exe\n \n FOLLOWUP_IP: \n igc64!OpenCompiler12+338c0\n 00007ffc`7133b050 c681d000000000 mov byte ptr [rcx+0D0h],0\n \n WRITE_ADDRESS: 00000173c8c800d0 \n \n ERROR_CODE: (NTSTATUS) 0xc0000005 - Instrukcja w 0x%p odwo a a si do pami ci pod adresem 0x%p. Pami nie mo e by %s.\n \n EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - Instrukcja w 0x%p odwo a a si do pami ci pod adresem 0x%p. Pami nie mo e by %s.\n \n EXCEPTION_CODE_STR: c0000005\n \n EXCEPTION_PARAMETER1: 0000000000000001\n \n EXCEPTION_PARAMETER2: 00000173c8c800d0\n \n WATSON_BKT_PROCSTAMP: 5e1a4ea8\n \n WATSON_BKT_MODULE: igc64.dll\n \n WATSON_BKT_MODSTAMP: 5ddcfccd\n \n WATSON_BKT_MODOFFSET: a7b050\n \n WATSON_BKT_MODVER: 26.20.100.7584\n \n MODULE_VER_PRODUCT: Intel HD Graphics Drivers for Windows(R)\n \n BUILD_VERSION_STRING: 18362.1.amd64fre.19h1_release.190318-1202\n \n ANALYSIS_SESSION_HOST: IAMLEGION\n \n ANALYSIS_SESSION_TIME: 01-12-2020 15:36:38.0911\n \n ANALYSIS_VERSION: 10.0.18914.1001 amd64fre\n \n THREAD_ATTRIBUTES: \n OS_LOCALE: PLK\n \n BUGCHECK_STR: APPLICATION_FAULT_INVALID_POINTER_WRITE\n \n PRIMARY_PROBLEM_CLASS: APPLICATION_FAULT\n \n PROBLEM_CLASSES: \n \n \tID: [0n313]\n \tType: [@ACCESS_VIOLATION]\n \tClass: Addendum\n \tScope: BUCKET_ID\n \tName: Omit\n \tData: Omit\n \tPID: [Unspecified]\n \tTID: [0x3b00]\n \tFrame: [0] : igc64!OpenCompiler12\n \n \tID: [0n286]\n \tType: [INVALID_POINTER_WRITE]\n \tClass: Primary\n \tScope: DEFAULT_BUCKET_ID (Failure Bucket ID prefix)\n \t\t\tBUCKET_ID\n \tName: Add\n \tData: Omit\n \tPID: [Unspecified]\n \tTID: [0x3b00]\n \tFrame: [0] : igc64!OpenCompiler12\n \n LAST_CONTROL_TRANSFER: from 00007ffc713344e3 to 00007ffc7133b050\n \n STACK_TEXT: \n 00000067`b20f66c0 00007ffc`713344e3 : 00000173`c67ef750 00000173`c67e760c 00000173`c67e7624 00000173`c67e7628 : igc64!OpenCompiler12+0x338c0\n 00000067`b20fc170 00007ffc`713341a3 : 00000000`00000000 00000173`c67f0da0 00000173`c67ef750 00000173`c67e760c : igc64!OpenCompiler12+0x2cd53\n 00000067`b20fc1b0 00007ffc`7133406f : 00000173`c67e760c 00000173`c67e760c 00000173`c67e760c 00000173`c67eee50 : igc64!OpenCompiler12+0x2ca13\n 00000067`b20fc2b0 00007ffc`7130c37a : 00000173`c67e98e0 00000173`c67e9a00 00000173`c67e9a00 00000173`c67e9a00 : igc64!OpenCompiler12+0x2c8df\n 00000067`b20fc340 00007ffc`7130b6cd : 00000000`00000000 00000173`c67e80c8 00000067`b20fcac0 00007ffc`837dbabb : igc64!OpenCompiler12+0x4bea\n 00000067`b20fc3c0 00007ffc`7130cbf3 : 00000173`c67e8098 00007ffc`75013537 00000173`c67e8150 00000000`00000000 : igc64!OpenCompiler12+0x3f3d\n 00000067`b20fc480 00007ffc`748f7946 : 00000173`c67e7fb0 00000000`00000000 00000173`c6720d50 00000000`00000001 : igc64!OpenCompiler12+0x5463\n 00000067`b20fc4c0 00007ffc`750bb966 : 00000173`bfa16080 00000173`c67e7a50 00000173`c67e9720 00000067`b20fc620 : igd10iumd64!OpenAdapter10_2+0x30326\n 00000067`b20fc520 00007ffc`7cc28edc : 00000000`00000000 00000173`c67e7a38 00000173`c6716e30 00000000`00000000 : igd10iumd64!OpenAdapter10_2+0x7f4346\n 00000067`b20fc950 00007ffc`7cc3295f : 00000067`00000001 00000173`c6720d48 00000173`c67e7a38 00000173`c6716e30 : d3d11!CPixelShader::CLS::FinalConstruct+0x23c\n 00000067`b20fcbb0 00007ffc`7cc3289a : 00000067`b20fe3e0 00007ffc`3ff47a18 00000173`c67e7660 00000173`bf990320 : d3d11!CLayeredObjectWithCLS<CPixelShader>::FinalConstruct+0xa3\n 00000067`b20fcc40 00007ffc`7cc1ee58 : 00000173`c67e7928 00000067`b20fe3e0 00000067`b20fe360 00007ffc`3ff47a18 : d3d11!CLayeredObjectWithCLS<CPixelShader>::CreateInstance+0x152\n 00000067`b20fcca0 00007ffc`7cc2b17d : 00000000`00000040 00000173`c67e76a8 00000173`bf989a70 00000067`0c040109 : d3d11!CDevice::CreateLayeredChild+0xc88\n 00000067`b20fd0e0 00007ffc`3fed3ade : 00000173`c67e76a8 00000000`00000000 00000000`00000000 00000000`00000009 : d3d11!NDXGI::CDevice::CreateLayeredChild+0x6d\n 00000067`b20fd250 00007ffc`3fec0d83 : 00000173`c67e7758 00000000`00000000 00000000`00000000 00000173`c67e7660 : D3D11_3SDKLayers!NDebug::CDeviceChild<ID3D11PixelShader>::FinalConstruct+0x82\n 00000067`b20fe2e0 00007ffc`3fe7da23 : 00000173`c67e7690 00000173`c67e7688 00000173`c67e7688 00000173`c67e7660 : D3D11_3SDKLayers!CLayeredObject<NDebug::CPixelShader>::CreateInstance+0x167\n 00000067`b20fe3a0 00007ffc`7cc2b950 : 00000173`c67e7660 00000000`00000030 00000067`b20fe4d0 00000173`bf990000 : D3D11_3SDKLayers!NDebug::CDevice::CreateLayeredChild+0x773\n 00000067`b20fe490 00007ffc`7cc114f4 : 00000173`c670e350 00000067`00000009 00000173`c67e7570 00000173`c670f1e8 : d3d11!NOutermost::CDevice::CreateLayeredChild+0x1b0\n 00000067`b20fe680 00007ffc`7cc11463 : 00000173`c67e7570 00000000`0000c100 00000000`00000000 00000000`00000001 : d3d11!CDevice::CreateAndRecreateLayeredChild<SD3D11LayeredPixelShaderCreationArgs>+0x64\n 00000067`b20fe6e0 00007ffc`7cc111e8 : 00000173`c670f1e8 00000173`c67e7570 00000000`000000b8 00000000`00000000 : d3d11!CDevice::CreatePixelShader_Worker+0x203\n 00000067`b20fe890 00007ffc`3fea9f85 : 00000173`c670e3a8 00000173`00000001 00000173`c670e3a8 00000173`c670e3b0 : d3d11!CDevice::CreatePixelShader+0x28\n 00000067`b20fe8e0 00007ff7`2dad8f49 : 00000000`00000000 00000000`00000000 00000067`b20fe9b8 00000173`c67e7584 : D3D11_3SDKLayers!NDebug::CDevice::CreatePixelShader+0x115\n 00000067`b20fe950 00007ff7`2dad6bd4 : 00000173`c670e3b0 00000173`bf9a34d0 00000173`00000000 00007ff7`2dd03030 : SimpleBezier11+0x58f49\n 00000067`b20febb0 00007ff7`2da9f70e : 00000173`c670e3b0 00000173`bf9daeb0 00000000`00000000 00000000`00000000 : SimpleBezier11+0x56bd4\n 00000067`b20fefb0 00007ff7`2da9bea2 : 00000173`bfa16320 00000173`bfa16301 00000000`00000000 00000000`00000000 : SimpleBezier11+0x1f70e\n 00000067`b20ff250 00007ff7`2da9821c : 00000173`bfa16320 00470055`00000201 0065006d`005f0032 00720077`005f006d : SimpleBezier11+0x1bea2\n 00000067`b20ff640 00007ff7`2dad515b : 00007ff7`0000b000 00007ff7`2da80001 ffffffff`00000320 00000000`00000258 : SimpleBezier11+0x1821c\n 00000067`b20ff840 00007ff7`2db283bd : 00007ff7`2da80000 00000000`00000000 00000173`bf993afc 00007ff7`0000000a : SimpleBezier11+0x5515b\n 00000067`b20ff8f0 00007ff7`2db2826e : 00007ff7`2db42000 00007ff7`2db423a0 00000000`00000000 00000000`00000000 : SimpleBezier11+0xa83bd\n 00000067`b20ff930 00007ff7`2db2812e : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : SimpleBezier11+0xa826e\n 00000067`b20ff9a0 00007ff7`2db28449 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : SimpleBezier11+0xa812e\n 00000067`b20ff9d0 00007ffc`82497bd4 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : SimpleBezier11+0xa8449\n 00000067`b20ffa00 00007ffc`8380ced1 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : KERNEL32!BaseThreadInitThunk+0x14\n 00000067`b20ffa30 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!RtlUserThreadStart+0x21\n \n \n STACK_COMMAND: ~0s ; .cxr ; kb\n \n THREAD_SHA1_HASH_MOD_FUNC: 35432efb24038964cffc57d4452411c4eec32c8c\n \n THREAD_SHA1_HASH_MOD_FUNC_OFFSET: c6f1f2b85e5669d833f4df518bd941305a60161c\n \n THREAD_SHA1_HASH_MOD: b69d115479d8aa2381c6e13353a51f982422c1d8\n \n FAULT_INSTR_CODE: d081c6\n \n SYMBOL_STACK_INDEX: 0\n \n SYMBOL_NAME: igc64!OpenCompiler12+338c0\n \n FOLLOWUP_NAME: MachineOwner\n \n MODULE_NAME: igc64\n \n IMAGE_NAME: igc64.dll\n \n DEBUG_FLR_IMAGE_TIMESTAMP: 5ddcfccd\n \n FAILURE_BUCKET_ID: INVALID_POINTER_WRITE_c0000005_igc64.dll!OpenCompiler12\n \n BUCKET_ID: APPLICATION_FAULT_INVALID_POINTER_WRITE_igc64!OpenCompiler12+338c0\n \n FAILURE_EXCEPTION_CODE: c0000005\n \n FAILURE_IMAGE_NAME: igc64.dll\n \n BUCKET_ID_IMAGE_STR: igc64.dll\n \n FAILURE_MODULE_NAME: igc64\n \n BUCKET_ID_MODULE_STR: igc64\n \n FAILURE_FUNCTION_NAME: OpenCompiler12\n \n BUCKET_ID_FUNCTION_STR: OpenCompiler12\n \n BUCKET_ID_OFFSET: 338c0\n \n BUCKET_ID_MODTIMEDATESTAMP: 5ddcfccd\n \n BUCKET_ID_MODCHECKSUM: 2450ddb\n \n BUCKET_ID_MODVER_STR: 26.20.100.7584\n \n BUCKET_ID_PREFIX_STR: APPLICATION_FAULT_INVALID_POINTER_WRITE_\n \n FAILURE_PROBLEM_CLASS: APPLICATION_FAULT\n \n FAILURE_SYMBOL_NAME: igc64.dll!OpenCompiler12\n \n TARGET_TIME: 2020-01-12T14:38:15.000Z\n \n OSBUILD: 18362\n \n OSSERVICEPACK: 329\n \n SERVICEPACK_NUMBER: 0\n \n OS_REVISION: 0\n \n OSPLATFORM_TYPE: x64\n \n OSNAME: Windows 10\n \n OSEDITION: Windows 10 WinNt SingleUserTS\n \n USER_LCID: 0\n \n OSBUILD_TIMESTAMP: unknown_date\n \n BUILDDATESTAMP_STR: 190318-1202\n \n BUILDLAB_STR: 19h1_release\n \n BUILDOSVER_STR: 10.0.18362.1.amd64fre.19h1_release.190318-1202\n \n ANALYSIS_SESSION_ELAPSED_TIME: 17987\n \n ANALYSIS_SOURCE: UM\n \n FAILURE_ID_HASH_STRING: um:invalid_pointer_write_c0000005_igc64.dll!opencompiler12\n \n FAILURE_ID_HASH: {1c89f3a6-178c-7483-67bb-857d785cefd5}\n \n Followup: MachineOwner\n ---------\n \n\n### Timeline\n\n2020-01-27 - Vendor Disclosure \n2020-04-01 - Disclosure deadline extended \n2020-07-14 - Public Release\n\n##### Credit\n\nDiscovered by Piotr Bania of Cisco Talos. \n\n* * *\n\nVulnerability Reports Next Report\n\nTALOS-2020-0980\n\nPrevious Report\n\nTALOS-2020-0978\n", "edition": 3, "modified": "2020-07-14T00:00:00", "published": "2020-07-14T00:00:00", "id": "TALOS-2020-0979", "href": "http://www.talosintelligence.com/vulnerability_reports/TALOS-2020-0979", "title": "Intel IGC64.DLL shader functionality ATOMIC_ADD code execution vulnerability", "type": "talos", "cvss": {"score": 7.7, "vector": "AV:A/AC:L/Au:S/C:C/I:C/A:C"}}], "qualysblog": [{"lastseen": "2020-08-07T08:03:43", "bulletinFamily": "blog", "cvelist": ["CVE-2020-1032", "CVE-2020-1036", "CVE-2020-1040", "CVE-2020-1041", "CVE-2020-1042", "CVE-2020-1043", "CVE-2020-1147", "CVE-2020-1350", "CVE-2020-1439"], "description": "This month\u2019s Microsoft Patch Tuesday addresses 123 vulnerabilities with 18 of them labeled as Critical. The 18 Critical vulnerabilities cover Hyper-V, DNS Server, PerformancePoint, SharePoint Server, Office, Outlook, Remote Desktop, and several other workstation vulnerabilities. Adobe issued patches today for Download Manager, Media Encoder, Genuine Service, ColdFusion, and Creative Cloud.\n\n## Workstation Patches\n\nToday's patch Tuesday fixes many vulnerabilities that would impact workstations. The Office, Outlook, Remote Desktop Client, DirectWrite, Address Book, LNK, GDI+, Font Library, and VBScript vulnerabilities should be prioritized for workstation-type devices, meaning any system that is used for email or to access the internet via a browser. This includes multi-user servers that are used as remote desktops for users.\n\n## Windows DNS Server RCE\n\nAn extremely critical Remote Code Execution vulnerability ([CVE-2020-1350](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1350>)) is fixed today in all versions of Windows DNS Server. Microsoft ranks this vulnerability as "Exploitation More Likely," and according to Microsoft and the researchers at [Check Point](<https://research.checkpoint.com/>), the vulnerability is wormable. It is highly recommended to prioritize these patches on all Microsoft DNS servers, including Active Directory servers.\n\nIn a [guidance document](<https://support.microsoft.com/en-us/help/4569509/windows-dns-server-remote-code-execution-vulnerability>), Microsoft provides a workaround that involves setting the maximum TcpReceivePacketSize to prevent exploitation. If patches cannot be deployed immediately, this workaround should be considered.\n\n## Hyper-V RemoteFX vGPU RCE\n\nMicrosoft patched six similar RCE vulnerabilities ([CVE-2020-1032](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1032>), [CVE-2020-1036](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1036>), [CVE-2020-1040](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1040>), [CVE-2020-1041](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1041>), [CVE-2020-1042](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1042>), [CVE-2020-1043](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1043>)) related to the way graphics drivers are handled in Hyper-V. Since the vulnerabilities involve directly attacking the host's graphics drivers, this patch simply disables RemoteFX functionality. According to Microsoft: "RemoteFX vGPU has been deprecated in Windows Server 2019 and customers are advised to use Discrete Device Assignment (DDA) instead of RemoteFX vGPU. DDA was introduced in Windows Server 2016."\n\n## Deserialization RCEs in PerformancePoint Services, SharePoint, .NET, and Visual Studio\n\nMicrosoft also patched two RCEs in PerformancePoint Services for SharePoint Server ([CVE-2020-1439](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1439>)) along with .NET Framework, SharePoint Server, and Visual Studio ([CVE-2020-1147](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1147>)). These vulnerabilities both involve the deserialization of XML content and could lead to Remote Code Execution if exploited.\n\n## Adobe\n\nAdobe issued patches today covering multiple vulnerabilities in [Download Manager](<https://helpx.adobe.com/security/products/adm/apsb20-49.html>), [Media Encoder](<https://helpx.adobe.com/security/products/media-encoder/apsb20-36.html>), [Genuine Service](<https://helpx.adobe.com/security/products/integrity_service/apsb20-42.html>), [ColdFusion](<https://helpx.adobe.com/security/products/coldfusion/apsb20-43.html>), and [Creative Cloud](<https://helpx.adobe.com/security/products/creative-cloud/apsb20-33.html>). The patches for Creative Cloud and ColdFusion are labeled as [Priority 2](<https://helpx.adobe.com/security/severity-ratings.html>), while the remaining patches are set to [Priority 3](<https://helpx.adobe.com/security/severity-ratings.html>).\n\nWhile none of the vulnerabilities disclosed in Adobe\u2019s release are known to be Actively Attacked today, all patches should be prioritized on systems with these products installed.\n\n## About Patch Tuesday\n\nPatch Tuesday QIDs are published at [Security Alerts](<https://www.qualys.com/research/security-alerts/>), typically late in the evening of [Patch Tuesday](<https://blog.qualys.com/tag/patch-tuesday>).", "modified": "2020-07-14T18:58:08", "published": "2020-07-14T18:58:08", "id": "QUALYSBLOG:F343178EEC11B54CFAFBD0B4D505010B", "href": "https://blog.qualys.com/category/vulnerabilities-research", "type": "qualysblog", "title": "July 2020 Patch Tuesday \u2013 123 Vulnerabilities, 18 Critical, Hyper-V RemoteFX, DNS Server, Workstation, Adobe", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2021-01-20T14:25:54", "description": "The remote Windows host is missing security update 4571702\nor cumulative update 4571736. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - A remote code execution vulnerability exists when\n Windows Media Audio Codec improperly handles objects. An\n attacker who successfully exploited the vulnerability\n could take control of an affected system. There are\n multiple ways an attacker could exploit the\n vulnerability, such as by convincing a user to open a\n specially crafted document, or by convincing a user to\n visit a malicious webpage. The security update addresses\n the vulnerability by correcting how Windows Media Audio\n Codec handles objects. (CVE-2020-1339)\n\n - An elevation of privilege vulnerability exists in the\n way that the srmsvc.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2020-1475)\n\n - An information disclosure vulnerability exists when\n DirectWrite improperly discloses the contents of its\n memory. An attacker who successfully exploited the\n vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document,\n or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by\n correcting how DirectWrite handles objects in memory.\n (CVE-2020-1577)\n\n - An information disclosure vulnerability exists in RPC if\n the server has Routing and Remote Access enabled. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system (CVE-2020-1383)\n\n - A memory corruption vulnerability exists when Windows\n Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited the vulnerability\n could install programs; view, change, or delete data; or\n create new accounts with full user rights. There are\n multiple ways an attacker could exploit the\n vulnerability, such as by convincing a user to open a\n specially crafted document, or by convincing a user to\n visit a malicious webpage. The security update addresses\n the vulnerability by correcting how Windows Media\n Foundation handles objects in memory. (CVE-2020-1379,\n CVE-2020-1477, CVE-2020-1478, CVE-2020-1554)\n\n - An elevation of privilege vulnerability exists when the\n Windows kernel fails to properly handle objects in\n memory. An attacker who successfully exploited this\n vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change,\n or delete data; or create new accounts with full user\n rights. (CVE-2020-1486)\n\n - An elevation of privilege vulnerability exists when the\n Windows CSC Service improperly handles memory.\n (CVE-2020-1489, CVE-2020-1513)\n\n - An elevation of privilege vulnerability exists when\n Windows improperly handles hard links. An attacker who\n successfully exploited this vulnerability could\n overwrite a targeted file leading to an elevated status.\n (CVE-2020-1467)\n\n - A denial of service vulnerability exists in Windows\n Remote Desktop Gateway (RD Gateway) when an attacker\n connects to the target system using RDP and sends\n specially crafted requests. An attacker who successfully\n exploited this vulnerability could cause the RD Gateway\n service on the target system to stop responding.\n (CVE-2020-1466)\n\n - An elevation of privilege vulnerability exists in the\n Local Security Authority Subsystem Service (LSASS) when\n an authenticated attacker sends a specially crafted\n authentication request. A remote attacker who\n successfully exploited this vulnerability could cause an\n elevation of privilege on the target system's LSASS\n service. The security update addresses the vulnerability\n by changing the way that LSASS handles specially crafted\n authentication requests. (CVE-2020-1509)\n\n - A remote code execution vulnerability exists when the\n Windows Font Driver Host improperly handles memory. An\n attacker who successfully exploited the vulnerability\n would gain execution on a victim system. The security\n update addresses the vulnerability by correcting how the\n Windows Font Driver Host handles memory. (CVE-2020-1520)\n\n - An elevation of privilege vulnerability exists when the\n Windows UPnP Device Host improperly handles memory.\n (CVE-2020-1519, CVE-2020-1538)\n\n - An elevation of privilege vulnerability exists when the\n Windows Telephony Server improperly handles memory.\n (CVE-2020-1515)\n\n - An elevation of privilege vulnerability exists when the\n Windows File Server Resource Management Service\n improperly handles memory. (CVE-2020-1517,\n CVE-2020-1518)\n\n - An elevation of privilege vulnerability exists in the\n way that the dnsrslvr.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2020-1584)\n\n - An elevation of privilege vulnerability exists when the\n "Public Account Pictures" folder improperly\n handles junctions. (CVE-2020-1565)\n\n - An elevation of privilege vulnerability exists when the\n Windows Remote Access improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could gain elevated privileges.\n (CVE-2020-1537)\n\n - An elevation of privilege vulnerability exists when an\n attacker establishes a vulnerable Netlogon secure\n channel connection to a domain controller, using the\n Netlogon Remote Protocol (MS-NRPC). An attacker who\n successfully exploited the vulnerability could run a\n specially crafted application on a device on the\n network. (CVE-2020-1472)\n\n - An elevation of privilege vulnerability exists when the\n Windows Kernel API improperly handles registry objects\n in memory. An attacker who successfully exploited the\n vulnerability could gain elevated privileges on a\n targeted system. A locally authenticated attacker could\n exploit this vulnerability by running a specially\n crafted application. The security update addresses the\n vulnerability by helping to ensure that the Windows\n Kernel API properly handles objects in memory.\n (CVE-2020-1377, CVE-2020-1378)\n\n - An elevation of privilege vulnerability exists when the\n Windows Print Spooler service improperly allows\n arbitrary writing to the file system. An attacker who\n successfully exploited this vulnerability could run\n arbitrary code with elevated system privileges. An\n attacker could then install programs; view, change, or\n delete data; or create new accounts with full user\n rights. (CVE-2020-1337)\n\n - An information disclosure vulnerability exists when the\n Windows Image Acquisition (WIA) Service improperly\n discloses contents of its memory. An attacker who\n successfully exploited the vulnerability could obtain\n information to further compromise the users system.\n (CVE-2020-1474, CVE-2020-1485)\n\n - An elevation of privilege vulnerability exists when the\n Windows Ancillary Function Driver for WinSock improperly\n handles memory. (CVE-2020-1587)\n\n - A remote code execution vulnerability exists when the\n Windows Jet Database Engine improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on a victim\n system. An attacker could exploit this vulnerability by\n enticing a victim to open a specially crafted file. The\n update addresses the vulnerability by correcting the way\n the Windows Jet Database Engine handles objects in\n memory. (CVE-2020-1473, CVE-2020-1557, CVE-2020-1558,\n CVE-2020-1564)\n\n - A remote code execution vulnerability exists when\n Microsoft .NET Framework processes input. An attacker\n who successfully exploited this vulnerability could take\n control of an affected system. (CVE-2020-1046)\n\n - A remote code execution vulnerability exists in the way\n that the MSHTML engine improperly validates input. An\n attacker could execute arbitrary code in the context of\n the current user. (CVE-2020-1567)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Graphics Device Interface (GDI)\n handles objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2020-1529)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Internet Explorer. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2020-1380, CVE-2020-1570)\n\n - An elevation of privilege vulnerability exists when the\n Windows AppX Deployment Extensions improperly performs\n privilege management, resulting in access to system\n files. (CVE-2020-1488)\n\n - An elevation of privilege vulnerability exists when the\n Windows Function Discovery SSDP Provider improperly\n handles memory. (CVE-2020-1579)\n\n - An elevation of privilege vulnerability exists when\n ASP.NET or .NET web applications running on IIS\n improperly allow access to cached files. An attacker who\n successfully exploited this vulnerability could gain\n access to restricted files. (CVE-2020-1476)\n\n - An elevation of privilege vulnerability exists when\n Windows Remote Access improperly handles memory.\n (CVE-2020-1530)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft Graphics Components handle objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute arbitrary code on a target\n system. (CVE-2020-1562)\n\n - A spoofing vulnerability exists when Windows incorrectly\n validates file signatures. An attacker who successfully\n exploited this vulnerability could bypass security\n features and load improperly signed files. In an attack\n scenario, an attacker could bypass security features\n intended to prevent improperly signed files from being\n loaded. The update addresses the vulnerability by\n correcting how Windows validates file signatures.\n (CVE-2020-1464)", "edition": 10, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2020-08-11T00:00:00", "title": "KB4571702: Windows Server 2012 August 2020 Security Update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-1473", "CVE-2020-1587", "CVE-2020-1519", "CVE-2020-1378", "CVE-2020-1515", "CVE-2020-1567", "CVE-2020-1554", "CVE-2020-1518", "CVE-2020-1466", "CVE-2020-1584", "CVE-2020-1529", "CVE-2020-1579", "CVE-2020-1474", "CVE-2020-1558", "CVE-2020-1509", "CVE-2020-1472", "CVE-2020-1476", "CVE-2020-1046", "CVE-2020-1489", "CVE-2020-1478", "CVE-2020-1486", "CVE-2020-1537", "CVE-2020-1337", "CVE-2020-1379", "CVE-2020-1517", "CVE-2020-1565", "CVE-2020-1488", "CVE-2020-1557", "CVE-2020-1464", "CVE-2020-1380", "CVE-2020-1339", "CVE-2020-1513", "CVE-2020-1564", "CVE-2020-1467", "CVE-2020-1485", "CVE-2020-1520", "CVE-2020-1562", "CVE-2020-1538", "CVE-2020-1383", "CVE-2020-1570", "CVE-2020-1530", "CVE-2020-1477", "CVE-2020-1577", "CVE-2020-1475", "CVE-2020-1377"], "modified": "2020-08-11T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS20_AUG_4571736.NASL", "href": "https://www.tenable.com/plugins/nessus/139493", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(139493);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\n \"CVE-2020-1046\",\n \"CVE-2020-1337\",\n \"CVE-2020-1339\",\n \"CVE-2020-1377\",\n \"CVE-2020-1378\",\n \"CVE-2020-1379\",\n \"CVE-2020-1380\",\n \"CVE-2020-1383\",\n \"CVE-2020-1464\",\n \"CVE-2020-1466\",\n \"CVE-2020-1467\",\n \"CVE-2020-1472\",\n \"CVE-2020-1473\",\n \"CVE-2020-1474\",\n \"CVE-2020-1475\",\n \"CVE-2020-1476\",\n \"CVE-2020-1477\",\n \"CVE-2020-1478\",\n \"CVE-2020-1485\",\n \"CVE-2020-1486\",\n \"CVE-2020-1488\",\n \"CVE-2020-1489\",\n \"CVE-2020-1509\",\n \"CVE-2020-1513\",\n \"CVE-2020-1515\",\n \"CVE-2020-1517\",\n \"CVE-2020-1518\",\n \"CVE-2020-1519\",\n \"CVE-2020-1520\",\n \"CVE-2020-1529\",\n \"CVE-2020-1530\",\n \"CVE-2020-1537\",\n \"CVE-2020-1538\",\n \"CVE-2020-1554\",\n \"CVE-2020-1557\",\n \"CVE-2020-1558\",\n \"CVE-2020-1562\",\n \"CVE-2020-1564\",\n \"CVE-2020-1565\",\n \"CVE-2020-1567\",\n \"CVE-2020-1570\",\n \"CVE-2020-1577\",\n \"CVE-2020-1579\",\n \"CVE-2020-1584\",\n \"CVE-2020-1587\"\n );\n script_xref(name:\"MSKB\", value:\"4571736\");\n script_xref(name:\"MSKB\", value:\"4571702\");\n script_xref(name:\"MSFT\", value:\"MS20-4571736\");\n script_xref(name:\"MSFT\", value:\"MS20-4571702\");\n script_xref(name:\"IAVA\", value:\"2020-A-0367-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0438\");\n script_xref(name:\"IAVA\", value:\"0001-A-0647\");\n\n script_name(english:\"KB4571702: Windows Server 2012 August 2020 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4571702\nor cumulative update 4571736. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - A remote code execution vulnerability exists when\n Windows Media Audio Codec improperly handles objects. An\n attacker who successfully exploited the vulnerability\n could take control of an affected system. There are\n multiple ways an attacker could exploit the\n vulnerability, such as by convincing a user to open a\n specially crafted document, or by convincing a user to\n visit a malicious webpage. The security update addresses\n the vulnerability by correcting how Windows Media Audio\n Codec handles objects. (CVE-2020-1339)\n\n - An elevation of privilege vulnerability exists in the\n way that the srmsvc.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2020-1475)\n\n - An information disclosure vulnerability exists when\n DirectWrite improperly discloses the contents of its\n memory. An attacker who successfully exploited the\n vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document,\n or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by\n correcting how DirectWrite handles objects in memory.\n (CVE-2020-1577)\n\n - An information disclosure vulnerability exists in RPC if\n the server has Routing and Remote Access enabled. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system (CVE-2020-1383)\n\n - A memory corruption vulnerability exists when Windows\n Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited the vulnerability\n could install programs; view, change, or delete data; or\n create new accounts with full user rights. There are\n multiple ways an attacker could exploit the\n vulnerability, such as by convincing a user to open a\n specially crafted document, or by convincing a user to\n visit a malicious webpage. The security update addresses\n the vulnerability by correcting how Windows Media\n Foundation handles objects in memory. (CVE-2020-1379,\n CVE-2020-1477, CVE-2020-1478, CVE-2020-1554)\n\n - An elevation of privilege vulnerability exists when the\n Windows kernel fails to properly handle objects in\n memory. An attacker who successfully exploited this\n vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change,\n or delete data; or create new accounts with full user\n rights. (CVE-2020-1486)\n\n - An elevation of privilege vulnerability exists when the\n Windows CSC Service improperly handles memory.\n (CVE-2020-1489, CVE-2020-1513)\n\n - An elevation of privilege vulnerability exists when\n Windows improperly handles hard links. An attacker who\n successfully exploited this vulnerability could\n overwrite a targeted file leading to an elevated status.\n (CVE-2020-1467)\n\n - A denial of service vulnerability exists in Windows\n Remote Desktop Gateway (RD Gateway) when an attacker\n connects to the target system using RDP and sends\n specially crafted requests. An attacker who successfully\n exploited this vulnerability could cause the RD Gateway\n service on the target system to stop responding.\n (CVE-2020-1466)\n\n - An elevation of privilege vulnerability exists in the\n Local Security Authority Subsystem Service (LSASS) when\n an authenticated attacker sends a specially crafted\n authentication request. A remote attacker who\n successfully exploited this vulnerability could cause an\n elevation of privilege on the target system's LSASS\n service. The security update addresses the vulnerability\n by changing the way that LSASS handles specially crafted\n authentication requests. (CVE-2020-1509)\n\n - A remote code execution vulnerability exists when the\n Windows Font Driver Host improperly handles memory. An\n attacker who successfully exploited the vulnerability\n would gain execution on a victim system. The security\n update addresses the vulnerability by correcting how the\n Windows Font Driver Host handles memory. (CVE-2020-1520)\n\n - An elevation of privilege vulnerability exists when the\n Windows UPnP Device Host improperly handles memory.\n (CVE-2020-1519, CVE-2020-1538)\n\n - An elevation of privilege vulnerability exists when the\n Windows Telephony Server improperly handles memory.\n (CVE-2020-1515)\n\n - An elevation of privilege vulnerability exists when the\n Windows File Server Resource Management Service\n improperly handles memory. (CVE-2020-1517,\n CVE-2020-1518)\n\n - An elevation of privilege vulnerability exists in the\n way that the dnsrslvr.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2020-1584)\n\n - An elevation of privilege vulnerability exists when the\n "Public Account Pictures" folder improperly\n handles junctions. (CVE-2020-1565)\n\n - An elevation of privilege vulnerability exists when the\n Windows Remote Access improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could gain elevated privileges.\n (CVE-2020-1537)\n\n - An elevation of privilege vulnerability exists when an\n attacker establishes a vulnerable Netlogon secure\n channel connection to a domain controller, using the\n Netlogon Remote Protocol (MS-NRPC). An attacker who\n successfully exploited the vulnerability could run a\n specially crafted application on a device on the\n network. (CVE-2020-1472)\n\n - An elevation of privilege vulnerability exists when the\n Windows Kernel API improperly handles registry objects\n in memory. An attacker who successfully exploited the\n vulnerability could gain elevated privileges on a\n targeted system. A locally authenticated attacker could\n exploit this vulnerability by running a specially\n crafted application. The security update addresses the\n vulnerability by helping to ensure that the Windows\n Kernel API properly handles objects in memory.\n (CVE-2020-1377, CVE-2020-1378)\n\n - An elevation of privilege vulnerability exists when the\n Windows Print Spooler service improperly allows\n arbitrary writing to the file system. An attacker who\n successfully exploited this vulnerability could run\n arbitrary code with elevated system privileges. An\n attacker could then install programs; view, change, or\n delete data; or create new accounts with full user\n rights. (CVE-2020-1337)\n\n - An information disclosure vulnerability exists when the\n Windows Image Acquisition (WIA) Service improperly\n discloses contents of its memory. An attacker who\n successfully exploited the vulnerability could obtain\n information to further compromise the users system.\n (CVE-2020-1474, CVE-2020-1485)\n\n - An elevation of privilege vulnerability exists when the\n Windows Ancillary Function Driver for WinSock improperly\n handles memory. (CVE-2020-1587)\n\n - A remote code execution vulnerability exists when the\n Windows Jet Database Engine improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on a victim\n system. An attacker could exploit this vulnerability by\n enticing a victim to open a specially crafted file. The\n update addresses the vulnerability by correcting the way\n the Windows Jet Database Engine handles objects in\n memory. (CVE-2020-1473, CVE-2020-1557, CVE-2020-1558,\n CVE-2020-1564)\n\n - A remote code execution vulnerability exists when\n Microsoft .NET Framework processes input. An attacker\n who successfully exploited this vulnerability could take\n control of an affected system. (CVE-2020-1046)\n\n - A remote code execution vulnerability exists in the way\n that the MSHTML engine improperly validates input. An\n attacker could execute arbitrary code in the context of\n the current user. (CVE-2020-1567)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Graphics Device Interface (GDI)\n handles objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2020-1529)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Internet Explorer. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2020-1380, CVE-2020-1570)\n\n - An elevation of privilege vulnerability exists when the\n Windows AppX Deployment Extensions improperly performs\n privilege management, resulting in access to system\n files. (CVE-2020-1488)\n\n - An elevation of privilege vulnerability exists when the\n Windows Function Discovery SSDP Provider improperly\n handles memory. (CVE-2020-1579)\n\n - An elevation of privilege vulnerability exists when\n ASP.NET or .NET web applications running on IIS\n improperly allow access to cached files. An attacker who\n successfully exploited this vulnerability could gain\n access to restricted files. (CVE-2020-1476)\n\n - An elevation of privilege vulnerability exists when\n Windows Remote Access improperly handles memory.\n (CVE-2020-1530)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft Graphics Components handle objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute arbitrary code on a target\n system. (CVE-2020-1562)\n\n - A spoofing vulnerability exists when Windows incorrectly\n validates file signatures. An attacker who successfully\n exploited this vulnerability could bypass security\n features and load improperly signed files. In an attack\n scenario, an attacker could bypass security features\n intended to prevent improperly signed files from being\n loaded. The update addresses the vulnerability by\n correcting how Windows validates file signatures.\n (CVE-2020-1464)\");\n # https://support.microsoft.com/en-us/help/4571736/windows-server-2012-update\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?a0551e21\");\n # https://support.microsoft.com/en-us/help/4571702/windows-server-2012-update\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?1ece3db7\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Security Only update KB4571702 or Cumulative Update KB4571736.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-1564\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Microsoft Spooler Local Privilege Elevation Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/08/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/08/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/08/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('smb_func.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_reg_query.inc');\ninclude('install_func.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = 'MS20-08';\nkbs = make_list(\n '4571736',\n '4571702'\n);\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(win8:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\n# Windows 8 EOL\nproductname = get_kb_item_or_exit(\"SMB/ProductName\", exit_code:1);\nif (\"Windows 8\" >< productname) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:'6.2', \n sp:0,\n rollup_date:'08_2020',\n bulletin:bulletin,\n rollup_kb_list:[4571736, 4571702])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n\n\n\n\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-20T14:25:52", "description": "The remote Windows host is missing security update 4571723\nor cumulative update 4571703. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - A remote code execution vulnerability exists when\n Windows Media Audio Codec improperly handles objects. An\n attacker who successfully exploited the vulnerability\n could take control of an affected system. There are\n multiple ways an attacker could exploit the\n vulnerability, such as by convincing a user to open a\n specially crafted document, or by convincing a user to\n visit a malicious webpage. The security update addresses\n the vulnerability by correcting how Windows Media Audio\n Codec handles objects. (CVE-2020-1339)\n\n - An elevation of privilege vulnerability exists when the\n Windows Telephony Server improperly handles memory.\n (CVE-2020-1515)\n\n - An information disclosure vulnerability exists when\n DirectWrite improperly discloses the contents of its\n memory. An attacker who successfully exploited the\n vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document,\n or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by\n correcting how DirectWrite handles objects in memory.\n (CVE-2020-1577)\n\n - An information disclosure vulnerability exists in RPC if\n the server has Routing and Remote Access enabled. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system (CVE-2020-1383)\n\n - An elevation of privilege vulnerability exists when the\n Windows Work Folders Service improperly handles memory.\n (CVE-2020-1470, CVE-2020-1484, CVE-2020-1516)\n\n - An elevation of privilege vulnerability exists when the\n Windows CSC Service improperly handles memory.\n (CVE-2020-1489, CVE-2020-1513)\n\n - An elevation of privilege vulnerability exists when\n Windows improperly handles hard links. An attacker who\n successfully exploited this vulnerability could\n overwrite a targeted file leading to an elevated status.\n (CVE-2020-1467)\n\n - A denial of service vulnerability exists in Windows\n Remote Desktop Gateway (RD Gateway) when an attacker\n connects to the target system using RDP and sends\n specially crafted requests. An attacker who successfully\n exploited this vulnerability could cause the RD Gateway\n service on the target system to stop responding.\n (CVE-2020-1466)\n\n - An elevation of privilege vulnerability exists in the\n Local Security Authority Subsystem Service (LSASS) when\n an authenticated attacker sends a specially crafted\n authentication request. A remote attacker who\n successfully exploited this vulnerability could cause an\n elevation of privilege on the target system's LSASS\n service. The security update addresses the vulnerability\n by changing the way that LSASS handles specially crafted\n authentication requests. (CVE-2020-1509)\n\n - A remote code execution vulnerability exists when the\n Windows Font Driver Host improperly handles memory. An\n attacker who successfully exploited the vulnerability\n would gain execution on a victim system. The security\n update addresses the vulnerability by correcting how the\n Windows Font Driver Host handles memory. (CVE-2020-1520)\n\n - An elevation of privilege vulnerability exists when the\n Windows UPnP Device Host improperly handles memory.\n (CVE-2020-1519, CVE-2020-1538)\n\n - An elevation of privilege vulnerability exists when the\n Windows Work Folder Service improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could run processes in an elevated\n context. An attacker could exploit this vulnerability by\n running a specially crafted application on the victim\n system. The update addresses the vulnerability by\n correcting the way the Windows Work Folder Service\n handles file operations. (CVE-2020-1552)\n\n - An elevation of privilege vulnerability exists when the\n Windows Kernel API improperly handles registry objects\n in memory. An attacker who successfully exploited the\n vulnerability could gain elevated privileges on a\n targeted system. A locally authenticated attacker could\n exploit this vulnerability by running a specially\n crafted application. The security update addresses the\n vulnerability by helping to ensure that the Windows\n Kernel API properly handles objects in memory.\n (CVE-2020-1377, CVE-2020-1378)\n\n - An information disclosure vulnerability exists when\n Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. (CVE-2020-1487)\n\n - An elevation of privilege vulnerability exists when the\n Windows File Server Resource Management Service\n improperly handles memory. (CVE-2020-1517,\n CVE-2020-1518)\n\n - An elevation of privilege vulnerability exists in the\n way that the dnsrslvr.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2020-1584)\n\n - An elevation of privilege vulnerability exists when the\n "Public Account Pictures" folder improperly\n handles junctions. (CVE-2020-1565)\n\n - A spoofing vulnerability exists when Windows incorrectly\n validates file signatures. An attacker who successfully\n exploited this vulnerability could bypass security\n features and load improperly signed files. In an attack\n scenario, an attacker could bypass security features\n intended to prevent improperly signed files from being\n loaded. The update addresses the vulnerability by\n correcting how Windows validates file signatures.\n (CVE-2020-1464)\n\n - An elevation of privilege vulnerability exists when the\n Windows kernel fails to properly handle objects in\n memory. An attacker who successfully exploited this\n vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change,\n or delete data; or create new accounts with full user\n rights. (CVE-2020-1486)\n\n - An elevation of privilege vulnerability exists when an\n attacker establishes a vulnerable Netlogon secure\n channel connection to a domain controller, using the\n Netlogon Remote Protocol (MS-NRPC). An attacker who\n successfully exploited the vulnerability could run a\n specially crafted application on a device on the\n network. (CVE-2020-1472)\n\n - A memory corruption vulnerability exists when Windows\n Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited the vulnerability\n could install programs; view, change, or delete data; or\n create new accounts with full user rights. There are\n multiple ways an attacker could exploit the\n vulnerability, such as by convincing a user to open a\n specially crafted document, or by convincing a user to\n visit a malicious webpage. The security update addresses\n the vulnerability by correcting how Windows Media\n Foundation handles objects in memory. (CVE-2020-1379,\n CVE-2020-1477, CVE-2020-1478, CVE-2020-1492,\n CVE-2020-1554)\n\n - An elevation of privilege vulnerability exists when the\n Windows Print Spooler service improperly allows\n arbitrary writing to the file system. An attacker who\n successfully exploited this vulnerability could run\n arbitrary code with elevated system privileges. An\n attacker could then install programs; view, change, or\n delete data; or create new accounts with full user\n rights. (CVE-2020-1337)\n\n - An information disclosure vulnerability exists when the\n Windows Image Acquisition (WIA) Service improperly\n discloses contents of its memory. An attacker who\n successfully exploited the vulnerability could obtain\n information to further compromise the users system.\n (CVE-2020-1474, CVE-2020-1485)\n\n - An elevation of privilege vulnerability exists when the\n Windows Ancillary Function Driver for WinSock improperly\n handles memory. (CVE-2020-1587)\n\n - A remote code execution vulnerability exists when the\n Windows Jet Database Engine improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on a victim\n system. An attacker could exploit this vulnerability by\n enticing a victim to open a specially crafted file. The\n update addresses the vulnerability by correcting the way\n the Windows Jet Database Engine handles objects in\n memory. (CVE-2020-1473, CVE-2020-1557, CVE-2020-1558,\n CVE-2020-1564)\n\n - A remote code execution vulnerability exists when\n Microsoft .NET Framework processes input. An attacker\n who successfully exploited this vulnerability could take\n control of an affected system. (CVE-2020-1046)\n\n - A remote code execution vulnerability exists in the way\n that the MSHTML engine improperly validates input. An\n attacker could execute arbitrary code in the context of\n the current user. (CVE-2020-1567)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Graphics Device Interface (GDI)\n handles objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2020-1529)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Internet Explorer. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2020-1380, CVE-2020-1570)\n\n - An elevation of privilege vulnerability exists when the\n Windows AppX Deployment Extensions improperly performs\n privilege management, resulting in access to system\n files. (CVE-2020-1488)\n\n - An elevation of privilege vulnerability exists when the\n Windows Function Discovery SSDP Provider improperly\n handles memory. (CVE-2020-1579)\n\n - An elevation of privilege vulnerability exists when\n ASP.NET or .NET web applications running on IIS\n improperly allow access to cached files. An attacker who\n successfully exploited this vulnerability could gain\n access to restricted files. (CVE-2020-1476)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft Graphics Components handle objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute arbitrary code on a target\n system. (CVE-2020-1562)\n\n - An elevation of privilege vulnerability exists in the\n way that the srmsvc.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2020-1475)", "edition": 11, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2020-08-11T00:00:00", "title": "KB4571723: Windows 8.1 and Windows Server 2012 R2 August 2020 Security Update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-1473", "CVE-2020-1587", "CVE-2020-1519", "CVE-2020-1516", "CVE-2020-1378", "CVE-2020-1515", "CVE-2020-1567", "CVE-2020-1554", "CVE-2020-1518", "CVE-2020-1466", "CVE-2020-1487", "CVE-2020-1584", "CVE-2020-1529", "CVE-2020-1579", "CVE-2020-1474", "CVE-2020-1558", "CVE-2020-1509", "CVE-2020-1472", "CVE-2020-1476", "CVE-2020-1046", "CVE-2020-1489", "CVE-2020-1478", "CVE-2020-1486", "CVE-2020-1337", "CVE-2020-1379", "CVE-2020-1517", "CVE-2020-1565", "CVE-2020-1488", "CVE-2020-1557", "CVE-2020-1464", "CVE-2020-1380", "CVE-2020-1339", "CVE-2020-1513", "CVE-2020-1564", "CVE-2020-1467", "CVE-2020-1485", "CVE-2020-1552", "CVE-2020-1520", "CVE-2020-1492", "CVE-2020-1562", "CVE-2020-1538", "CVE-2020-1383", "CVE-2020-1570", "CVE-2020-1470", "CVE-2020-1477", "CVE-2020-1484", "CVE-2020-1577", "CVE-2020-1475", "CVE-2020-1377"], "modified": "2020-08-11T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS20_AUG_4571703.NASL", "href": "https://www.tenable.com/plugins/nessus/139489", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(139489);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\n \"CVE-2020-1046\",\n \"CVE-2020-1337\",\n \"CVE-2020-1339\",\n \"CVE-2020-1377\",\n \"CVE-2020-1378\",\n \"CVE-2020-1379\",\n \"CVE-2020-1380\",\n \"CVE-2020-1383\",\n \"CVE-2020-1464\",\n \"CVE-2020-1466\",\n \"CVE-2020-1467\",\n \"CVE-2020-1470\",\n \"CVE-2020-1472\",\n \"CVE-2020-1473\",\n \"CVE-2020-1474\",\n \"CVE-2020-1475\",\n \"CVE-2020-1476\",\n \"CVE-2020-1477\",\n \"CVE-2020-1478\",\n \"CVE-2020-1484\",\n \"CVE-2020-1485\",\n \"CVE-2020-1486\",\n \"CVE-2020-1487\",\n \"CVE-2020-1488\",\n \"CVE-2020-1489\",\n \"CVE-2020-1492\",\n \"CVE-2020-1509\",\n \"CVE-2020-1513\",\n \"CVE-2020-1515\",\n \"CVE-2020-1516\",\n \"CVE-2020-1517\",\n \"CVE-2020-1518\",\n \"CVE-2020-1519\",\n \"CVE-2020-1520\",\n \"CVE-2020-1529\",\n \"CVE-2020-1538\",\n \"CVE-2020-1552\",\n \"CVE-2020-1554\",\n \"CVE-2020-1557\",\n \"CVE-2020-1558\",\n \"CVE-2020-1562\",\n \"CVE-2020-1564\",\n \"CVE-2020-1565\",\n \"CVE-2020-1567\",\n \"CVE-2020-1570\",\n \"CVE-2020-1577\",\n \"CVE-2020-1579\",\n \"CVE-2020-1584\",\n \"CVE-2020-1587\"\n );\n script_xref(name:\"MSKB\", value:\"4571723\");\n script_xref(name:\"MSKB\", value:\"4571703\");\n script_xref(name:\"MSFT\", value:\"MS20-4571723\");\n script_xref(name:\"MSFT\", value:\"MS20-4571703\");\n script_xref(name:\"IAVA\", value:\"2020-A-0367-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0438\");\n script_xref(name:\"IAVA\", value:\"0001-A-0647\");\n\n script_name(english:\"KB4571723: Windows 8.1 and Windows Server 2012 R2 August 2020 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4571723\nor cumulative update 4571703. