Microsoft Windows Multiple Vulnerabilities (KB4565483)

2020-07-15T00:00:00

Description

This host is missing a critical security update according to Microsoft KB4565483

{"id": "OPENVAS:1361412562310817088", "vendorId": null, "type": "openvas", "bulletinFamily": "scanner", "title": "Microsoft Windows Multiple Vulnerabilities (KB4565483)", "description": "This host is missing a critical security\n update according to Microsoft KB4565483", "published": "2020-07-15T00:00:00", "modified": "2020-07-20T00:00:00", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {}, "cvss3": {}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310817088", "reporter": "Copyright (C) 2020 Greenbone Networks GmbH", "references": ["https://support.microsoft.com/en-us/help/4565483"], "cvelist": ["CVE-2020-1373", "CVE-2020-1382", "CVE-2020-1367", "CVE-2020-1330", "CVE-2020-1354", "CVE-2020-1438", "CVE-2020-1404", "CVE-2020-1432", "CVE-2020-1401", "CVE-2020-1372", "CVE-2020-1403", "CVE-2020-1420", "CVE-2020-1413", "CVE-2020-1392", "CVE-2020-1405", "CVE-2020-1344", "CVE-2020-1414", "CVE-2020-1433", "CVE-2020-1353", "CVE-2020-1355", "CVE-2020-1415", "CVE-2020-1436", "CVE-2020-1375", "CVE-2020-1085", "CVE-2020-1390", "CVE-2020-1358", "CVE-2020-1402", "CVE-2020-1406", "CVE-2020-1371", "CVE-2020-1352", "CVE-2020-1350", "CVE-2020-1391", "CVE-2020-1411", "CVE-2020-1393", "CVE-2020-1386", "CVE-2020-1468", "CVE-2020-1422", "CVE-2020-1370", "CVE-2020-1347", "CVE-2020-1360", "CVE-2020-1419", "CVE-2020-1333", "CVE-2020-1356", "CVE-2020-1336", "CVE-2020-1389", "CVE-2020-1418", "CVE-2020-1385", "CVE-2020