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - A remote code execution vulnerability exists when\n Windows Media Audio Codec improperly handles objects. An\n attacker who successfully exploited the vulnerability\n could take control of an affected system. There are\n multiple ways an attacker could exploit the\n vulnerability, such as by convincing a user to open a\n specially crafted document, or by convincing a user to\n visit a malicious webpage. The security update addresses\n the vulnerability by correcting how Windows Media Audio\n Codec handles objects. (CVE-2020-1339)\n\n - An elevation of privilege vulnerability exists when the\n Windows Telephony Server improperly handles memory.\n (CVE-2020-1515)\n\n - An information disclosure vulnerability exists when\n DirectWrite improperly discloses the contents of its\n memory. An attacker who successfully exploited the\n vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document,\n or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by\n correcting how DirectWrite handles objects in memory.\n (CVE-2020-1577)\n\n - An information disclosure vulnerability exists in RPC if\n the server has Routing and Remote Access enabled. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system (CVE-2020-1383)\n\n - An elevation of privilege vulnerability exists when the\n Windows Work Folders Service improperly handles memory.\n (CVE-2020-1470, CVE-2020-1484, CVE-2020-1516)\n\n - An elevation of privilege vulnerability exists when the\n Windows CSC Service improperly handles memory.\n (CVE-2020-1489, CVE-2020-1513)\n\n - An elevation of privilege vulnerability exists when\n Windows improperly handles hard links. An attacker who\n successfully exploited this vulnerability could\n overwrite a targeted file leading to an elevated status.\n (CVE-2020-1467)\n\n - A denial of service vulnerability exists in Windows\n Remote Desktop Gateway (RD Gateway) when an attacker\n connects to the target system using RDP and sends\n specially crafted requests. An attacker who successfully\n exploited this vulnerability could cause the RD Gateway\n service on the target system to stop responding.\n (CVE-2020-1466)\n\n - An elevation of privilege vulnerability exists in the\n Local Security Authority Subsystem Service (LSASS) when\n an authenticated attacker sends a specially crafted\n authentication request. A remote attacker who\n successfully exploited this vulnerability could cause an\n elevation of privilege on the target system's LSASS\n service. The security update addresses the vulnerability\n by changing the way that LSASS handles specially crafted\n authentication requests. (CVE-2020-1509)\n\n - A remote code execution vulnerability exists when the\n Windows Font Driver Host improperly handles memory. An\n attacker who successfully exploited the vulnerability\n would gain execution on a victim system. The security\n update addresses the vulnerability by correcting how the\n Windows Font Driver Host handles memory. (CVE-2020-1520)\n\n - An elevation of privilege vulnerability exists when the\n Windows UPnP Device Host improperly handles memory.\n (CVE-2020-1519, CVE-2020-1538)\n\n - An elevation of privilege vulnerability exists when the\n Windows Work Folder Service improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could run processes in an elevated\n context. An attacker could exploit this vulnerability by\n running a specially crafted application on the victim\n system. The update addresses the vulnerability by\n correcting the way the Windows Work Folder Service\n handles file operations. (CVE-2020-1552)\n\n - An elevation of privilege vulnerability exists when the\n Windows Kernel API improperly handles registry objects\n in memory. An attacker who successfully exploited the\n vulnerability could gain elevated privileges on a\n targeted system. A locally authenticated attacker could\n exploit this vulnerability by running a specially\n crafted application. The security update addresses the\n vulnerability by helping to ensure that the Windows\n Kernel API properly handles objects in memory.\n (CVE-2020-1377, CVE-2020-1378)\n\n - An information disclosure vulnerability exists when\n Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. (CVE-2020-1487)\n\n - An elevation of privilege vulnerability exists when the\n Windows File Server Resource Management Service\n improperly handles memory. (CVE-2020-1517,\n CVE-2020-1518)\n\n - An elevation of privilege vulnerability exists in the\n way that the dnsrslvr.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2020-1584)\n\n - An elevation of privilege vulnerability exists when the\n "Public Account Pictures" folder improperly\n handles junctions. (CVE-2020-1565)\n\n - A spoofing vulnerability exists when Windows incorrectly\n validates file signatures. An attacker who successfully\n exploited this vulnerability could bypass security\n features and load improperly signed files. In an attack\n scenario, an attacker could bypass security features\n intended to prevent improperly signed files from being\n loaded. The update addresses the vulnerability by\n correcting how Windows validates file signatures.\n (CVE-2020-1464)\n\n - An elevation of privilege vulnerability exists when the\n Windows kernel fails to properly handle objects in\n memory. An attacker who successfully exploited this\n vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change,\n or delete data; or create new accounts with full user\n rights. (CVE-2020-1486)\n\n - An elevation of privilege vulnerability exists when an\n attacker establishes a vulnerable Netlogon secure\n channel connection to a domain controller, using the\n Netlogon Remote Protocol (MS-NRPC). An attacker who\n successfully exploited the vulnerability could run a\n specially crafted application on a device on the\n network. (CVE-2020-1472)\n\n - A memory corruption vulnerability exists when Windows\n Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited the vulnerability\n could install programs; view, change, or delete data; or\n create new accounts with full user rights. There are\n multiple ways an attacker could exploit the\n vulnerability, such as by convincing a user to open a\n specially crafted document, or by convincing a user to\n visit a malicious webpage. The security update addresses\n the vulnerability by correcting how Windows Media\n Foundation handles objects in memory. (CVE-2020-1379,\n CVE-2020-1477, CVE-2020-1478, CVE-2020-1492,\n CVE-2020-1554)\n\n - An elevation of privilege vulnerability exists when the\n Windows Print Spooler service improperly allows\n arbitrary writing to the file system. An attacker who\n successfully exploited this vulnerability could run\n arbitrary code with elevated system privileges. An\n attacker could then install programs; view, change, or\n delete data; or create new accounts with full user\n rights. (CVE-2020-1337)\n\n - An information disclosure vulnerability exists when the\n Windows Image Acquisition (WIA) Service improperly\n discloses contents of its memory. An attacker who\n successfully exploited the vulnerability could obtain\n information to further compromise the users system.\n (CVE-2020-1474, CVE-2020-1485)\n\n - An elevation of privilege vulnerability exists when the\n Windows Ancillary Function Driver for WinSock improperly\n handles memory. (CVE-2020-1587)\n\n - A remote code execution vulnerability exists when the\n Windows Jet Database Engine improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on a victim\n system. An attacker could exploit this vulnerability by\n enticing a victim to open a specially crafted file. The\n update addresses the vulnerability by correcting the way\n the Windows Jet Database Engine handles objects in\n memory. (CVE-2020-1473, CVE-2020-1557, CVE-2020-1558,\n CVE-2020-1564)\n\n - A remote code execution vulnerability exists when\n Microsoft .NET Framework processes input. An attacker\n who successfully exploited this vulnerability could take\n control of an affected system. (CVE-2020-1046)\n\n - A remote code execution vulnerability exists in the way\n that the MSHTML engine improperly validates input. An\n attacker could execute arbitrary code in the context of\n the current user. (CVE-2020-1567)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Graphics Device Interface (GDI)\n handles objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2020-1529)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Internet Explorer. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2020-1380, CVE-2020-1570)\n\n - An elevation of privilege vulnerability exists when the\n Windows AppX Deployment Extensions improperly performs\n privilege management, resulting in access to system\n files. (CVE-2020-1488)\n\n - An elevation of privilege vulnerability exists when the\n Windows Function Discovery SSDP Provider improperly\n handles memory. (CVE-2020-1579)\n\n - An elevation of privilege vulnerability exists when\n ASP.NET or .NET web applications running on IIS\n improperly allow access to cached files. An attacker who\n successfully exploited this vulnerability could gain\n access to restricted files. (CVE-2020-1476)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft Graphics Components handle objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute arbitrary code on a target\n system. (CVE-2020-1562)\n\n - An elevation of privilege vulnerability exists in the\n way that the srmsvc.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2020-1475)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/help/4571723/windows-8-1-update\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/help/4571703/windows-8-1-update\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Security Only update KB4571723 or Cumulative Update KB4571703.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-1564\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Microsoft Spooler Local Privilege Elevation Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/08/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/08/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/08/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('smb_func.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_reg_query.inc');\ninclude('install_func.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = 'MS20-08';\nkbs = make_list(\n '4571703',\n '4571723'\n);\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(win81:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\n# Windows 8 EOL\nproductname = get_kb_item_or_exit(\"SMB/ProductName\", exit_code:1);\nif (\"Windows 8\" >< productname && \"8.1\" >!< productname)\n audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (!\n (smb_check_rollup(os:'6.3',\n sp:0,\n rollup_date:'08_2020',\n bulletin:bulletin,\n rollup_kb_list:[4571703, 4571723]) &&\n smb_check_rollup(os:'6.3',\n sp:0,\n rollup_date:'08_2020_02',\n bulletin:bulletin,\n rollup_kb_list:[4578013])\n )\n)\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\nelse\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\n\n\n\n\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-20T14:25:47", "description": "The remote Windows host is missing security update 4571694.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A memory corruption vulnerability exists when Windows\n Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited the vulnerability\n could install programs; view, change, or delete data; or\n create new accounts with full user rights. There are\n multiple ways an attacker could exploit the\n vulnerability, such as by convincing a user to open a\n specially crafted document, or by convincing a user to\n visit a malicious webpage. The security update addresses\n the vulnerability by correcting how Windows Media\n Foundation handles objects in memory. (CVE-2020-1379,\n CVE-2020-1477, CVE-2020-1478, CVE-2020-1492,\n CVE-2020-1525, CVE-2020-1554)\n\n - A remote code execution vulnerability exists when\n Windows Media Audio Codec improperly handles objects. An\n attacker who successfully exploited the vulnerability\n could take control of an affected system. There are\n multiple ways an attacker could exploit the\n vulnerability, such as by convincing a user to open a\n specially crafted document, or by convincing a user to\n visit a malicious webpage. The security update addresses\n the vulnerability by correcting how Windows Media Audio\n Codec handles objects. (CVE-2020-1339)\n\n - An elevation of privilege vulnerability exists when\n Connected User Experiences and Telemetry Service\n improperly handles file operations. An attacker who\n successfully exploited this vulnerability could run\n processes in an elevated context. An attacker could\n exploit this vulnerability by running a specially\n crafted application on the victim system. The security\n update addresses the vulnerability by correcting how the\n Connected User Experiences and Telemetry Service handles\n file operations. (CVE-2020-1511)\n\n - An elevation of privilege vulnerability exists in the\n way that the srmsvc.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2020-1475)\n\n - An elevation of privilege vulnerability exists when the\n Windows CDP User Components improperly handle memory.\n (CVE-2020-1549, CVE-2020-1550)\n\n - An information disclosure vulnerability exists when\n DirectWrite improperly discloses the contents of its\n memory. An attacker who successfully exploited the\n vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document,\n or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by\n correcting how DirectWrite handles objects in memory.\n (CVE-2020-1577)\n\n - An elevation of privilege vulnerability exists when the\n Windows Network Connection Broker improperly handles\n memory. (CVE-2020-1526)\n\n - An information disclosure vulnerability exists in RPC if\n the server has Routing and Remote Access enabled. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system (CVE-2020-1383)\n\n - An elevation of privilege vulnerability exists when the\n Windows Work Folders Service improperly handles memory.\n (CVE-2020-1470, CVE-2020-1484, CVE-2020-1516)\n\n - An elevation of privilege vulnerability exists when the\n Windows Custom Protocol Engine improperly handles\n memory. (CVE-2020-1527)\n\n - An elevation of privilege vulnerability exists when the\n Storage Service improperly handles file operations. An\n attacker who successfully exploited this vulnerability\n could gain elevated privileges on the victim system.\n (CVE-2020-1490)\n\n - An elevation of privilege vulnerability exists when the\n Windows Speech Runtime improperly handles memory.\n (CVE-2020-1521, CVE-2020-1522)\n\n - An elevation of privilege vulnerability exists when the\n Windows CSC Service improperly handles memory.\n (CVE-2020-1489, CVE-2020-1513)\n\n - An elevation of privilege vulnerability exists when the\n Windows Accounts Control improperly handles memory.\n (CVE-2020-1531)\n\n - An elevation of privilege vulnerability exists when\n Windows improperly handles hard links. An attacker who\n successfully exploited this vulnerability could\n overwrite a targeted file leading to an elevated status.\n (CVE-2020-1467)\n\n - A denial of service vulnerability exists in Windows\n Remote Desktop Gateway (RD Gateway) when an attacker\n connects to the target system using RDP and sends\n specially crafted requests. An attacker who successfully\n exploited this vulnerability could cause the RD Gateway\n service on the target system to stop responding.\n (CVE-2020-1466)\n\n - An elevation of privilege vulnerability exists in the\n Local Security Authority Subsystem Service (LSASS) when\n an authenticated attacker sends a specially crafted\n authentication request. A remote attacker who\n successfully exploited this vulnerability could cause an\n elevation of privilege on the target system's LSASS\n service. The security update addresses the vulnerability\n by changing the way that LSASS handles specially crafted\n authentication requests. (CVE-2020-1509)\n\n - A remote code execution vulnerability exists when the\n Windows Font Driver Host improperly handles memory. An\n attacker who successfully exploited the vulnerability\n would gain execution on a victim system. The security\n update addresses the vulnerability by correcting how the\n Windows Font Driver Host handles memory. (CVE-2020-1520)\n\n - An elevation of privilege vulnerability exists when the\n Windows UPnP Device Host improperly handles memory.\n (CVE-2020-1519, CVE-2020-1538)\n\n - An information disclosure vulnerability exists when the\n Windows State Repository Service improperly handles\n objects in memory. An attacker who successfully\n exploited this vulnerability could obtain information to\n further compromise the users system. An attacker could\n exploit this vulnerability by running a specially\n crafted application on the victim system. The update\n addresses the vulnerability by correcting the way the\n Windows State Repository Service handles objects in\n memory. (CVE-2020-1512)\n\n - An elevation of privilege vulnerability exists when the\n Windows Telephony Server improperly handles memory.\n (CVE-2020-1515)\n\n - An information disclosure vulnerability exists when\n Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. (CVE-2020-1487)\n\n - An elevation of privilege vulnerability exists when the\n Windows kernel fails to properly handle objects in\n memory. An attacker who successfully exploited this\n vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change,\n or delete data; or create new accounts with full user\n rights. (CVE-2020-1486, CVE-2020-1566)\n\n - An elevation of privilege vulnerability exists when the\n Windows File Server Resource Management Service\n improperly handles memory. (CVE-2020-1517,\n CVE-2020-1518)\n\n - An elevation of privilege vulnerability exists in the\n way that the dnsrslvr.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2020-1584)\n\n - An elevation of privilege vulnerability exists when the\n Windows Runtime improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could run arbitrary code in an elevated context. An\n attacker could exploit this vulnerability by running a\n specially crafted application on the victim system. The\n update addresses the vulnerability by correcting the way\n the Windows Runtime handles objects in memory.\n (CVE-2020-1553)\n\n - An elevation of privilege vulnerability exists when\n ASP.NET or .NET web applications running on IIS\n improperly allow access to cached files. An attacker who\n successfully exploited this vulnerability could gain\n access to restricted files. (CVE-2020-1476)\n\n - An elevation of privilege vulnerability exists when the\n Windows Remote Access improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could gain elevated privileges.\n (CVE-2020-1537)\n\n - An elevation of privilege vulnerability exists when the\n "Public Account Pictures" folder improperly\n handles junctions. (CVE-2020-1565)\n\n - An elevation of privilege vulnerability exists when the\n Windows Backup Service improperly handles file\n operations. (CVE-2020-1534)\n\n - A remote code execution vulnerability exists when\n Microsoft Edge PDF Reader improperly handles objects in\n memory. The vulnerability could corrupt memory in such a\n way that enables an attacker to execute arbitrary code\n in the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. If the current\n user is logged on with administrative user rights, an\n attacker could take control of an affected system. An\n attacker could then install programs; view, change, or\n delete data; or create new accounts with full user\n rights. (CVE-2020-1568)\n\n - An elevation of privilege vulnerability exists when an\n attacker establishes a vulnerable Netlogon secure\n channel connection to a domain controller, using the\n Netlogon Remote Protocol (MS-NRPC). An attacker who\n successfully exploited the vulnerability could run a\n specially crafted application on a device on the\n network. (CVE-2020-1472)\n\n - An elevation of privilege vulnerability exists when the\n Windows Kernel API improperly handles registry objects\n in memory. An attacker who successfully exploited the\n vulnerability could gain elevated privileges on a\n targeted system. A locally authenticated attacker could\n exploit this vulnerability by running a specially\n crafted application. The security update addresses the\n vulnerability by helping to ensure that the Windows\n Kernel API properly handles objects in memory.\n (CVE-2020-1377, CVE-2020-1378)\n\n - An elevation of privilege vulnerability exists when the\n Windows Print Spooler service improperly allows\n arbitrary writing to the file system. An attacker who\n successfully exploited this vulnerability could run\n arbitrary code with elevated system privileges. An\n attacker could then install programs; view, change, or\n delete data; or create new accounts with full user\n rights. (CVE-2020-1337)\n\n - An information disclosure vulnerability exists when the\n Windows Image Acquisition (WIA) Service improperly\n discloses contents of its memory. An attacker who\n successfully exploited the vulnerability could obtain\n information to further compromise the users system.\n (CVE-2020-1474, CVE-2020-1485)\n\n - An elevation of privilege vulnerability exists when the\n Windows Ancillary Function Driver for WinSock improperly\n handles memory. (CVE-2020-1587)\n\n - A remote code execution vulnerability exists when the\n Windows Jet Database Engine improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on a victim\n system. An attacker could exploit this vulnerability by\n enticing a victim to open a specially crafted file. The\n update addresses the vulnerability by correcting the way\n the Windows Jet Database Engine handles objects in\n memory. (CVE-2020-1473, CVE-2020-1557, CVE-2020-1558,\n CVE-2020-1564)\n\n - A remote code execution vulnerability exists when\n Microsoft .NET Framework processes input. An attacker\n who successfully exploited this vulnerability could take\n control of an affected system. (CVE-2020-1046)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows WalletService handles objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute code with elevated\n permissions. (CVE-2020-1533, CVE-2020-1556)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Graphics Device Interface (GDI)\n handles objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2020-1529)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Internet Explorer. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2020-1380, CVE-2020-1570)\n\n - An elevation of privilege vulnerability exists when the\n Windows AppX Deployment Extensions improperly performs\n privilege management, resulting in access to system\n files. (CVE-2020-1488)\n\n - An elevation of privilege vulnerability exists when the\n Windows Function Discovery SSDP Provider improperly\n handles memory. (CVE-2020-1579)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft Graphics Components handle objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute arbitrary code on a target\n system. (CVE-2020-1561, CVE-2020-1562)\n\n - An elevation of privilege vulnerability exists when the\n Windows Work Folder Service improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could run processes in an elevated\n context. An attacker could exploit this vulnerability by\n running a specially crafted application on the victim\n system. The update addresses the vulnerability by\n correcting the way the Windows Work Folder Service\n handles file operations. (CVE-2020-1552)\n\n - An elevation of privilege vulnerability exists when\n Windows Remote Access improperly handles memory.\n (CVE-2020-1530)\n\n - A remote code execution vulnerability exists in the way\n that the MSHTML engine improperly validates input. An\n attacker could execute arbitrary code in the context of\n the current user. (CVE-2020-1567)\n\n - A spoofing vulnerability exists when Windows incorrectly\n validates file signatures. An attacker who successfully\n exploited this vulnerability could bypass security\n features and load improperly signed files. In an attack\n scenario, an attacker could bypass security features\n intended to prevent improperly signed files from being\n loaded. The update addresses the vulnerability by\n correcting how Windows validates file signatures.\n (CVE-2020-1464)", "edition": 10, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2020-08-11T00:00:00", "title": "KB4571694: Windows 10 Version 1607 and Windows Server 2016 August 2020 Security Update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-1473", "CVE-2020-1587", "CVE-2020-1519", "CVE-2020-1533", "CVE-2020-1516", "CVE-2020-1525", "CVE-2020-1549", "CVE-2020-1378", "CVE-2020-1515", "CVE-2020-1526", "CVE-2020-1567", "CVE-2020-1553", "CVE-2020-1554", "CVE-2020-1518", "CVE-2020-1466", "CVE-2020-1487", "CVE-2020-1584", "CVE-2020-1561", "CVE-2020-1529", "CVE-2020-1534", "CVE-2020-1579", "CVE-2020-1474", "CVE-2020-1558", "CVE-2020-1509", "CVE-2020-1472", "CVE-2020-1476", "CVE-2020-1521", "CVE-2020-1046", "CVE-2020-1489", "CVE-2020-1478", "CVE-2020-1486", "CVE-2020-1537", "CVE-2020-1556", "CVE-2020-1337", "CVE-2020-1379", "CVE-2020-1517", "CVE-2020-1511", "CVE-2020-1522", "CVE-2020-1565", "CVE-2020-1488", "CVE-2020-1557", "CVE-2020-1464", "CVE-2020-1380", "CVE-2020-1531", "CVE-2020-1568", "CVE-2020-1339", "CVE-2020-1566", "CVE-2020-1513", "CVE-2020-1564", "CVE-2020-1467", "CVE-2020-1550", "CVE-2020-1485", "CVE-2020-1552", "CVE-2020-1527", "CVE-2020-1520", "CVE-2020-1492", "CVE-2020-1562", "CVE-2020-1490", "CVE-2020-1538", "CVE-2020-1512", "CVE-2020-1383", "CVE-2020-1570", "CVE-2020-1530", "CVE-2020-1470", "CVE-2020-1477", "CVE-2020-1484", "CVE-2020-1577", "CVE-2020-1475", "CVE-2020-1377"], "modified": "2020-08-11T00:00:00", "cpe": ["cpe:/o:microsoft:windows", "cpe:/a:microsoft:edge"], "id": "SMB_NT_MS20_AUG_4571694.NASL", "href": "https://www.tenable.com/plugins/nessus/139488", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(139488);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\n \"CVE-2020-1046\",\n \"CVE-2020-1337\",\n \"CVE-2020-1339\",\n \"CVE-2020-1377\",\n \"CVE-2020-1378\",\n \"CVE-2020-1379\",\n \"CVE-2020-1380\",\n \"CVE-2020-1383\",\n \"CVE-2020-1464\",\n \"CVE-2020-1466\",\n \"CVE-2020-1467\",\n \"CVE-2020-1470\",\n \"CVE-2020-1472\",\n \"CVE-2020-1473\",\n \"CVE-2020-1474\",\n \"CVE-2020-1475\",\n \"CVE-2020-1476\",\n \"CVE-2020-1477\",\n \"CVE-2020-1478\",\n \"CVE-2020-1484\",\n \"CVE-2020-1485\",\n \"CVE-2020-1486\",\n \"CVE-2020-1487\",\n \"CVE-2020-1488\",\n \"CVE-2020-1489\",\n \"CVE-2020-1490\",\n \"CVE-2020-1492\",\n \"CVE-2020-1509\",\n \"CVE-2020-1511\",\n \"CVE-2020-1512\",\n \"CVE-2020-1513\",\n \"CVE-2020-1515\",\n \"CVE-2020-1516\",\n \"CVE-2020-1517\",\n \"CVE-2020-1518\",\n \"CVE-2020-1519\",\n \"CVE-2020-1520\",\n \"CVE-2020-1521\",\n \"CVE-2020-1522\",\n \"CVE-2020-1525\",\n \"CVE-2020-1526\",\n \"CVE-2020-1527\",\n \"CVE-2020-1529\",\n \"CVE-2020-1530\",\n \"CVE-2020-1531\",\n \"CVE-2020-1533\",\n \"CVE-2020-1534\",\n \"CVE-2020-1537\",\n \"CVE-2020-1538\",\n \"CVE-2020-1549\",\n \"CVE-2020-1550\",\n \"CVE-2020-1552\",\n \"CVE-2020-1553\",\n \"CVE-2020-1554\",\n \"CVE-2020-1556\",\n \"CVE-2020-1557\",\n \"CVE-2020-1558\",\n \"CVE-2020-1561\",\n \"CVE-2020-1562\",\n \"CVE-2020-1564\",\n \"CVE-2020-1565\",\n \"CVE-2020-1566\",\n \"CVE-2020-1567\",\n \"CVE-2020-1568\",\n \"CVE-2020-1570\",\n \"CVE-2020-1577\",\n \"CVE-2020-1579\",\n \"CVE-2020-1584\",\n \"CVE-2020-1587\"\n );\n script_xref(name:\"MSKB\", value:\"4571694\");\n script_xref(name:\"MSFT\", value:\"MS20-4571694\");\n script_xref(name:\"IAVA\", value:\"2020-A-0361-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0367-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0370-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0438\");\n script_xref(name:\"IAVA\", value:\"0001-A-0647\");\n\n script_name(english:\"KB4571694: Windows 10 Version 1607 and Windows Server 2016 August 2020 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4571694.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A memory corruption vulnerability exists when Windows\n Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited the vulnerability\n could install programs; view, change, or delete data; or\n create new accounts with full user rights. There are\n multiple ways an attacker could exploit the\n vulnerability, such as by convincing a user to open a\n specially crafted document, or by convincing a user to\n visit a malicious webpage. The security update addresses\n the vulnerability by correcting how Windows Media\n Foundation handles objects in memory. (CVE-2020-1379,\n CVE-2020-1477, CVE-2020-1478, CVE-2020-1492,\n CVE-2020-1525, CVE-2020-1554)\n\n - A remote code execution vulnerability exists when\n Windows Media Audio Codec improperly handles objects. An\n attacker who successfully exploited the vulnerability\n could take control of an affected system. There are\n multiple ways an attacker could exploit the\n vulnerability, such as by convincing a user to open a\n specially crafted document, or by convincing a user to\n visit a malicious webpage. The security update addresses\n the vulnerability by correcting how Windows Media Audio\n Codec handles objects. (CVE-2020-1339)\n\n - An elevation of privilege vulnerability exists when\n Connected User Experiences and Telemetry Service\n improperly handles file operations. An attacker who\n successfully exploited this vulnerability could run\n processes in an elevated context. An attacker could\n exploit this vulnerability by running a specially\n crafted application on the victim system. The security\n update addresses the vulnerability by correcting how the\n Connected User Experiences and Telemetry Service handles\n file operations. (CVE-2020-1511)\n\n - An elevation of privilege vulnerability exists in the\n way that the srmsvc.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2020-1475)\n\n - An elevation of privilege vulnerability exists when the\n Windows CDP User Components improperly handle memory.\n (CVE-2020-1549, CVE-2020-1550)\n\n - An information disclosure vulnerability exists when\n DirectWrite improperly discloses the contents of its\n memory. An attacker who successfully exploited the\n vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document,\n or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by\n correcting how DirectWrite handles objects in memory.\n (CVE-2020-1577)\n\n - An elevation of privilege vulnerability exists when the\n Windows Network Connection Broker improperly handles\n memory. (CVE-2020-1526)\n\n - An information disclosure vulnerability exists in RPC if\n the server has Routing and Remote Access enabled. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system (CVE-2020-1383)\n\n - An elevation of privilege vulnerability exists when the\n Windows Work Folders Service improperly handles memory.\n (CVE-2020-1470, CVE-2020-1484, CVE-2020-1516)\n\n - An elevation of privilege vulnerability exists when the\n Windows Custom Protocol Engine improperly handles\n memory. (CVE-2020-1527)\n\n - An elevation of privilege vulnerability exists when the\n Storage Service improperly handles file operations. An\n attacker who successfully exploited this vulnerability\n could gain elevated privileges on the victim system.\n (CVE-2020-1490)\n\n - An elevation of privilege vulnerability exists when the\n Windows Speech Runtime improperly handles memory.\n (CVE-2020-1521, CVE-2020-1522)\n\n - An elevation of privilege vulnerability exists when the\n Windows CSC Service improperly handles memory.\n (CVE-2020-1489, CVE-2020-1513)\n\n - An elevation of privilege vulnerability exists when the\n Windows Accounts Control improperly handles memory.\n (CVE-2020-1531)\n\n - An elevation of privilege vulnerability exists when\n Windows improperly handles hard links. An attacker who\n successfully exploited this vulnerability could\n overwrite a targeted file leading to an elevated status.\n (CVE-2020-1467)\n\n - A denial of service vulnerability exists in Windows\n Remote Desktop Gateway (RD Gateway) when an attacker\n connects to the target system using RDP and sends\n specially crafted requests. An attacker who successfully\n exploited this vulnerability could cause the RD Gateway\n service on the target system to stop responding.\n (CVE-2020-1466)\n\n - An elevation of privilege vulnerability exists in the\n Local Security Authority Subsystem Service (LSASS) when\n an authenticated attacker sends a specially crafted\n authentication request. A remote attacker who\n successfully exploited this vulnerability could cause an\n elevation of privilege on the target system's LSASS\n service. The security update addresses the vulnerability\n by changing the way that LSASS handles specially crafted\n authentication requests. (CVE-2020-1509)\n\n - A remote code execution vulnerability exists when the\n Windows Font Driver Host improperly handles memory. An\n attacker who successfully exploited the vulnerability\n would gain execution on a victim system. The security\n update addresses the vulnerability by correcting how the\n Windows Font Driver Host handles memory. (CVE-2020-1520)\n\n - An elevation of privilege vulnerability exists when the\n Windows UPnP Device Host improperly handles memory.\n (CVE-2020-1519, CVE-2020-1538)\n\n - An information disclosure vulnerability exists when the\n Windows State Repository Service improperly handles\n objects in memory. An attacker who successfully\n exploited this vulnerability could obtain information to\n further compromise the users system. An attacker could\n exploit this vulnerability by running a specially\n crafted application on the victim system. The update\n addresses the vulnerability by correcting the way the\n Windows State Repository Service handles objects in\n memory. (CVE-2020-1512)\n\n - An elevation of privilege vulnerability exists when the\n Windows Telephony Server improperly handles memory.\n (CVE-2020-1515)\n\n - An information disclosure vulnerability exists when\n Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. (CVE-2020-1487)\n\n - An elevation of privilege vulnerability exists when the\n Windows kernel fails to properly handle objects in\n memory. An attacker who successfully exploited this\n vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change,\n or delete data; or create new accounts with full user\n rights. (CVE-2020-1486, CVE-2020-1566)\n\n - An elevation of privilege vulnerability exists when the\n Windows File Server Resource Management Service\n improperly handles memory. (CVE-2020-1517,\n CVE-2020-1518)\n\n - An elevation of privilege vulnerability exists in the\n way that the dnsrslvr.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2020-1584)\n\n - An elevation of privilege vulnerability exists when the\n Windows Runtime improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could run arbitrary code in an elevated context. An\n attacker could exploit this vulnerability by running a\n specially crafted application on the victim system. The\n update addresses the vulnerability by correcting the way\n the Windows Runtime handles objects in memory.\n (CVE-2020-1553)\n\n - An elevation of privilege vulnerability exists when\n ASP.NET or .NET web applications running on IIS\n improperly allow access to cached files. An attacker who\n successfully exploited this vulnerability could gain\n access to restricted files. (CVE-2020-1476)\n\n - An elevation of privilege vulnerability exists when the\n Windows Remote Access improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could gain elevated privileges.\n (CVE-2020-1537)\n\n - An elevation of privilege vulnerability exists when the\n "Public Account Pictures" folder improperly\n handles junctions. (CVE-2020-1565)\n\n - An elevation of privilege vulnerability exists when the\n Windows Backup Service improperly handles file\n operations. (CVE-2020-1534)\n\n - A remote code execution vulnerability exists when\n Microsoft Edge PDF Reader improperly handles objects in\n memory. The vulnerability could corrupt memory in such a\n way that enables an attacker to execute arbitrary code\n in the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. If the current\n user is logged on with administrative user rights, an\n attacker could take control of an affected system. An\n attacker could then install programs; view, change, or\n delete data; or create new accounts with full user\n rights. (CVE-2020-1568)\n\n - An elevation of privilege vulnerability exists when an\n attacker establishes a vulnerable Netlogon secure\n channel connection to a domain controller, using the\n Netlogon Remote Protocol (MS-NRPC). An attacker who\n successfully exploited the vulnerability could run a\n specially crafted application on a device on the\n network. (CVE-2020-1472)\n\n - An elevation of privilege vulnerability exists when the\n Windows Kernel API improperly handles registry objects\n in memory. An attacker who successfully exploited the\n vulnerability could gain elevated privileges on a\n targeted system. A locally authenticated attacker could\n exploit this vulnerability by running a specially\n crafted application. The security update addresses the\n vulnerability by helping to ensure that the Windows\n Kernel API properly handles objects in memory.\n (CVE-2020-1377, CVE-2020-1378)\n\n - An elevation of privilege vulnerability exists when the\n Windows Print Spooler service improperly allows\n arbitrary writing to the file system. An attacker who\n successfully exploited this vulnerability could run\n arbitrary code with elevated system privileges. An\n attacker could then install programs; view, change, or\n delete data; or create new accounts with full user\n rights. (CVE-2020-1337)\n\n - An information disclosure vulnerability exists when the\n Windows Image Acquisition (WIA) Service improperly\n discloses contents of its memory. An attacker who\n successfully exploited the vulnerability could obtain\n information to further compromise the users system.\n (CVE-2020-1474, CVE-2020-1485)\n\n - An elevation of privilege vulnerability exists when the\n Windows Ancillary Function Driver for WinSock improperly\n handles memory. (CVE-2020-1587)\n\n - A remote code execution vulnerability exists when the\n Windows Jet Database Engine improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on a victim\n system. An attacker could exploit this vulnerability by\n enticing a victim to open a specially crafted file. The\n update addresses the vulnerability by correcting the way\n the Windows Jet Database Engine handles objects in\n memory. (CVE-2020-1473, CVE-2020-1557, CVE-2020-1558,\n CVE-2020-1564)\n\n - A remote code execution vulnerability exists when\n Microsoft .NET Framework processes input. An attacker\n who successfully exploited this vulnerability could take\n control of an affected system. (CVE-2020-1046)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows WalletService handles objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute code with elevated\n permissions. (CVE-2020-1533, CVE-2020-1556)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Graphics Device Interface (GDI)\n handles objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2020-1529)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Internet Explorer. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2020-1380, CVE-2020-1570)\n\n - An elevation of privilege vulnerability exists when the\n Windows AppX Deployment Extensions improperly performs\n privilege management, resulting in access to system\n files. (CVE-2020-1488)\n\n - An elevation of privilege vulnerability exists when the\n Windows Function Discovery SSDP Provider improperly\n handles memory. (CVE-2020-1579)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft Graphics Components handle objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute arbitrary code on a target\n system. (CVE-2020-1561, CVE-2020-1562)\n\n - An elevation of privilege vulnerability exists when the\n Windows Work Folder Service improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could run processes in an elevated\n context. An attacker could exploit this vulnerability by\n running a specially crafted application on the victim\n system. The update addresses the vulnerability by\n correcting the way the Windows Work Folder Service\n handles file operations. (CVE-2020-1552)\n\n - An elevation of privilege vulnerability exists when\n Windows Remote Access improperly handles memory.\n (CVE-2020-1530)\n\n - A remote code execution vulnerability exists in the way\n that the MSHTML engine improperly validates input. An\n attacker could execute arbitrary code in the context of\n the current user. (CVE-2020-1567)\n\n - A spoofing vulnerability exists when Windows incorrectly\n validates file signatures. An attacker who successfully\n exploited this vulnerability could bypass security\n features and load improperly signed files. In an attack\n scenario, an attacker could bypass security features\n intended to prevent improperly signed files from being\n loaded. The update addresses the vulnerability by\n correcting how Windows validates file signatures.\n (CVE-2020-1464)\");\n # https://support.microsoft.com/en-us/help/4571694/windows-10-update-kb4571694\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?1446acfc\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update KB4571694.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-1564\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Microsoft Spooler Local Privilege Elevation Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/08/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/08/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/08/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('smb_func.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_reg_query.inc');\ninclude('install_func.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = 'MS20-08';\nkbs = make_list(\n '4571694'\n);\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:'10',\n sp:0,\n os_build:'14393',\n rollup_date:'08_2020',\n bulletin:bulletin,\n rollup_kb_list:[4571694])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n\n\n\n\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-20T14:25:47", "description": "The remote Windows host is missing security update 4571692.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A memory corruption vulnerability exists when Windows\n Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited the vulnerability\n could install programs; view, change, or delete data; or\n create new accounts with full user rights. There are\n multiple ways an attacker could exploit the\n vulnerability, such as by convincing a user to open a\n specially crafted document, or by convincing a user to\n visit a malicious webpage. The security update addresses\n the vulnerability by correcting how Windows Media\n Foundation handles objects in memory. (CVE-2020-1379,\n CVE-2020-1477, CVE-2020-1478, CVE-2020-1492,\n CVE-2020-1525, CVE-2020-1554)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows WalletService handles objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute code with elevated\n permissions. (CVE-2020-1533, CVE-2020-1556)\n\n - An elevation of privilege vulnerability exists when\n Connected User Experiences and Telemetry Service\n improperly handles file operations. An attacker who\n successfully exploited this vulnerability could run\n processes in an elevated context. An attacker could\n exploit this vulnerability by running a specially\n crafted application on the victim system. The security\n update addresses the vulnerability by correcting how the\n Connected User Experiences and Telemetry Service handles\n file operations. (CVE-2020-1511)\n\n - A remote code execution vulnerability exists when\n Windows Media Audio Codec improperly handles objects. An\n attacker who successfully exploited the vulnerability\n could take control of an affected system. There are\n multiple ways an attacker could exploit the\n vulnerability, such as by convincing a user to open a\n specially crafted document, or by convincing a user to\n visit a malicious webpage. The security update addresses\n the vulnerability by correcting how Windows Media Audio\n Codec handles objects. (CVE-2020-1339)\n\n - An information disclosure vulnerability exists when\n DirectWrite improperly discloses the contents of its\n memory. An attacker who successfully exploited the\n vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document,\n or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by\n correcting how DirectWrite handles objects in memory.\n (CVE-2020-1577)\n\n - An information disclosure vulnerability exists in RPC if\n the server has Routing and Remote Access enabled. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system (CVE-2020-1383)\n\n - An elevation of privilege vulnerability exists when the\n Windows Work Folders Service improperly handles memory.\n (CVE-2020-1470, CVE-2020-1484, CVE-2020-1516)\n\n - An elevation of privilege vulnerability exists when the\n Windows Custom Protocol Engine improperly handles\n memory. (CVE-2020-1527)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Graphics Device Interface (GDI)\n handles objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2020-1529)\n\n - An elevation of privilege vulnerability exists when the\n Storage Service improperly handles file operations. An\n attacker who successfully exploited this vulnerability\n could gain elevated privileges on the victim system.\n (CVE-2020-1490)\n\n - An elevation of privilege vulnerability exists when the\n Windows CSC Service improperly handles memory.\n (CVE-2020-1489, CVE-2020-1513)\n\n - An elevation of privilege vulnerability exists when the\n Windows Accounts Control improperly handles memory.\n (CVE-2020-1531)\n\n - An elevation of privilege vulnerability exists in the\n Local Security Authority Subsystem Service (LSASS) when\n an authenticated attacker sends a specially crafted\n authentication request. A remote attacker who\n successfully exploited this vulnerability could cause an\n elevation of privilege on the target system's LSASS\n service. The security update addresses the vulnerability\n by changing the way that LSASS handles specially crafted\n authentication requests. (CVE-2020-1509)\n\n - A remote code execution vulnerability exists when the\n Windows Font Driver Host improperly handles memory. An\n attacker who successfully exploited the vulnerability\n would gain execution on a victim system. The security\n update addresses the vulnerability by correcting how the\n Windows Font Driver Host handles memory. (CVE-2020-1520)\n\n - An information disclosure vulnerability exists when the\n win32k component improperly provides kernel information.\n An attacker who successfully exploited the vulnerability\n could obtain information to further compromise the users\n system. (CVE-2020-1510)\n\n - An information disclosure vulnerability exists when the\n Windows State Repository Service improperly handles\n objects in memory. An attacker who successfully\n exploited this vulnerability could obtain information to\n further compromise the users system. An attacker could\n exploit this vulnerability by running a specially\n crafted application on the victim system. The update\n addresses the vulnerability by correcting the way the\n Windows State Repository Service handles objects in\n memory. (CVE-2020-1512)\n\n - An elevation of privilege vulnerability exists when the\n Windows Telephony Server improperly handles memory.\n (CVE-2020-1515)\n\n - An information disclosure vulnerability exists when\n Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. (CVE-2020-1487)\n\n - An elevation of privilege vulnerability exists when the\n Windows kernel fails to properly handle objects in\n memory. An attacker who successfully exploited this\n vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change,\n or delete data; or create new accounts with full user\n rights. (CVE-2020-1486, CVE-2020-1566)\n\n - An elevation of privilege vulnerability exists when the\n Windows Runtime improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could run arbitrary code in an elevated context. An\n attacker could exploit this vulnerability by running a\n specially crafted application on the victim system. The\n update addresses the vulnerability by correcting the way\n the Windows Runtime handles objects in memory.\n (CVE-2020-1553)\n\n - An elevation of privilege vulnerability exists in the\n way that the dnsrslvr.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2020-1584)\n\n - An elevation of privilege vulnerability exists when the\n Windows Network Connection Broker improperly handles\n memory. (CVE-2020-1526)\n\n - An elevation of privilege vulnerability exists when\n ASP.NET or .NET web applications running on IIS\n improperly allow access to cached files. An attacker who\n successfully exploited this vulnerability could gain\n access to restricted files. (CVE-2020-1476)\n\n - An elevation of privilege vulnerability exists when the\n Windows Remote Access improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could gain elevated privileges.\n (CVE-2020-1537)\n\n - An elevation of privilege vulnerability exists when the\n "Public Account Pictures" folder improperly\n handles junctions. (CVE-2020-1565)\n\n - An elevation of privilege vulnerability exists when the\n Windows Backup Service improperly handles file\n operations. (CVE-2020-1534)\n\n - A remote code execution vulnerability exists when\n Microsoft Edge PDF Reader improperly handles objects in\n memory. The vulnerability could corrupt memory in such a\n way that enables an attacker to execute arbitrary code\n in the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. If the current\n user is logged on with administrative user rights, an\n attacker could take control of an affected system. An\n attacker could then install programs; view, change, or\n delete data; or create new accounts with full user\n rights. (CVE-2020-1568)\n\n - An elevation of privilege vulnerability exists when the\n Windows Kernel API improperly handles registry objects\n in memory. An attacker who successfully exploited the\n vulnerability could gain elevated privileges on a\n targeted system. A locally authenticated attacker could\n exploit this vulnerability by running a specially\n crafted application. The security update addresses the\n vulnerability by helping to ensure that the Windows\n Kernel API properly handles objects in memory.\n (CVE-2020-1377, CVE-2020-1378)\n\n - An elevation of privilege vulnerability exists when the\n Windows Print Spooler service improperly allows\n arbitrary writing to the file system. An attacker who\n successfully exploited this vulnerability could run\n arbitrary code with elevated system privileges. An\n attacker could then install programs; view, change, or\n delete data; or create new accounts with full user\n rights. (CVE-2020-1337)\n\n - An information disclosure vulnerability exists when the\n Windows Image Acquisition (WIA) Service improperly\n discloses contents of its memory. An attacker who\n successfully exploited the vulnerability could obtain\n information to further compromise the users system.\n (CVE-2020-1474, CVE-2020-1485)\n\n - An elevation of privilege vulnerability exists when the\n Windows Ancillary Function Driver for WinSock improperly\n handles memory. (CVE-2020-1587)\n\n - A remote code execution vulnerability exists when the\n Windows Jet Database Engine improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on a victim\n system. An attacker could exploit this vulnerability by\n enticing a victim to open a specially crafted file. The\n update addresses the vulnerability by correcting the way\n the Windows Jet Database Engine handles objects in\n memory. (CVE-2020-1473, CVE-2020-1557, CVE-2020-1558,\n CVE-2020-1564)\n\n - A remote code execution vulnerability exists when\n Microsoft .NET Framework processes input. An attacker\n who successfully exploited this vulnerability could take\n control of an affected system. (CVE-2020-1046)\n\n - An elevation of privilege vulnerability exists when the\n Windows UPnP Device Host improperly handles memory.\n (CVE-2020-1519, CVE-2020-1538)\n\n - An elevation of privilege vulnerability exists when the\n Windows Backup Engine improperly handles memory.\n (CVE-2020-1535, CVE-2020-1536, CVE-2020-1539,\n CVE-2020-1540, CVE-2020-1541, CVE-2020-1542,\n CVE-2020-1543, CVE-2020-1544, CVE-2020-1545,\n CVE-2020-1546, CVE-2020-1547, CVE-2020-1551)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Internet Explorer. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2020-1380, CVE-2020-1570)\n\n - An elevation of privilege vulnerability exists when the\n Windows AppX Deployment Extensions improperly performs\n privilege management, resulting in access to system\n files. (CVE-2020-1488)\n\n - An elevation of privilege vulnerability exists when the\n Windows Function Discovery SSDP Provider improperly\n handles memory. (CVE-2020-1579)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft Graphics Components handle objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute arbitrary code on a target\n system. (CVE-2020-1561, CVE-2020-1562)\n\n - An elevation of privilege vulnerability exists when the\n Windows Work Folder Service improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could run processes in an elevated\n context. An attacker could exploit this vulnerability by\n running a specially crafted application on the victim\n system. The update addresses the vulnerability by\n correcting the way the Windows Work Folder Service\n handles file operations. (CVE-2020-1552)\n\n - An elevation of privilege vulnerability exists when\n Windows Remote Access improperly handles memory.\n (CVE-2020-1530)\n\n - A remote code execution vulnerability exists in the way\n that the MSHTML engine improperly validates input. An\n attacker could execute arbitrary code in the context of\n the current user. (CVE-2020-1567)\n\n - A spoofing vulnerability exists when Windows incorrectly\n validates file signatures. An attacker who successfully\n exploited this vulnerability could bypass security\n features and load improperly signed files. In an attack\n scenario, an attacker could bypass security features\n intended to prevent improperly signed files from being\n loaded. The update addresses the vulnerability by\n correcting how Windows validates file signatures.\n (CVE-2020-1464)", "edition": 6, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2020-08-11T00:00:00", "title": "KB4571692: Windows 10 August 2020 Security Update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-1473", "CVE-2020-1587", "CVE-2020-1519", "CVE-2020-1533", "CVE-2020-1535", "CVE-2020-1516", "CVE-2020-1525", "CVE-2020-1378", "CVE-2020-1515", "CVE-2020-1540", "CVE-2020-1526", "CVE-2020-1567", "CVE-2020-1553", "CVE-2020-1554", "CVE-2020-1487", "CVE-2020-1584", "CVE-2020-1547", "CVE-2020-1561", "CVE-2020-1529", "CVE-2020-1534", "CVE-2020-1579", "CVE-2020-1474", "CVE-2020-1558", "CVE-2020-1509", "CVE-2020-1546", "CVE-2020-1539", "CVE-2020-1476", "CVE-2020-1046", "CVE-2020-1489", "CVE-2020-1536", "CVE-2020-1478", "CVE-2020-1486", "CVE-2020-1537", "CVE-2020-1556", "CVE-2020-1337", "CVE-2020-1379", "CVE-2020-1511", "CVE-2020-1565", "CVE-2020-1488", "CVE-2020-1557", "CVE-2020-1464", "CVE-2020-1380", "CVE-2020-1531", "CVE-2020-1568", "CVE-2020-1339", "CVE-2020-1566", "CVE-2020-1513", "CVE-2020-1544", "CVE-2020-1564", "CVE-2020-1542", "CVE-2020-1485", "CVE-2020-1552", "CVE-2020-1527", "CVE-2020-1520", "CVE-2020-1543", "CVE-2020-1492", "CVE-2020-1562", "CVE-2020-1490", "CVE-2020-1538", "CVE-2020-1512", "CVE-2020-1545", "CVE-2020-1510", "CVE-2020-1383", "CVE-2020-1570", "CVE-2020-1530", "CVE-2020-1541", "CVE-2020-1470", "CVE-2020-1477", "CVE-2020-1484", "CVE-2020-1577", "CVE-2020-1551", "CVE-2020-1377"], "modified": "2020-08-11T00:00:00", "cpe": ["cpe:/o:microsoft:windows", "cpe:/a:microsoft:edge"], "id": "SMB_NT_MS20_AUG_4571692.NASL", "href": "https://www.tenable.com/plugins/nessus/139487", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(139487);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\n \"CVE-2020-1046\",\n \"CVE-2020-1337\",\n \"CVE-2020-1339\",\n \"CVE-2020-1377\",\n \"CVE-2020-1378\",\n \"CVE-2020-1379\",\n \"CVE-2020-1380\",\n \"CVE-2020-1383\",\n \"CVE-2020-1464\",\n \"CVE-2020-1470\",\n \"CVE-2020-1473\",\n \"CVE-2020-1474\",\n \"CVE-2020-1476\",\n \"CVE-2020-1477\",\n \"CVE-2020-1478\",\n \"CVE-2020-1484\",\n \"CVE-2020-1485\",\n \"CVE-2020-1486\",\n \"CVE-2020-1487\",\n \"CVE-2020-1488\",\n \"CVE-2020-1489\",\n \"CVE-2020-1490\",\n \"CVE-2020-1492\",\n \"CVE-2020-1509\",\n \"CVE-2020-1510\",\n \"CVE-2020-1511\",\n \"CVE-2020-1512\",\n \"CVE-2020-1513\",\n \"CVE-2020-1515\",\n \"CVE-2020-1516\",\n \"CVE-2020-1519\",\n \"CVE-2020-1520\",\n \"CVE-2020-1525\",\n \"CVE-2020-1526\",\n \"CVE-2020-1527\",\n \"CVE-2020-1529\",\n \"CVE-2020-1530\",\n \"CVE-2020-1531\",\n \"CVE-2020-1533\",\n \"CVE-2020-1534\",\n \"CVE-2020-1535\",\n \"CVE-2020-1536\",\n \"CVE-2020-1537\",\n \"CVE-2020-1538\",\n \"CVE-2020-1539\",\n \"CVE-2020-1540\",\n \"CVE-2020-1541\",\n \"CVE-2020-1542\",\n \"CVE-2020-1543\",\n \"CVE-2020-1544\",\n \"CVE-2020-1545\",\n \"CVE-2020-1546\",\n \"CVE-2020-1547\",\n \"CVE-2020-1551\",\n \"CVE-2020-1552\",\n \"CVE-2020-1553\",\n \"CVE-2020-1554\",\n \"CVE-2020-1556\",\n \"CVE-2020-1557\",\n \"CVE-2020-1558\",\n \"CVE-2020-1561\",\n \"CVE-2020-1562\",\n \"CVE-2020-1564\",\n \"CVE-2020-1565\",\n \"CVE-2020-1566\",\n \"CVE-2020-1567\",\n \"CVE-2020-1568\",\n \"CVE-2020-1570\",\n \"CVE-2020-1577\",\n \"CVE-2020-1579\",\n \"CVE-2020-1584\",\n \"CVE-2020-1587\"\n );\n script_xref(name:\"MSKB\", value:\"4571692\");\n script_xref(name:\"MSFT\", value:\"MS20-4571692\");\n script_xref(name:\"IAVA\", value:\"2020-A-0361-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0367-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0370-S\");\n\n script_name(english:\"KB4571692: Windows 10 August 2020 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4571692.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A memory corruption vulnerability exists when Windows\n Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited the vulnerability\n could install programs; view, change, or delete data; or\n create new accounts with full user rights. There are\n multiple ways an attacker could exploit the\n vulnerability, such as by convincing a user to open a\n specially crafted document, or by convincing a user to\n visit a malicious webpage. The security update addresses\n the vulnerability by correcting how Windows Media\n Foundation handles objects in memory. (CVE-2020-1379,\n CVE-2020-1477, CVE-2020-1478, CVE-2020-1492,\n CVE-2020-1525, CVE-2020-1554)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows WalletService handles objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute code with elevated\n permissions. (CVE-2020-1533, CVE-2020-1556)\n\n - An elevation of privilege vulnerability exists when\n Connected User Experiences and Telemetry Service\n improperly handles file operations. An attacker who\n successfully exploited this vulnerability could run\n processes in an elevated context. An attacker could\n exploit this vulnerability by running a specially\n crafted application on the victim system. The security\n update addresses the vulnerability by correcting how the\n Connected User Experiences and Telemetry Service handles\n file operations. (CVE-2020-1511)\n\n - A remote code execution vulnerability exists when\n Windows Media Audio Codec improperly handles objects. An\n attacker who successfully exploited the vulnerability\n could take control of an affected system. There are\n multiple ways an attacker could exploit the\n vulnerability, such as by convincing a user to open a\n specially crafted document, or by convincing a user to\n visit a malicious webpage. The security update addresses\n the vulnerability by correcting how Windows Media Audio\n Codec handles objects. (CVE-2020-1339)\n\n - An information disclosure vulnerability exists when\n DirectWrite improperly discloses the contents of its\n memory. An attacker who successfully exploited the\n vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document,\n or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by\n correcting how DirectWrite handles objects in memory.\n (CVE-2020-1577)\n\n - An information disclosure vulnerability exists in RPC if\n the server has Routing and Remote Access enabled. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system (CVE-2020-1383)\n\n - An elevation of privilege vulnerability exists when the\n Windows Work Folders Service improperly handles memory.\n (CVE-2020-1470, CVE-2020-1484, CVE-2020-1516)\n\n - An elevation of privilege vulnerability exists when the\n Windows Custom Protocol Engine improperly handles\n memory. (CVE-2020-1527)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Graphics Device Interface (GDI)\n handles objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2020-1529)\n\n - An elevation of privilege vulnerability exists when the\n Storage Service improperly handles file operations. An\n attacker who successfully exploited this vulnerability\n could gain elevated privileges on the victim system.\n (CVE-2020-1490)\n\n - An elevation of privilege vulnerability exists when the\n Windows CSC Service improperly handles memory.\n (CVE-2020-1489, CVE-2020-1513)\n\n - An elevation of privilege vulnerability exists when the\n Windows Accounts Control improperly handles memory.\n (CVE-2020-1531)\n\n - An elevation of privilege vulnerability exists in the\n Local Security Authority Subsystem Service (LSASS) when\n an authenticated attacker sends a specially crafted\n authentication request. A remote attacker who\n successfully exploited this vulnerability could cause an\n elevation of privilege on the target system's LSASS\n service. The security update addresses the vulnerability\n by changing the way that LSASS handles specially crafted\n authentication requests. (CVE-2020-1509)\n\n - A remote code execution vulnerability exists when the\n Windows Font Driver Host improperly handles memory. An\n attacker who successfully exploited the vulnerability\n would gain execution on a victim system. The security\n update addresses the vulnerability by correcting how the\n Windows Font Driver Host handles memory. (CVE-2020-1520)\n\n - An information disclosure vulnerability exists when the\n win32k component improperly provides kernel information.\n An attacker who successfully exploited the vulnerability\n could obtain information to further compromise the users\n system. (CVE-2020-1510)\n\n - An information disclosure vulnerability exists when the\n Windows State Repository Service improperly handles\n objects in memory. An attacker who successfully\n exploited this vulnerability could obtain information to\n further compromise the users system. An attacker could\n exploit this vulnerability by running a specially\n crafted application on the victim system. The update\n addresses the vulnerability by correcting the way the\n Windows State Repository Service handles objects in\n memory. (CVE-2020-1512)\n\n - An elevation of privilege vulnerability exists when the\n Windows Telephony Server improperly handles memory.\n (CVE-2020-1515)\n\n - An information disclosure vulnerability exists when\n Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. (CVE-2020-1487)\n\n - An elevation of privilege vulnerability exists when the\n Windows kernel fails to properly handle objects in\n memory. An attacker who successfully exploited this\n vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change,\n or delete data; or create new accounts with full user\n rights. (CVE-2020-1486, CVE-2020-1566)\n\n - An elevation of privilege vulnerability exists when the\n Windows Runtime improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could run arbitrary code in an elevated context. An\n attacker could exploit this vulnerability by running a\n specially crafted application on the victim system. The\n update addresses the vulnerability by correcting the way\n the Windows Runtime handles objects in memory.\n (CVE-2020-1553)\n\n - An elevation of privilege vulnerability exists in the\n way that the dnsrslvr.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2020-1584)\n\n - An elevation of privilege vulnerability exists when the\n Windows Network Connection Broker improperly handles\n memory. (CVE-2020-1526)\n\n - An elevation of privilege vulnerability exists when\n ASP.NET or .NET web applications running on IIS\n improperly allow access to cached files. An attacker who\n successfully exploited this vulnerability could gain\n access to restricted files. (CVE-2020-1476)\n\n - An elevation of privilege vulnerability exists when the\n Windows Remote Access improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could gain elevated privileges.\n (CVE-2020-1537)\n\n - An elevation of privilege vulnerability exists when the\n "Public Account Pictures" folder improperly\n handles junctions. (CVE-2020-1565)\n\n - An elevation of privilege vulnerability exists when the\n Windows Backup Service improperly handles file\n operations. (CVE-2020-1534)\n\n - A remote code execution vulnerability exists when\n Microsoft Edge PDF Reader improperly handles objects in\n memory. The vulnerability could corrupt memory in such a\n way that enables an attacker to execute arbitrary code\n in the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. If the current\n user is logged on with administrative user rights, an\n attacker could take control of an affected system. An\n attacker could then install programs; view, change, or\n delete data; or create new accounts with full user\n rights. (CVE-2020-1568)\n\n - An elevation of privilege vulnerability exists when the\n Windows Kernel API improperly handles registry objects\n in memory. An attacker who successfully exploited the\n vulnerability could gain elevated privileges on a\n targeted system. A locally authenticated attacker could\n exploit this vulnerability by running a specially\n crafted application. The security update addresses the\n vulnerability by helping to ensure that the Windows\n Kernel API properly handles objects in memory.\n (CVE-2020-1377, CVE-2020-1378)\n\n - An elevation of privilege vulnerability exists when the\n Windows Print Spooler service improperly allows\n arbitrary writing to the file system. An attacker who\n successfully exploited this vulnerability could run\n arbitrary code with elevated system privileges. An\n attacker could then install programs; view, change, or\n delete data; or create new accounts with full user\n rights. (CVE-2020-1337)\n\n - An information disclosure vulnerability exists when the\n Windows Image Acquisition (WIA) Service improperly\n discloses contents of its memory. An attacker who\n successfully exploited the vulnerability could obtain\n information to further compromise the users system.\n (CVE-2020-1474, CVE-2020-1485)\n\n - An elevation of privilege vulnerability exists when the\n Windows Ancillary Function Driver for WinSock improperly\n handles memory. (CVE-2020-1587)\n\n - A remote code execution vulnerability exists when the\n Windows Jet Database Engine improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on a victim\n system. An attacker could exploit this vulnerability by\n enticing a victim to open a specially crafted file. The\n update addresses the vulnerability by correcting the way\n the Windows Jet Database Engine handles objects in\n memory. (CVE-2020-1473, CVE-2020-1557, CVE-2020-1558,\n CVE-2020-1564)\n\n - A remote code execution vulnerability exists when\n Microsoft .NET Framework processes input. An attacker\n who successfully exploited this vulnerability could take\n control of an affected system. (CVE-2020-1046)\n\n - An elevation of privilege vulnerability exists when the\n Windows UPnP Device Host improperly handles memory.\n (CVE-2020-1519, CVE-2020-1538)\n\n - An elevation of privilege vulnerability exists when the\n Windows Backup Engine improperly handles memory.\n (CVE-2020-1535, CVE-2020-1536, CVE-2020-1539,\n CVE-2020-1540, CVE-2020-1541, CVE-2020-1542,\n CVE-2020-1543, CVE-2020-1544, CVE-2020-1545,\n CVE-2020-1546, CVE-2020-1547, CVE-2020-1551)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Internet Explorer. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2020-1380, CVE-2020-1570)\n\n - An elevation of privilege vulnerability exists when the\n Windows AppX Deployment Extensions improperly performs\n privilege management, resulting in access to system\n files. (CVE-2020-1488)\n\n - An elevation of privilege vulnerability exists when the\n Windows Function Discovery SSDP Provider improperly\n handles memory. (CVE-2020-1579)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft Graphics Components handle objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute arbitrary code on a target\n system. (CVE-2020-1561, CVE-2020-1562)\n\n - An elevation of privilege vulnerability exists when the\n Windows Work Folder Service improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could run processes in an elevated\n context. An attacker could exploit this vulnerability by\n running a specially crafted application on the victim\n system. The update addresses the vulnerability by\n correcting the way the Windows Work Folder Service\n handles file operations. (CVE-2020-1552)\n\n - An elevation of privilege vulnerability exists when\n Windows Remote Access improperly handles memory.\n (CVE-2020-1530)\n\n - A remote code execution vulnerability exists in the way\n that the MSHTML engine improperly validates input. An\n attacker could execute arbitrary code in the context of\n the current user. (CVE-2020-1567)\n\n - A spoofing vulnerability exists when Windows incorrectly\n validates file signatures. An attacker who successfully\n exploited this vulnerability could bypass security\n features and load improperly signed files. In an attack\n scenario, an attacker could bypass security features\n intended to prevent improperly signed files from being\n loaded. The update addresses the vulnerability by\n correcting how Windows validates file signatures.\n (CVE-2020-1464)\");\n # https://support.microsoft.com/en-us/help/4571692/windows-10-update-kb4571692\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?481aa152\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update KB4571692.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-1564\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Microsoft Spooler Local Privilege Elevation Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/08/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/08/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/08/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('smb_func.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_reg_query.inc');\ninclude('install_func.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = 'MS20-08';\nkbs = make_list(\n '4571692'\n);\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:'10',\n sp:0,\n os_build:'10240',\n rollup_date:'08_2020',\n bulletin:bulletin,\n rollup_kb_list:[4571692])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n\n\n\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-20T14:25:56", "description": "The remote Windows host is missing security update 4571741.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A memory corruption vulnerability exists when Windows\n Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited the vulnerability\n could install programs; view, change, or delete data; or\n create new accounts with full user rights. There are\n multiple ways an attacker could exploit the\n vulnerability, such as by convincing a user to open a\n specially crafted document, or by convincing a user to\n visit a malicious webpage. The security update addresses\n the vulnerability by correcting how Windows Media\n Foundation handles objects in memory. (CVE-2020-1379,\n CVE-2020-1477, CVE-2020-1478, CVE-2020-1492,\n CVE-2020-1525, CVE-2020-1554)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows WalletService handles objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute code with elevated\n permissions. (CVE-2020-1533, CVE-2020-1556)\n\n - An elevation of privilege vulnerability exists when\n Connected User Experiences and Telemetry Service\n improperly handles file operations. An attacker who\n successfully exploited this vulnerability could run\n processes in an elevated context. An attacker could\n exploit this vulnerability by running a specially\n crafted application on the victim system. The security\n update addresses the vulnerability by correcting how the\n Connected User Experiences and Telemetry Service handles\n file operations. (CVE-2020-1511)\n\n - A remote code execution vulnerability exists when\n Windows Media Audio Codec improperly handles objects. An\n attacker who successfully exploited the vulnerability\n could take control of an affected system. There are\n multiple ways an attacker could exploit the\n vulnerability, such as by convincing a user to open a\n specially crafted document, or by convincing a user to\n visit a malicious webpage. The security update addresses\n the vulnerability by correcting how Windows Media Audio\n Codec handles objects. (CVE-2020-1339)\n\n - An elevation of privilege vulnerability exists when the\n Windows Work Folder Service improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could run processes in an elevated\n context. An attacker could exploit this vulnerability by\n running a specially crafted application on the victim\n system. The update addresses the vulnerability by\n correcting the way the Windows Work Folder Service\n handles file operations. (CVE-2020-1552)\n\n - An elevation of privilege vulnerability exists when the\n Windows CDP User Components improperly handle memory.\n (CVE-2020-1549, CVE-2020-1550)\n\n - An information disclosure vulnerability exists when\n DirectWrite improperly discloses the contents of its\n memory. An attacker who successfully exploited the\n vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document,\n or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by\n correcting how DirectWrite handles objects in memory.\n (CVE-2020-1577)\n\n - An elevation of privilege vulnerability exists when the\n Windows Radio Manager API improperly handles memory.\n (CVE-2020-1528)\n\n - An information disclosure vulnerability exists in RPC if\n the server has Routing and Remote Access enabled. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system (CVE-2020-1383)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Microsoft Edge (HTML-based). The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. An attacker who successfully exploited the\n vulnerability could gain the same user rights as the\n current user. (CVE-2020-1555)\n\n - An elevation of privilege vulnerability exists when the\n Windows Work Folders Service improperly handles memory.\n (CVE-2020-1470, CVE-2020-1484, CVE-2020-1516)\n\n - An elevation of privilege vulnerability exists when the\n Windows Custom Protocol Engine improperly handles\n memory. (CVE-2020-1527)\n\n - An elevation of privilege vulnerability exists when the\n Storage Service improperly handles file operations. An\n attacker who successfully exploited this vulnerability\n could gain elevated privileges on the victim system.\n (CVE-2020-1490)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Graphics Device Interface (GDI)\n handles objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2020-1480, CVE-2020-1529)\n\n - An elevation of privilege vulnerability exists when the\n Windows Speech Runtime improperly handles memory.\n (CVE-2020-1521, CVE-2020-1522)\n\n - An elevation of privilege vulnerability exists when the\n Windows CSC Service improperly handles memory.\n (CVE-2020-1489, CVE-2020-1513)\n\n - An elevation of privilege vulnerability exists when the\n Windows Accounts Control improperly handles memory.\n (CVE-2020-1531)\n\n - An elevation of privilege vulnerability exists in the\n Local Security Authority Subsystem Service (LSASS) when\n an authenticated attacker sends a specially crafted\n authentication request. A remote attacker who\n successfully exploited this vulnerability could cause an\n elevation of privilege on the target system's LSASS\n service. The security update addresses the vulnerability\n by changing the way that LSASS handles specially crafted\n authentication requests. (CVE-2020-1509)\n\n - A remote code execution vulnerability exists when the\n Windows Font Driver Host improperly handles memory. An\n attacker who successfully exploited the vulnerability\n would gain execution on a victim system. The security\n update addresses the vulnerability by correcting how the\n Windows Font Driver Host handles memory. (CVE-2020-1520)\n\n - An elevation of privilege vulnerability exists when the\n Windows UPnP Device Host improperly handles memory.\n (CVE-2020-1519, CVE-2020-1538)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Internet Explorer. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2020-1380, CVE-2020-1570)\n\n - An elevation of privilege vulnerability exists when the\n Windows Telephony Server improperly handles memory.\n (CVE-2020-1515)\n\n - An information disclosure vulnerability exists when\n Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. (CVE-2020-1487)\n\n - An elevation of privilege vulnerability exists when the\n Windows AppX Deployment Extensions improperly performs\n privilege management, resulting in access to system\n files. (CVE-2020-1488)\n\n - An elevation of privilege vulnerability exists when the\n Windows Runtime improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could run arbitrary code in an elevated context. An\n attacker could exploit this vulnerability by running a\n specially crafted application on the victim system. The\n update addresses the vulnerability by correcting the way\n the Windows Runtime handles objects in memory.\n (CVE-2020-1553)\n\n - An elevation of privilege vulnerability exists in the\n way that the dnsrslvr.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2020-1584)\n\n - An elevation of privilege vulnerability exists when the\n Windows Network Connection Broker improperly handles\n memory. (CVE-2020-1526)\n\n - An elevation of privilege vulnerability exists when\n ASP.NET or .NET web applications running on IIS\n improperly allow access to cached files. An attacker who\n successfully exploited this vulnerability could gain\n access to restricted files. (CVE-2020-1476)\n\n - An elevation of privilege vulnerability exists when the\n Windows Remote Access improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could gain elevated privileges.\n (CVE-2020-1537)\n\n - An elevation of privilege vulnerability exists when the\n "Public Account Pictures" folder improperly\n handles junctions. (CVE-2020-1565)\n\n - An elevation of privilege vulnerability exists when the\n Windows Backup Service improperly handles file\n operations. (CVE-2020-1534)\n\n - A remote code execution vulnerability exists when\n Microsoft Edge PDF Reader improperly handles objects in\n memory. The vulnerability could corrupt memory in such a\n way that enables an attacker to execute arbitrary code\n in the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. If the current\n user is logged on with administrative user rights, an\n attacker could take control of an affected system. An\n attacker could then install programs; view, change, or\n delete data; or create new accounts with full user\n rights. (CVE-2020-1568)\n\n - An elevation of privilege vulnerability exists when the\n Windows Kernel API improperly handles registry objects\n in memory. An attacker who successfully exploited the\n vulnerability could gain elevated privileges on a\n targeted system. A locally authenticated attacker could\n exploit this vulnerability by running a specially\n crafted application. The security update addresses the\n vulnerability by helping to ensure that the Windows\n Kernel API properly handles objects in memory.\n (CVE-2020-1377, CVE-2020-1378)\n\n - An elevation of privilege vulnerability exists when the\n Windows Print Spooler service improperly allows\n arbitrary writing to the file system. An attacker who\n successfully exploited this vulnerability could run\n arbitrary code with elevated system privileges. An\n attacker could then install programs; view, change, or\n delete data; or create new accounts with full user\n rights. (CVE-2020-1337)\n\n - An information disclosure vulnerability exists when the\n Windows Image Acquisition (WIA) Service improperly\n discloses contents of its memory. An attacker who\n successfully exploited the vulnerability could obtain\n information to further compromise the users system.\n (CVE-2020-1474, CVE-2020-1485)\n\n - An elevation of privilege vulnerability exists when the\n Windows kernel fails to properly handle objects in\n memory. An attacker who successfully exploited this\n vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change,\n or delete data; or create new accounts with full user\n rights. (CVE-2020-1417, CVE-2020-1486, CVE-2020-1566)\n\n - A remote code execution vulnerability exists when the\n Windows Jet Database Engine improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on a victim\n system. An attacker could exploit this vulnerability by\n enticing a victim to open a specially crafted file. The\n update addresses the vulnerability by correcting the way\n the Windows Jet Database Engine handles objects in\n memory. (CVE-2020-1473, CVE-2020-1557, CVE-2020-1558,\n CVE-2020-1564)\n\n - A remote code execution vulnerability exists when\n Microsoft .NET Framework processes input. An attacker\n who successfully exploited this vulnerability could take\n control of an affected system. (CVE-2020-1046)\n\n - An information disclosure vulnerability exists when the\n win32k component improperly provides kernel information.\n An attacker who successfully exploited the vulnerability\n could obtain information to further compromise the users\n system. (CVE-2020-1510)\n\n - An elevation of privilege vulnerability exists when the\n Windows Backup Engine improperly handles memory.\n (CVE-2020-1535, CVE-2020-1536, CVE-2020-1539,\n CVE-2020-1540, CVE-2020-1541, CVE-2020-1542,\n CVE-2020-1543, CVE-2020-1544, CVE-2020-1545,\n CVE-2020-1546, CVE-2020-1547, CVE-2020-1551)\n\n - An elevation of privilege vulnerability exists when\n DirectX improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could run arbitrary code in kernel mode. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n (CVE-2020-1479)\n\n - An elevation of privilege vulnerability exists when the\n Windows Ancillary Function Driver for WinSock improperly\n handles memory. (CVE-2020-1587)\n\n - An elevation of privilege vulnerability exists when the\n Windows Function Discovery SSDP Provider improperly\n handles memory. (CVE-2020-1579)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft Graphics Components handle objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute arbitrary code on a target\n system. (CVE-2020-1561, CVE-2020-1562)\n\n - An information disclosure vulnerability exists when the\n Windows State Repository Service improperly handles\n objects in memory. An attacker who successfully\n exploited this vulnerability could obtain information to\n further compromise the users system. An attacker could\n exploit this vulnerability by running a specially\n crafted application on the victim system. The update\n addresses the vulnerability by correcting the way the\n Windows State Repository Service handles objects in\n memory. (CVE-2020-1512)\n\n - An elevation of privilege vulnerability exists when\n Windows Remote Access improperly handles memory.\n (CVE-2020-1530)\n\n - A remote code execution vulnerability exists in the way\n that the MSHTML engine improperly validates input. An\n attacker could execute arbitrary code in the context of\n the current user. (CVE-2020-1567)\n\n - A spoofing vulnerability exists when Windows incorrectly\n validates file signatures. An attacker who successfully\n exploited this vulnerability could bypass security\n features and load improperly signed files. In an attack\n scenario, an attacker could bypass security features\n intended to prevent improperly signed files from being\n loaded. The update addresses the vulnerability by\n correcting how Windows validates file signatures.\n (CVE-2020-1464)", "edition": 6, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2020-08-11T00:00:00", "title": "KB4571741: Windows 10 Version 1709 August 2020 Security Update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-1473", "CVE-2020-1587", "CVE-2020-1519", "CVE-2020-1533", "CVE-2020-1535", "CVE-2020-1516", "CVE-2020-1525", "CVE-2020-1480", "CVE-2020-1549", "CVE-2020-1378", "CVE-2020-1515", "CVE-2020-1540", "CVE-2020-1526", "CVE-2020-1567", "CVE-2020-1553", "CVE-2020-1554", "CVE-2020-1487", "CVE-2020-1584", "CVE-2020-1547", "CVE-2020-1561", "CVE-2020-1529", "CVE-2020-1534", "CVE-2020-1555", "CVE-2020-1479", "CVE-2020-1579", "CVE-2020-1474", "CVE-2020-1558", "CVE-2020-1509", "CVE-2020-1546", "CVE-2020-1539", "CVE-2020-1476", "CVE-2020-1521", "CVE-2020-1046", "CVE-2020-1489", "CVE-2020-1536", "CVE-2020-1478", "CVE-2020-1486", "CVE-2020-1537", "CVE-2020-1556", "CVE-2020-1337", "CVE-2020-1379", "CVE-2020-1511", "CVE-2020-1522", "CVE-2020-1565", "CVE-2020-1417", "CVE-2020-1488", "CVE-2020-1528", "CVE-2020-1557", "CVE-2020-1464", "CVE-2020-1380", "CVE-2020-1531", "CVE-2020-1568", "CVE-2020-1339", "CVE-2020-1566", "CVE-2020-1513", "CVE-2020-1544", "CVE-2020-1564", "CVE-2020-1542", "CVE-2020-1550", "CVE-2020-1485", "CVE-2020-1552", "CVE-2020-1527", "CVE-2020-1520", "CVE-2020-1543", "CVE-2020-1492", "CVE-2020-1562", "CVE-2020-1490", "CVE-2020-1538", "CVE-2020-1512", "CVE-2020-1545", "CVE-2020-1510", "CVE-2020-1383", "CVE-2020-1570", "CVE-2020-1530", "CVE-2020-1541", "CVE-2020-1470", "CVE-2020-1477", "CVE-2020-1484", "CVE-2020-1577", "CVE-2020-1551", "CVE-2020-1377"], "modified": "2020-08-11T00:00:00", "cpe": ["cpe:/o:microsoft:windows", "cpe:/a:microsoft:edge"], "id": "SMB_NT_MS20_AUG_4571741.NASL", "href": "https://www.tenable.com/plugins/nessus/139494", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(139494);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\n \"CVE-2020-1046\",\n \"CVE-2020-1337\",\n \"CVE-2020-1339\",\n \"CVE-2020-1377\",\n \"CVE-2020-1378\",\n \"CVE-2020-1379\",\n \"CVE-2020-1380\",\n \"CVE-2020-1383\",\n \"CVE-2020-1417\",\n \"CVE-2020-1464\",\n \"CVE-2020-1470\",\n \"CVE-2020-1473\",\n \"CVE-2020-1474\",\n \"CVE-2020-1476\",\n \"CVE-2020-1477\",\n \"CVE-2020-1478\",\n \"CVE-2020-1479\",\n \"CVE-2020-1480\",\n \"CVE-2020-1484\",\n \"CVE-2020-1485\",\n \"CVE-2020-1486\",\n \"CVE-2020-1487\",\n \"CVE-2020-1488\",\n \"CVE-2020-1489\",\n \"CVE-2020-1490\",\n \"CVE-2020-1492\",\n \"CVE-2020-1509\",\n \"CVE-2020-1510\",\n \"CVE-2020-1511\",\n \"CVE-2020-1512\",\n \"CVE-2020-1513\",\n \"CVE-2020-1515\",\n \"CVE-2020-1516\",\n \"CVE-2020-1519\",\n \"CVE-2020-1520\",\n \"CVE-2020-1521\",\n \"CVE-2020-1522\",\n \"CVE-2020-1525\",\n \"CVE-2020-1526\",\n \"CVE-2020-1527\",\n \"CVE-2020-1528\",\n \"CVE-2020-1529\",\n \"CVE-2020-1530\",\n \"CVE-2020-1531\",\n \"CVE-2020-1533\",\n \"CVE-2020-1534\",\n \"CVE-2020-1535\",\n \"CVE-2020-1536\",\n \"CVE-2020-1537\",\n \"CVE-2020-1538\",\n \"CVE-2020-1539\",\n \"CVE-2020-1540\",\n \"CVE-2020-1541\",\n \"CVE-2020-1542\",\n \"CVE-2020-1543\",\n \"CVE-2020-1544\",\n \"CVE-2020-1545\",\n \"CVE-2020-1546\",\n \"CVE-2020-1547\",\n \"CVE-2020-1549\",\n \"CVE-2020-1550\",\n \"CVE-2020-1551\",\n \"CVE-2020-1552\",\n \"CVE-2020-1553\",\n \"CVE-2020-1554\",\n \"CVE-2020-1555\",\n \"CVE-2020-1556\",\n \"CVE-2020-1557\",\n \"CVE-2020-1558\",\n \"CVE-2020-1561\",\n \"CVE-2020-1562\",\n \"CVE-2020-1564\",\n \"CVE-2020-1565\",\n \"CVE-2020-1566\",\n \"CVE-2020-1567\",\n \"CVE-2020-1568\",\n \"CVE-2020-1570\",\n \"CVE-2020-1577\",\n \"CVE-2020-1579\",\n \"CVE-2020-1584\",\n \"CVE-2020-1587\"\n );\n script_xref(name:\"MSKB\", value:\"4571741\");\n script_xref(name:\"MSFT\", value:\"MS20-4571741\");\n script_xref(name:\"IAVA\", value:\"2020-A-0361-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0367-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0370-S\");\n\n script_name(english:\"KB4571741: Windows 10 Version 1709 August 2020 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4571741.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A memory corruption vulnerability exists when Windows\n Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited the vulnerability\n could install programs; view, change, or delete data; or\n create new accounts with full user rights. There are\n multiple ways an attacker could exploit the\n vulnerability, such as by convincing a user to open a\n specially crafted document, or by convincing a user to\n visit a malicious webpage. The security update addresses\n the vulnerability by correcting how Windows Media\n Foundation handles objects in memory. (CVE-2020-1379,\n CVE-2020-1477, CVE-2020-1478, CVE-2020-1492,\n CVE-2020-1525, CVE-2020-1554)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows WalletService handles objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute code with elevated\n permissions. (CVE-2020-1533, CVE-2020-1556)\n\n - An elevation of privilege vulnerability exists when\n Connected User Experiences and Telemetry Service\n improperly handles file operations. An attacker who\n successfully exploited this vulnerability could run\n processes in an elevated context. An attacker could\n exploit this vulnerability by running a specially\n crafted application on the victim system. The security\n update addresses the vulnerability by correcting how the\n Connected User Experiences and Telemetry Service handles\n file operations. (CVE-2020-1511)\n\n - A remote code execution vulnerability exists when\n Windows Media Audio Codec improperly handles objects. An\n attacker who successfully exploited the vulnerability\n could take control of an affected system. There are\n multiple ways an attacker could exploit the\n vulnerability, such as by convincing a user to open a\n specially crafted document, or by convincing a user to\n visit a malicious webpage. The security update addresses\n the vulnerability by correcting how Windows Media Audio\n Codec handles objects. (CVE-2020-1339)\n\n - An elevation of privilege vulnerability exists when the\n Windows Work Folder Service improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could run processes in an elevated\n context. An attacker could exploit this vulnerability by\n running a specially crafted application on the victim\n system. The update addresses the vulnerability by\n correcting the way the Windows Work Folder Service\n handles file operations. (CVE-2020-1552)\n\n - An elevation of privilege vulnerability exists when the\n Windows CDP User Components improperly handle memory.\n (CVE-2020-1549, CVE-2020-1550)\n\n - An information disclosure vulnerability exists when\n DirectWrite improperly discloses the contents of its\n memory. An attacker who successfully exploited the\n vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document,\n or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by\n correcting how DirectWrite handles objects in memory.\n (CVE-2020-1577)\n\n - An elevation of privilege vulnerability exists when the\n Windows Radio Manager API improperly handles memory.\n (CVE-2020-1528)\n\n - An information disclosure vulnerability exists in RPC if\n the server has Routing and Remote Access enabled. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system (CVE-2020-1383)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Microsoft Edge (HTML-based). The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. An attacker who successfully exploited the\n vulnerability could gain the same user rights as the\n current user. (CVE-2020-1555)\n\n - An elevation of privilege vulnerability exists when the\n Windows Work Folders Service improperly handles memory.\n (CVE-2020-1470, CVE-2020-1484, CVE-2020-1516)\n\n - An elevation of privilege vulnerability exists when the\n Windows Custom Protocol Engine improperly handles\n memory. (CVE-2020-1527)\n\n - An elevation of privilege vulnerability exists when the\n Storage Service improperly handles file operations. An\n attacker who successfully exploited this vulnerability\n could gain elevated privileges on the victim system.\n (CVE-2020-1490)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Graphics Device Interface (GDI)\n handles objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2020-1480, CVE-2020-1529)\n\n - An elevation of privilege vulnerability exists when the\n Windows Speech Runtime improperly handles memory.\n (CVE-2020-1521, CVE-2020-1522)\n\n - An elevation of privilege vulnerability exists when the\n Windows CSC Service improperly handles memory.\n (CVE-2020-1489, CVE-2020-1513)\n\n - An elevation of privilege vulnerability exists when the\n Windows Accounts Control improperly handles memory.\n (CVE-2020-1531)\n\n - An elevation of privilege vulnerability exists in the\n Local Security Authority Subsystem Service (LSASS) when\n an authenticated attacker sends a specially crafted\n authentication request. A remote attacker who\n successfully exploited this vulnerability could cause an\n elevation of privilege on the target system's LSASS\n service. The security update addresses the vulnerability\n by changing the way that LSASS handles specially crafted\n authentication requests. (CVE-2020-1509)\n\n - A remote code execution vulnerability exists when the\n Windows Font Driver Host improperly handles memory. An\n attacker who successfully exploited the vulnerability\n would gain execution on a victim system. The security\n update addresses the vulnerability by correcting how the\n Windows Font Driver Host handles memory. (CVE-2020-1520)\n\n - An elevation of privilege vulnerability exists when the\n Windows UPnP Device Host improperly handles memory.\n (CVE-2020-1519, CVE-2020-1538)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Internet Explorer. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2020-1380, CVE-2020-1570)\n\n - An elevation of privilege vulnerability exists when the\n Windows Telephony Server improperly handles memory.\n (CVE-2020-1515)\n\n - An information disclosure vulnerability exists when\n Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. (CVE-2020-1487)\n\n - An elevation of privilege vulnerability exists when the\n Windows AppX Deployment Extensions improperly performs\n privilege management, resulting in access to system\n files. (CVE-2020-1488)\n\n - An elevation of privilege vulnerability exists when the\n Windows Runtime improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could run arbitrary code in an elevated context. An\n attacker could exploit this vulnerability by running a\n specially crafted application on the victim system. The\n update addresses the vulnerability by correcting the way\n the Windows Runtime handles objects in memory.\n (CVE-2020-1553)\n\n - An elevation of privilege vulnerability exists in the\n way that the dnsrslvr.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2020-1584)\n\n - An elevation of privilege vulnerability exists when the\n Windows Network Connection Broker improperly handles\n memory. (CVE-2020-1526)\n\n - An elevation of privilege vulnerability exists when\n ASP.NET or .NET web applications running on IIS\n improperly allow access to cached files. An attacker who\n successfully exploited this vulnerability could gain\n access to restricted files. (CVE-2020-1476)\n\n - An elevation of privilege vulnerability exists when the\n Windows Remote Access improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could gain elevated privileges.\n (CVE-2020-1537)\n\n - An elevation of privilege vulnerability exists when the\n "Public Account Pictures" folder improperly\n handles junctions. (CVE-2020-1565)\n\n - An elevation of privilege vulnerability exists when the\n Windows Backup Service improperly handles file\n operations. (CVE-2020-1534)\n\n - A remote code execution vulnerability exists when\n Microsoft Edge PDF Reader improperly handles objects in\n memory. The vulnerability could corrupt memory in such a\n way that enables an attacker to execute arbitrary code\n in the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. If the current\n user is logged on with administrative user rights, an\n attacker could take control of an affected system. An\n attacker could then install programs; view, change, or\n delete data; or create new accounts with full user\n rights. (CVE-2020-1568)\n\n - An elevation of privilege vulnerability exists when the\n Windows Kernel API improperly handles registry objects\n in memory. An attacker who successfully exploited the\n vulnerability could gain elevated privileges on a\n targeted system. A locally authenticated attacker could\n exploit this vulnerability by running a specially\n crafted application. The security update addresses the\n vulnerability by helping to ensure that the Windows\n Kernel API properly handles objects in memory.\n (CVE-2020-1377, CVE-2020-1378)\n\n - An elevation of privilege vulnerability exists when the\n Windows Print Spooler service improperly allows\n arbitrary writing to the file system. An attacker who\n successfully exploited this vulnerability could run\n arbitrary code with elevated system privileges. An\n attacker could then install programs; view, change, or\n delete data; or create new accounts with full user\n rights. (CVE-2020-1337)\n\n - An information disclosure vulnerability exists when the\n Windows Image Acquisition (WIA) Service improperly\n discloses contents of its memory. An attacker who\n successfully exploited the vulnerability could obtain\n information to further compromise the users system.\n (CVE-2020-1474, CVE-2020-1485)\n\n - An elevation of privilege vulnerability exists when the\n Windows kernel fails to properly handle objects in\n memory. An attacker who successfully exploited this\n vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change,\n or delete data; or create new accounts with full user\n rights. (CVE-2020-1417, CVE-2020-1486, CVE-2020-1566)\n\n - A remote code execution vulnerability exists when the\n Windows Jet Database Engine improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on a victim\n system. An attacker could exploit this vulnerability by\n enticing a victim to open a specially crafted file. The\n update addresses the vulnerability by correcting the way\n the Windows Jet Database Engine handles objects in\n memory. (CVE-2020-1473, CVE-2020-1557, CVE-2020-1558,\n CVE-2020-1564)\n\n - A remote code execution vulnerability exists when\n Microsoft .NET Framework processes input. An attacker\n who successfully exploited this vulnerability could take\n control of an affected system. (CVE-2020-1046)\n\n - An information disclosure vulnerability exists when the\n win32k component improperly provides kernel information.\n An attacker who successfully exploited the vulnerability\n could obtain information to further compromise the users\n system. (CVE-2020-1510)\n\n - An elevation of privilege vulnerability exists when the\n Windows Backup Engine improperly handles memory.\n (CVE-2020-1535, CVE-2020-1536, CVE-2020-1539,\n CVE-2020-1540, CVE-2020-1541, CVE-2020-1542,\n CVE-2020-1543, CVE-2020-1544, CVE-2020-1545,\n CVE-2020-1546, CVE-2020-1547, CVE-2020-1551)\n\n - An elevation of privilege vulnerability exists when\n DirectX improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could run arbitrary code in kernel mode. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n (CVE-2020-1479)\n\n - An elevation of privilege vulnerability exists when the\n Windows Ancillary Function Driver for WinSock improperly\n handles memory. (CVE-2020-1587)\n\n - An elevation of privilege vulnerability exists when the\n Windows Function Discovery SSDP Provider improperly\n handles memory. (CVE-2020-1579)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft Graphics Components handle objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute arbitrary code on a target\n system. (CVE-2020-1561, CVE-2020-1562)\n\n - An information disclosure vulnerability exists when the\n Windows State Repository Service improperly handles\n objects in memory. An attacker who successfully\n exploited this vulnerability could obtain information to\n further compromise the users system. An attacker could\n exploit this vulnerability by running a specially\n crafted application on the victim system. The update\n addresses the vulnerability by correcting the way the\n Windows State Repository Service handles objects in\n memory. (CVE-2020-1512)\n\n - An elevation of privilege vulnerability exists when\n Windows Remote Access improperly handles memory.\n (CVE-2020-1530)\n\n - A remote code execution vulnerability exists in the way\n that the MSHTML engine improperly validates input. An\n attacker could execute arbitrary code in the context of\n the current user. (CVE-2020-1567)\n\n - A spoofing vulnerability exists when Windows incorrectly\n validates file signatures. An attacker who successfully\n exploited this vulnerability could bypass security\n features and load improperly signed files. In an attack\n scenario, an attacker could bypass security features\n intended to prevent improperly signed files from being\n loaded. The update addresses the vulnerability by\n correcting how Windows validates file signatures.\n (CVE-2020-1464)\");\n # https://support.microsoft.com/en-us/help/4571741/windows-10-update-kb4571741\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?9371bc74\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update KB4571741.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-1564\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Microsoft Spooler Local Privilege Elevation Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/08/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/08/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/08/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('smb_func.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_reg_query.inc');\ninclude('install_func.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = 'MS20-08';\nkbs = make_list(\n '4571741'\n);\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:'10',\n sp:0,\n os_build:'16299',\n rollup_date:'08_2020',\n bulletin:bulletin,\n rollup_kb_list:[4571741])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n\n\n\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-20T14:25:47", "description": "The remote Windows host is missing security update 4565349.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A memory corruption vulnerability exists when Windows\n Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited the vulnerability\n could install programs; view, change, or delete data; or\n create new accounts with full user rights. There are\n multiple ways an attacker could exploit the\n vulnerability, such as by convincing a user to open a\n specially crafted document, or by convincing a user to\n visit a malicious webpage. The security update addresses\n the vulnerability by correcting how Windows Media\n Foundation handles objects in memory. (CVE-2020-1379,\n CVE-2020-1477, CVE-2020-1478, CVE-2020-1492,\n CVE-2020-1525, CVE-2020-1554)\n\n - A remote code execution vulnerability exists when\n Windows Media Audio Codec improperly handles objects. An\n attacker who successfully exploited the vulnerability\n could take control of an affected system. There are\n multiple ways an attacker could exploit the\n vulnerability, such as by convincing a user to open a\n specially crafted document, or by convincing a user to\n visit a malicious webpage. The security update addresses\n the vulnerability by correcting how Windows Media Audio\n Codec handles objects. (CVE-2020-1339)\n\n - An elevation of privilege vulnerability exists when\n Connected User Experiences and Telemetry Service\n improperly handles file operations. An attacker who\n successfully exploited this vulnerability could run\n processes in an elevated context. An attacker could\n exploit this vulnerability by running a specially\n crafted application on the victim system. The security\n update addresses the vulnerability by correcting how the\n Connected User Experiences and Telemetry Service handles\n file operations. (CVE-2020-1511)\n\n - An elevation of privilege vulnerability exists in the\n way that the srmsvc.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2020-1475)\n\n - A remote code execution vulnerability exists when\n Microsoft Edge improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that enables an attacker to execute arbitrary code in\n the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2020-1569)\n\n - An elevation of privilege vulnerability exists when the\n Windows CDP User Components improperly handle memory.\n (CVE-2020-1549, CVE-2020-1550)\n\n - An information disclosure vulnerability exists when\n DirectWrite improperly discloses the contents of its\n memory. An attacker who successfully exploited the\n vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document,\n or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by\n correcting how DirectWrite handles objects in memory.\n (CVE-2020-1577)\n\n - An elevation of privilege vulnerability exists when the\n Windows Radio Manager API improperly handles memory.\n (CVE-2020-1528)\n\n - An information disclosure vulnerability exists in RPC if\n the server has Routing and Remote Access enabled. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system (CVE-2020-1383)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Microsoft Edge (HTML-based). The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. An attacker who successfully exploited the\n vulnerability could gain the same user rights as the\n current user. (CVE-2020-1555)\n\n - An elevation of privilege vulnerability exists when the\n Windows Work Folders Service improperly handles memory.\n (CVE-2020-1470, CVE-2020-1484, CVE-2020-1516)\n\n - An elevation of privilege vulnerability exists when the\n Windows Work Folder Service improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could run processes in an elevated\n context. An attacker could exploit this vulnerability by\n running a specially crafted application on the victim\n system. The update addresses the vulnerability by\n correcting the way the Windows Work Folder Service\n handles file operations. (CVE-2020-1552)\n\n - An elevation of privilege vulnerability exists when the\n Windows Custom Protocol Engine improperly handles\n memory. (CVE-2020-1527)\n\n - An elevation of privilege vulnerability exists when the\n Storage Service improperly handles file operations. An\n attacker who successfully exploited this vulnerability\n could gain elevated privileges on the victim system.\n (CVE-2020-1490)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Graphics Device Interface (GDI)\n handles objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2020-1480, CVE-2020-1529)\n\n - An elevation of privilege vulnerability exists when the\n Windows Speech Runtime improperly handles memory.\n (CVE-2020-1521, CVE-2020-1522)\n\n - An elevation of privilege vulnerability exists when the\n Windows CSC Service improperly handles memory.\n (CVE-2020-1489, CVE-2020-1513)\n\n - An elevation of privilege vulnerability exists when the\n Windows Accounts Control improperly handles memory.\n (CVE-2020-1531)\n\n - An elevation of privilege vulnerability exists when\n Windows improperly handles hard links. An attacker who\n successfully exploited this vulnerability could\n overwrite a targeted file leading to an elevated status.\n (CVE-2020-1467)\n\n - A denial of service vulnerability exists in Windows\n Remote Desktop Gateway (RD Gateway) when an attacker\n connects to the target system using RDP and sends\n specially crafted requests. An attacker who successfully\n exploited this vulnerability could cause the RD Gateway\n service on the target system to stop responding.\n (CVE-2020-1466)\n\n - An elevation of privilege vulnerability exists when the\n Windows Runtime improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could run arbitrary code in an elevated context. An\n attacker could exploit this vulnerability by running a\n specially crafted application on the victim system. The\n update addresses the vulnerability by correcting the way\n the Windows Runtime handles objects in memory.\n (CVE-2020-1553)\n\n - A remote code execution vulnerability exists when the\n Windows Font Driver Host improperly handles memory. An\n attacker who successfully exploited the vulnerability\n would gain execution on a victim system. The security\n update addresses the vulnerability by correcting how the\n Windows Font Driver Host handles memory. (CVE-2020-1520)\n\n - An elevation of privilege vulnerability exists when the\n Windows UPnP Device Host improperly handles memory.\n (CVE-2020-1519, CVE-2020-1538)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Internet Explorer. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2020-1380, CVE-2020-1570)\n\n - An elevation of privilege vulnerability exists when the\n Windows Telephony Server improperly handles memory.\n (CVE-2020-1515)\n\n - An elevation of privilege vulnerability exists in the\n Local Security Authority Subsystem Service (LSASS) when\n an authenticated attacker sends a specially crafted\n authentication request. A remote attacker who\n successfully exploited this vulnerability could cause an\n elevation of privilege on the target system's LSASS\n service. The security update addresses the vulnerability\n by changing the way that LSASS handles specially crafted\n authentication requests. (CVE-2020-1509)\n\n - An information disclosure vulnerability exists when\n Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. (CVE-2020-1487)\n\n - An elevation of privilege vulnerability exists when the\n Windows AppX Deployment Extensions improperly performs\n privilege management, resulting in access to system\n files. (CVE-2020-1488)\n\n - An elevation of privilege vulnerability exists when the\n Windows File Server Resource Management Service\n improperly handles memory. (CVE-2020-1517,\n CVE-2020-1518)\n\n - An elevation of privilege vulnerability exists in the\n way that the dnsrslvr.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2020-1584)\n\n - An elevation of privilege vulnerability exists when the\n Windows Network Connection Broker improperly handles\n memory. (CVE-2020-1526)\n\n - An elevation of privilege vulnerability exists when the\n Windows Speech Shell Components improperly handle\n memory. (CVE-2020-1524)\n\n - An elevation of privilege vulnerability exists when\n ASP.NET or .NET web applications running on IIS\n improperly allow access to cached files. An attacker who\n successfully exploited this vulnerability could gain\n access to restricted files. (CVE-2020-1476)\n\n - An elevation of privilege vulnerability exists when the\n Windows Remote Access improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could gain elevated privileges.\n (CVE-2020-1537)\n\n - An elevation of privilege vulnerability exists when the\n "Public Account Pictures" folder improperly\n handles junctions. (CVE-2020-1565)\n\n - An elevation of privilege vulnerability exists when the\n Windows Backup Service improperly handles file\n operations. (CVE-2020-1534)\n\n - A remote code execution vulnerability exists when\n Microsoft Edge PDF Reader improperly handles objects in\n memory. The vulnerability could corrupt memory in such a\n way that enables an attacker to execute arbitrary code\n in the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. If the current\n user is logged on with administrative user rights, an\n attacker could take control of an affected system. An\n attacker could then install programs; view, change, or\n delete data; or create new accounts with full user\n rights. (CVE-2020-1568)\n\n - An elevation of privilege vulnerability exists when an\n attacker establishes a vulnerable Netlogon secure\n channel connection to a domain controller, using the\n Netlogon Remote Protocol (MS-NRPC). An attacker who\n successfully exploited the vulnerability could run a\n specially crafted application on a device on the\n network. (CVE-2020-1472)\n\n - An elevation of privilege vulnerability exists when the\n Windows Kernel API improperly handles registry objects\n in memory. An attacker who successfully exploited the\n vulnerability could gain elevated privileges on a\n targeted system. A locally authenticated attacker could\n exploit this vulnerability by running a specially\n crafted application. The security update addresses the\n vulnerability by helping to ensure that the Windows\n Kernel API properly handles objects in memory.\n (CVE-2020-1377, CVE-2020-1378)\n\n - An elevation of privilege vulnerability exists when the\n Windows Print Spooler service improperly allows\n arbitrary writing to the file system. An attacker who\n successfully exploited this vulnerability could run\n arbitrary code with elevated system privileges. An\n attacker could then install programs; view, change, or\n delete data; or create new accounts with full user\n rights. (CVE-2020-1337)\n\n - An information disclosure vulnerability exists when the\n Windows WaasMedic Service improperly handles memory.\n (CVE-2020-1548)\n\n - An information disclosure vulnerability exists when the\n Windows Image Acquisition (WIA) Service improperly\n discloses contents of its memory. An attacker who\n successfully exploited the vulnerability could obtain\n information to further compromise the users system.\n (CVE-2020-1474, CVE-2020-1485)\n\n - An elevation of privilege vulnerability exists when the\n Windows kernel fails to properly handle objects in\n memory. An attacker who successfully exploited this\n vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change,\n or delete data; or create new accounts with full user\n rights. (CVE-2020-1417, CVE-2020-1486, CVE-2020-1566)\n\n - A remote code execution vulnerability exists when the\n Windows Jet Database Engine improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on a victim\n system. An attacker could exploit this vulnerability by\n enticing a victim to open a specially crafted file. The\n update addresses the vulnerability by correcting the way\n the Windows Jet Database Engine handles objects in\n memory. (CVE-2020-1473, CVE-2020-1557, CVE-2020-1558,\n CVE-2020-1564)\n\n - A remote code execution vulnerability exists when\n Microsoft .NET Framework processes input. An attacker\n who successfully exploited this vulnerability could take\n control of an affected system. (CVE-2020-1046)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows WalletService handles objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute code with elevated\n permissions. (CVE-2020-1533, CVE-2020-1556)\n\n - An information disclosure vulnerability exists in the\n Windows kernel that could allow an attacker to retrieve\n information that could lead to a Kernel Address Space\n Layout Randomization (ASLR) bypass. An attacker who\n successfully exploited the vulnerability could retrieve\n the memory address of a kernel object. (CVE-2020-1578)\n\n - An elevation of privilege vulnerability exists when\n DirectX improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could run arbitrary code in kernel mode. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n (CVE-2020-1479)\n\n - An elevation of privilege vulnerability exists when the\n Windows Ancillary Function Driver for WinSock improperly\n handles memory. (CVE-2020-1587)\n\n - An elevation of privilege vulnerability exists when the\n Windows Function Discovery SSDP Provider improperly\n handles memory. (CVE-2020-1579)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft Graphics Components handle objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute arbitrary code on a target\n system. (CVE-2020-1561, CVE-2020-1562)\n\n - An information disclosure vulnerability exists when the\n Windows State Repository Service improperly handles\n objects in memory. An attacker who successfully\n exploited this vulnerability could obtain information to\n further compromise the users system. An attacker could\n exploit this vulnerability by running a specially\n crafted application on the victim system. The update\n addresses the vulnerability by correcting the way the\n Windows State Repository Service handles objects in\n memory. (CVE-2020-1512)\n\n - An elevation of privilege vulnerability exists when\n Windows Remote Access improperly handles memory.\n (CVE-2020-1530)\n\n - A remote code execution vulnerability exists in the way\n that the MSHTML engine improperly validates input. An\n attacker could execute arbitrary code in the context of\n the current user. (CVE-2020-1567)\n\n - A spoofing vulnerability exists when Windows incorrectly\n validates file signatures. An attacker who successfully\n exploited this vulnerability could bypass security\n features and load improperly signed files. In an attack\n scenario, an attacker could bypass security features\n intended to prevent improperly signed files from being\n loaded. The update addresses the vulnerability by\n correcting how Windows validates file signatures.\n (CVE-2020-1464)", "edition": 10, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2020-08-11T00:00:00", "title": "KB4565349: Windows 10 Version 1809 and Windows Server 2019 August 2020 Security Update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-1473", "CVE-2020-1587", "CVE-2020-1569", "CVE-2020-1524", "CVE-2020-1519", "CVE-2020-1533", "CVE-2020-1516", "CVE-2020-1525", "CVE-2020-1480", "CVE-2020-1549", "CVE-2020-1378", "CVE-2020-1515", "CVE-2020-1526", "CVE-2020-1567", "CVE-2020-1553", "CVE-2020-1554", "CVE-2020-1518", "CVE-2020-1466", "CVE-2020-1487", "CVE-2020-1584", "CVE-2020-1561", "CVE-2020-1529", "CVE-2020-1534", "CVE-2020-1555", "CVE-2020-1479", "CVE-2020-1579", "CVE-2020-1474", "CVE-2020-1558", "CVE-2020-1509", "CVE-2020-1472", "CVE-2020-1476", "CVE-2020-1521", "CVE-2020-1578", "CVE-2020-1046", "CVE-2020-1489", "CVE-2020-1478", "CVE-2020-1486", "CVE-2020-1537", "CVE-2020-1556", "CVE-2020-1337", "CVE-2020-1379", "CVE-2020-1517", "CVE-2020-1511", "CVE-2020-1522", "CVE-2020-1565", "CVE-2020-1417", "CVE-2020-1488", "CVE-2020-1528", "CVE-2020-1557", "CVE-2020-1464", "CVE-2020-1380", "CVE-2020-1531", "CVE-2020-1568", "CVE-2020-1339", "CVE-2020-1566", "CVE-2020-1513", "CVE-2020-1564", "CVE-2020-1548", "CVE-2020-1467", "CVE-2020-1550", "CVE-2020-1485", "CVE-2020-1552", "CVE-2020-1527", "CVE-2020-1520", "CVE-2020-1492", "CVE-2020-1562", "CVE-2020-1490", "CVE-2020-1538", "CVE-2020-1512", "CVE-2020-1383", "CVE-2020-1570", "CVE-2020-1530", "CVE-2020-1470", "CVE-2020-1477", "CVE-2020-1484", "CVE-2020-1577", "CVE-2020-1475", "CVE-2020-1377"], "modified": "2020-08-11T00:00:00", "cpe": ["cpe:/o:microsoft:windows", "cpe:/a:microsoft:edge"], "id": "SMB_NT_MS20_AUG_4565349.NASL", "href": "https://www.tenable.com/plugins/nessus/139484", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(139484);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\n \"CVE-2020-1046\",\n \"CVE-2020-1337\",\n \"CVE-2020-1339\",\n \"CVE-2020-1377\",\n \"CVE-2020-1378\",\n \"CVE-2020-1379\",\n \"CVE-2020-1380\",\n \"CVE-2020-1383\",\n \"CVE-2020-1417\",\n \"CVE-2020-1464\",\n \"CVE-2020-1466\",\n \"CVE-2020-1467\",\n \"CVE-2020-1470\",\n \"CVE-2020-1472\",\n \"CVE-2020-1473\",\n \"CVE-2020-1474\",\n \"CVE-2020-1475\",\n \"CVE-2020-1476\",\n \"CVE-2020-1477\",\n \"CVE-2020-1478\",\n \"CVE-2020-1479\",\n \"CVE-2020-1480\",\n \"CVE-2020-1484\",\n \"CVE-2020-1485\",\n \"CVE-2020-1486\",\n \"CVE-2020-1487\",\n \"CVE-2020-1488\",\n \"CVE-2020-1489\",\n \"CVE-2020-1490\",\n \"CVE-2020-1492\",\n \"CVE-2020-1509\",\n \"CVE-2020-1511\",\n \"CVE-2020-1512\",\n \"CVE-2020-1513\",\n \"CVE-2020-1515\",\n \"CVE-2020-1516\",\n \"CVE-2020-1517\",\n \"CVE-2020-1518\",\n \"CVE-2020-1519\",\n \"CVE-2020-1520\",\n \"CVE-2020-1521\",\n \"CVE-2020-1522\",\n \"CVE-2020-1524\",\n \"CVE-2020-1525\",\n \"CVE-2020-1526\",\n \"CVE-2020-1527\",\n \"CVE-2020-1528\",\n \"CVE-2020-1529\",\n \"CVE-2020-1530\",\n \"CVE-2020-1531\",\n \"CVE-2020-1533\",\n \"CVE-2020-1534\",\n \"CVE-2020-1537\",\n \"CVE-2020-1538\",\n \"CVE-2020-1548\",\n \"CVE-2020-1549\",\n \"CVE-2020-1550\",\n \"CVE-2020-1552\",\n \"CVE-2020-1553\",\n \"CVE-2020-1554\",\n \"CVE-2020-1555\",\n \"CVE-2020-1556\",\n \"CVE-2020-1557\",\n \"CVE-2020-1558\",\n \"CVE-2020-1561\",\n \"CVE-2020-1562\",\n \"CVE-2020-1564\",\n \"CVE-2020-1565\",\n \"CVE-2020-1566\",\n \"CVE-2020-1567\",\n \"CVE-2020-1568\",\n \"CVE-2020-1569\",\n \"CVE-2020-1570\",\n \"CVE-2020-1577\",\n \"CVE-2020-1578\",\n \"CVE-2020-1579\",\n \"CVE-2020-1584\",\n \"CVE-2020-1587\"\n );\n script_xref(name:\"MSKB\", value:\"4565349\");\n script_xref(name:\"MSFT\", value:\"MS20-4565349\");\n script_xref(name:\"IAVA\", value:\"2020-A-0361-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0367-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0370-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0438\");\n script_xref(name:\"IAVA\", value:\"0001-A-0647\");\n\n script_name(english:\"KB4565349: Windows 10 Version 1809 and Windows Server 2019 August 2020 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4565349.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A memory corruption vulnerability exists when Windows\n Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited the vulnerability\n could install programs; view, change, or delete data; or\n create new accounts with full user rights. There are\n multiple ways an attacker could exploit the\n vulnerability, such as by convincing a user to open a\n specially crafted document, or by convincing a user to\n visit a malicious webpage. The security update addresses\n the vulnerability by correcting how Windows Media\n Foundation handles objects in memory. (CVE-2020-1379,\n CVE-2020-1477, CVE-2020-1478, CVE-2020-1492,\n CVE-2020-1525, CVE-2020-1554)\n\n - A remote code execution vulnerability exists when\n Windows Media Audio Codec improperly handles objects. An\n attacker who successfully exploited the vulnerability\n could take control of an affected system. There are\n multiple ways an attacker could exploit the\n vulnerability, such as by convincing a user to open a\n specially crafted document, or by convincing a user to\n visit a malicious webpage. The security update addresses\n the vulnerability by correcting how Windows Media Audio\n Codec handles objects. (CVE-2020-1339)\n\n - An elevation of privilege vulnerability exists when\n Connected User Experiences and Telemetry Service\n improperly handles file operations. An attacker who\n successfully exploited this vulnerability could run\n processes in an elevated context. An attacker could\n exploit this vulnerability by running a specially\n crafted application on the victim system. The security\n update addresses the vulnerability by correcting how the\n Connected User Experiences and Telemetry Service handles\n file operations. (CVE-2020-1511)\n\n - An elevation of privilege vulnerability exists in the\n way that the srmsvc.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2020-1475)\n\n - A remote code execution vulnerability exists when\n Microsoft Edge improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that enables an attacker to execute arbitrary code in\n the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2020-1569)\n\n - An elevation of privilege vulnerability exists when the\n Windows CDP User Components improperly handle memory.\n (CVE-2020-1549, CVE-2020-1550)\n\n - An information disclosure vulnerability exists when\n DirectWrite improperly discloses the contents of its\n memory. An attacker who successfully exploited the\n vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document,\n or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by\n correcting how DirectWrite handles objects in memory.\n (CVE-2020-1577)\n\n - An elevation of privilege vulnerability exists when the\n Windows Radio Manager API improperly handles memory.\n (CVE-2020-1528)\n\n - An information disclosure vulnerability exists in RPC if\n the server has Routing and Remote Access enabled. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system (CVE-2020-1383)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Microsoft Edge (HTML-based). The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. An attacker who successfully exploited the\n vulnerability could gain the same user rights as the\n current user. (CVE-2020-1555)\n\n - An elevation of privilege vulnerability exists when the\n Windows Work Folders Service improperly handles memory.\n (CVE-2020-1470, CVE-2020-1484, CVE-2020-1516)\n\n - An elevation of privilege vulnerability exists when the\n Windows Work Folder Service improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could run processes in an elevated\n context. An attacker could exploit this vulnerability by\n running a specially crafted application on the victim\n system. The update addresses the vulnerability by\n correcting the way the Windows Work Folder Service\n handles file operations. (CVE-2020-1552)\n\n - An elevation of privilege vulnerability exists when the\n Windows Custom Protocol Engine improperly handles\n memory. (CVE-2020-1527)\n\n - An elevation of privilege vulnerability exists when the\n Storage Service improperly handles file operations. An\n attacker who successfully exploited this vulnerability\n could gain elevated privileges on the victim system.\n (CVE-2020-1490)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Graphics Device Interface (GDI)\n handles objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2020-1480, CVE-2020-1529)\n\n - An elevation of privilege vulnerability exists when the\n Windows Speech Runtime improperly handles memory.\n (CVE-2020-1521, CVE-2020-1522)\n\n - An elevation of privilege vulnerability exists when the\n Windows CSC Service improperly handles memory.\n (CVE-2020-1489, CVE-2020-1513)\n\n - An elevation of privilege vulnerability exists when the\n Windows Accounts Control improperly handles memory.\n (CVE-2020-1531)\n\n - An elevation of privilege vulnerability exists when\n Windows improperly handles hard links. An attacker who\n successfully exploited this vulnerability could\n overwrite a targeted file leading to an elevated status.\n (CVE-2020-1467)\n\n - A denial of service vulnerability exists in Windows\n Remote Desktop Gateway (RD Gateway) when an attacker\n connects to the target system using RDP and sends\n specially crafted requests. An attacker who successfully\n exploited this vulnerability could cause the RD Gateway\n service on the target system to stop responding.\n (CVE-2020-1466)\n\n - An elevation of privilege vulnerability exists when the\n Windows Runtime improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could run arbitrary code in an elevated context. An\n attacker could exploit this vulnerability by running a\n specially crafted application on the victim system. The\n update addresses the vulnerability by correcting the way\n the Windows Runtime handles objects in memory.\n (CVE-2020-1553)\n\n - A remote code execution vulnerability exists when the\n Windows Font Driver Host improperly handles memory. An\n attacker who successfully exploited the vulnerability\n would gain execution on a victim system. The security\n update addresses the vulnerability by correcting how the\n Windows Font Driver Host handles memory. (CVE-2020-1520)\n\n - An elevation of privilege vulnerability exists when the\n Windows UPnP Device Host improperly handles memory.\n (CVE-2020-1519, CVE-2020-1538)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Internet Explorer. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2020-1380, CVE-2020-1570)\n\n - An elevation of privilege vulnerability exists when the\n Windows Telephony Server improperly handles memory.\n (CVE-2020-1515)\n\n - An elevation of privilege vulnerability exists in the\n Local Security Authority Subsystem Service (LSASS) when\n an authenticated attacker sends a specially crafted\n authentication request. A remote attacker who\n successfully exploited this vulnerability could cause an\n elevation of privilege on the target system's LSASS\n service. The security update addresses the vulnerability\n by changing the way that LSASS handles specially crafted\n authentication requests. (CVE-2020-1509)\n\n - An information disclosure vulnerability exists when\n Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. (CVE-2020-1487)\n\n - An elevation of privilege vulnerability exists when the\n Windows AppX Deployment Extensions improperly performs\n privilege management, resulting in access to system\n files. (CVE-2020-1488)\n\n - An elevation of privilege vulnerability exists when the\n Windows File Server Resource Management Service\n improperly handles memory. (CVE-2020-1517,\n CVE-2020-1518)\n\n - An elevation of privilege vulnerability exists in the\n way that the dnsrslvr.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2020-1584)\n\n - An elevation of privilege vulnerability exists when the\n Windows Network Connection Broker improperly handles\n memory. (CVE-2020-1526)\n\n - An elevation of privilege vulnerability exists when the\n Windows Speech Shell Components improperly handle\n memory. (CVE-2020-1524)\n\n - An elevation of privilege vulnerability exists when\n ASP.NET or .NET web applications running on IIS\n improperly allow access to cached files. An attacker who\n successfully exploited this vulnerability could gain\n access to restricted files. (CVE-2020-1476)\n\n - An elevation of privilege vulnerability exists when the\n Windows Remote Access improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could gain elevated privileges.\n (CVE-2020-1537)\n\n - An elevation of privilege vulnerability exists when the\n "Public Account Pictures" folder improperly\n handles junctions. (CVE-2020-1565)\n\n - An elevation of privilege vulnerability exists when the\n Windows Backup Service improperly handles file\n operations. (CVE-2020-1534)\n\n - A remote code execution vulnerability exists when\n Microsoft Edge PDF Reader improperly handles objects in\n memory. The vulnerability could corrupt memory in such a\n way that enables an attacker to execute arbitrary code\n in the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. If the current\n user is logged on with administrative user rights, an\n attacker could take control of an affected system. An\n attacker could then install programs; view, change, or\n delete data; or create new accounts with full user\n rights. (CVE-2020-1568)\n\n - An elevation of privilege vulnerability exists when an\n attacker establishes a vulnerable Netlogon secure\n channel connection to a domain controller, using the\n Netlogon Remote Protocol (MS-NRPC). An attacker who\n successfully exploited the vulnerability could run a\n specially crafted application on a device on the\n network. (CVE-2020-1472)\n\n - An elevation of privilege vulnerability exists when the\n Windows Kernel API improperly handles registry objects\n in memory. An attacker who successfully exploited the\n vulnerability could gain elevated privileges on a\n targeted system. A locally authenticated attacker could\n exploit this vulnerability by running a specially\n crafted application. The security update addresses the\n vulnerability by helping to ensure that the Windows\n Kernel API properly handles objects in memory.\n (CVE-2020-1377, CVE-2020-1378)\n\n - An elevation of privilege vulnerability exists when the\n Windows Print Spooler service improperly allows\n arbitrary writing to the file system. An attacker who\n successfully exploited this vulnerability could run\n arbitrary code with elevated system privileges. An\n attacker could then install programs; view, change, or\n delete data; or create new accounts with full user\n rights. (CVE-2020-1337)\n\n - An information disclosure vulnerability exists when the\n Windows WaasMedic Service improperly handles memory.\n (CVE-2020-1548)\n\n - An information disclosure vulnerability exists when the\n Windows Image Acquisition (WIA) Service improperly\n discloses contents of its memory. An attacker who\n successfully exploited the vulnerability could obtain\n information to further compromise the users system.\n (CVE-2020-1474, CVE-2020-1485)\n\n - An elevation of privilege vulnerability exists when the\n Windows kernel fails to properly handle objects in\n memory. An attacker who successfully exploited this\n vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change,\n or delete data; or create new accounts with full user\n rights. (CVE-2020-1417, CVE-2020-1486, CVE-2020-1566)\n\n - A remote code execution vulnerability exists when the\n Windows Jet Database Engine improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on a victim\n system. An attacker could exploit this vulnerability by\n enticing a victim to open a specially crafted file. The\n update addresses the vulnerability by correcting the way\n the Windows Jet Database Engine handles objects in\n memory. (CVE-2020-1473, CVE-2020-1557, CVE-2020-1558,\n CVE-2020-1564)\n\n - A remote code execution vulnerability exists when\n Microsoft .NET Framework processes input. An attacker\n who successfully exploited this vulnerability could take\n control of an affected system. (CVE-2020-1046)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows WalletService handles objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute code with elevated\n permissions. (CVE-2020-1533, CVE-2020-1556)\n\n - An information disclosure vulnerability exists in the\n Windows kernel that could allow an attacker to retrieve\n information that could lead to a Kernel Address Space\n Layout Randomization (ASLR) bypass. An attacker who\n successfully exploited the vulnerability could retrieve\n the memory address of a kernel object. (CVE-2020-1578)\n\n - An elevation of privilege vulnerability exists when\n DirectX improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could run arbitrary code in kernel mode. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n (CVE-2020-1479)\n\n - An elevation of privilege vulnerability exists when the\n Windows Ancillary Function Driver for WinSock improperly\n handles memory. (CVE-2020-1587)\n\n - An elevation of privilege vulnerability exists when the\n Windows Function Discovery SSDP Provider improperly\n handles memory. (CVE-2020-1579)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft Graphics Components handle objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute arbitrary code on a target\n system. (CVE-2020-1561, CVE-2020-1562)\n\n - An information disclosure vulnerability exists when the\n Windows State Repository Service improperly handles\n objects in memory. An attacker who successfully\n exploited this vulnerability could obtain information to\n further compromise the users system. An attacker could\n exploit this vulnerability by running a specially\n crafted application on the victim system. The update\n addresses the vulnerability by correcting the way the\n Windows State Repository Service handles objects in\n memory. (CVE-2020-1512)\n\n - An elevation of privilege vulnerability exists when\n Windows Remote Access improperly handles memory.\n (CVE-2020-1530)\n\n - A remote code execution vulnerability exists in the way\n that the MSHTML engine improperly validates input. An\n attacker could execute arbitrary code in the context of\n the current user. (CVE-2020-1567)\n\n - A spoofing vulnerability exists when Windows incorrectly\n validates file signatures. An attacker who successfully\n exploited this vulnerability could bypass security\n features and load improperly signed files. In an attack\n scenario, an attacker could bypass security features\n intended to prevent improperly signed files from being\n loaded. The update addresses the vulnerability by\n correcting how Windows validates file signatures.\n (CVE-2020-1464)\");\n # https://support.microsoft.com/en-us/help/4565349/windows-10-update-kb4565349\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?5b03d5e5\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update KB4565349.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-1564\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Microsoft Spooler Local Privilege Elevation Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/08/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/08/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/08/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS20-08\";\nkbs = make_list('4565349');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:\"17763\",\n rollup_date:\"08_2020\",\n bulletin:bulletin,\n rollup_kb_list:[4565349])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n\n\n\n\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-20T14:25:53", "description": "The remote Windows host is missing security update 4571709.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A memory corruption vulnerability exists when Windows\n Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited the vulnerability\n could install programs; view, change, or delete data; or\n create new accounts with full user rights. There are\n multiple ways an attacker could exploit the\n vulnerability, such as by convincing a user to open a\n specially crafted document, or by convincing a user to\n visit a malicious webpage. The security update addresses\n the vulnerability by correcting how Windows Media\n Foundation handles objects in memory. (CVE-2020-1379,\n CVE-2020-1477, CVE-2020-1478, CVE-2020-1492,\n CVE-2020-1525, CVE-2020-1554)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows WalletService handles objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute code with elevated\n permissions. (CVE-2020-1533, CVE-2020-1556)\n\n - An elevation of privilege vulnerability exists when\n Connected User Experiences and Telemetry Service\n improperly handles file operations. An attacker who\n successfully exploited this vulnerability could run\n processes in an elevated context. An attacker could\n exploit this vulnerability by running a specially\n crafted application on the victim system. The security\n update addresses the vulnerability by correcting how the\n Connected User Experiences and Telemetry Service handles\n file operations. (CVE-2020-1511)\n\n - A remote code execution vulnerability exists when\n Windows Media Audio Codec improperly handles objects. An\n attacker who successfully exploited the vulnerability\n could take control of an affected system. There are\n multiple ways an attacker could exploit the\n vulnerability, such as by convincing a user to open a\n specially crafted document, or by convincing a user to\n visit a malicious webpage. The security update addresses\n the vulnerability by correcting how Windows Media Audio\n Codec handles objects. (CVE-2020-1339)\n\n - A remote code execution vulnerability exists when\n Microsoft Edge improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that enables an attacker to execute arbitrary code in\n the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2020-1569)\n\n - An elevation of privilege vulnerability exists when the\n Windows CDP User Components improperly handle memory.\n (CVE-2020-1549, CVE-2020-1550)\n\n - An information disclosure vulnerability exists when\n DirectWrite improperly discloses the contents of its\n memory. An attacker who successfully exploited the\n vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document,\n or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by\n correcting how DirectWrite handles objects in memory.\n (CVE-2020-1577)\n\n - An elevation of privilege vulnerability exists when the\n Windows Radio Manager API improperly handles memory.\n (CVE-2020-1528)\n\n - An information disclosure vulnerability exists in RPC if\n the server has Routing and Remote Access enabled. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system (CVE-2020-1383)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Microsoft Edge (HTML-based). The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. An attacker who successfully exploited the\n vulnerability could gain the same user rights as the\n current user. (CVE-2020-1555)\n\n - An elevation of privilege vulnerability exists when the\n Windows Work Folders Service improperly handles memory.\n (CVE-2020-1470, CVE-2020-1484, CVE-2020-1516)\n\n - An elevation of privilege vulnerability exists when the\n Windows Work Folder Service improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could run processes in an elevated\n context. An attacker could exploit this vulnerability by\n running a specially crafted application on the victim\n system. The update addresses the vulnerability by\n correcting the way the Windows Work Folder Service\n handles file operations. (CVE-2020-1552)\n\n - An elevation of privilege vulnerability exists when the\n Windows Custom Protocol Engine improperly handles\n memory. (CVE-2020-1527)\n\n - An elevation of privilege vulnerability exists when the\n Storage Service improperly handles file operations. An\n attacker who successfully exploited this vulnerability\n could gain elevated privileges on the victim system.\n (CVE-2020-1490)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Graphics Device Interface (GDI)\n handles objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2020-1480, CVE-2020-1529)\n\n - An elevation of privilege vulnerability exists when the\n Windows Speech Runtime improperly handles memory.\n (CVE-2020-1521, CVE-2020-1522)\n\n - An elevation of privilege vulnerability exists when the\n Windows CSC Service improperly handles memory.\n (CVE-2020-1489, CVE-2020-1513)\n\n - An elevation of privilege vulnerability exists when the\n Windows Accounts Control improperly handles memory.\n (CVE-2020-1531)\n\n - An elevation of privilege vulnerability exists in the\n Local Security Authority Subsystem Service (LSASS) when\n an authenticated attacker sends a specially crafted\n authentication request. A remote attacker who\n successfully exploited this vulnerability could cause an\n elevation of privilege on the target system's LSASS\n service. The security update addresses the vulnerability\n by changing the way that LSASS handles specially crafted\n authentication requests. (CVE-2020-1509)\n\n - A remote code execution vulnerability exists when the\n Windows Font Driver Host improperly handles memory. An\n attacker who successfully exploited the vulnerability\n would gain execution on a victim system. The security\n update addresses the vulnerability by correcting how the\n Windows Font Driver Host handles memory. (CVE-2020-1520)\n\n - An elevation of privilege vulnerability exists when the\n Windows UPnP Device Host improperly handles memory.\n (CVE-2020-1519, CVE-2020-1538)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Internet Explorer. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2020-1380, CVE-2020-1570)\n\n - An elevation of privilege vulnerability exists when the\n Windows Telephony Server improperly handles memory.\n (CVE-2020-1515)\n\n - An information disclosure vulnerability exists when\n Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. (CVE-2020-1487)\n\n - An elevation of privilege vulnerability exists when the\n Windows AppX Deployment Extensions improperly performs\n privilege management, resulting in access to system\n files. (CVE-2020-1488)\n\n - An elevation of privilege vulnerability exists when the\n Windows Network Connection Broker improperly handles\n memory. (CVE-2020-1526)\n\n - An elevation of privilege vulnerability exists in the\n way that the dnsrslvr.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2020-1584)\n\n - An elevation of privilege vulnerability exists when the\n Windows Runtime improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could run arbitrary code in an elevated context. An\n attacker could exploit this vulnerability by running a\n specially crafted application on the victim system. The\n update addresses the vulnerability by correcting the way\n the Windows Runtime handles objects in memory.\n (CVE-2020-1553)\n\n - An elevation of privilege vulnerability exists when the\n Windows Speech Shell Components improperly handle\n memory. (CVE-2020-1524)\n\n - An elevation of privilege vulnerability exists when\n ASP.NET or .NET web applications running on IIS\n improperly allow access to cached files. An attacker who\n successfully exploited this vulnerability could gain\n access to restricted files. (CVE-2020-1476)\n\n - An elevation of privilege vulnerability exists when the\n Windows Remote Access improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could gain elevated privileges.\n (CVE-2020-1537)\n\n - An elevation of privilege vulnerability exists when the\n "Public Account Pictures" folder improperly\n handles junctions. (CVE-2020-1565)\n\n - An elevation of privilege vulnerability exists when the\n Windows Backup Service improperly handles file\n operations. (CVE-2020-1534)\n\n - A remote code execution vulnerability exists when\n Microsoft Edge PDF Reader improperly handles objects in\n memory. The vulnerability could corrupt memory in such a\n way that enables an attacker to execute arbitrary code\n in the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. If the current\n user is logged on with administrative user rights, an\n attacker could take control of an affected system. An\n attacker could then install programs; view, change, or\n delete data; or create new accounts with full user\n rights. (CVE-2020-1568)\n\n - An elevation of privilege vulnerability exists when the\n Windows Kernel API improperly handles registry objects\n in memory. An attacker who successfully exploited the\n vulnerability could gain elevated privileges on a\n targeted system. A locally authenticated attacker could\n exploit this vulnerability by running a specially\n crafted application. The security update addresses the\n vulnerability by helping to ensure that the Windows\n Kernel API properly handles objects in memory.\n (CVE-2020-1377, CVE-2020-1378)\n\n - An elevation of privilege vulnerability exists when the\n Windows Print Spooler service improperly allows\n arbitrary writing to the file system. An attacker who\n successfully exploited this vulnerability could run\n arbitrary code with elevated system privileges. An\n attacker could then install programs; view, change, or\n delete data; or create new accounts with full user\n rights. (CVE-2020-1337)\n\n - An information disclosure vulnerability exists when the\n Windows WaasMedic Service improperly handles memory.\n (CVE-2020-1548)\n\n - An information disclosure vulnerability exists when the\n Windows Image Acquisition (WIA) Service improperly\n discloses contents of its memory. An attacker who\n successfully exploited the vulnerability could obtain\n information to further compromise the users system.\n (CVE-2020-1474, CVE-2020-1485)\n\n - An elevation of privilege vulnerability exists when the\n Windows kernel fails to properly handle objects in\n memory. An attacker who successfully exploited this\n vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change,\n or delete data; or create new accounts with full user\n rights. (CVE-2020-1417, CVE-2020-1486, CVE-2020-1566)\n\n - A remote code execution vulnerability exists when the\n Windows Jet Database Engine improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on a victim\n system. An attacker could exploit this vulnerability by\n enticing a victim to open a specially crafted file. The\n update addresses the vulnerability by correcting the way\n the Windows Jet Database Engine handles objects in\n memory. (CVE-2020-1473, CVE-2020-1557, CVE-2020-1558,\n CVE-2020-1564)\n\n - A remote code execution vulnerability exists when\n Microsoft .NET Framework processes input. An attacker\n who successfully exploited this vulnerability could take\n control of an affected system. (CVE-2020-1046)\n\n - An information disclosure vulnerability exists when the\n win32k component improperly provides kernel information.\n An attacker who successfully exploited the vulnerability\n could obtain information to further compromise the users\n system. (CVE-2020-1510)\n\n - An elevation of privilege vulnerability exists when the\n Windows Backup Engine improperly handles memory.\n (CVE-2020-1535, CVE-2020-1536, CVE-2020-1539,\n CVE-2020-1540, CVE-2020-1541, CVE-2020-1542,\n CVE-2020-1543, CVE-2020-1544, CVE-2020-1545,\n CVE-2020-1546, CVE-2020-1547, CVE-2020-1551)\n\n - An information disclosure vulnerability exists in the\n Windows kernel that could allow an attacker to retrieve\n information that could lead to a Kernel Address Space\n Layout Randomization (ASLR) bypass. An attacker who\n successfully exploited the vulnerability could retrieve\n the memory address of a kernel object. (CVE-2020-1578)\n\n - An elevation of privilege vulnerability exists when\n DirectX improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could run arbitrary code in kernel mode. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n (CVE-2020-1479)\n\n - An elevation of privilege vulnerability exists when the\n Windows Ancillary Function Driver for WinSock improperly\n handles memory. (CVE-2020-1587)\n\n - An elevation of privilege vulnerability exists when the\n Windows Function Discovery SSDP Provider improperly\n handles memory. (CVE-2020-1579)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft Graphics Components handle objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute arbitrary code on a target\n system. (CVE-2020-1561, CVE-2020-1562)\n\n - An information disclosure vulnerability exists when the\n Windows State Repository Service improperly handles\n objects in memory. An attacker who successfully\n exploited this vulnerability could obtain information to\n further compromise the users system. An attacker could\n exploit this vulnerability by running a specially\n crafted application on the victim system. The update\n addresses the vulnerability by correcting the way the\n Windows State Repository Service handles objects in\n memory. (CVE-2020-1512)\n\n - An elevation of privilege vulnerability exists when\n Windows Remote Access improperly handles memory.\n (CVE-2020-1530)\n\n - A remote code execution vulnerability exists in the way\n that the MSHTML engine improperly validates input. An\n attacker could execute arbitrary code in the context of\n the current user. (CVE-2020-1567)\n\n - A spoofing vulnerability exists when Windows incorrectly\n validates file signatures. An attacker who successfully\n exploited this vulnerability could bypass security\n features and load improperly signed files. In an attack\n scenario, an attacker could bypass security features\n intended to prevent improperly signed files from being\n loaded. The update addresses the vulnerability by\n correcting how Windows validates file signatures.\n (CVE-2020-1464)", "edition": 6, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2020-08-11T00:00:00", "title": "KB4571709: Windows 10 Version 1803 August 2020 Security Update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-1473", "CVE-2020-1587", "CVE-2020-1569", "CVE-2020-1524", "CVE-2020-1519", "CVE-2020-1533", "CVE-2020-1535", "CVE-2020-1516", "CVE-2020-1525", "CVE-2020-1480", "CVE-2020-1549", "CVE-2020-1378", "CVE-2020-1515", "CVE-2020-1540", "CVE-2020-1526", "CVE-2020-1567", "CVE-2020-1553", "CVE-2020-1554", "CVE-2020-1487", "CVE-2020-1584", "CVE-2020-1547", "CVE-2020-1561", "CVE-2020-1529", "CVE-2020-1534", "CVE-2020-1555", "CVE-2020-1479", "CVE-2020-1579", "CVE-2020-1474", "CVE-2020-1558", "CVE-2020-1509", "CVE-2020-1546", "CVE-2020-1539", "CVE-2020-1476", "CVE-2020-1521", "CVE-2020-1578", "CVE-2020-1046", "CVE-2020-1489", "CVE-2020-1536", "CVE-2020-1478", "CVE-2020-1486", "CVE-2020-1537", "CVE-2020-1556", "CVE-2020-1337", "CVE-2020-1379", "CVE-2020-1511", "CVE-2020-1522", "CVE-2020-1565", "CVE-2020-1417", "CVE-2020-1488", "CVE-2020-1528", "CVE-2020-1557", "CVE-2020-1464", "CVE-2020-1380", "CVE-2020-1531", "CVE-2020-1568", "CVE-2020-1339", "CVE-2020-1566", "CVE-2020-1513", "CVE-2020-1544", "CVE-2020-1564", "CVE-2020-1548", "CVE-2020-1542", "CVE-2020-1550", "CVE-2020-1485", "CVE-2020-1552", "CVE-2020-1527", "CVE-2020-1520", "CVE-2020-1543", "CVE-2020-1492", "CVE-2020-1562", "CVE-2020-1490", "CVE-2020-1538", "CVE-2020-1512", "CVE-2020-1545", "CVE-2020-1510", "CVE-2020-1383", "CVE-2020-1570", "CVE-2020-1530", "CVE-2020-1541", "CVE-2020-1470", "CVE-2020-1477", "CVE-2020-1484", "CVE-2020-1577", "CVE-2020-1551", "CVE-2020-1377"], "modified": "2020-08-11T00:00:00", "cpe": ["cpe:/o:microsoft:windows", "cpe:/a:microsoft:edge"], "id": "SMB_NT_MS20_AUG_4571709.NASL", "href": "https://www.tenable.com/plugins/nessus/139490", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(139490);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\n \"CVE-2020-1046\",\n \"CVE-2020-1337\",\n \"CVE-2020-1339\",\n \"CVE-2020-1377\",\n \"CVE-2020-1378\",\n \"CVE-2020-1379\",\n \"CVE-2020-1380\",\n \"CVE-2020-1383\",\n \"CVE-2020-1417\",\n \"CVE-2020-1464\",\n \"CVE-2020-1470\",\n \"CVE-2020-1473\",\n \"CVE-2020-1474\",\n \"CVE-2020-1476\",\n \"CVE-2020-1477\",\n \"CVE-2020-1478\",\n \"CVE-2020-1479\",\n \"CVE-2020-1480\",\n \"CVE-2020-1484\",\n \"CVE-2020-1485\",\n \"CVE-2020-1486\",\n \"CVE-2020-1487\",\n \"CVE-2020-1488\",\n \"CVE-2020-1489\",\n \"CVE-2020-1490\",\n \"CVE-2020-1492\",\n \"CVE-2020-1509\",\n \"CVE-2020-1510\",\n \"CVE-2020-1511\",\n \"CVE-2020-1512\",\n \"CVE-2020-1513\",\n \"CVE-2020-1515\",\n \"CVE-2020-1516\",\n \"CVE-2020-1519\",\n \"CVE-2020-1520\",\n \"CVE-2020-1521\",\n \"CVE-2020-1522\",\n \"CVE-2020-1524\",\n \"CVE-2020-1525\",\n \"CVE-2020-1526\",\n \"CVE-2020-1527\",\n \"CVE-2020-1528\",\n \"CVE-2020-1529\",\n \"CVE-2020-1530\",\n \"CVE-2020-1531\",\n \"CVE-2020-1533\",\n \"CVE-2020-1534\",\n \"CVE-2020-1535\",\n \"CVE-2020-1536\",\n \"CVE-2020-1537\",\n \"CVE-2020-1538\",\n \"CVE-2020-1539\",\n \"CVE-2020-1540\",\n \"CVE-2020-1541\",\n \"CVE-2020-1542\",\n \"CVE-2020-1543\",\n \"CVE-2020-1544\",\n \"CVE-2020-1545\",\n \"CVE-2020-1546\",\n \"CVE-2020-1547\",\n \"CVE-2020-1548\",\n \"CVE-2020-1549\",\n \"CVE-2020-1550\",\n \"CVE-2020-1551\",\n \"CVE-2020-1552\",\n \"CVE-2020-1553\",\n \"CVE-2020-1554\",\n \"CVE-2020-1555\",\n \"CVE-2020-1556\",\n \"CVE-2020-1557\",\n \"CVE-2020-1558\",\n \"CVE-2020-1561\",\n \"CVE-2020-1562\",\n \"CVE-2020-1564\",\n \"CVE-2020-1565\",\n \"CVE-2020-1566\",\n \"CVE-2020-1567\",\n \"CVE-2020-1568\",\n \"CVE-2020-1569\",\n \"CVE-2020-1570\",\n \"CVE-2020-1577\",\n \"CVE-2020-1578\",\n \"CVE-2020-1579\",\n \"CVE-2020-1584\",\n \"CVE-2020-1587\"\n );\n script_xref(name:\"MSKB\", value:\"4571709\");\n script_xref(name:\"MSFT\", value:\"MS20-4571709\");\n script_xref(name:\"IAVA\", value:\"2020-A-0361-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0367-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0370-S\");\n\n script_name(english:\"KB4571709: Windows 10 Version 1803 August 2020 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4571709.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A memory corruption vulnerability exists when Windows\n Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited the vulnerability\n could install programs; view, change, or delete data; or\n create new accounts with full user rights. There are\n multiple ways an attacker could exploit the\n vulnerability, such as by convincing a user to open a\n specially crafted document, or by convincing a user to\n visit a malicious webpage. The security update addresses\n the vulnerability by correcting how Windows Media\n Foundation handles objects in memory. (CVE-2020-1379,\n CVE-2020-1477, CVE-2020-1478, CVE-2020-1492,\n CVE-2020-1525, CVE-2020-1554)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows WalletService handles objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute code with elevated\n permissions. (CVE-2020-1533, CVE-2020-1556)\n\n - An elevation of privilege vulnerability exists when\n Connected User Experiences and Telemetry Service\n improperly handles file operations. An attacker who\n successfully exploited this vulnerability could run\n processes in an elevated context. An attacker could\n exploit this vulnerability by running a specially\n crafted application on the victim system. The security\n update addresses the vulnerability by correcting how the\n Connected User Experiences and Telemetry Service handles\n file operations. (CVE-2020-1511)\n\n - A remote code execution vulnerability exists when\n Windows Media Audio Codec improperly handles objects. An\n attacker who successfully exploited the vulnerability\n could take control of an affected system. There are\n multiple ways an attacker could exploit the\n vulnerability, such as by convincing a user to open a\n specially crafted document, or by convincing a user to\n visit a malicious webpage. The security update addresses\n the vulnerability by correcting how Windows Media Audio\n Codec handles objects. (CVE-2020-1339)\n\n - A remote code execution vulnerability exists when\n Microsoft Edge improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that enables an attacker to execute arbitrary code in\n the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2020-1569)\n\n - An elevation of privilege vulnerability exists when the\n Windows CDP User Components improperly handle memory.\n (CVE-2020-1549, CVE-2020-1550)\n\n - An information disclosure vulnerability exists when\n DirectWrite improperly discloses the contents of its\n memory. An attacker who successfully exploited the\n vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document,\n or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by\n correcting how DirectWrite handles objects in memory.\n (CVE-2020-1577)\n\n - An elevation of privilege vulnerability exists when the\n Windows Radio Manager API improperly handles memory.\n (CVE-2020-1528)\n\n - An information disclosure vulnerability exists in RPC if\n the server has Routing and Remote Access enabled. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system (CVE-2020-1383)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Microsoft Edge (HTML-based). The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. An attacker who successfully exploited the\n vulnerability could gain the same user rights as the\n current user. (CVE-2020-1555)\n\n - An elevation of privilege vulnerability exists when the\n Windows Work Folders Service improperly handles memory.\n (CVE-2020-1470, CVE-2020-1484, CVE-2020-1516)\n\n - An elevation of privilege vulnerability exists when the\n Windows Work Folder Service improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could run processes in an elevated\n context. An attacker could exploit this vulnerability by\n running a specially crafted application on the victim\n system. The update addresses the vulnerability by\n correcting the way the Windows Work Folder Service\n handles file operations. (CVE-2020-1552)\n\n - An elevation of privilege vulnerability exists when the\n Windows Custom Protocol Engine improperly handles\n memory. (CVE-2020-1527)\n\n - An elevation of privilege vulnerability exists when the\n Storage Service improperly handles file operations. An\n attacker who successfully exploited this vulnerability\n could gain elevated privileges on the victim system.\n (CVE-2020-1490)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Graphics Device Interface (GDI)\n handles objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2020-1480, CVE-2020-1529)\n\n - An elevation of privilege vulnerability exists when the\n Windows Speech Runtime improperly handles memory.\n (CVE-2020-1521, CVE-2020-1522)\n\n - An elevation of privilege vulnerability exists when the\n Windows CSC Service improperly handles memory.\n (CVE-2020-1489, CVE-2020-1513)\n\n - An elevation of privilege vulnerability exists when the\n Windows Accounts Control improperly handles memory.\n (CVE-2020-1531)\n\n - An elevation of privilege vulnerability exists in the\n Local Security Authority Subsystem Service (LSASS) when\n an authenticated attacker sends a specially crafted\n authentication request. A remote attacker who\n successfully exploited this vulnerability could cause an\n elevation of privilege on the target system's LSASS\n service. The security update addresses the vulnerability\n by changing the way that LSASS handles specially crafted\n authentication requests. (CVE-2020-1509)\n\n - A remote code execution vulnerability exists when the\n Windows Font Driver Host improperly handles memory. An\n attacker who successfully exploited the vulnerability\n would gain execution on a victim system. The security\n update addresses the vulnerability by correcting how the\n Windows Font Driver Host handles memory. (CVE-2020-1520)\n\n - An elevation of privilege vulnerability exists when the\n Windows UPnP Device Host improperly handles memory.\n (CVE-2020-1519, CVE-2020-1538)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Internet Explorer. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2020-1380, CVE-2020-1570)\n\n - An elevation of privilege vulnerability exists when the\n Windows Telephony Server improperly handles memory.\n (CVE-2020-1515)\n\n - An information disclosure vulnerability exists when\n Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. (CVE-2020-1487)\n\n - An elevation of privilege vulnerability exists when the\n Windows AppX Deployment Extensions improperly performs\n privilege management, resulting in access to system\n files. (CVE-2020-1488)\n\n - An elevation of privilege vulnerability exists when the\n Windows Network Connection Broker improperly handles\n memory. (CVE-2020-1526)\n\n - An elevation of privilege vulnerability exists in the\n way that the dnsrslvr.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2020-1584)\n\n - An elevation of privilege vulnerability exists when the\n Windows Runtime improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could run arbitrary code in an elevated context. An\n attacker could exploit this vulnerability by running a\n specially crafted application on the victim system. The\n update addresses the vulnerability by correcting the way\n the Windows Runtime handles objects in memory.\n (CVE-2020-1553)\n\n - An elevation of privilege vulnerability exists when the\n Windows Speech Shell Components improperly handle\n memory. (CVE-2020-1524)\n\n - An elevation of privilege vulnerability exists when\n ASP.NET or .NET web applications running on IIS\n improperly allow access to cached files. An attacker who\n successfully exploited this vulnerability could gain\n access to restricted files. (CVE-2020-1476)\n\n - An elevation of privilege vulnerability exists when the\n Windows Remote Access improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could gain elevated privileges.\n (CVE-2020-1537)\n\n - An elevation of privilege vulnerability exists when the\n "Public Account Pictures" folder improperly\n handles junctions. (CVE-2020-1565)\n\n - An elevation of privilege vulnerability exists when the\n Windows Backup Service improperly handles file\n operations. (CVE-2020-1534)\n\n - A remote code execution vulnerability exists when\n Microsoft Edge PDF Reader improperly handles objects in\n memory. The vulnerability could corrupt memory in such a\n way that enables an attacker to execute arbitrary code\n in the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. If the current\n user is logged on with administrative user rights, an\n attacker could take control of an affected system. An\n attacker could then install programs; view, change, or\n delete data; or create new accounts with full user\n rights. (CVE-2020-1568)\n\n - An elevation of privilege vulnerability exists when the\n Windows Kernel API improperly handles registry objects\n in memory. An attacker who successfully exploited the\n vulnerability could gain elevated privileges on a\n targeted system. A locally authenticated attacker could\n exploit this vulnerability by running a specially\n crafted application. The security update addresses the\n vulnerability by helping to ensure that the Windows\n Kernel API properly handles objects in memory.\n (CVE-2020-1377, CVE-2020-1378)\n\n - An elevation of privilege vulnerability exists when the\n Windows Print Spooler service improperly allows\n arbitrary writing to the file system. An attacker who\n successfully exploited this vulnerability could run\n arbitrary code with elevated system privileges. An\n attacker could then install programs; view, change, or\n delete data; or create new accounts with full user\n rights. (CVE-2020-1337)\n\n - An information disclosure vulnerability exists when the\n Windows WaasMedic Service improperly handles memory.\n (CVE-2020-1548)\n\n - An information disclosure vulnerability exists when the\n Windows Image Acquisition (WIA) Service improperly\n discloses contents of its memory. An attacker who\n successfully exploited the vulnerability could obtain\n information to further compromise the users system.\n (CVE-2020-1474, CVE-2020-1485)\n\n - An elevation of privilege vulnerability exists when the\n Windows kernel fails to properly handle objects in\n memory. An attacker who successfully exploited this\n vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change,\n or delete data; or create new accounts with full user\n rights. (CVE-2020-1417, CVE-2020-1486, CVE-2020-1566)\n\n - A remote code execution vulnerability exists when the\n Windows Jet Database Engine improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on a victim\n system. An attacker could exploit this vulnerability by\n enticing a victim to open a specially crafted file. The\n update addresses the vulnerability by correcting the way\n the Windows Jet Database Engine handles objects in\n memory. (CVE-2020-1473, CVE-2020-1557, CVE-2020-1558,\n CVE-2020-1564)\n\n - A remote code execution vulnerability exists when\n Microsoft .NET Framework processes input. An attacker\n who successfully exploited this vulnerability could take\n control of an affected system. (CVE-2020-1046)\n\n - An information disclosure vulnerability exists when the\n win32k component improperly provides kernel information.\n An attacker who successfully exploited the vulnerability\n could obtain information to further compromise the users\n system. (CVE-2020-1510)\n\n - An elevation of privilege vulnerability exists when the\n Windows Backup Engine improperly handles memory.\n (CVE-2020-1535, CVE-2020-1536, CVE-2020-1539,\n CVE-2020-1540, CVE-2020-1541, CVE-2020-1542,\n CVE-2020-1543, CVE-2020-1544, CVE-2020-1545,\n CVE-2020-1546, CVE-2020-1547, CVE-2020-1551)\n\n - An information disclosure vulnerability exists in the\n Windows kernel that could allow an attacker to retrieve\n information that could lead to a Kernel Address Space\n Layout Randomization (ASLR) bypass. An attacker who\n successfully exploited the vulnerability could retrieve\n the memory address of a kernel object. (CVE-2020-1578)\n\n - An elevation of privilege vulnerability exists when\n DirectX improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could run arbitrary code in kernel mode. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n (CVE-2020-1479)\n\n - An elevation of privilege vulnerability exists when the\n Windows Ancillary Function Driver for WinSock improperly\n handles memory. (CVE-2020-1587)\n\n - An elevation of privilege vulnerability exists when the\n Windows Function Discovery SSDP Provider improperly\n handles memory. (CVE-2020-1579)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft Graphics Components handle objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute arbitrary code on a target\n system. (CVE-2020-1561, CVE-2020-1562)\n\n - An information disclosure vulnerability exists when the\n Windows State Repository Service improperly handles\n objects in memory. An attacker who successfully\n exploited this vulnerability could obtain information to\n further compromise the users system. An attacker could\n exploit this vulnerability by running a specially\n crafted application on the victim system. The update\n addresses the vulnerability by correcting the way the\n Windows State Repository Service handles objects in\n memory. (CVE-2020-1512)\n\n - An elevation of privilege vulnerability exists when\n Windows Remote Access improperly handles memory.\n (CVE-2020-1530)\n\n - A remote code execution vulnerability exists in the way\n that the MSHTML engine improperly validates input. An\n attacker could execute arbitrary code in the context of\n the current user. (CVE-2020-1567)\n\n - A spoofing vulnerability exists when Windows incorrectly\n validates file signatures. An attacker who successfully\n exploited this vulnerability could bypass security\n features and load improperly signed files. In an attack\n scenario, an attacker could bypass security features\n intended to prevent improperly signed files from being\n loaded. The update addresses the vulnerability by\n correcting how Windows validates file signatures.\n (CVE-2020-1464)\");\n # https://support.microsoft.com/en-us/help/4571709/windows-10-update-kb4571709\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?c3c857b4\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update KB4571709.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-1564\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Microsoft Spooler Local Privilege Elevation Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/08/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/08/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/08/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('smb_func.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_reg_query.inc');\ninclude('install_func.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = 'MS20-08';\nkbs = make_list(\n '4571709'\n);\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:'10',\n sp:0,\n os_build:'17134',\n rollup_date:'08_2020',\n bulletin:bulletin,\n rollup_kb_list:[4571709])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n\n\n\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-20T14:25:47", "description": "The remote Windows host is missing security update 4566782.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A memory corruption vulnerability exists when Windows\n Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited the vulnerability\n could install programs; view, change, or delete data; or\n create new accounts with full user rights. There are\n multiple ways an attacker could exploit the\n vulnerability, such as by convincing a user to open a\n specially crafted document, or by convincing a user to\n visit a malicious webpage. The security update addresses\n the vulnerability by correcting how Windows Media\n Foundation handles objects in memory. (CVE-2020-1379,\n CVE-2020-1477, CVE-2020-1478, CVE-2020-1492,\n CVE-2020-1525, CVE-2020-1554)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows WalletService handles objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute code with elevated\n permissions. (CVE-2020-1533, CVE-2020-1556)\n\n - A remote code execution vulnerability exists when\n Windows Media Audio Codec improperly handles objects. An\n attacker who successfully exploited the vulnerability\n could take control of an affected system. There are\n multiple ways an attacker could exploit the\n vulnerability, such as by convincing a user to open a\n specially crafted document, or by convincing a user to\n visit a malicious webpage. The security update addresses\n the vulnerability by correcting how Windows Media Audio\n Codec handles objects. (CVE-2020-1339)\n\n - An elevation of privilege vulnerability exists when\n Connected User Experiences and Telemetry Service\n improperly handles file operations. An attacker who\n successfully exploited this vulnerability could run\n processes in an elevated context. An attacker could\n exploit this vulnerability by running a specially\n crafted application on the victim system. The security\n update addresses the vulnerability by correcting how the\n Connected User Experiences and Telemetry Service handles\n file operations. (CVE-2020-1511)\n\n - An elevation of privilege vulnerability exists in the\n way that the srmsvc.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2020-1475)\n\n - An elevation of privilege vulnerability exists when the\n Windows CDP User Components improperly handle memory.\n (CVE-2020-1549, CVE-2020-1550)\n\n - An information disclosure vulnerability exists when\n DirectWrite improperly discloses the contents of its\n memory. An attacker who successfully exploited the\n vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document,\n or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by\n correcting how DirectWrite handles objects in memory.\n (CVE-2020-1577)\n\n - An elevation of privilege vulnerability exists when the\n Windows Radio Manager API improperly handles memory.\n (CVE-2020-1528)\n\n - An information disclosure vulnerability exists on ARM\n implementations that use speculative execution in\n control flow via a side-channel analysis, aka "\n ;straight-line speculation." (CVE-2020-1459)\n\n - An information disclosure vulnerability exists in RPC if\n the server has Routing and Remote Access enabled. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system (CVE-2020-1383)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Microsoft Edge (HTML-based). The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. An attacker who successfully exploited the\n vulnerability could gain the same user rights as the\n current user. (CVE-2020-1555)\n\n - An elevation of privilege vulnerability exists when the\n Windows Work Folders Service improperly handles memory.\n (CVE-2020-1470, CVE-2020-1484, CVE-2020-1516)\n\n - An elevation of privilege vulnerability exists when the\n Windows Custom Protocol Engine improperly handles\n memory. (CVE-2020-1527)\n\n - An elevation of privilege vulnerability exists when the\n Storage Service improperly handles file operations. An\n attacker who successfully exploited this vulnerability\n could gain elevated privileges on the victim system.\n (CVE-2020-1490)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Graphics Device Interface (GDI)\n handles objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2020-1480, CVE-2020-1529)\n\n - An elevation of privilege vulnerability exists when the\n Windows Speech Runtime improperly handles memory.\n (CVE-2020-1521, CVE-2020-1522)\n\n - An elevation of privilege vulnerability exists when the\n Windows CSC Service improperly handles memory.\n (CVE-2020-1489, CVE-2020-1513)\n\n - An elevation of privilege vulnerability exists when the\n Windows Accounts Control improperly handles memory.\n (CVE-2020-1531)\n\n - An elevation of privilege vulnerability exists when\n Windows improperly handles hard links. An attacker who\n successfully exploited this vulnerability could\n overwrite a targeted file leading to an elevated status.\n (CVE-2020-1467)\n\n - An elevation of privilege vulnerability exists when the\n Windows Runtime improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could run arbitrary code in an elevated context. An\n attacker could exploit this vulnerability by running a\n specially crafted application on the victim system. The\n update addresses the vulnerability by correcting the way\n the Windows Runtime handles objects in memory.\n (CVE-2020-1553)\n\n - A remote code execution vulnerability exists when the\n Windows Font Driver Host improperly handles memory. An\n attacker who successfully exploited the vulnerability\n would gain execution on a victim system. The security\n update addresses the vulnerability by correcting how the\n Windows Font Driver Host handles memory. (CVE-2020-1520)\n\n - An elevation of privilege vulnerability exists when the\n Windows UPnP Device Host improperly handles memory.\n (CVE-2020-1519, CVE-2020-1538)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Internet Explorer. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2020-1380, CVE-2020-1570)\n\n - An elevation of privilege vulnerability exists when the\n Windows Telephony Server improperly handles memory.\n (CVE-2020-1515)\n\n - An elevation of privilege vulnerability exists in the\n Local Security Authority Subsystem Service (LSASS) when\n an authenticated attacker sends a specially crafted\n authentication request. A remote attacker who\n successfully exploited this vulnerability could cause an\n elevation of privilege on the target system's LSASS\n service. The security update addresses the vulnerability\n by changing the way that LSASS handles specially crafted\n authentication requests. (CVE-2020-1509)\n\n - An information disclosure vulnerability exists when\n Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. (CVE-2020-1487)\n\n - An elevation of privilege vulnerability exists when the\n Windows AppX Deployment Extensions improperly performs\n privilege management, resulting in access to system\n files. (CVE-2020-1488)\n\n - An elevation of privilege vulnerability exists when the\n Windows File Server Resource Management Service\n improperly handles memory. (CVE-2020-1517,\n CVE-2020-1518)\n\n - An elevation of privilege vulnerability exists in the\n way that the dnsrslvr.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2020-1584)\n\n - An elevation of privilege vulnerability exists when the\n Windows Network Connection Broker improperly handles\n memory. (CVE-2020-1526)\n\n - An elevation of privilege vulnerability exists when the\n Windows Speech Shell Components improperly handle\n memory. (CVE-2020-1524)\n\n - An elevation of privilege vulnerability exists when\n ASP.NET or .NET web applications running on IIS\n improperly allow access to cached files. An attacker who\n successfully exploited this vulnerability could gain\n access to restricted files. (CVE-2020-1476)\n\n - An information disclosure vulnerability exists when the\n Windows State Repository Service improperly handles\n objects in memory. An attacker who successfully\n exploited this vulnerability could obtain information to\n further compromise the users system. An attacker could\n exploit this vulnerability by running a specially\n crafted application on the victim system. The update\n addresses the vulnerability by correcting the way the\n Windows State Repository Service handles objects in\n memory. (CVE-2020-1512)\n\n - An elevation of privilege vulnerability exists when the\n Windows Remote Access improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could gain elevated privileges.\n (CVE-2020-1537)\n\n - An elevation of privilege vulnerability exists when the\n "Public Account Pictures" folder improperly\n handles junctions. (CVE-2020-1565)\n\n - An elevation of privilege vulnerability exists when the\n Windows Backup Service improperly handles file\n operations. (CVE-2020-1534)\n\n - A remote code execution vulnerability exists when\n Microsoft Edge PDF Reader improperly handles objects in\n memory. The vulnerability could corrupt memory in such a\n way that enables an attacker to execute arbitrary code\n in the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. If the current\n user is logged on with administrative user rights, an\n attacker could take control of an affected system. An\n attacker could then install programs; view, change, or\n delete data; or create new accounts with full user\n rights. (CVE-2020-1568)\n\n - An elevation of privilege vulnerability exists when the\n Windows Kernel API improperly handles registry objects\n in memory. An attacker who successfully exploited the\n vulnerability could gain elevated privileges on a\n targeted system. A locally authenticated attacker could\n exploit this vulnerability by running a specially\n crafted application. The security update addresses the\n vulnerability by helping to ensure that the Windows\n Kernel API properly handles objects in memory.\n (CVE-2020-1377, CVE-2020-1378)\n\n - An elevation of privilege vulnerability exists when the\n Windows Print Spooler service improperly allows\n arbitrary writing to the file system. An attacker who\n successfully exploited this vulnerability could run\n arbitrary code with elevated system privileges. An\n attacker could then install programs; view, change, or\n delete data; or create new accounts with full user\n rights. (CVE-2020-1337)\n\n - An information disclosure vulnerability exists when the\n Windows WaasMedic Service improperly handles memory.\n (CVE-2020-1548)\n\n - An information disclosure vulnerability exists when the\n Windows Image Acquisition (WIA) Service improperly\n discloses contents of its memory. An attacker who\n successfully exploited the vulnerability could obtain\n information to further compromise the users system.\n (CVE-2020-1474, CVE-2020-1485)\n\n - An elevation of privilege vulnerability exists when the\n Windows kernel fails to properly handle objects in\n memory. An attacker who successfully exploited this\n vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change,\n or delete data; or create new accounts with full user\n rights. (CVE-2020-1417, CVE-2020-1486, CVE-2020-1566)\n\n - A remote code execution vulnerability exists when the\n Windows Jet Database Engine improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on a victim\n system. An attacker could exploit this vulnerability by\n enticing a victim to open a specially crafted file. The\n update addresses the vulnerability by correcting the way\n the Windows Jet Database Engine handles objects in\n memory. (CVE-2020-1473, CVE-2020-1557, CVE-2020-1558,\n CVE-2020-1564)\n\n - A remote code execution vulnerability exists when\n Microsoft Edge improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that enables an attacker to execute arbitrary code in\n the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2020-1569)\n\n - An information disclosure vulnerability exists when the\n win32k component improperly provides kernel information.\n An attacker who successfully exploited the vulnerability\n could obtain information to further compromise the users\n system. (CVE-2020-1510)\n\n - An elevation of privilege vulnerability exists when the\n Windows Backup Engine improperly handles memory.\n (CVE-2020-1535, CVE-2020-1536, CVE-2020-1539,\n CVE-2020-1540, CVE-2020-1541, CVE-2020-1542,\n CVE-2020-1543, CVE-2020-1544, CVE-2020-1545,\n CVE-2020-1546, CVE-2020-1547, CVE-2020-1551)\n\n - An information disclosure vulnerability exists in the\n Windows kernel that could allow an attacker to retrieve\n information that could lead to a Kernel Address Space\n Layout Randomization (ASLR) bypass. An attacker who\n successfully exploited the vulnerability could retrieve\n the memory address of a kernel object. (CVE-2020-1578)\n\n - An elevation of privilege vulnerability exists when\n DirectX improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could run arbitrary code in kernel mode. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n (CVE-2020-1479)\n\n - An elevation of privilege vulnerability exists when the\n Windows Ancillary Function Driver for WinSock improperly\n handles memory. (CVE-2020-1587)\n\n - An elevation of privilege vulnerability exists when the\n Windows Function Discovery SSDP Provider improperly\n handles memory. (CVE-2020-1579)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft Graphics Components handle objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute arbitrary code on a target\n system. (CVE-2020-1561, CVE-2020-1562)\n\n - An elevation of privilege vulnerability exists when the\n Windows Work Folder Service improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could run processes in an elevated\n context. An attacker could exploit this vulnerability by\n running a specially crafted application on the victim\n system. The update addresses the vulnerability by\n correcting the way the Windows Work Folder Service\n handles file operations. (CVE-2020-1552)\n\n - An elevation of privilege vulnerability exists when\n Windows Remote Access improperly handles memory.\n (CVE-2020-1530)\n\n - A remote code execution vulnerability exists in the way\n that the MSHTML engine improperly validates input. An\n attacker could execute arbitrary code in the context of\n the current user. (CVE-2020-1567)\n\n - A spoofing vulnerability exists when Windows incorrectly\n validates file signatures. An attacker who successfully\n exploited this vulnerability could bypass security\n features and load improperly signed files. In an attack\n scenario, an attacker could bypass security features\n intended to prevent improperly signed files from being\n loaded. The update addresses the vulnerability by\n correcting how Windows validates file signatures.\n (CVE-2020-1464)", "edition": 6, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2020-08-11T00:00:00", "title": "KB4566782: Windows 10 Version 2004 August 2020 Security Update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-1473", "CVE-2020-1587", "CVE-2020-1569", "CVE-2020-1524", "CVE-2020-1519", "CVE-2020-1533", "CVE-2020-1535", "CVE-2020-1516", "CVE-2020-1525", "CVE-2020-1480", "CVE-2020-1549", "CVE-2020-1378", "CVE-2020-1515", "CVE-2020-1540", "CVE-2020-1526", "CVE-2020-1567", "CVE-2020-1553", "CVE-2020-1554", "CVE-2020-1518", "CVE-2020-1487", "CVE-2020-1584", "CVE-2020-1547", "CVE-2020-1561", "CVE-2020-1529", "CVE-2020-1534", "CVE-2020-1555", "CVE-2020-1479", "CVE-2020-1579", "CVE-2020-1474", "CVE-2020-1558", "CVE-2020-1509", "CVE-2020-1546", "CVE-2020-1539", "CVE-2020-1476", "CVE-2020-1521", "CVE-2020-1578", "CVE-2020-1489", "CVE-2020-1536", "CVE-2020-1478", "CVE-2020-1486", "CVE-2020-1537", "CVE-2020-1556", "CVE-2020-1337", "CVE-2020-1379", "CVE-2020-1517", "CVE-2020-1511", "CVE-2020-1522", "CVE-2020-1565", "CVE-2020-1417", "CVE-2020-1488", "CVE-2020-1528", "CVE-2020-1557", "CVE-2020-1464", "CVE-2020-1380", "CVE-2020-1531", "CVE-2020-1568", "CVE-2020-1339", "CVE-2020-1566", "CVE-2020-1513", "CVE-2020-1544", "CVE-2020-1564", "CVE-2020-1548", "CVE-2020-1467", "CVE-2020-1542", "CVE-2020-1550", "CVE-2020-1485", "CVE-2020-1552", "CVE-2020-1527", "CVE-2020-1520", "CVE-2020-1543", "CVE-2020-1459", "CVE-2020-1492", "CVE-2020-1562", "CVE-2020-1490", "CVE-2020-1538", "CVE-2020-1512", "CVE-2020-1545", "CVE-2020-1510", "CVE-2020-1383", "CVE-2020-1570", "CVE-2020-1530", "CVE-2020-1541", "CVE-2020-1470", "CVE-2020-1477", "CVE-2020-1484", "CVE-2020-1577", "CVE-2020-1551", "CVE-2020-1475", "CVE-2020-1377"], "modified": "2020-08-11T00:00:00", "cpe": ["cpe:/o:microsoft:windows", "cpe:/a:microsoft:edge"], "id": "SMB_NT_MS20_AUG_4566782.NASL", "href": "https://www.tenable.com/plugins/nessus/139486", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(139486);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\n \"CVE-2020-1337\",\n \"CVE-2020-1339\",\n \"CVE-2020-1377\",\n \"CVE-2020-1378\",\n \"CVE-2020-1379\",\n \"CVE-2020-1380\",\n \"CVE-2020-1383\",\n \"CVE-2020-1417\",\n \"CVE-2020-1459\",\n \"CVE-2020-1464\",\n \"CVE-2020-1467\",\n \"CVE-2020-1470\",\n \"CVE-2020-1473\",\n \"CVE-2020-1474\",\n \"CVE-2020-1475\",\n \"CVE-2020-1476\",\n \"CVE-2020-1477\",\n \"CVE-2020-1478\",\n \"CVE-2020-1479\",\n \"CVE-2020-1480\",\n \"CVE-2020-1484\",\n \"CVE-2020-1485\",\n \"CVE-2020-1486\",\n \"CVE-2020-1487\",\n \"CVE-2020-1488\",\n \"CVE-2020-1489\",\n \"CVE-2020-1490\",\n \"CVE-2020-1492\",\n \"CVE-2020-1509\",\n \"CVE-2020-1510\",\n \"CVE-2020-1511\",\n \"CVE-2020-1512\",\n \"CVE-2020-1513\",\n \"CVE-2020-1515\",\n \"CVE-2020-1516\",\n \"CVE-2020-1517\",\n \"CVE-2020-1518\",\n \"CVE-2020-1519\",\n \"CVE-2020-1520\",\n \"CVE-2020-1521\",\n \"CVE-2020-1522\",\n \"CVE-2020-1524\",\n \"CVE-2020-1525\",\n \"CVE-2020-1526\",\n \"CVE-2020-1527\",\n \"CVE-2020-1528\",\n \"CVE-2020-1529\",\n \"CVE-2020-1530\",\n \"CVE-2020-1531\",\n \"CVE-2020-1533\",\n \"CVE-2020-1534\",\n \"CVE-2020-1535\",\n \"CVE-2020-1536\",\n \"CVE-2020-1537\",\n \"CVE-2020-1538\",\n \"CVE-2020-1539\",\n \"CVE-2020-1540\",\n \"CVE-2020-1541\",\n \"CVE-2020-1542\",\n \"CVE-2020-1543\",\n \"CVE-2020-1544\",\n \"CVE-2020-1545\",\n \"CVE-2020-1546\",\n \"CVE-2020-1547\",\n \"CVE-2020-1548\",\n \"CVE-2020-1549\",\n \"CVE-2020-1550\",\n \"CVE-2020-1551\",\n \"CVE-2020-1552\",\n \"CVE-2020-1553\",\n \"CVE-2020-1554\",\n \"CVE-2020-1555\",\n \"CVE-2020-1556\",\n \"CVE-2020-1557\",\n \"CVE-2020-1558\",\n \"CVE-2020-1561\",\n \"CVE-2020-1562\",\n \"CVE-2020-1564\",\n \"CVE-2020-1565\",\n \"CVE-2020-1566\",\n \"CVE-2020-1567\",\n \"CVE-2020-1568\",\n \"CVE-2020-1569\",\n \"CVE-2020-1570\",\n \"CVE-2020-1577\",\n \"CVE-2020-1578\",\n \"CVE-2020-1579\",\n \"CVE-2020-1584\",\n \"CVE-2020-1587\"\n );\n script_xref(name:\"MSKB\", value:\"4566782\");\n script_xref(name:\"MSFT\", value:\"MS20-4566782\");\n script_xref(name:\"IAVA\", value:\"2020-A-0361-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0367-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0370-S\");\n\n script_name(english:\"KB4566782: Windows 10 Version 2004 August 2020 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4566782.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A memory corruption vulnerability exists when Windows\n Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited the vulnerability\n could install programs; view, change, or delete data; or\n create new accounts with full user rights. There are\n multiple ways an attacker could exploit the\n vulnerability, such as by convincing a user to open a\n specially crafted document, or by convincing a user to\n visit a malicious webpage. The security update addresses\n the vulnerability by correcting how Windows Media\n Foundation handles objects in memory. (CVE-2020-1379,\n CVE-2020-1477, CVE-2020-1478, CVE-2020-1492,\n CVE-2020-1525, CVE-2020-1554)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows WalletService handles objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute code with elevated\n permissions. (CVE-2020-1533, CVE-2020-1556)\n\n - A remote code execution vulnerability exists when\n Windows Media Audio Codec improperly handles objects. An\n attacker who successfully exploited the vulnerability\n could take control of an affected system. There are\n multiple ways an attacker could exploit the\n vulnerability, such as by convincing a user to open a\n specially crafted document, or by convincing a user to\n visit a malicious webpage. The security update addresses\n the vulnerability by correcting how Windows Media Audio\n Codec handles objects. (CVE-2020-1339)\n\n - An elevation of privilege vulnerability exists when\n Connected User Experiences and Telemetry Service\n improperly handles file operations. An attacker who\n successfully exploited this vulnerability could run\n processes in an elevated context. An attacker could\n exploit this vulnerability by running a specially\n crafted application on the victim system. The security\n update addresses the vulnerability by correcting how the\n Connected User Experiences and Telemetry Service handles\n file operations. (CVE-2020-1511)\n\n - An elevation of privilege vulnerability exists in the\n way that the srmsvc.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2020-1475)\n\n - An elevation of privilege vulnerability exists when the\n Windows CDP User Components improperly handle memory.\n (CVE-2020-1549, CVE-2020-1550)\n\n - An information disclosure vulnerability exists when\n DirectWrite improperly discloses the contents of its\n memory. An attacker who successfully exploited the\n vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document,\n or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by\n correcting how DirectWrite handles objects in memory.\n (CVE-2020-1577)\n\n - An elevation of privilege vulnerability exists when the\n Windows Radio Manager API improperly handles memory.\n (CVE-2020-1528)\n\n - An information disclosure vulnerability exists on ARM\n implementations that use speculative execution in\n control flow via a side-channel analysis, aka "\n ;straight-line speculation." (CVE-2020-1459)\n\n - An information disclosure vulnerability exists in RPC if\n the server has Routing and Remote Access enabled. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system (CVE-2020-1383)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Microsoft Edge (HTML-based). The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. An attacker who successfully exploited the\n vulnerability could gain the same user rights as the\n current user. (CVE-2020-1555)\n\n - An elevation of privilege vulnerability exists when the\n Windows Work Folders Service improperly handles memory.\n (CVE-2020-1470, CVE-2020-1484, CVE-2020-1516)\n\n - An elevation of privilege vulnerability exists when the\n Windows Custom Protocol Engine improperly handles\n memory. (CVE-2020-1527)\n\n - An elevation of privilege vulnerability exists when the\n Storage Service improperly handles file operations. An\n attacker who successfully exploited this vulnerability\n could gain elevated privileges on the victim system.\n (CVE-2020-1490)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Graphics Device Interface (GDI)\n handles objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2020-1480, CVE-2020-1529)\n\n - An elevation of privilege vulnerability exists when the\n Windows Speech Runtime improperly handles memory.\n (CVE-2020-1521, CVE-2020-1522)\n\n - An elevation of privilege vulnerability exists when the\n Windows CSC Service improperly handles memory.\n (CVE-2020-1489, CVE-2020-1513)\n\n - An elevation of privilege vulnerability exists when the\n Windows Accounts Control improperly handles memory.\n (CVE-2020-1531)\n\n - An elevation of privilege vulnerability exists when\n Windows improperly handles hard links. An attacker who\n successfully exploited this vulnerability could\n overwrite a targeted file leading to an elevated status.\n (CVE-2020-1467)\n\n - An elevation of privilege vulnerability exists when the\n Windows Runtime improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could run arbitrary code in an elevated context. An\n attacker could exploit this vulnerability by running a\n specially crafted application on the victim system. The\n update addresses the vulnerability by correcting the way\n the Windows Runtime handles objects in memory.\n (CVE-2020-1553)\n\n - A remote code execution vulnerability exists when the\n Windows Font Driver Host improperly handles memory. An\n attacker who successfully exploited the vulnerability\n would gain execution on a victim system. The security\n update addresses the vulnerability by correcting how the\n Windows Font Driver Host handles memory. (CVE-2020-1520)\n\n - An elevation of privilege vulnerability exists when the\n Windows UPnP Device Host improperly handles memory.\n (CVE-2020-1519, CVE-2020-1538)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Internet Explorer. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2020-1380, CVE-2020-1570)\n\n - An elevation of privilege vulnerability exists when the\n Windows Telephony Server improperly handles memory.\n (CVE-2020-1515)\n\n - An elevation of privilege vulnerability exists in the\n Local Security Authority Subsystem Service (LSASS) when\n an authenticated attacker sends a specially crafted\n authentication request. A remote attacker who\n successfully exploited this vulnerability could cause an\n elevation of privilege on the target system's LSASS\n service. The security update addresses the vulnerability\n by changing the way that LSASS handles specially crafted\n authentication requests. (CVE-2020-1509)\n\n - An information disclosure vulnerability exists when\n Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. (CVE-2020-1487)\n\n - An elevation of privilege vulnerability exists when the\n Windows AppX Deployment Extensions improperly performs\n privilege management, resulting in access to system\n files. (CVE-2020-1488)\n\n - An elevation of privilege vulnerability exists when the\n Windows File Server Resource Management Service\n improperly handles memory. (CVE-2020-1517,\n CVE-2020-1518)\n\n - An elevation of privilege vulnerability exists in the\n way that the dnsrslvr.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2020-1584)\n\n - An elevation of privilege vulnerability exists when the\n Windows Network Connection Broker improperly handles\n memory. (CVE-2020-1526)\n\n - An elevation of privilege vulnerability exists when the\n Windows Speech Shell Components improperly handle\n memory. (CVE-2020-1524)\n\n - An elevation of privilege vulnerability exists when\n ASP.NET or .NET web applications running on IIS\n improperly allow access to cached files. An attacker who\n successfully exploited this vulnerability could gain\n access to restricted files. (CVE-2020-1476)\n\n - An information disclosure vulnerability exists when the\n Windows State Repository Service improperly handles\n objects in memory. An attacker who successfully\n exploited this vulnerability could obtain information to\n further compromise the users system. An attacker could\n exploit this vulnerability by running a specially\n crafted application on the victim system. The update\n addresses the vulnerability by correcting the way the\n Windows State Repository Service handles objects in\n memory. (CVE-2020-1512)\n\n - An elevation of privilege vulnerability exists when the\n Windows Remote Access improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could gain elevated privileges.\n (CVE-2020-1537)\n\n - An elevation of privilege vulnerability exists when the\n "Public Account Pictures" folder improperly\n handles junctions. (CVE-2020-1565)\n\n - An elevation of privilege vulnerability exists when the\n Windows Backup Service improperly handles file\n operations. (CVE-2020-1534)\n\n - A remote code execution vulnerability exists when\n Microsoft Edge PDF Reader improperly handles objects in\n memory. The vulnerability could corrupt memory in such a\n way that enables an attacker to execute arbitrary code\n in the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. If the current\n user is logged on with administrative user rights, an\n attacker could take control of an affected system. An\n attacker could then install programs; view, change, or\n delete data; or create new accounts with full user\n rights. (CVE-2020-1568)\n\n - An elevation of privilege vulnerability exists when the\n Windows Kernel API improperly handles registry objects\n in memory. An attacker who successfully exploited the\n vulnerability could gain elevated privileges on a\n targeted system. A locally authenticated attacker could\n exploit this vulnerability by running a specially\n crafted application. The security update addresses the\n vulnerability by helping to ensure that the Windows\n Kernel API properly handles objects in memory.\n (CVE-2020-1377, CVE-2020-1378)\n\n - An elevation of privilege vulnerability exists when the\n Windows Print Spooler service improperly allows\n arbitrary writing to the file system. An attacker who\n successfully exploited this vulnerability could run\n arbitrary code with elevated system privileges. An\n attacker could then install programs; view, change, or\n delete data; or create new accounts with full user\n rights. (CVE-2020-1337)\n\n - An information disclosure vulnerability exists when the\n Windows WaasMedic Service improperly handles memory.\n (CVE-2020-1548)\n\n - An information disclosure vulnerability exists when the\n Windows Image Acquisition (WIA) Service improperly\n discloses contents of its memory. An attacker who\n successfully exploited the vulnerability could obtain\n information to further compromise the users system.\n (CVE-2020-1474, CVE-2020-1485)\n\n - An elevation of privilege vulnerability exists when the\n Windows kernel fails to properly handle objects in\n memory. An attacker who successfully exploited this\n vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change,\n or delete data; or create new accounts with full user\n rights. (CVE-2020-1417, CVE-2020-1486, CVE-2020-1566)\n\n - A remote code execution vulnerability exists when the\n Windows Jet Database Engine improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on a victim\n system. An attacker could exploit this vulnerability by\n enticing a victim to open a specially crafted file. The\n update addresses the vulnerability by correcting the way\n the Windows Jet Database Engine handles objects in\n memory. (CVE-2020-1473, CVE-2020-1557, CVE-2020-1558,\n CVE-2020-1564)\n\n - A remote code execution vulnerability exists when\n Microsoft Edge improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that enables an attacker to execute arbitrary code in\n the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2020-1569)\n\n - An information disclosure vulnerability exists when the\n win32k component improperly provides kernel information.\n An attacker who successfully exploited the vulnerability\n could obtain information to further compromise the users\n system. (CVE-2020-1510)\n\n - An elevation of privilege vulnerability exists when the\n Windows Backup Engine improperly handles memory.\n (CVE-2020-1535, CVE-2020-1536, CVE-2020-1539,\n CVE-2020-1540, CVE-2020-1541, CVE-2020-1542,\n CVE-2020-1543, CVE-2020-1544, CVE-2020-1545,\n CVE-2020-1546, CVE-2020-1547, CVE-2020-1551)\n\n - An information disclosure vulnerability exists in the\n Windows kernel that could allow an attacker to retrieve\n information that could lead to a Kernel Address Space\n Layout Randomization (ASLR) bypass. An attacker who\n successfully exploited the vulnerability could retrieve\n the memory address of a kernel object. (CVE-2020-1578)\n\n - An elevation of privilege vulnerability exists when\n DirectX improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could run arbitrary code in kernel mode. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n (CVE-2020-1479)\n\n - An elevation of privilege vulnerability exists when the\n Windows Ancillary Function Driver for WinSock improperly\n handles memory. (CVE-2020-1587)\n\n - An elevation of privilege vulnerability exists when the\n Windows Function Discovery SSDP Provider improperly\n handles memory. (CVE-2020-1579)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft Graphics Components handle objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute arbitrary code on a target\n system. (CVE-2020-1561, CVE-2020-1562)\n\n - An elevation of privilege vulnerability exists when the\n Windows Work Folder Service improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could run processes in an elevated\n context. An attacker could exploit this vulnerability by\n running a specially crafted application on the victim\n system. The update addresses the vulnerability by\n correcting the way the Windows Work Folder Service\n handles file operations. (CVE-2020-1552)\n\n - An elevation of privilege vulnerability exists when\n Windows Remote Access improperly handles memory.\n (CVE-2020-1530)\n\n - A remote code execution vulnerability exists in the way\n that the MSHTML engine improperly validates input. An\n attacker could execute arbitrary code in the context of\n the current user. (CVE-2020-1567)\n\n - A spoofing vulnerability exists when Windows incorrectly\n validates file signatures. An attacker who successfully\n exploited this vulnerability could bypass security\n features and load improperly signed files. In an attack\n scenario, an attacker could bypass security features\n intended to prevent improperly signed files from being\n loaded. The update addresses the vulnerability by\n correcting how Windows validates file signatures.\n (CVE-2020-1464)\");\n # https://support.microsoft.com/en-us/help/4566782/windows-10-update-kb4566782\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?7fd4a47c\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update KB4566782.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-1564\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Microsoft Spooler Local Privilege Elevation Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/08/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/08/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/08/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS20-08\";\nkbs = make_list('4566782');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:\"19041\",\n rollup_date:\"08_2020\",\n bulletin:bulletin,\n rollup_kb_list:[4566782])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n\n\n\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-20T14:25:47", "description": "The remote Windows host is missing security update 4565351.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A memory corruption vulnerability exists when Windows\n Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited the vulnerability\n could install programs; view, change, or delete data; or\n create new accounts with full user rights. There are\n multiple ways an attacker could exploit the\n vulnerability, such as by convincing a user to open a\n specially crafted document, or by convincing a user to\n visit a malicious webpage. The security update addresses\n the vulnerability by correcting how Windows Media\n Foundation handles objects in memory. (CVE-2020-1379,\n CVE-2020-1477, CVE-2020-1478, CVE-2020-1492,\n CVE-2020-1525, CVE-2020-1554)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows WalletService handles objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute code with elevated\n permissions. (CVE-2020-1533, CVE-2020-1556)\n\n - A remote code execution vulnerability exists when\n Windows Media Audio Codec improperly handles objects. An\n attacker who successfully exploited the vulnerability\n could take control of an affected system. There are\n multiple ways an attacker could exploit the\n vulnerability, such as by convincing a user to open a\n specially crafted document, or by convincing a user to\n visit a malicious webpage. The security update addresses\n the vulnerability by correcting how Windows Media Audio\n Codec handles objects. (CVE-2020-1339)\n\n - An elevation of privilege vulnerability exists when\n Connected User Experiences and Telemetry Service\n improperly handles file operations. An attacker who\n successfully exploited this vulnerability could run\n processes in an elevated context. An attacker could\n exploit this vulnerability by running a specially\n crafted application on the victim system. The security\n update addresses the vulnerability by correcting how the\n Connected User Experiences and Telemetry Service handles\n file operations. (CVE-2020-1511)\n\n - An elevation of privilege vulnerability exists in the\n way that the srmsvc.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2020-1475)\n\n - An elevation of privilege vulnerability exists when the\n Windows CDP User Components improperly handle memory.\n (CVE-2020-1549, CVE-2020-1550)\n\n - An information disclosure vulnerability exists when\n DirectWrite improperly discloses the contents of its\n memory. An attacker who successfully exploited the\n vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document,\n or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by\n correcting how DirectWrite handles objects in memory.\n (CVE-2020-1577)\n\n - An elevation of privilege vulnerability exists when the\n Windows Radio Manager API improperly handles memory.\n (CVE-2020-1528)\n\n - An information disclosure vulnerability exists on ARM\n implementations that use speculative execution in\n control flow via a side-channel analysis, aka "\n ;straight-line speculation." (CVE-2020-1459)\n\n - An information disclosure vulnerability exists in RPC if\n the server has Routing and Remote Access enabled. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system (CVE-2020-1383)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Microsoft Edge (HTML-based). The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. An attacker who successfully exploited the\n vulnerability could gain the same user rights as the\n current user. (CVE-2020-1555)\n\n - An elevation of privilege vulnerability exists when the\n Windows Work Folders Service improperly handles memory.\n (CVE-2020-1470, CVE-2020-1484, CVE-2020-1516)\n\n - An elevation of privilege vulnerability exists when the\n Windows Custom Protocol Engine improperly handles\n memory. (CVE-2020-1527)\n\n - An elevation of privilege vulnerability exists when the\n Storage Service improperly handles file operations. An\n attacker who successfully exploited this vulnerability\n could gain elevated privileges on the victim system.\n (CVE-2020-1490)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Graphics Device Interface (GDI)\n handles objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2020-1480, CVE-2020-1529)\n\n - An elevation of privilege vulnerability exists when the\n Windows Speech Runtime improperly handles memory.\n (CVE-2020-1521, CVE-2020-1522)\n\n - An elevation of privilege vulnerability exists when the\n Windows CSC Service improperly handles memory.\n (CVE-2020-1489, CVE-2020-1513)\n\n - An elevation of privilege vulnerability exists when the\n Windows Accounts Control improperly handles memory.\n (CVE-2020-1531)\n\n - An elevation of privilege vulnerability exists when\n Windows improperly handles hard links. An attacker who\n successfully exploited this vulnerability could\n overwrite a targeted file leading to an elevated status.\n (CVE-2020-1467)\n\n - An elevation of privilege vulnerability exists when the\n Windows Runtime improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could run arbitrary code in an elevated context. An\n attacker could exploit this vulnerability by running a\n specially crafted application on the victim system. The\n update addresses the vulnerability by correcting the way\n the Windows Runtime handles objects in memory.\n (CVE-2020-1553)\n\n - A remote code execution vulnerability exists when the\n Windows Font Driver Host improperly handles memory. An\n attacker who successfully exploited the vulnerability\n would gain execution on a victim system. The security\n update addresses the vulnerability by correcting how the\n Windows Font Driver Host handles memory. (CVE-2020-1520)\n\n - An elevation of privilege vulnerability exists when the\n Windows UPnP Device Host improperly handles memory.\n (CVE-2020-1519, CVE-2020-1538)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Internet Explorer. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2020-1380, CVE-2020-1570)\n\n - An elevation of privilege vulnerability exists when the\n Windows Telephony Server improperly handles memory.\n (CVE-2020-1515)\n\n - An elevation of privilege vulnerability exists in the\n Local Security Authority Subsystem Service (LSASS) when\n an authenticated attacker sends a specially crafted\n authentication request. A remote attacker who\n successfully exploited this vulnerability could cause an\n elevation of privilege on the target system's LSASS\n service. The security update addresses the vulnerability\n by changing the way that LSASS handles specially crafted\n authentication requests. (CVE-2020-1509)\n\n - An information disclosure vulnerability exists when\n Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. (CVE-2020-1487)\n\n - An elevation of privilege vulnerability exists when the\n Windows AppX Deployment Extensions improperly performs\n privilege management, resulting in access to system\n files. (CVE-2020-1488)\n\n - An elevation of privilege vulnerability exists when the\n Windows File Server Resource Management Service\n improperly handles memory. (CVE-2020-1517,\n CVE-2020-1518)\n\n - An elevation of privilege vulnerability exists in the\n way that the dnsrslvr.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2020-1584)\n\n - An elevation of privilege vulnerability exists when the\n Windows Network Connection Broker improperly handles\n memory. (CVE-2020-1526)\n\n - An elevation of privilege vulnerability exists when the\n Windows Speech Shell Components improperly handle\n memory. (CVE-2020-1524)\n\n - An elevation of privilege vulnerability exists when\n ASP.NET or .NET web applications running on IIS\n improperly allow access to cached files. An attacker who\n successfully exploited this vulnerability could gain\n access to restricted files. (CVE-2020-1476)\n\n - An information disclosure vulnerability exists when the\n Windows State Repository Service improperly handles\n objects in memory. An attacker who successfully\n exploited this vulnerability could obtain information to\n further compromise the users system. An attacker could\n exploit this vulnerability by running a specially\n crafted application on the victim system. The update\n addresses the vulnerability by correcting the way the\n Windows State Repository Service handles objects in\n memory. (CVE-2020-1512)\n\n - An elevation of privilege vulnerability exists when the\n Windows Remote Access improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could gain elevated privileges.\n (CVE-2020-1537)\n\n - An elevation of privilege vulnerability exists when the\n "Public Account Pictures" folder improperly\n handles junctions. (CVE-2020-1565)\n\n - An elevation of privilege vulnerability exists when the\n Windows Backup Service improperly handles file\n operations. (CVE-2020-1534)\n\n - A remote code execution vulnerability exists when\n Microsoft Edge PDF Reader improperly handles objects in\n memory. The vulnerability could corrupt memory in such a\n way that enables an attacker to execute arbitrary code\n in the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. If the current\n user is logged on with administrative user rights, an\n attacker could take control of an affected system. An\n attacker could then install programs; view, change, or\n delete data; or create new accounts with full user\n rights. (CVE-2020-1568)\n\n - An elevation of privilege vulnerability exists when the\n Windows Kernel API improperly handles registry objects\n in memory. An attacker who successfully exploited the\n vulnerability could gain elevated privileges on a\n targeted system. A locally authenticated attacker could\n exploit this vulnerability by running a specially\n crafted application. The security update addresses the\n vulnerability by helping to ensure that the Windows\n Kernel API properly handles objects in memory.\n (CVE-2020-1377, CVE-2020-1378)\n\n - An elevation of privilege vulnerability exists when the\n Windows Print Spooler service improperly allows\n arbitrary writing to the file system. An attacker who\n successfully exploited this vulnerability could run\n arbitrary code with elevated system privileges. An\n attacker could then install programs; view, change, or\n delete data; or create new accounts with full user\n rights. (CVE-2020-1337)\n\n - An information disclosure vulnerability exists when the\n Windows WaasMedic Service improperly handles memory.\n (CVE-2020-1548)\n\n - An information disclosure vulnerability exists when the\n Windows Image Acquisition (WIA) Service improperly\n discloses contents of its memory. An attacker who\n successfully exploited the vulnerability could obtain\n information to further compromise the users system.\n (CVE-2020-1474, CVE-2020-1485)\n\n - An elevation of privilege vulnerability exists when the\n Windows kernel fails to properly handle objects in\n memory. An attacker who successfully exploited this\n vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change,\n or delete data; or create new accounts with full user\n rights. (CVE-2020-1417, CVE-2020-1486, CVE-2020-1566)\n\n - A remote code execution vulnerability exists when the\n Windows Jet Database Engine improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on a victim\n system. An attacker could exploit this vulnerability by\n enticing a victim to open a specially crafted file. The\n update addresses the vulnerability by correcting the way\n the Windows Jet Database Engine handles objects in\n memory. (CVE-2020-1473, CVE-2020-1557, CVE-2020-1558,\n CVE-2020-1564)\n\n - A remote code execution vulnerability exists when\n Microsoft Edge improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that enables an attacker to execute arbitrary code in\n the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2020-1569)\n\n - An information disclosure vulnerability exists when the\n win32k component improperly provides kernel information.\n An attacker who successfully exploited the vulnerability\n could obtain information to further compromise the users\n system. (CVE-2020-1510)\n\n - An elevation of privilege vulnerability exists when the\n Windows Backup Engine improperly handles memory.\n (CVE-2020-1535, CVE-2020-1536, CVE-2020-1539,\n CVE-2020-1540, CVE-2020-1541, CVE-2020-1542,\n CVE-2020-1543, CVE-2020-1544, CVE-2020-1545,\n CVE-2020-1546, CVE-2020-1547, CVE-2020-1551)\n\n - An information disclosure vulnerability exists in the\n Windows kernel that could allow an attacker to retrieve\n information that could lead to a Kernel Address Space\n Layout Randomization (ASLR) bypass. An attacker who\n successfully exploited the vulnerability could retrieve\n the memory address of a kernel object. (CVE-2020-1578)\n\n - An elevation of privilege vulnerability exists when\n DirectX improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could run arbitrary code in kernel mode. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n (CVE-2020-1479)\n\n - An elevation of privilege vulnerability exists when the\n Windows Ancillary Function Driver for WinSock improperly\n handles memory. (CVE-2020-1587)\n\n - An elevation of privilege vulnerability exists when the\n Windows Function Discovery SSDP Provider improperly\n handles memory. (CVE-2020-1579)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft Graphics Components handle objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute arbitrary code on a target\n system. (CVE-2020-1561, CVE-2020-1562)\n\n - An elevation of privilege vulnerability exists when the\n Windows Work Folder Service improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could run processes in an elevated\n context. An attacker could exploit this vulnerability by\n running a specially crafted application on the victim\n system. The update addresses the vulnerability by\n correcting the way the Windows Work Folder Service\n handles file operations. (CVE-2020-1552)\n\n - An elevation of privilege vulnerability exists when\n Windows Remote Access improperly handles memory.\n (CVE-2020-1530)\n\n - A remote code execution vulnerability exists in the way\n that the MSHTML engine improperly validates input. An\n attacker could execute arbitrary code in the context of\n the current user. (CVE-2020-1567)\n\n - A spoofing vulnerability exists when Windows incorrectly\n validates file signatures. An attacker who successfully\n exploited this vulnerability could bypass security\n features and load improperly signed files. In an attack\n scenario, an attacker could bypass security features\n intended to prevent improperly signed files from being\n loaded. The update addresses the vulnerability by\n correcting how Windows validates file signatures.\n (CVE-2020-1464)", "edition": 6, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2020-08-11T00:00:00", "title": "KB4565351: Windows 10 Version 1903 and Windows 10 Version 1909 August 2020 Security Update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-1473", "CVE-2020-1587", "CVE-2020-1569", "CVE-2020-1524", "CVE-2020-1519", "CVE-2020-1533", "CVE-2020-1535", "CVE-2020-1516", "CVE-2020-1525", "CVE-2020-1480", "CVE-2020-1549", "CVE-2020-1378", "CVE-2020-1515", "CVE-2020-1540", "CVE-2020-1526", "CVE-2020-1567", "CVE-2020-1553", "CVE-2020-1554", "CVE-2020-1518", "CVE-2020-1487", "CVE-2020-1584", "CVE-2020-1547", "CVE-2020-1561", "CVE-2020-1529", "CVE-2020-1534", "CVE-2020-1555", "CVE-2020-1479", "CVE-2020-1579", "CVE-2020-1474", "CVE-2020-1558", "CVE-2020-1509", "CVE-2020-1546", "CVE-2020-1539", "CVE-2020-1476", "CVE-2020-1521", "CVE-2020-1578", "CVE-2020-1489", "CVE-2020-1536", "CVE-2020-1478", "CVE-2020-1486", "CVE-2020-1537", "CVE-2020-1556", "CVE-2020-1337", "CVE-2020-1379", "CVE-2020-1517", "CVE-2020-1511", "CVE-2020-1522", "CVE-2020-1565", "CVE-2020-1417", "CVE-2020-1488", "CVE-2020-1528", "CVE-2020-1557", "CVE-2020-1464", "CVE-2020-1380", "CVE-2020-1531", "CVE-2020-1568", "CVE-2020-1339", "CVE-2020-1566", "CVE-2020-1513", "CVE-2020-1544", "CVE-2020-1564", "CVE-2020-1548", "CVE-2020-1467", "CVE-2020-1542", "CVE-2020-1550", "CVE-2020-1485", "CVE-2020-1552", "CVE-2020-1527", "CVE-2020-1520", "CVE-2020-1543", "CVE-2020-1459", "CVE-2020-1492", "CVE-2020-1562", "CVE-2020-1490", "CVE-2020-1538", "CVE-2020-1512", "CVE-2020-1545", "CVE-2020-1510", "CVE-2020-1383", "CVE-2020-1570", "CVE-2020-1530", "CVE-2020-1541", "CVE-2020-1470", "CVE-2020-1477", "CVE-2020-1484", "CVE-2020-1577", "CVE-2020-1551", "CVE-2020-1475", "CVE-2020-1377"], "modified": "2020-08-11T00:00:00", "cpe": ["cpe:/o:microsoft:windows", "cpe:/a:microsoft:edge"], "id": "SMB_NT_MS20_AUG_4565351.NASL", "href": "https://www.tenable.com/plugins/nessus/139485", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(139485);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\n \"CVE-2020-1337\",\n \"CVE-2020-1339\",\n \"CVE-2020-1377\",\n \"CVE-2020-1378\",\n \"CVE-2020-1379\",\n \"CVE-2020-1380\",\n \"CVE-2020-1383\",\n \"CVE-2020-1417\",\n \"CVE-2020-1459\",\n \"CVE-2020-1464\",\n \"CVE-2020-1467\",\n \"CVE-2020-1470\",\n \"CVE-2020-1473\",\n \"CVE-2020-1474\",\n \"CVE-2020-1475\",\n \"CVE-2020-1476\",\n \"CVE-2020-1477\",\n \"CVE-2020-1478\",\n \"CVE-2020-1479\",\n \"CVE-2020-1480\",\n \"CVE-2020-1484\",\n \"CVE-2020-1485\",\n \"CVE-2020-1486\",\n \"CVE-2020-1487\",\n \"CVE-2020-1488\",\n \"CVE-2020-1489\",\n \"CVE-2020-1490\",\n \"CVE-2020-1492\",\n \"CVE-2020-1509\",\n \"CVE-2020-1510\",\n \"CVE-2020-1511\",\n \"CVE-2020-1512\",\n \"CVE-2020-1513\",\n \"CVE-2020-1515\",\n \"CVE-2020-1516\",\n \"CVE-2020-1517\",\n \"CVE-2020-1518\",\n \"CVE-2020-1519\",\n \"CVE-2020-1520\",\n \"CVE-2020-1521\",\n \"CVE-2020-1522\",\n \"CVE-2020-1524\",\n \"CVE-2020-1525\",\n \"CVE-2020-1526\",\n \"CVE-2020-1527\",\n \"CVE-2020-1528\",\n \"CVE-2020-1529\",\n \"CVE-2020-1530\",\n \"CVE-2020-1531\",\n \"CVE-2020-1533\",\n \"CVE-2020-1534\",\n \"CVE-2020-1535\",\n \"CVE-2020-1536\",\n \"CVE-2020-1537\",\n \"CVE-2020-1538\",\n \"CVE-2020-1539\",\n \"CVE-2020-1540\",\n \"CVE-2020-1541\",\n \"CVE-2020-1542\",\n \"CVE-2020-1543\",\n \"CVE-2020-1544\",\n \"CVE-2020-1545\",\n \"CVE-2020-1546\",\n \"CVE-2020-1547\",\n \"CVE-2020-1548\",\n \"CVE-2020-1549\",\n \"CVE-2020-1550\",\n \"CVE-2020-1551\",\n \"CVE-2020-1552\",\n \"CVE-2020-1553\",\n \"CVE-2020-1554\",\n \"CVE-2020-1555\",\n \"CVE-2020-1556\",\n \"CVE-2020-1557\",\n \"CVE-2020-1558\",\n \"CVE-2020-1561\",\n \"CVE-2020-1562\",\n \"CVE-2020-1564\",\n \"CVE-2020-1565\",\n \"CVE-2020-1566\",\n \"CVE-2020-1567\",\n \"CVE-2020-1568\",\n \"CVE-2020-1569\",\n \"CVE-2020-1570\",\n \"CVE-2020-1577\",\n \"CVE-2020-1578\",\n \"CVE-2020-1579\",\n \"CVE-2020-1584\",\n \"CVE-2020-1587\"\n );\n script_xref(name:\"MSKB\", value:\"4565351\");\n script_xref(name:\"MSFT\", value:\"MS20-4565351\");\n script_xref(name:\"IAVA\", value:\"2020-A-0361-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0367-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0370-S\");\n\n script_name(english:\"KB4565351: Windows 10 Version 1903 and Windows 10 Version 1909 August 2020 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4565351.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A memory corruption vulnerability exists when Windows\n Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited the vulnerability\n could install programs; view, change, or delete data; or\n create new accounts with full user rights. There are\n multiple ways an attacker could exploit the\n vulnerability, such as by convincing a user to open a\n specially crafted document, or by convincing a user to\n visit a malicious webpage. The security update addresses\n the vulnerability by correcting how Windows Media\n Foundation handles objects in memory. (CVE-2020-1379,\n CVE-2020-1477, CVE-2020-1478, CVE-2020-1492,\n CVE-2020-1525, CVE-2020-1554)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows WalletService handles objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute code with elevated\n permissions. (CVE-2020-1533, CVE-2020-1556)\n\n - A remote code execution vulnerability exists when\n Windows Media Audio Codec improperly handles objects. An\n attacker who successfully exploited the vulnerability\n could take control of an affected system. There are\n multiple ways an attacker could exploit the\n vulnerability, such as by convincing a user to open a\n specially crafted document, or by convincing a user to\n visit a malicious webpage. The security update addresses\n the vulnerability by correcting how Windows Media Audio\n Codec handles objects. (CVE-2020-1339)\n\n - An elevation of privilege vulnerability exists when\n Connected User Experiences and Telemetry Service\n improperly handles file operations. An attacker who\n successfully exploited this vulnerability could run\n processes in an elevated context. An attacker could\n exploit this vulnerability by running a specially\n crafted application on the victim system. The security\n update addresses the vulnerability by correcting how the\n Connected User Experiences and Telemetry Service handles\n file operations. (CVE-2020-1511)\n\n - An elevation of privilege vulnerability exists in the\n way that the srmsvc.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2020-1475)\n\n - An elevation of privilege vulnerability exists when the\n Windows CDP User Components improperly handle memory.\n (CVE-2020-1549, CVE-2020-1550)\n\n - An information disclosure vulnerability exists when\n DirectWrite improperly discloses the contents of its\n memory. An attacker who successfully exploited the\n vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document,\n or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by\n correcting how DirectWrite handles objects in memory.\n (CVE-2020-1577)\n\n - An elevation of privilege vulnerability exists when the\n Windows Radio Manager API improperly handles memory.\n (CVE-2020-1528)\n\n - An information disclosure vulnerability exists on ARM\n implementations that use speculative execution in\n control flow via a side-channel analysis, aka "\n ;straight-line speculation." (CVE-2020-1459)\n\n - An information disclosure vulnerability exists in RPC if\n the server has Routing and Remote Access enabled. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system (CVE-2020-1383)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Microsoft Edge (HTML-based). The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. An attacker who successfully exploited the\n vulnerability could gain the same user rights as the\n current user. (CVE-2020-1555)\n\n - An elevation of privilege vulnerability exists when the\n Windows Work Folders Service improperly handles memory.\n (CVE-2020-1470, CVE-2020-1484, CVE-2020-1516)\n\n - An elevation of privilege vulnerability exists when the\n Windows Custom Protocol Engine improperly handles\n memory. (CVE-2020-1527)\n\n - An elevation of privilege vulnerability exists when the\n Storage Service improperly handles file operations. An\n attacker who successfully exploited this vulnerability\n could gain elevated privileges on the victim system.\n (CVE-2020-1490)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Graphics Device Interface (GDI)\n handles objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2020-1480, CVE-2020-1529)\n\n - An elevation of privilege vulnerability exists when the\n Windows Speech Runtime improperly handles memory.\n (CVE-2020-1521, CVE-2020-1522)\n\n - An elevation of privilege vulnerability exists when the\n Windows CSC Service improperly handles memory.\n (CVE-2020-1489, CVE-2020-1513)\n\n - An elevation of privilege vulnerability exists when the\n Windows Accounts Control improperly handles memory.\n (CVE-2020-1531)\n\n - An elevation of privilege vulnerability exists when\n Windows improperly handles hard links. An attacker who\n successfully exploited this vulnerability could\n overwrite a targeted file leading to an elevated status.\n (CVE-2020-1467)\n\n - An elevation of privilege vulnerability exists when the\n Windows Runtime improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could run arbitrary code in an elevated context. An\n attacker could exploit this vulnerability by running a\n specially crafted application on the victim system. The\n update addresses the vulnerability by correcting the way\n the Windows Runtime handles objects in memory.\n (CVE-2020-1553)\n\n - A remote code execution vulnerability exists when the\n Windows Font Driver Host improperly handles memory. An\n attacker who successfully exploited the vulnerability\n would gain execution on a victim system. The security\n update addresses the vulnerability by correcting how the\n Windows Font Driver Host handles memory. (CVE-2020-1520)\n\n - An elevation of privilege vulnerability exists when the\n Windows UPnP Device Host improperly handles memory.\n (CVE-2020-1519, CVE-2020-1538)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Internet Explorer. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2020-1380, CVE-2020-1570)\n\n - An elevation of privilege vulnerability exists when the\n Windows Telephony Server improperly handles memory.\n (CVE-2020-1515)\n\n - An elevation of privilege vulnerability exists in the\n Local Security Authority Subsystem Service (LSASS) when\n an authenticated attacker sends a specially crafted\n authentication request. A remote attacker who\n successfully exploited this vulnerability could cause an\n elevation of privilege on the target system's LSASS\n service. The security update addresses the vulnerability\n by changing the way that LSASS handles specially crafted\n authentication requests. (CVE-2020-1509)\n\n - An information disclosure vulnerability exists when\n Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. (CVE-2020-1487)\n\n - An elevation of privilege vulnerability exists when the\n Windows AppX Deployment Extensions improperly performs\n privilege management, resulting in access to system\n files. (CVE-2020-1488)\n\n - An elevation of privilege vulnerability exists when the\n Windows File Server Resource Management Service\n improperly handles memory. (CVE-2020-1517,\n CVE-2020-1518)\n\n - An elevation of privilege vulnerability exists in the\n way that the dnsrslvr.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2020-1584)\n\n - An elevation of privilege vulnerability exists when the\n Windows Network Connection Broker improperly handles\n memory. (CVE-2020-1526)\n\n - An elevation of privilege vulnerability exists when the\n Windows Speech Shell Components improperly handle\n memory. (CVE-2020-1524)\n\n - An elevation of privilege vulnerability exists when\n ASP.NET or .NET web applications running on IIS\n improperly allow access to cached files. An attacker who\n successfully exploited this vulnerability could gain\n access to restricted files. (CVE-2020-1476)\n\n - An information disclosure vulnerability exists when the\n Windows State Repository Service improperly handles\n objects in memory. An attacker who successfully\n exploited this vulnerability could obtain information to\n further compromise the users system. An attacker could\n exploit this vulnerability by running a specially\n crafted application on the victim system. The update\n addresses the vulnerability by correcting the way the\n Windows State Repository Service handles objects in\n memory. (CVE-2020-1512)\n\n - An elevation of privilege vulnerability exists when the\n Windows Remote Access improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could gain elevated privileges.\n (CVE-2020-1537)\n\n - An elevation of privilege vulnerability exists when the\n "Public Account Pictures" folder improperly\n handles junctions. (CVE-2020-1565)\n\n - An elevation of privilege vulnerability exists when the\n Windows Backup Service improperly handles file\n operations. (CVE-2020-1534)\n\n - A remote code execution vulnerability exists when\n Microsoft Edge PDF Reader improperly handles objects in\n memory. The vulnerability could corrupt memory in such a\n way that enables an attacker to execute arbitrary code\n in the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. If the current\n user is logged on with administrative user rights, an\n attacker could take control of an affected system. An\n attacker could then install programs; view, change, or\n delete data; or create new accounts with full user\n rights. (CVE-2020-1568)\n\n - An elevation of privilege vulnerability exists when the\n Windows Kernel API improperly handles registry objects\n in memory. An attacker who successfully exploited the\n vulnerability could gain elevated privileges on a\n targeted system. A locally authenticated attacker could\n exploit this vulnerability by running a specially\n crafted application. The security update addresses the\n vulnerability by helping to ensure that the Windows\n Kernel API properly handles objects in memory.\n (CVE-2020-1377, CVE-2020-1378)\n\n - An elevation of privilege vulnerability exists when the\n Windows Print Spooler service improperly allows\n arbitrary writing to the file system. An attacker who\n successfully exploited this vulnerability could run\n arbitrary code with elevated system privileges. An\n attacker could then install programs; view, change, or\n delete data; or create new accounts with full user\n rights. (CVE-2020-1337)\n\n - An information disclosure vulnerability exists when the\n Windows WaasMedic Service improperly handles memory.\n (CVE-2020-1548)\n\n - An information disclosure vulnerability exists when the\n Windows Image Acquisition (WIA) Service improperly\n discloses contents of its memory. An attacker who\n successfully exploited the vulnerability could obtain\n information to further compromise the users system.\n (CVE-2020-1474, CVE-2020-1485)\n\n - An elevation of privilege vulnerability exists when the\n Windows kernel fails to properly handle objects in\n memory. An attacker who successfully exploited this\n vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change,\n or delete data; or create new accounts with full user\n rights. (CVE-2020-1417, CVE-2020-1486, CVE-2020-1566)\n\n - A remote code execution vulnerability exists when the\n Windows Jet Database Engine improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on a victim\n system. An attacker could exploit this vulnerability by\n enticing a victim to open a specially crafted file. The\n update addresses the vulnerability by correcting the way\n the Windows Jet Database Engine handles objects in\n memory. (CVE-2020-1473, CVE-2020-1557, CVE-2020-1558,\n CVE-2020-1564)\n\n - A remote code execution vulnerability exists when\n Microsoft Edge improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that enables an attacker to execute arbitrary code in\n the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2020-1569)\n\n - An information disclosure vulnerability exists when the\n win32k component improperly provides kernel information.\n An attacker who successfully exploited the vulnerability\n could obtain information to further compromise the users\n system. (CVE-2020-1510)\n\n - An elevation of privilege vulnerability exists when the\n Windows Backup Engine improperly handles memory.\n (CVE-2020-1535, CVE-2020-1536, CVE-2020-1539,\n CVE-2020-1540, CVE-2020-1541, CVE-2020-1542,\n CVE-2020-1543, CVE-2020-1544, CVE-2020-1545,\n CVE-2020-1546, CVE-2020-1547, CVE-2020-1551)\n\n - An information disclosure vulnerability exists in the\n Windows kernel that could allow an attacker to retrieve\n information that could lead to a Kernel Address Space\n Layout Randomization (ASLR) bypass. An attacker who\n successfully exploited the vulnerability could retrieve\n the memory address of a kernel object. (CVE-2020-1578)\n\n - An elevation of privilege vulnerability exists when\n DirectX improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could run arbitrary code in kernel mode. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n (CVE-2020-1479)\n\n - An elevation of privilege vulnerability exists when the\n Windows Ancillary Function Driver for WinSock improperly\n handles memory. (CVE-2020-1587)\n\n - An elevation of privilege vulnerability exists when the\n Windows Function Discovery SSDP Provider improperly\n handles memory. (CVE-2020-1579)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft Graphics Components handle objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute arbitrary code on a target\n system. (CVE-2020-1561, CVE-2020-1562)\n\n - An elevation of privilege vulnerability exists when the\n Windows Work Folder Service improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could run processes in an elevated\n context. An attacker could exploit this vulnerability by\n running a specially crafted application on the victim\n system. The update addresses the vulnerability by\n correcting the way the Windows Work Folder Service\n handles file operations. (CVE-2020-1552)\n\n - An elevation of privilege vulnerability exists when\n Windows Remote Access improperly handles memory.\n (CVE-2020-1530)\n\n - A remote code execution vulnerability exists in the way\n that the MSHTML engine improperly validates input. An\n attacker could execute arbitrary code in the context of\n the current user. (CVE-2020-1567)\n\n - A spoofing vulnerability exists when Windows incorrectly\n validates file signatures. An attacker who successfully\n exploited this vulnerability could bypass security\n features and load improperly signed files. In an attack\n scenario, an attacker could bypass security features\n intended to prevent improperly signed files from being\n loaded. The update addresses the vulnerability by\n correcting how Windows validates file signatures.\n (CVE-2020-1464)\");\n # https://support.microsoft.com/en-us/help/4565351/windows-10-update-kb4565351\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?7a2c32c0\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update KB4565351.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-1564\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Microsoft Spooler Local Privilege Elevation Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/08/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/08/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/08/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS20-08\";\nkbs = make_list('4565351');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:\"18362\",\n rollup_date:\"08_2020\",\n bulletin:bulletin,\n rollup_kb_list:[4565351])\n ||\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:\"18363\",\n rollup_date:\"08_2020\",\n bulletin:bulletin,\n rollup_kb_list:[4565351])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n\n\n\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "kaspersky": [{"lastseen": "2020-09-02T12:00:36", "bulletinFamily": "info", "cvelist": ["CVE-2020-1373", "CVE-2020-1354", "CVE-2020-1438", "CVE-2020-1401", "CVE-2020-1403", "CVE-2020-1036", "CVE-2020-1436", "CVE-2020-1085", "CVE-2020-1390", "CVE-2020-1402", "CVE-2020-1371", "CVE-2020-1350", "CVE-2020-1468", "CVE-2020-1360", "CVE-2020-1419", "CVE-2020-1333", "CVE-2020-1041", "CVE-2020-1389", "CVE-2020-1396", "CVE-2020-1397", "CVE-2020-1407", "CVE-2020-1384", "CVE-2020-1042", "CVE-2020-1346", "CVE-2020-1427", "CVE-2020-1267", "CVE-2020-1430", "CVE-2020-1412", "CVE-2020-1409", "CVE-2020-1374", "CVE-2020-1421", "CVE-2020-1365", "CVE-2020-1435", "CVE-2020-1040", "CVE-2020-1408", "CVE-2020-1437", "CVE-2020-1032", "CVE-2020-1400", "CVE-2020-1359", "CVE-2020-1428", "CVE-2020-1351", "CVE-2020-1043", "CVE-2020-1410"], "description": "### *Detect date*:\n07/14/2020\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple vulnerabilities were found in Microsoft Products (Extended Support Update). Malicious users can exploit these vulnerabilities to gain privileges, obtain sensitive information, execute arbitrary code, cause denial of service.\n\n### *Exploitation*:\nMalware exists for this vulnerability. Usually such malware is classified as Exploit. [More details](<https://threats.kaspersky.com/en/class/Exploit/>).\n\n### *Affected products*:\nWindows 10 Version 2004 for ARM64-based Systems \nWindows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) \nWindows 10 Version 1903 for 32-bit Systems \nWindows Server 2019 (Server Core installation) \nWindows 10 Version 1809 for x64-based Systems \nWindows 10 Version 1607 for x64-based Systems \nWindows Server 2012 R2 \nWindows Server 2012 \nWindows Server 2008 for x64-based Systems Service Pack 2 \nWindows 10 Version 1909 for 32-bit Systems \nWindows Server, version 2004 (Server Core installation) \nWindows 10 for x64-based Systems \nWindows Server 2016 (Server Core installation) \nWindows 8.1 for x64-based systems \nWindows Server 2012 (Server Core installation) \nWindows 10 Version 1709 for x64-based Systems \nWindows 7 for 32-bit Systems Service Pack 1 \nWindows 10 Version 1709 for ARM64-based Systems \nWindows 8.1 for 32-bit systems \nWindows 10 Version 1607 for 32-bit Systems \nWindows Server 2016 \nWindows 10 Version 1903 for ARM64-based Systems \nWindows 10 Version 1803 for 32-bit Systems \nWindows 7 for x64-based Systems Service Pack 1 \nWindows 10 Version 1909 for x64-based Systems \nWindows 10 Version 1903 for x64-based Systems \nInternet Explorer 11 \nWindows 10 Version 1909 for ARM64-based Systems \nWindows Server 2008 for 32-bit Systems Service Pack 2 \nWindows 10 Version 2004 for 32-bit Systems \nWindows 10 Version 1809 for 32-bit Systems \nWindows Server, version 1903 (Server Core installation) \nWindows 10 Version 1803 for x64-based Systems \nMicrosoft Office 2019 for Mac \nWindows RT 8.1 \nWindows 10 Version 2004 for x64-based Systems \nWindows Server 2008 R2 for x64-based Systems Service Pack 1 \nMicrosoft Office 2016 for Mac \nWindows Server 2019 \nInternet Explorer 9 \nWindows 10 Version 1803 for ARM64-based Systems \nWindows Server, version 1909 (Server Core installation) \nWindows 10 Version 1809 for ARM64-based Systems \nWindows Server 2012 R2 (Server Core installation) \nWindows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) \nWindows 10 for 32-bit Systems \nWindows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) \nWindows 10 Version 1709 for 32-bit Systems\n\n### *Solution*:\nInstall necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)\n\n### *Original advisories*:\n[CVE-2020-1333](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1333>) \n[CVE-2020-1384](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1384>) \n[CVE-2020-1346](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1346>) \n[CVE-2020-1389](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1389>) \n[CVE-2020-1032](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1032>) \n[CVE-2020-1036](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1036>) \n[CVE-2020-1360](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1360>) \n[CVE-2020-1267](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1267>) \n[CVE-2020-1365](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1365>) \n[CVE-2020-1354](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1354>) \n[CVE-2020-1419](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1419>) \n[CVE-2020-1438](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1438>) \n[CVE-2020-1435](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1435>) \n[CVE-2020-1412](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1412>) \n[CVE-2020-1437](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1437>) \n[CVE-2020-1436](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1436>) \n[CVE-2020-1430](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1430>) \n[CVE-2020-1428](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1428>) \n[CVE-2020-1396](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1396>) \n[CVE-2020-1397](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1397>) \n[CVE-2020-1390](<https://nvd.nist.gov/vuln/detail/CVE-2020-1390>) \n[CVE-2020-1359](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1359>) \n[CVE-2020-1371](<https://nvd.nist.gov/vuln/detail/CVE-2020-1371>) \n[CVE-2020-1350](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1350>) \n[CVE-2020-1351](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1351>) \n[CVE-2020-1040](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1040>) \n[CVE-2020-1041](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1041>) \n[CVE-2020-1042](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1042>) \n[CVE-2020-1043](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1043>) \n[CVE-2020-1373](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1373>) \n[CVE-2020-1410](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1410>) \n[CVE-2020-1374](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1374>) \n[CVE-2020-1085](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1085>) \n[CVE-2020-1407](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1407>) \n[CVE-2020-1400](<https://nvd.nist.gov/vuln/detail/CVE-2020-1400>) \n[CVE-2020-1401](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1401>) \n[CVE-2020-1402](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1402>) \n[CVE-2020-1403](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1403>) \n[CVE-2020-1427](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1427>) \n[CVE-2020-1468](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1468>) \n[CVE-2020-1408](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1408>) \n[CVE-2020-1409](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1409>) \n[CVE-2020-1421](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1421>) \n[ADV200008](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/ADV200008>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Microsoft Internet Explorer](<https://threats.kaspersky.com/en/product/Microsoft-Internet-Explorer/>)\n\n### *CVE-IDS*:\n[CVE-2020-1403](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1403>)0.0Unknown \n[CVE-2020-1333](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1333>)0.0Unknown \n[CVE-2020-1384](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1384>)0.0Unknown \n[CVE-2020-1346](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1346>)0.0Unknown \n[CVE-2020-1389](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1389>)0.0Unknown \n[CVE-2020-1032](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1032>)0.0Unknown \n[CVE-2020-1036](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1036>)0.0Unknown \n[CVE-2020-1360](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1360>)0.0Unknown \n[CVE-2020-1267](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1267>)0.0Unknown \n[CVE-2020-1365](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1365>)0.0Unknown \n[CVE-2020-1354](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1354>)0.0Unknown \n[CVE-2020-1419](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1419>)0.0Unknown \n[CVE-2020-1438](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1438>)0.0Unknown \n[CVE-2020-1435](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1435>)0.0Unknown \n[CVE-2020-1412](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1412>)0.0Unknown \n[CVE-2020-1437](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1437>)0.0Unknown \n[CVE-2020-1436](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1436>)0.0Unknown \n[CVE-2020-1430](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1430>)0.0Unknown \n[CVE-2020-1428](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1428>)0.0Unknown \n[CVE-2020-1396](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1396>)0.0Unknown \n[CVE-2020-1397](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1397>)0.0Unknown \n[CVE-2020-1390](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1390>)0.0Unknown \n[CVE-2020-1359](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1359>)0.0Unknown \n[CVE-2020-1371](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1371>)0.0Unknown \n[CVE-2020-1350](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1350>)0.0Unknown \n[CVE-2020-1351](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1351>)0.0Unknown \n[CVE-2020-1040](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1040>)0.0Unknown \n[CVE-2020-1041](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1041>)0.0Unknown \n[CVE-2020-1042](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1042>)0.0Unknown \n[CVE-2020-1043](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1043>)0.0Unknown \n[CVE-2020-1373](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1373>)0.0Unknown \n[CVE-2020-1410](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1410>)0.0Unknown \n[CVE-2020-1374](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1374>)0.0Unknown \n[CVE-2020-1085](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1085>)0.0Unknown \n[CVE-2020-1407](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1407>)0.0Unknown \n[CVE-2020-1400](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1400>)0.0Unknown \n[CVE-2020-1401](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1401>)0.0Unknown \n[CVE-2020-1402](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1402>)0.0Unknown \n[CVE-2020-1427](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1427>)0.0Unknown \n[CVE-2020-1468](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1468>)0.0Unknown \n[CVE-2020-1408](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1408>)0.0Unknown \n[CVE-2020-1409](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1409>)0.0Unknown \n[CVE-2020-1421](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1421>)0.0Unknown\n\n### *KB list*:\n[4565524](<http://support.microsoft.com/kb/4565524>) \n[4565479](<http://support.microsoft.com/kb/4565479>) \n[4565529](<http://support.microsoft.com/kb/4565529>) \n[4565539](<http://support.microsoft.com/kb/4565539>) \n[4565353](<http://support.microsoft.com/kb/4565353>) \n[4565354](<http://support.microsoft.com/kb/4565354>) \n[4565536](<http://support.microsoft.com/kb/4565536>)\n\n### *Microsoft official advisories*:", "edition": 1, "modified": "2020-07-22T00:00:00", "published": "2020-07-14T00:00:00", "id": "KLA11863", "href": "https://threats.kaspersky.com/en/vulnerability/KLA11863", "title": "\r KLA11863Multiple vulnerabilities in Microsoft Products (ESU) ", "type": "kaspersky", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-09-02T11:40:59", "bulletinFamily": "info", "cvelist": ["CVE-2020-1473", "CVE-2020-1587", "CVE-2020-1524", "CVE-2020-1519", "CVE-2020-1533", "CVE-2020-1535", "CVE-2020-1585", "CVE-2020-1516", "CVE-2020-1525", "CVE-2020-1480", "CVE-2020-1549", "CVE-2020-1571", "CVE-2020-1378", "CVE-2020-1515", "CVE-2020-1540", "CVE-2020-1526", "CVE-2020-1553", "CVE-2020-1554", "CVE-2020-1518", "CVE-2020-1466", "CVE-2020-1487", "CVE-2020-1584", "CVE-2020-1547", "CVE-2020-1561", "CVE-2020-1529", "CVE-2020-1534", "CVE-2020-1560", "CVE-2020-1479", "CVE-2020-1579", "CVE-2020-1474", "CVE-2020-1558", "CVE-2020-1509", "CVE-2020-1546", "CVE-2020-1539", "CVE-2020-1472", "CVE-2020-1521", "CVE-2020-1578", "CVE-2020-1489", "CVE-2020-1536", "CVE-2020-1478", "CVE-2020-1486", "CVE-2020-1537", "CVE-2020-1556", "CVE-2020-1337", "CVE-2020-1379", "CVE-2020-1517", "CVE-2020-1511", "CVE-2020-1522", "CVE-2020-1565", "CVE-2020-1417", "CVE-2020-1488", "CVE-2020-1528", "CVE-2020-1557", "CVE-2020-1464", "CVE-2020-1531", "CVE-2020-1339", "CVE-2020-1566", "CVE-2020-1513", "CVE-2020-1544", "CVE-2020-1574", "CVE-2020-1564", "CVE-2020-1548", "CVE-2020-1467", "CVE-2020-1542", "CVE-2020-1550", "CVE-2020-1485", "CVE-2020-1552", "CVE-2020-1527", "CVE-2020-1520", "CVE-2020-1543", "CVE-2020-1459", "CVE-2020-1492", "CVE-2020-1562", "CVE-2020-1490", "CVE-2020-1538", "CVE-2020-1512", "CVE-2020-1545", "CVE-2020-1510", "CVE-2020-1383", "CVE-2020-1530", "CVE-2020-1541", "CVE-2020-1470", "CVE-2020-1477", "CVE-2020-1484", "CVE-2020-1577", "CVE-2020-1551", "CVE-2020-1475", "CVE-2020-1377"], "description": "### *Detect date*:\n08/11/2020\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to execute arbitrary code, gain privileges, , obtain sensitive information, spoof user interface, cause denial of service.\n\n### *Affected products*:\nWindows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) \nWindows 10 Version 1809 for ARM64-based Systems \nWindows 10 Version 1709 for ARM64-based Systems \nWindows 8.1 for x64-based systems \nWindows RT 8.1 \nWindows Server, version 2004 (Server Core installation) \nWindows 10 Version 1709 for x64-based Systems \nWindows Server 2008 R2 for x64-based Systems Service Pack 1 \nWindows 10 Version 1809 for 32-bit Systems \nWindows Server 2016 (Server Core installation) \nWindows 10 Version 1803 for ARM64-based Systems \nWindows 10 for x64-based Systems \nWindows 10 Version 1903 for 32-bit Systems \nWindows 10 Version 1803 for x64-based Systems \nWindows 10 Version 1909 for x64-based Systems \nWindows 10 Version 1607 for 32-bit Systems \nWindows 10 Version 1607 for x64-based Systems \nWindows 10 Version 1803 for 32-bit Systems \nWindows Server 2012 R2 (Server Core installation) \nWindows 10 Version 2004 for ARM64-based Systems \nWindows Server 2008 for x64-based Systems Service Pack 2 \nWindows 10 Version 2004 for x64-based Systems \nWindows 8.1 for 32-bit systems \nWindows Server 2012 R2 \nWindows 10 Version 1909 for 32-bit Systems \nWindows 10 for 32-bit Systems \nWindows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) \nWindows Server, version 1909 (Server Core installation) \nWindows 10 Version 1709 for 32-bit Systems \nWindows Server 2016 \nWindows Server 2008 for 32-bit Systems Service Pack 2 \nWindows Server 2019 \nWindows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) \nWindows Server 2012 (Server Core installation) \nWindows 10 Version 1809 for x64-based Systems \nWindows 10 Version 2004 for 32-bit Systems \nWindows 10 Version 1909 for ARM64-based Systems \nWindows Server 2012 \nWindows 7 for x64-based Systems Service Pack 1 \nWindows 10 Version 1903 for x64-based Systems \nWindows 10 Version 1903 for ARM64-based Systems \nWindows 7 for 32-bit Systems Service Pack 1 \nWindows Server 2019 (Server Core installation) \nWindows Server, version 1903 (Server Core installation)\n\n### *Solution*:\nInstall necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)\n\n### *Original advisories*:\n[CVE-2020-1492](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1492>) \n[CVE-2020-1490](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1490>) \n[CVE-2020-1552](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1552>) \n[CVE-2020-1553](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1553>) \n[CVE-2020-1550](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1550>) \n[CVE-2020-1551](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1551>) \n[CVE-2020-1556](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1556>) \n[CVE-2020-1557](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1557>) \n[CVE-2020-1554](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1554>) \n[CVE-2020-1558](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1558>) \n[CVE-2020-1417](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1417>) \n[CVE-2020-1488](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1488>) \n[CVE-2020-1489](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1489>) \n[CVE-2020-1484](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1484>) \n[CVE-2020-1485](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1485>) \n[CVE-2020-1486](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1486>) \n[CVE-2020-1487](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1487>) \n[CVE-2020-1480](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1480>) \n[CVE-2020-1566](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1566>) \n[CVE-2020-1565](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1565>) \n[CVE-2020-1564](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1564>) \n[CVE-2020-1562](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1562>) \n[CVE-2020-1561](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1561>) \n[CVE-2020-1560](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1560>) \n[CVE-2020-1578](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1578>) \n[CVE-2020-1579](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1579>) \n[CVE-2020-1571](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1571>) \n[CVE-2020-1574](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1574>) \n[CVE-2020-1577](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1577>) \n[CVE-2020-1470](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1470>) \n[CVE-2020-1473](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1473>) \n[CVE-2020-1472](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1472>) \n[CVE-2020-1475](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1475>) \n[CVE-2020-1474](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1474>) \n[CVE-2020-1477](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1477>) \n[CVE-2020-1479](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1479>) \n[CVE-2020-1478](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1478>) \n[CVE-2020-1585](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1585>) \n[CVE-2020-1584](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1584>) \n[CVE-2020-1587](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1587>) \n[CVE-2020-1339](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1339>) \n[CVE-2020-1337](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1337>) \n[CVE-2020-1509](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1509>) \n[CVE-2020-1467](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1467>) \n[CVE-2020-1464](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1464>) \n[CVE-2020-1383](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1383>) \n[CVE-2020-1459](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1459>) \n[CVE-2020-1518](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1518>) \n[CVE-2020-1519](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1519>) \n[CVE-2020-1516](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1516>) \n[CVE-2020-1517](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1517>) \n[CVE-2020-1515](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1515>) \n[CVE-2020-1512](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1512>) \n[CVE-2020-1513](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1513>) \n[CVE-2020-1510](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1510>) \n[CVE-2020-1511](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1511>) \n[CVE-2020-1529](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1529>) \n[CVE-2020-1528](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1528>) \n[CVE-2020-1522](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1522>) \n[CVE-2020-1521](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1521>) \n[CVE-2020-1520](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1520>) \n[CVE-2020-1527](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1527>) \n[CVE-2020-1526](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1526>) \n[CVE-2020-1525](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1525>) \n[CVE-2020-1524](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1524>) \n[CVE-2020-1534](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1534>) \n[CVE-2020-1535](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1535>) \n[CVE-2020-1536](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1536>) \n[CVE-2020-1537](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1537>) \n[CVE-2020-1530](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1530>) \n[CVE-2020-1531](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1531>) \n[CVE-2020-1533](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1533>) \n[CVE-2020-1466](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1466>) \n[CVE-2020-1538](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1538>) \n[CVE-2020-1539](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1539>) \n[CVE-2020-1377](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1377>) \n[CVE-2020-1378](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1378>) \n[CVE-2020-1379](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1379>) \n[CVE-2020-1541](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1541>) \n[CVE-2020-1540](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1540>) \n[CVE-2020-1543](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1543>) \n[CVE-2020-1542](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1542>) \n[CVE-2020-1545](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1545>) \n[CVE-2020-1544](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1544>) \n[CVE-2020-1547](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1547>) \n[CVE-2020-1546](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1546>) \n[CVE-2020-1549](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1549>) \n[CVE-2020-1548](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1548>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Microsoft Windows](<https://threats.kaspersky.com/en/product/Microsoft-Windows/>)\n\n### *CVE-IDS*:\n[CVE-2020-1488](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1488>)0.0Unknown \n[CVE-2020-1379](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1379>)0.0Unknown \n[CVE-2020-1537](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1537>)0.0Unknown \n[CVE-2020-1383](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1383>)0.0Unknown \n[CVE-2020-1475](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1475>)0.0Unknown \n[CVE-2020-1545](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1545>)0.0Unknown \n[CVE-2020-1579](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1579>)0.0Unknown \n[CVE-2020-1470](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1470>)0.0Unknown \n[CVE-2020-1536](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1536>)0.0Unknown \n[CVE-2020-1577](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1577>)0.0Unknown \n[CVE-2020-1552](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1552>)0.0Unknown \n[CVE-2020-1535](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1535>)0.0Unknown \n[CVE-2020-1473](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1473>)0.0Unknown \n[CVE-2020-1551](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1551>)0.0Unknown \n[CVE-2020-1530](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1530>)0.0Unknown \n[CVE-2020-1474](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1474>)0.0Unknown \n[CVE-2020-1518](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1518>)0.0Unknown \n[CVE-2020-1519](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1519>)0.0Unknown \n[CVE-2020-1516](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1516>)0.0Unknown \n[CVE-2020-1478](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1478>)0.0Unknown \n[CVE-2020-1558](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1558>)0.0Unknown \n[CVE-2020-1515](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1515>)0.0Unknown \n[CVE-2020-1538](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1538>)0.0Unknown \n[CVE-2020-1539](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1539>)0.0Unknown \n[CVE-2020-1557](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1557>)0.0Unknown \n[CVE-2020-1554](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1554>)0.0Unknown \n[CVE-2020-1472](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1472>)0.0Unknown \n[CVE-2020-1517](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1517>)0.0Unknown \n[CVE-2020-1484](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1484>)0.0Unknown \n[CVE-2020-1485](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1485>)0.0Unknown \n[CVE-2020-1486](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1486>)0.0Unknown \n[CVE-2020-1544](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1544>)0.0Unknown \n[CVE-2020-1529](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1529>)0.0Unknown \n[CVE-2020-1584](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1584>)0.0Unknown \n[CVE-2020-1587](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1587>)0.0Unknown \n[CVE-2020-1377](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1377>)0.0Unknown \n[CVE-2020-1477](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1477>)0.0Unknown \n[CVE-2020-1339](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1339>)0.0Unknown \n[CVE-2020-1337](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1337>)0.0Unknown \n[CVE-2020-1378](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1378>)0.0Unknown \n[CVE-2020-1564](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1564>)0.0Unknown \n[CVE-2020-1562](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1562>)0.0Unknown \n[CVE-2020-1513](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1513>)0.0Unknown \n[CVE-2020-1541](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1541>)0.0Unknown \n[CVE-2020-1540](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1540>)0.0Unknown \n[CVE-2020-1543](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1543>)0.0Unknown \n[CVE-2020-1542](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1542>)0.0Unknown \n[CVE-2020-1534](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1534>)0.0Unknown \n[CVE-2020-1467](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1467>)0.0Unknown \n[CVE-2020-1464](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1464>)0.0Unknown \n[CVE-2020-1546](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1546>)0.0Unknown \n[CVE-2020-1547](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1547>)0.0Unknown \n[CVE-2020-1520](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1520>)0.0Unknown \n[CVE-2020-1489](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1489>)0.0Unknown \n[CVE-2020-1492](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1492>)0.0Unknown \n[CVE-2020-1490](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1490>)0.0Unknown \n[CVE-2020-1553](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1553>)0.0Unknown \n[CVE-2020-1550](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1550>)0.0Unknown \n[CVE-2020-1556](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1556>)0.0Unknown \n[CVE-2020-1417](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1417>)0.0Unknown \n[CVE-2020-1487](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1487>)0.0Unknown \n[CVE-2020-1480](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1480>)0.0Unknown \n[CVE-2020-1566](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1566>)0.0Unknown \n[CVE-2020-1565](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1565>)0.0Unknown \n[CVE-2020-1561](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1561>)0.0Unknown \n[CVE-2020-1560](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1560>)0.0Unknown \n[CVE-2020-1578](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1578>)0.0Unknown \n[CVE-2020-1571](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1571>)0.0Unknown \n[CVE-2020-1574](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1574>)0.0Unknown \n[CVE-2020-1479](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1479>)0.0Unknown \n[CVE-2020-1585](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1585>)0.0Unknown \n[CVE-2020-1509](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1509>)0.0Unknown \n[CVE-2020-1459](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1459>)0.0Unknown \n[CVE-2020-1512](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1512>)0.0Unknown \n[CVE-2020-1510](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1510>)0.0Unknown \n[CVE-2020-1511](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1511>)0.0Unknown \n[CVE-2020-1528](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1528>)0.0Unknown \n[CVE-2020-1522](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1522>)0.0Unknown \n[CVE-2020-1521](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1521>)0.0Unknown \n[CVE-2020-1527](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1527>)0.0Unknown \n[CVE-2020-1526](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1526>)0.0Unknown \n[CVE-2020-1525](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1525>)0.0Unknown \n[CVE-2020-1524](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1524>)0.0Unknown \n[CVE-2020-1531](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1531>)0.0Unknown \n[CVE-2020-1533](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1533>)0.0Unknown \n[CVE-2020-1466](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1466>)0.0Unknown \n[CVE-2020-1549](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1549>)0.0Unknown \n[CVE-2020-1548](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1548>)0.0Unknown\n\n### *KB list*:\n[4571692](<http://support.microsoft.com/kb/4571692>) \n[4571694](<http://support.microsoft.com/kb/4571694>) \n[4571709](<http://support.microsoft.com/kb/4571709>) \n[4566782](<http://support.microsoft.com/kb/4566782>) \n[4571723](<http://support.microsoft.com/kb/4571723>) \n[4571703](<http://support.microsoft.com/kb/4571703>) \n[4571702](<http://support.microsoft.com/kb/4571702>) \n[4565349](<http://support.microsoft.com/kb/4565349>) \n[4571736](<http://support.microsoft.com/kb/4571736>) \n[4571741](<http://support.microsoft.com/kb/4571741>) \n[4565351](<http://support.microsoft.com/kb/4565351>)", "edition": 1, "modified": "2020-08-18T00:00:00", "published": "2020-08-11T00:00:00", "id": "KLA11931", "href": "https://threats.kaspersky.com/en/vulnerability/KLA11931", "title": "\r KLA11931Multiple vulnerabilities in Microsoft Windows ", "type": "kaspersky", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-09-18T16:51:32", "bulletinFamily": "info", "cvelist": ["CVE-2020-1373", "CVE-2020-1382", "CVE-2020-1367", "CVE-2020-1330", "CVE-2020-1354", "CVE-2020-1438", "CVE-2020-1404", "CVE-2020-1401", "CVE-2020-1372", "CVE-2020-1420", "CVE-2020-1413", "CVE-2020-1392", "CVE-2020-1405", "CVE-2020-1036", "CVE-2020-1344", "CVE-2020-1414", "CVE-2020-1353", "CVE-2020-1355", "CVE-2020-1415", "CVE-2020-1436", "CVE-2020-1375", "CVE-2020-1085", "CVE-2020-1390", "CVE-2020-1358", "CVE-2020-1402", "CVE-2020-1406", "CVE-2020-1371", "CVE-2020-1352", "CVE-2020-1350", "CVE-2020-1391", "CVE-2020-1411", "CVE-2020-1393", "CVE-2020-1386", "CVE-2020-1468", "CVE-2020-1422", "CVE-2020-1370", "CVE-2020-1347", "CVE-2020-1360", "CVE-2020-1419", "CVE-2020-1333", "CVE-2020-1356", "CVE-2020-1041", "CVE-2020-1336", "CVE-2020-1389", "CVE-2020-1418", "CVE-2020-1385", "CVE-2020-1396", "CVE-2020-1362", "CVE-2020-1431", "CVE-2020-1388", "CVE-2020-1423", "CVE-2020-1426", "CVE-2020-1397", "CVE-2020-1407", "CVE-2020-1384", "CVE-2020-1463", "CVE-2020-1042", "CVE-2020-1346", "CVE-2020-1427", "CVE-2020-1363", "CVE-2020-1381", "CVE-2020-1395", "CVE-2020-1267", "CVE-2020-1399", "CVE-2020-1368", "CVE-2020-1249", "CVE-2020-1430", "CVE-2020-1357", "CVE-2020-1412", "CVE-2020-1409", "CVE-2020-1374", "CVE-2020-1421", "CVE-2020-1365", "CVE-2020-1435", "CVE-2020-1369", "CVE-2020-1040", "CVE-2020-1408", "CVE-2020-1394", "CVE-2020-1437", "CVE-2020-1434", "CVE-2020-1032", "CVE-2020-1366", "CVE-2020-1361", "CVE-2020-1400", "CVE-2020-1398", "CVE-2020-1359", "CVE-2020-1424", "CVE-2020-1428", "CVE-2020-1351", "CVE-2020-1429", "CVE-2020-1043", "CVE-2020-1364", "CVE-2020-1387", "CVE-2020-1410"], "description": "### *Detect date*:\n07/14/2020\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to gain privileges, obtain sensitive information, execute arbitrary code, cause denial of service.\n\n### *Exploitation*:\nMalware exists for this vulnerability. Usually such malware is classified as Exploit. [More details](<https://threats.kaspersky.com/en/class/Exploit/>).\n\n### *Affected products*:\nWindows 10 Version 2004 for ARM64-based Systems \nWindows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) \nWindows 10 Version 1903 for 32-bit Systems \nWindows Server 2019 (Server Core installation) \nWindows 10 Version 1809 for x64-based Systems \nWindows 10 Version 1607 for x64-based Systems \nWindows Server 2012 R2 \nWindows Server 2012 \nWindows Server 2008 for x64-based Systems Service Pack 2 \nWindows 10 Version 1909 for 32-bit Systems \nWindows Server, version 2004 (Server Core installation) \nWindows 10 for x64-based Systems \nWindows Server 2016 (Server Core installation) \nWindows 8.1 for x64-based systems \nWindows Server 2012 (Server Core installation) \nWindows 10 Version 1709 for x64-based Systems \nWindows 7 for 32-bit Systems Service Pack 1 \nWindows 10 Version 1709 for ARM64-based Systems \nWindows 8.1 for 32-bit systems \nWindows 10 Version 1607 for 32-bit Systems \nWindows Server 2016 \nWindows 10 Version 1903 for ARM64-based Systems \nWindows 10 Version 1803 for 32-bit Systems \nWindows 7 for x64-based Systems Service Pack 1 \nWindows 10 Version 1909 for x64-based Systems \nWindows 10 Version 1903 for x64-based Systems \nWindows 10 Version 1909 for ARM64-based Systems \nWindows Server 2008 for 32-bit Systems Service Pack 2 \nWindows 10 Version 2004 for 32-bit Systems \nWindows 10 Version 1809 for 32-bit Systems \nWindows Server, version 1903 (Server Core installation) \nWindows 10 Version 1803 for x64-based Systems \nWindows RT 8.1 \nWindows 10 Version 2004 for x64-based Systems \nWindows Server 2008 R2 for x64-based Systems Service Pack 1 \nWindows Server 2019 \nWindows 10 Version 1803 for ARM64-based Systems \nWindows Server, version 1909 (Server Core installation) \nWindows 10 Version 1809 for ARM64-based Systems \nWindows Server 2012 R2 (Server Core installation) \nWindows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) \nWindows 10 for 32-bit Systems \nWindows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) \nWindows 10 Version 1709 for 32-bit Systems\n\n### *Solution*:\nInstall necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)\n\n### *Original advisories*:\n[CVE-2020-1347](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1347>) \n[CVE-2020-1346](<https://nvd.nist.gov/vuln/detail/CVE-2020-1346>) \n[CVE-2020-1344](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1344>) \n[CVE-2020-1267](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1267>) \n[CVE-2020-1419](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1419>) \n[CVE-2020-1418](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1418>) \n[CVE-2020-1413](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1413>) \n[CVE-2020-1412](<https://nvd.nist.gov/vuln/detail/CVE-2020-1412>) \n[CVE-2020-1411](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1411>) \n[CVE-2020-1410](<https://nvd.nist.gov/vuln/detail/CVE-2020-1410>) \n[CVE-2020-1415](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1415>) \n[CVE-2020-1414](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1414>) \n[CVE-2020-1358](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1358>) \n[CVE-2020-1359](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1359>) \n[CVE-2020-1350](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1350>) \n[CVE-2020-1351](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1351>) \n[CVE-2020-1352](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1352>) \n[CVE-2020-1353](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1353>) \n[CVE-2020-1354](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1354>) \n[CVE-2020-1355](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1355>) \n[CVE-2020-1356](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1356>) \n[CVE-2020-1357](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1357>) \n[CVE-2020-1085](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1085>) \n[CVE-2020-1404](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1404>) \n[CVE-2020-1405](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1405>) \n[CVE-2020-1406](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1406>) \n[CVE-2020-1407](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1407>) \n[CVE-2020-1400](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1400>) \n[CVE-2020-1401](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1401>) \n[CVE-2020-1402](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1402>) \n[CVE-2020-1408](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1408>) \n[CVE-2020-1409](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1409>) \n[CVE-2020-1336](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1336>) \n[CVE-2020-1333](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1333>) \n[CVE-2020-1330](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1330>) \n[CVE-2020-1463](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1463>) \n[CVE-2020-1468](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1468>) \n[CVE-2020-1382](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1382>) \n[CVE-2020-1381](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1381>) \n[CVE-2020-1387](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1387>) \n[CVE-2020-1386](<https://nvd.nist.gov/vuln/detail/CVE-2020-1386>) \n[CVE-2020-1385](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1385>) \n[CVE-2020-1384](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1384>) \n[CVE-2020-1389](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1389>) \n[CVE-2020-1388](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1388>) \n[CVE-2020-1398](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1398>) \n[CVE-2020-1399](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1399>) \n[CVE-2020-1394](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1394>) \n[CVE-2020-1395](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1395>) \n[CVE-2020-1396](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1396>) \n[CVE-2020-1397](<https://nvd.nist.gov/vuln/detail/CVE-2020-1397>) \n[CVE-2020-1390](<https://nvd.nist.gov/vuln/detail/CVE-2020-1390>) \n[CVE-2020-1391](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1391>) \n[CVE-2020-1392](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1392>) \n[CVE-2020-1393](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1393>) \n[CVE-2020-1040](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1040>) \n[CVE-2020-1041](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1041>) \n[CVE-2020-1042](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1042>) \n[CVE-2020-1043](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1043>) \n[CVE-2020-1032](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1032>) \n[CVE-2020-1036](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1036>) \n[CVE-2020-1361](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1361>) \n[CVE-2020-1360](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1360>) \n[CVE-2020-1363](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1363>) \n[CVE-2020-1362](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1362>) \n[CVE-2020-1365](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1365>) \n[CVE-2020-1364](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1364>) \n[CVE-2020-1367](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1367>) \n[CVE-2020-1366](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1366>) \n[CVE-2020-1369](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1369>) \n[CVE-2020-1368](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1368>) \n[CVE-2020-1438](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1438>) \n[CVE-2020-1435](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1435>) \n[CVE-2020-1434](<https://nvd.nist.gov/vuln/detail/CVE-2020-1434>) \n[CVE-2020-1437](<https://nvd.nist.gov/vuln/detail/CVE-2020-1437>) \n[CVE-2020-1436](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1436>) \n[CVE-2020-1431](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1431>) \n[CVE-2020-1430](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1430>) \n[CVE-2020-1372](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1372>) \n[CVE-2020-1373](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1373>) \n[CVE-2020-1370](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1370>) \n[CVE-2020-1371](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1371>) \n[CVE-2020-1374](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1374>) \n[CVE-2020-1375](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1375>) \n[CVE-2020-1249](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1249>) \n[CVE-2020-1428](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1428>) \n[CVE-2020-1429](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1429>) \n[CVE-2020-1426](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1426>) \n[CVE-2020-1427](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1427>) \n[CVE-2020-1424](<https://nvd.nist.gov/vuln/detail/CVE-2020-1424>) \n[CVE-2020-1422](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1422>) \n[CVE-2020-1423](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1423>) \n[CVE-2020-1420](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1420>) \n[CVE-2020-1421](<https://nvd.nist.gov/vuln/detail/CVE-2020-1421>) \n[ADV200008](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200008>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Microsoft Windows](<https://threats.kaspersky.com/en/product/Microsoft-Windows/>)\n\n### *CVE-IDS*:\n[CVE-2020-1393](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1393>)5.0Critical \n[CVE-2020-1333](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1333>)5.0Critical \n[CVE-2020-1384](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1384>)5.0Critical \n[CVE-2020-1346](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1346>)5.0Critical \n[CVE-2020-1389](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1389>)5.0Critical \n[CVE-2020-1032](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1032>)5.0Critical \n[CVE-2020-1036](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1036>)5.0Critical \n[CVE-2020-1360](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1360>)5.0Critical \n[CVE-2020-1267](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1267>)5.0Critical \n[CVE-2020-1365](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1365>)5.0Critical \n[CVE-2020-1354](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1354>)5.0Critical \n[CVE-2020-1419](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1419>)5.0Critical \n[CVE-2020-1438](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1438>)5.0Critical \n[CVE-2020-1435](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1435>)5.0Critical \n[CVE-2020-1412](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1412>)5.0Critical \n[CVE-2020-1437](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1437>)5.0Critical \n[CVE-2020-1436](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1436>)5.0Critical \n[CVE-2020-1430](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1430>)5.0Critical \n[CVE-2020-1428](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1428>)5.0Critical \n[CVE-2020-1396](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1396>)5.0Critical \n[CVE-2020-1397](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1397>)5.0Critical \n[CVE-2020-1390](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1390>)5.0Critical \n[CVE-2020-1359](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1359>)5.0Critical \n[CVE-2020-1371](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1371>)5.0Critical \n[CVE-2020-1350](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1350>)5.0Critical \n[CVE-2020-1351](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1351>)5.0Critical \n[CVE-2020-1040](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1040>)5.0Critical \n[CVE-2020-1041](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1041>)5.0Critical \n[CVE-2020-1042](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1042>)5.0Critical \n[CVE-2020-1043](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1043>)5.0Critical \n[CVE-2020-1373](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1373>)5.0Critical \n[CVE-2020-1410](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1410>)5.0Critical \n[CVE-2020-1374](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1374>)5.0Critical \n[CVE-2020-1085](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1085>)5.0Critical \n[CVE-2020-1407](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1407>)5.0Critical \n[CVE-2020-1400](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1400>)5.0Critical \n[CVE-2020-1401](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1401>)5.0Critical \n[CVE-2020-1402](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1402>)5.0Critical \n[CVE-2020-1427](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1427>)5.0Critical \n[CVE-2020-1468](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1468>)5.0Critical \n[CVE-2020-1408](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1408>)5.0Critical \n[CVE-2020-1409](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1409>)5.0Critical \n[CVE-2020-1421](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1421>)5.0Critical \n[CVE-2020-1347](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1347>)5.0Critical \n[CVE-2020-1344](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1344>)5.0Critical \n[CVE-2020-1418](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1418>)5.0Critical \n[CVE-2020-1413](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1413>)5.0Critical \n[CVE-2020-1411](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1411>)5.0Critical \n[CVE-2020-1415](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1415>)5.0Critical \n[CVE-2020-1414](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1414>)5.0Critical \n[CVE-2020-1358](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1358>)5.0Critical \n[CVE-2020-1352](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1352>)5.0Critical \n[CVE-2020-1353](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1353>)5.0Critical \n[CVE-2020-1355](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1355>)5.0Critical \n[CVE-2020-1356](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1356>)5.0Critical \n[CVE-2020-1357](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1357>)5.0Critical \n[CVE-2020-1404](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1404>)5.0Critical \n[CVE-2020-1405](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1405>)5.0Critical \n[CVE-2020-1406](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1406>)5.0Critical \n[CVE-2020-1336](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1336>)5.0Critical \n[CVE-2020-1330](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1330>)5.0Critical \n[CVE-2020-1463](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1463>)5.0Critical \n[CVE-2020-1382](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1382>)5.0Critical \n[CVE-2020-1381](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1381>)5.0Critical \n[CVE-2020-1387](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1387>)5.0Critical \n[CVE-2020-1386](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1386>)5.0Critical \n[CVE-2020-1385](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1385>)5.0Critical \n[CVE-2020-1388](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1388>)5.0Critical \n[CVE-2020-1398](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1398>)5.0Critical \n[CVE-2020-1399](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1399>)5.0Critical \n[CVE-2020-1394](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1394>)5.0Critical \n[CVE-2020-1395](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1395>)5.0Critical \n[CVE-2020-1391](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1391>)5.0Critical \n[CVE-2020-1392](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1392>)5.0Critical \n[CVE-2020-1361](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1361>)5.0Critical \n[CVE-2020-1363](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1363>)5.0Critical \n[CVE-2020-1362](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1362>)5.0Critical \n[CVE-2020-1364](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1364>)5.0Critical \n[CVE-2020-1367](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1367>)5.0Critical \n[CVE-2020-1366](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1366>)5.0Critical \n[CVE-2020-1369](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1369>)5.0Critical \n[CVE-2020-1368](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1368>)5.0Critical \n[CVE-2020-1434](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1434>)5.0Critical \n[CVE-2020-1431](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1431>)5.0Critical \n[CVE-2020-1372](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1372>)5.0Critical \n[CVE-2020-1370](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1370>)5.0Critical \n[CVE-2020-1375](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1375>)5.0Critical \n[CVE-2020-1249](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1249>)5.0Critical \n[CVE-2020-1429](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1429>)5.0Critical \n[CVE-2020-1426](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1426>)5.0Critical \n[CVE-2020-1424](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1424>)5.0Critical \n[CVE-2020-1422](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1422>)5.0Critical \n[CVE-2020-1423](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1423>)5.0Critical \n[CVE-2020-1420](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1420>)5.0Critical\n\n### *KB list*:\n[4565541](<http://support.microsoft.com/kb/4565541>) \n[4558998](<http://support.microsoft.com/kb/4558998>) \n[4565489](<http://support.microsoft.com/kb/4565489>) \n[4565483](<http://support.microsoft.com/kb/4565483>) \n[4565508](<http://support.microsoft.com/kb/4565508>) \n[4565511](<http://support.microsoft.com/kb/4565511>) \n[4565513](<http://support.microsoft.com/kb/4565513>) \n[4565537](<http://support.microsoft.com/kb/4565537>) \n[4565503](<http://support.microsoft.com/kb/4565503>) \n[4565540](<http://support.microsoft.com/kb/4565540>) \n[4565554](<http://support.microsoft.com/kb/4565554>) \n[4565553](<http://support.microsoft.com/kb/4565553>) \n[4566425](<http://support.microsoft.com/kb/4566425>) \n[4558997](<http://support.microsoft.com/kb/4558997>) \n[4565911](<http://support.microsoft.com/kb/4565911>) \n[4565912](<http://support.microsoft.com/kb/4565912>) \n[4566785](<http://support.microsoft.com/kb/4566785>) \n[4566426](<http://support.microsoft.com/kb/4566426>) \n[4565535](<http://support.microsoft.com/kb/4565535>) \n[4565552](<http://support.microsoft.com/kb/4565552>) \n[4571692](<http://support.microsoft.com/kb/4571692>) \n[4571694](<http://support.microsoft.com/kb/4571694>)\n\n### *Microsoft official advisories*:", "edition": 2, "modified": "2020-09-10T00:00:00", "published": "2020-07-14T00:00:00", "id": "KLA11865", "href": "https://threats.kaspersky.com/en/vulnerability/KLA11865", "title": "\r KLA11865Multiple vulnerabilities in Microsoft Windows ", "type": "kaspersky", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "avleonov": [{"lastseen": "2020-08-30T20:06:45", "bulletinFamily": "blog", "cvelist": ["CVE-2020-0604", "CVE-2020-1046", "CVE-2020-1182", "CVE-2020-1337", "CVE-2020-1339", "CVE-2020-1341", "CVE-2020-1377", "CVE-2020-1378", "CVE-2020-1379", "CVE-2020-1380", "CVE-2020-1383", "CVE-2020-1417", "CVE-2020-1455", "CVE-2020-1459", "CVE-2020-1464", "CVE-2020-1466", "CVE-2020-1467", "CVE-2020-1470", "CVE-2020-1472", "CVE-2020-1473", "CVE-2020-1474", "CVE-2020-1475", "CVE-2020-1476", "CVE-2020-1477", "CVE-2020-1478", "CVE-2020-1479", "CVE-2020-1480", "CVE-2020-1483", "CVE-2020-1484", "CVE-2020-1485", "CVE-2020-1486", "CVE-2020-1487", "CVE-2020-1488", "CVE-2020-1489", "CVE-2020-1490", "CVE-2020-1492", "CVE-2020-1493", "CVE-2020-1494", "CVE-2020-1495", "CVE-2020-1496", "CVE-2020-1497", "CVE-2020-1498", "CVE-2020-1499", "CVE-2020-1500", "CVE-2020-1501", "CVE-2020-1502", "CVE-2020-1503", "CVE-2020-1504", "CVE-2020-1505", "CVE-2020-1509", "CVE-2020-1510", "CVE-2020-1511", "CVE-2020-1512", "CVE-2020-1513", "CVE-2020-1515", "CVE-2020-1516", "CVE-2020-1517", "CVE-2020-1518", "CVE-2020-1519", "CVE-2020-1520", "CVE-2020-1521", "CVE-2020-1522", "CVE-2020-1524", "CVE-2020-1525", "CVE-2020-1526", "CVE-2020-1527", "CVE-2020-1528", "CVE-2020-1529", "CVE-2020-1530", "CVE-2020-1531", "CVE-2020-1533", "CVE-2020-1534", "CVE-2020-1535", "CVE-2020-1536", "CVE-2020-1537", "CVE-2020-1538", "CVE-2020-1539", "CVE-2020-1540", "CVE-2020-1541", "CVE-2020-1542", "CVE-2020-1543", "CVE-2020-1544", "CVE-2020-1545", "CVE-2020-1546", "CVE-2020-1547", "CVE-2020-1548", "CVE-2020-1549", "CVE-2020-1550", "CVE-2020-1551", "CVE-2020-1552", "CVE-2020-1553", "CVE-2020-1554", "CVE-2020-1555", "CVE-2020-1556", "CVE-2020-1557", "CVE-2020-1558", "CVE-2020-1560", "CVE-2020-1561", "CVE-2020-1562", "CVE-2020-1563", "CVE-2020-1564", "CVE-2020-1565", "CVE-2020-1566", "CVE-2020-1567", "CVE-2020-1568", "CVE-2020-1569", "CVE-2020-1570", "CVE-2020-1571", "CVE-2020-1573", "CVE-2020-1574", "CVE-2020-1577", "CVE-2020-1578", "CVE-2020-1579", "CVE-2020-1580", "CVE-2020-1581", "CVE-2020-1582", "CVE-2020-1583", "CVE-2020-1584", "CVE-2020-1585", "CVE-2020-1587", "CVE-2020-1591", "CVE-2020-1597"], "description": "This time I would like to review not only the vulnerabilities that were published in the last August Microsoft Patch Tuesday, but also the CVEs that were published on other, not Patch Tuesday, days. Of course, if there are any.\n\n\n\nBut let's start with the vulnerabilities that were presented on MS Patch Tuesday on August 11th. There were 120 vulnerabilities: 17 of them are Critical and 103 Important. My [vulristics script](<https://github.com/leonov-av/vulristics/blob/master/report_ms_patch_tuesday_exploits.py>) could not find public exploits for these vulnerabilities on Vulners.com.\n\nFor the first time in a long time, there were 2 Exploitation Detected vulnerabilities.\n\n### Exploitation detected (2)\n\n#### Remote Code Execution\n\n * Internet Explorer ([CVE-2020-1380](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1380>))\n\n#### Spoofing\n\n * Windows ([CVE-2020-1464](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1464>))\n\nWindows spoofing ([CVE-2020-1464](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1464>)) is good for phishing. "In an attack scenario, an attacker could bypass security features intended to prevent improperly signed files from being loaded."\n\nRCE in Internet Explorer ([CVE-2020-1380](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1380>)) might be interesting in the context of "An attacker could also embed an ActiveX control marked "safe for initialization" in an application or Microsoft Office document that hosts the IE rendering engine". \n\n### Exploitation more likely (8)\n\n#### Remote Code Execution\n\n * Internet Explorer ([CVE-2020-1570](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1570>))\n * MSHTML Engine ([CVE-2020-1567](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1567>))\n\n#### Elevation of Privilege\n\n * Windows Ancillary Function Driver for WinSock ([CVE-2020-1587](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1587>))\n * Windows GDI ([CVE-2020-1480](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1480>), [CVE-2020-1529](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1529>))\n * Windows Kernel ([CVE-2020-1566](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1566>))\n * Windows dnsrslvr.dll ([CVE-2020-1584](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1584>))\n\n#### Information Disclosure\n\n * Windows Kernel ([CVE-2020-1578](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1578>))\n\nFor some reason, all VM vendors ignored Exploitation more likely vulnerabilities this time. Although RCE in Internet Explorer ([CVE-2020-1570](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1570>)) and MSHTML Engine ([CVE-2020-1567](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1567>)) may be interesting.\n\n### Other Product based (31)\n\n#### Media Foundation\n\n * Memory Corruption ([CVE-2020-1478](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1478>), [CVE-2020-1379](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1379>), [CVE-2020-1477](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1477>), [CVE-2020-1492](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1492>), [CVE-2020-1525](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1525>), [CVE-2020-1554](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1554>))\n * Information Disclosure ([CVE-2020-1487](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1487>))\n\n#### Microsoft Excel\n\n * Remote Code Execution ([CVE-2020-1494](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1494>), [CVE-2020-1495](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1495>), [CVE-2020-1496](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1496>), [CVE-2020-1498](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1498>), [CVE-2020-1504](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1504>))\n * Information Disclosure ([CVE-2020-1497](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1497>))\n\n#### Microsoft SharePoint\n\n * Information Disclosure ([CVE-2020-1505](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1505>))\n * Cross Site Scripting ([CVE-2020-1573](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1573>), [CVE-2020-1580](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1580>))\n * Spoofing ([CVE-2020-1499](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1499>), [CVE-2020-1500](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1500>), [CVE-2020-1501](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1501>))\n\n#### Windows Backup Engine\n\n * Elevation of Privilege ([CVE-2020-1535](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1535>), [CVE-2020-1536](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1536>), [CVE-2020-1539](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1539>), [CVE-2020-1540](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1540>), [CVE-2020-1541](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1541>), [CVE-2020-1542](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1542>), [CVE-2020-1543](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1543>), [CVE-2020-1544](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1544>), [CVE-2020-1545](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1545>), [CVE-2020-1546](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1546>), [CVE-2020-1547](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1547>), [CVE-2020-1551](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1551>))\n\nThis time, the products with the most vulnerabilities are Media Foundation, Microsoft Excel, Microsoft SharePoint and Windows Backup Engine. VM vendors pay attention to Memory Corruption (in fact RCE) in Media Foundation, RCE in Microsoft Excel and Elevation of Privilege in Windows Backup Engine.\n\n### Other Vulnerability Type based (79)\n\n#### Remote Code Execution\n\n * .NET Framework ([CVE-2020-1046](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1046>))\n * Jet Database Engine ([CVE-2020-1473](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1473>), [CVE-2020-1557](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1557>), [CVE-2020-1558](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1558>), [CVE-2020-1564](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1564>))\n * Microsoft Access ([CVE-2020-1582](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1582>))\n * Microsoft Edge ([CVE-2020-1569](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1569>))\n * Microsoft Edge PDF ([CVE-2020-1568](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1568>))\n * Microsoft Graphics Components ([CVE-2020-1561](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1561>), [CVE-2020-1562](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1562>))\n * Microsoft Office ([CVE-2020-1563](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1563>))\n * Microsoft Outlook ([CVE-2020-1483](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1483>))\n * Microsoft Windows Codecs Library ([CVE-2020-1560](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1560>), [CVE-2020-1574](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1574>), [CVE-2020-1585](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1585>))\n * Scripting Engine ([CVE-2020-1555](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1555>))\n * Visual Studio Code ([CVE-2020-0604](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0604>))\n * Windows Font Driver Host ([CVE-2020-1520](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1520>))\n * Windows Media ([CVE-2020-1339](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1339>))\n\n#### Denial of Service\n\n * ASP.NET Core ([CVE-2020-1597](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1597>))\n * Microsoft SQL Server Management Studio ([CVE-2020-1455](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1455>))\n * Windows Remote Desktop Gateway (RD Gateway) ([CVE-2020-1466](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1466>))\n\n#### Elevation of Privilege\n\n * ASP.NET and .NET ([CVE-2020-1476](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1476>))\n * Connected User Experiences and Telemetry Service ([CVE-2020-1511](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1511>))\n * DirectX ([CVE-2020-1479](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1479>))\n * Local Security Authority Subsystem Service ([CVE-2020-1509](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1509>))\n * Microsoft Office Click-to-Run ([CVE-2020-1581](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1581>))\n * Netlogon ([CVE-2020-1472](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1472>))\n * Windows ([CVE-2020-1565](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1565>))\n * Windows Accounts Control ([CVE-2020-1531](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1531>))\n * Windows AppX Deployment Extensions ([CVE-2020-1488](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1488>))\n * Windows Backup Service ([CVE-2020-1534](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1534>))\n * Windows CDP User Components ([CVE-2020-1549](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1549>), [CVE-2020-1550](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1550>))\n * Windows CSC Service ([CVE-2020-1489](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1489>), [CVE-2020-1513](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1513>))\n * Windows Custom Protocol Engine ([CVE-2020-1527](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1527>))\n * Windows File Server Resource Management Service ([CVE-2020-1517](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1517>), [CVE-2020-1518](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1518>))\n * Windows Function Discovery SSDP Provider ([CVE-2020-1579](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1579>))\n * Windows Hard Link ([CVE-2020-1467](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1467>))\n * Windows Kernel ([CVE-2020-1417](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1417>), [CVE-2020-1486](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1486>))\n * Windows Network Connection Broker ([CVE-2020-1526](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1526>))\n * Windows Print Spooler ([CVE-2020-1337](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1337>))\n * Windows Radio Manager API ([CVE-2020-1528](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1528>))\n * Windows Registry ([CVE-2020-1377](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1377>), [CVE-2020-1378](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1378>))\n * Windows Remote Access ([CVE-2020-1530](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1530>), [CVE-2020-1537](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1537>))\n * Windows Runtime ([CVE-2020-1553](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1553>))\n * Windows Server Resource Management Service ([CVE-2020-1475](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1475>))\n * Windows Setup ([CVE-2020-1571](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1571>))\n * Windows Speech Runtime ([CVE-2020-1521](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1521>), [CVE-2020-1522](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1522>))\n * Windows Speech Shell Components ([CVE-2020-1524](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1524>))\n * Windows Storage Service ([CVE-2020-1490](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1490>))\n * Windows Telephony Server ([CVE-2020-1515](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1515>))\n * Windows UPnP Device Host ([CVE-2020-1519](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1519>), [CVE-2020-1538](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1538>))\n * Windows WalletService ([CVE-2020-1533](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1533>), [CVE-2020-1556](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1556>))\n * Windows Work Folder Service ([CVE-2020-1552](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1552>))\n * Windows Work Folders Service ([CVE-2020-1470](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1470>), [CVE-2020-1484](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1484>), [CVE-2020-1516](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1516>))\n\n#### Information Disclosure\n\n * DirectWrite ([CVE-2020-1577](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1577>))\n * Microsoft Outlook ([CVE-2020-1493](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1493>))\n * Microsoft Word ([CVE-2020-1502](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1502>), [CVE-2020-1503](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1503>), [CVE-2020-1583](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1583>))\n * Windows ARM ([CVE-2020-1459](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1459>))\n * Windows Image Acquisition Service ([CVE-2020-1474](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1474>), [CVE-2020-1485](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1485>))\n * Windows Kernel ([CVE-2020-1510](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1510>))\n * Windows RRAS Service ([CVE-2020-1383](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1383>))\n * Windows State Repository Service ([CVE-2020-1512](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1512>))\n * Windows WaasMedic Service ([CVE-2020-1548](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1548>))\n\n#### Cross Site Scripting\n\n * Microsoft Dynamics 365 (On-Premise) ([CVE-2020-1591](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1591>))\n\nIf we look at the rest of the vulnerabilities, the most interesting are RCEs in Jet Database Engine ([CVE-2020-1473](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1473>), [CVE-2020-1557](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1557>), [CVE-2020-1558](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1558>), [CVE-2020-1564](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1564>)), Microsoft Edge PDF ([CVE-2020-1568](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1568>)), Microsoft Windows Codecs Library ([CVE-2020-1560](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1560>), [CVE-2020-1574](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1574>), [CVE-2020-1585](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1585>)) and Windows Media ([CVE-2020-1339](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1339>)). \n\nThe second block is Elevation of Privilege in Local Security Authority Subsystem Service (LSASS) ([CVE-2020-1509](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1509>)), Windows Print Spooler ([CVE-2020-1337](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1337>)) and Netlogon ([CVE-2020-1472](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1472>)). For the last one "an unauthenticated attacker could use MS-NRPC to connect to a domain controller as a domain administrator".\n\n## Other vulnerabilities\n\nNow let's take a look at the vulnerabilities that were released from 07/15/2020 to 08/27/2020 excluding the August Patch Tuesday. I added support for such exceptions in report_ms_patch_tuesday.py in Vulristics. In fact, there were very few CVE vulnerabilities outside the Patch Tuesday.\n\n### Other Vulnerability Type based (2)\n\n#### Remote Code Execution\n\n * Microsoft Dynamics 365 for Finance and Operations (on-premises) ([CVE-2020-1182](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1182>))\n\n#### Elevation of Privilege\n\n * Microsoft Edge (Chromium-based) ([CVE-2020-1341](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1341>))\n\nRCE in on-premises Microsoft Dynamics 365 for Finance and Operations. "An authenticated attacker with privileges to import and export data could exploit this vulnerability by sending a specially crafted file to a vulnerable Dynamics server".\n\nElevation of Privilege in Microsoft Edge. "To exploit the vulnerability, the user must browse to a malicious website that is design to download a DLL file and click on the page to being the process". But this vulnerability is surprisingly low-critical, only Moderate.\n\nYou may have heard about Microsoft unscheduled update to Windows Remote Access Elevation of Privilege released August 20. But it was about the same vulnerabilities ([CVE-2020-1530](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1530>), [CVE-2020-1537](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1537>)) that were presented in August Patch Tuesday, but fixes this vulnerability for older OS versions: Windows 8.1, RT 8.1, and Server 2012 R2.\n\n", "modified": "2020-08-30T22:13:56", "published": "2020-08-30T22:13:56", "id": "AVLEONOV:F17F36C3CC642EBDC27E43900FE3905E", "href": "http://feedproxy.google.com/~r/avleonov/~3/shc67E2GAnY/", "type": "avleonov", "title": "Microsoft Patch Tuesday August 2020: vulnerabilities with Detected Exploitation, useful for phishing and others", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-20T04:20:58", "bulletinFamily": "blog", "cvelist": ["CVE-2020-1025", "CVE-2020-1032", "CVE-2020-1036", "CVE-2020-1040", "CVE-2020-1041", "CVE-2020-1042", "CVE-2020-1043", "CVE-2020-1085", "CVE-2020-1147", "CVE-2020-1240", "CVE-2020-1249", "CVE-2020-1267", "CVE-2020-1326", "CVE-2020-1330", "CVE-2020-1333", "CVE-2020-1336", "CVE-2020-1342", "CVE-2020-1344", "CVE-2020-1346", "CVE-2020-1347", "CVE-2020-1349", "CVE-2020-1350", "CVE-2020-1351", "CVE-2020-1352", "CVE-2020-1353", "CVE-2020-1354", "CVE-2020-1355", "CVE-2020-1356", "CVE-2020-1357", "CVE-2020-1358", "CVE-2020-1359", "CVE-2020-1360", "CVE-2020-1361", "CVE-2020-1362", "CVE-2020-1363", "CVE-2020-1364", "CVE-2020-1365", "CVE-2020-1366", "CVE-2020-1367", "CVE-2020-1368", "CVE-2020-1369", "CVE-2020-1370", "CVE-2020-1371", "CVE-2020-1372", "CVE-2020-1373", "CVE-2020-1374", "CVE-2020-1375", "CVE-2020-1381", "CVE-2020-1382", "CVE-2020-1384", "CVE-2020-1385", "CVE-2020-1386", "CVE-2020-1387", "CVE-2020-1388", "CVE-2020-1389", "CVE-2020-1390", "CVE-2020-1391", "CVE-2020-1392", "CVE-2020-1393", "CVE-2020-1394", "CVE-2020-1395", "CVE-2020-1396", "CVE-2020-1397", "CVE-2020-1398", "CVE-2020-1399", "CVE-2020-1400", "CVE-2020-1401", "CVE-2020-1402", "CVE-2020-1403", "CVE-2020-1404", "CVE-2020-1405", "CVE-2020-1406", "CVE-2020-1407", "CVE-2020-1408", "CVE-2020-1409", "CVE-2020-1410", "CVE-2020-1411", "CVE-2020-1412", "CVE-2020-1413", "CVE-2020-1414", "CVE-2020-1415", "CVE-2020-1416", "CVE-2020-1418", "CVE-2020-1419", "CVE-2020-1420", "CVE-2020-1421", "CVE-2020-1422", "CVE-2020-1423", "CVE-2020-1424", "CVE-2020-1426", "CVE-2020-1427", "CVE-2020-1428", "CVE-2020-1429", "CVE-2020-1430", "CVE-2020-1431", "CVE-2020-1432", "CVE-2020-1433", "CVE-2020-1434", "CVE-2020-1435", "CVE-2020-1436", "CVE-2020-1437", "CVE-2020-1438", "CVE-2020-1439", "CVE-2020-1442", "CVE-2020-1443", "CVE-2020-1444", "CVE-2020-1445", "CVE-2020-1446", "CVE-2020-1447", "CVE-2020-1448", "CVE-2020-1449", "CVE-2020-1450", "CVE-2020-1451", "CVE-2020-1454", "CVE-2020-1456", "CVE-2020-1458", "CVE-2020-1461", "CVE-2020-1462", "CVE-2020-1463", "CVE-2020-1465", "CVE-2020-1468", "CVE-2020-1469", "CVE-2020-1481"], "description": "I am doing this episode about July vulnerabilities already in August. There are 2 reasons for this. First of all, July Microsoft Patch Tuesday was published in the middle of the month, as late as possible. Secondly, in the second half of July I spent my free time mostly on coding. And I would like to talk more about this.\n\n\n\n## Vulristics\n\nI decided to release my Microsoft Patch Tuesday reporting tool as part of a larger open source project ([github](<https://github.com/leonov-av/vulristics>)). I named it _Vulristics _(from \u201cVulnerability\u201d and \u201cHeuristics\u201d). I want this to be an extensible framework for analyzing publicly available information about vulnerabilities.\n\nLet's say we have a vulnerability ID (CVE ID) and we need to decide whether it is really critical or not. We will probably go to some vulnerability databases ([NVD](<https://nvd.nist.gov/vuln/detail/CVE-2020-1350>), [CVE page on the Microsoft website](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1350>), [Vulners.com](<https://vulners.com/cve/CVE-2020-1350>), etc.) and somehow analyze the descriptions and parameters. Right? Such analysis can be quite complex and not so obvious. My idea is to formalize it and make it shareable. It may not be the most efficient way to process data, but it should reflect real human experience, the things that real vulnerability analysts do. This is the main goal.\n\nCurrently, there are the following scripts available:\n\n 1. [report_ms_patch_tuesday.py](<https://github.com/leonov-av/vulristics/blob/master/report_ms_patch_tuesday.py>) - analyze and group Microsoft Patch Tuesday CVEs.\n 2. [report_cve.py](<https://github.com/leonov-av/vulristics/blob/master/report_cve.py>) - collect and preprocess CVE ID-related data from NVD, Microsoft.com and Vulners.\n 3. [report_ms_patch_tuesday_exploits.py](<https://github.com/leonov-av/vulristics/blob/master/report_ms_patch_tuesday_exploits.py>) - get Microsoft Patch Tuesday CVEs and filter vulnerabilities with public exploits (based on Vulners.com).\n\nOf course, we can do much more than that. I have plans to add:\n\n * analysis of the vulnerability description based on keywords and phrases (it's good that such descriptions usually have a fairly regular structure)\n * analysis of references\n * danger and relevance metrics counting ([vulnerability quadrants](<https://avleonov.com/2017/05/10/vulnerability-quadrants/>)) \nand so on.\n\nIf you have good ideas please [share them in the chat](<https://t.me/avleonovchat>). The help in coding will be also pretty much appreciated. \n\nFinally, some obvious warnings:\n\n * This tool is NOT an interface to any particular database.\n * The tool makes requests to third-party sources.\n\nSo keep in mind that if you actively use it for bulk operations, you may have problems with the owners of these third-party sources, for example, your IP address will simply be banned. So be careful and reasonable!\n\n## July MS Patch Tuesday Report\n\nBut enough about my tool, let's talk about the results for July MS Patch Tuesday. There were 123 vulnerabilities in July. 18 are critical and 105 are important. As for the public exploits, I checked the vulnerabilities with a report_ms_patch_tuesday_exploits.py and found nothing.\n\nThere are no exploits for these vulnerabilities on Vulners. Microsoft also believes that there are no _Exploitation detected_ vulnerabilities this time.\n\n### Exploitation more likely\n\nBut we see 8 _Exploitation of more likely_ vulnerabilities:\n\n#### Remote Code Execution\n\n * .NET Framework, SharePoint Server, and Visual Studio ([CVE-2020-1147](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1147>))\n * Remote Desktop Client ([CVE-2020-1374](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1374>))\n * VBScript ([CVE-2020-1403](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1403>))\n * Windows DNS Server ([CVE-2020-1350](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1350>))\n\n#### Elevation of Privilege\n\n * Windows Graphics Component ([CVE-2020-1381](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1381>), [CVE-2020-1382](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1382>))\n * Windows Runtime ([CVE-2020-1399](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1399>))\n\n#### Information Disclosure\n\n * Windows Kernel ([CVE-2020-1426](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1426>))\n\nWindows DNS Server RCE ([CVE-2020-1350](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1350>)), called SIGRed, is the star of this Patch Tuesday. It's extremely critical and has existed for 17 years, affecting Windows Server versions from 2003 to 2019. Getting RCE with only a DNS request is really impressive. Checkpoint guys made a [great article about this vulnerability](<https://research.checkpoint.com/2020/resolving-your-way-into-domain-admin-exploiting-a-17-year-old-bug-in-windows-dns-servers/>) with [video of PoC](<https://www.youtube.com/watch?v=PUlMmhD5it8>) . When this vulnerability was released, there was a feeling that there would be a public RCE exploit soon. But still there are only several [Rickroll jokes](<https://github.com/ZephrFish/CVE-2020-1350>) and DoS exploit by [maxpl0it](<https://github.com/maxpl0it/CVE-2020-1350-DoS/commits?author=maxpl0it>), which looks workable, but for some reason is not present in the exploit databases, for example in [exploit-db](<https://www.exploit-db.com/>).Therefore, [Vulners does not see it](<https://vulners.com/cve/CVE-2020-1350>), as I mentioned above. Indeed, searching for exploits and exploit validation are important tasks!\n\nIn second place, of course, RDP Client RCE ([CVE-2020-1374](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1374>)). When a client connects to an infected server it become susceptible to an RCE attack. All versions from Windows 7 (and possibly earlier!) to the latest version of Windows 10 (2004) are vulnerable. Of course, the exploitation of this vulnerability requires social engineering or Man-in-the-Middle attack.\n\nNET Framework, SharePoint Server, and Visual Studio RCE ([CVE-2020-1147](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1147>)) involves the deserialization of XML content. To exploit this vulnerability, an attacker could upload a specially crafted document to a server utilizing an affected product to process content.\n\nVBScript RCE ([CVE-2020-1403](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1403>)). An attacker would have to convince a user to execute malicious code through phishing or to visit a malicious website, where the user would download and execute a crafted file. In fact, we see tons of these vulnerabilities every Patch Tuesday, but still no exploits.\n\nWindows Graphics Component Elevation of Privilege vulnerabilities ([CVE-2020-1381](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1381>), [CVE-2020-1382](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1382>)). An attacker logs onto a vulnerable system and executes a specially crafted application to run processes in an elevated context.\n\n### Other Product based (14)\n\nLooking at other vulnerabilities, the products with the most vulnerabilities are Hyper-V RemoteFX vGPU (RCEs) and Windows Runtime (EoPs). \n\n#### Hyper-V RemoteFX vGPU\n\n * Remote Code Execution ([CVE-2020-1032](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1032>), [CVE-2020-1036](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1036>), [CVE-2020-1040](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1040>), [CVE-2020-1041](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1041>), [CVE-2020-1042](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1042>), [CVE-2020-1043](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1043>))\n\n#### Windows Runtime\n\n * Elevation of Privilege ([CVE-2020-1249](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1249>), [CVE-2020-1353](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1353>), [CVE-2020-1370](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1370>), [CVE-2020-1404](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1404>), [CVE-2020-1413](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1413>), [CVE-2020-1414](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1414>), [CVE-2020-1415](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1415>), [CVE-2020-1422](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1422>))\n\nRCEs in Hyper-V RemoteFX vGPU ([CVE-2020-1032](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1032>), [CVE-2020-1036](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1036>), [CVE-2020-1040](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1040>), [CVE-2020-1041](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1041>), [CVE-2020-1042](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1042>), [CVE-2020-1043](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1043>)). Microsoft patch simply disables RemoteFX functionality. According to Microsoft: \u201cRemoteFX vGPU has been deprecated in Windows Server 2019 and customers are advised to use Discrete Device Assignment (DDA) instead of RemoteFX vGPU. DDA was introduced in Windows Server 2016.\u201d\n\n### Other Vulnerability Type based (101)\n\n#### Remote Code Execution\n\n * DirectWrite ([CVE-2020-1409](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1409>))\n * GDI+ ([CVE-2020-1435](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1435>))\n * Jet Database Engine ([CVE-2020-1400](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1400>), [CVE-2020-1401](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1401>), [CVE-2020-1407](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1407>))\n * LNK ([CVE-2020-1421](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1421>))\n * Microsoft Excel ([CVE-2020-1240](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1240>))\n * Microsoft Graphics ([CVE-2020-1408](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1408>))\n * Microsoft Graphics Components ([CVE-2020-1412](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1412>))\n * Microsoft Office ([CVE-2020-1458](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1458>))\n * Microsoft Outlook ([CVE-2020-1349](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1349>))\n * Microsoft Project ([CVE-2020-1449](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1449>))\n * Microsoft SharePoint ([CVE-2020-1444](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1444>))\n * Microsoft Word ([CVE-2020-1446](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1446>), [CVE-2020-1447](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1447>), [CVE-2020-1448](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1448>))\n * PerformancePoint Services ([CVE-2020-1439](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1439>))\n * Visual Studio Code ESLint Extention ([CVE-2020-1481](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1481>))\n * Windows Address Book ([CVE-2020-1410](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1410>))\n * Windows Font Driver Host ([CVE-2020-1355](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1355>))\n * Windows Font Library ([CVE-2020-1436](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1436>))\n\n#### Denial of Service\n\n * Bond ([CVE-2020-1469](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1469>))\n * Local Security Authority Subsystem Service ([CVE-2020-1267](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1267>))\n * Windows WalletService ([CVE-2020-1364](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1364>))\n\n#### Elevation of Privilege\n\n * Group Policy Services Policy Processing ([CVE-2020-1333](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1333>))\n * Microsoft Defender ([CVE-2020-1461](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1461>))\n * Microsoft Office ([CVE-2020-1025](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1025>))\n * Microsoft OneDrive ([CVE-2020-1465](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1465>))\n * Visual Studio and Visual Studio Code ([CVE-2020-1416](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1416>))\n * Windows ([CVE-2020-1388](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1388>), [CVE-2020-1392](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1392>), [CVE-2020-1394](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1394>), [CVE-2020-1395](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1395>))\n * Windows ALPC ([CVE-2020-1396](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1396>))\n * Windows ActiveX Installer Service ([CVE-2020-1402](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1402>))\n * Windows AppX Deployment Extensions ([CVE-2020-1431](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1431>))\n * Windows CNG Key Isolation Service ([CVE-2020-1359](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1359>), [CVE-2020-1384](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1384>))\n * Windows COM Server ([CVE-2020-1375](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1375>))\n * Windows Credential Enrollment Manager Service ([CVE-2020-1368](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1368>))\n * Windows Credential Picker ([CVE-2020-1385](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1385>))\n * Windows Diagnostics Hub ([CVE-2020-1393](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1393>), [CVE-2020-1418](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1418>))\n * Windows Error Reporting Manager ([CVE-2020-1429](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1429>))\n * Windows Event Logging Service ([CVE-2020-1365](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1365>), [CVE-2020-1371](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1371>))\n * Windows Function Discovery Service ([CVE-2020-1085](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1085>))\n * Windows Kernel ([CVE-2020-1336](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1336>), [CVE-2020-1411](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1411>))\n * Windows Lockscreen ([CVE-2020-1398](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1398>))\n * Windows Mobile Device Management Diagnostics ([CVE-2020-1372](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1372>), [CVE-2020-1405](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1405>))\n * Windows Modules Installer ([CVE-2020-1346](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1346>))\n * Windows Network Connections Service ([CVE-2020-1373](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1373>), [CVE-2020-1390](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1390>), [CVE-2020-1427](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1427>), [CVE-2020-1428](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1428>), [CVE-2020-1438](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1438>))\n * Windows Network List Service ([CVE-2020-1406](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1406>))\n * Windows Network Location Awareness Service ([CVE-2020-1437](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1437>))\n * Windows Picker Platform ([CVE-2020-1363](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1363>))\n * Windows Print Workflow Service ([CVE-2020-1366](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1366>))\n * Windows Profile Service ([CVE-2020-1360](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1360>))\n * Windows Push Notification Service ([CVE-2020-1387](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1387>))\n * Windows SharedStream Library ([CVE-2020-1463](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1463>))\n * Windows Storage Services ([CVE-2020-1347](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1347>))\n * Windows Subsystem for Linux ([CVE-2020-1423](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1423>))\n * Windows Sync Host Service ([CVE-2020-1434](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1434>))\n * Windows System Events Broker ([CVE-2020-1357](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1357>))\n * Windows UPnP Device Host ([CVE-2020-1354](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1354>), [CVE-2020-1430](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1430>))\n * Windows USO Core Worker ([CVE-2020-1352](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1352>))\n * Windows Update Stack ([CVE-2020-1424](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1424>))\n * Windows WalletService ([CVE-2020-1344](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1344>), [CVE-2020-1362](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1362>), [CVE-2020-1369](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1369>))\n * Windows iSCSI Target Service ([CVE-2020-1356](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1356>))\n\n#### Information Disclosure\n\n * Connected User Experiences and Telemetry Service ([CVE-2020-1386](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1386>))\n * Microsoft Edge PDF ([CVE-2020-1433](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1433>))\n * Microsoft Graphics Component ([CVE-2020-1351](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1351>))\n * Microsoft Office ([CVE-2020-1342](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1342>), [CVE-2020-1445](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1445>))\n * Skype for Business via Internet Explorer ([CVE-2020-1432](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1432>))\n * Skype for Business via Microsoft Edge (EdgeHTML-based) ([CVE-2020-1462](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1462>))\n * Windows Agent Activation Runtime ([CVE-2020-1391](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1391>))\n * Windows Error Reporting ([CVE-2020-1420](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1420>))\n * Windows GDI ([CVE-2020-1468](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1468>))\n * Windows Imaging Component ([CVE-2020-1397](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1397>))\n * Windows Kernel ([CVE-2020-1367](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1367>), [CVE-2020-1389](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1389>), [CVE-2020-1419](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1419>))\n * Windows Mobile Device Management Diagnostics ([CVE-2020-1330](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1330>))\n * Windows Resource Policy ([CVE-2020-1358](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1358>))\n * Windows WalletService ([CVE-2020-1361](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1361>))\n\n#### Cross Site Scripting\n\n * Azure DevOps Server ([CVE-2020-1326](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1326>))\n * Microsoft SharePoint ([CVE-2020-1450](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1450>), [CVE-2020-1451](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1451>), [CVE-2020-1456](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1456>))\n * Microsoft SharePoint Reflective ([CVE-2020-1454](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1454>))\n * Office Web Apps ([CVE-2020-1442](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1442>))\n\n#### Spoofing\n\n * Microsoft SharePoint ([CVE-2020-1443](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1443>))\n\nAmong other vulnerabilities, vulnerability management vendors highlight\n\nRCE in PerformancePoint Services ([CVE-2020-1439](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1439>)). PerformancePoint is a SharePoint component and the vulnerability is similar to the _Exploitation more likely_ SharePoint vulnerability ([CVE-2020-1147](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1147>)) we discussed above.\n\nMicrosoft Word RCEs ([CVE-2020-1446](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1446>), [CVE-2020-1447](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1447>), [CVE-2020-1448](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1448>)). Exploitation of this vulnerability requires an attacker to send a specially crafted file to a victim, or to convince a user to visit a crafted website hosting a malicious file which the user must open with a vulnerable version of Microsoft Word. Obviously, this is good for phishing.\n\nJet Database Engine RCEs ([CVE-2020-1400](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1400>), [CVE-2020-1401](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1401>), [CVE-2020-1407](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1407>)). To exploit this vulnerability, an attacker must convince a victim to open a specially crafted file or visit a malicious website.\n\nVisual Studio Code ESLint Extention RCE ([CVE-2020-1481](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1481>)). To exploit this vulnerability, an attacker would need to convince a user to clone a repository and open it in Visual Studio Code. Attacker-specified code would execute in the context of the current user, with the same rights and permissions.\n\nWindows Modules Installer Elevation of Privilege ([CVE-2020-1346](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1346>)) was mentioned by rapid7: "In this particular case, the Servicing Stack Updates released this month should been installed prior to installing the cumulative update/monthly rollup or security update patch. While it was not explicitly outlined, following these directions from Microsoft for CVE-2020-1346 may have a direct impact on the order of operations when resolving other issues such as CVE-2020-1350."\n\n", "modified": "2020-08-02T04:05:22", "published": "2020-08-02T04:05:22", "id": "AVLEONOV:7DAB33D28205885E8979C4C664958CDC", "href": "http://feedproxy.google.com/~r/avleonov/~3/BltzY4Fi__s/", "type": "avleonov", "title": "Microsoft Patch Tuesday July 2020: my new open source project Vulristics, DNS SIGRed, RDP Client and SharePoint", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}]}
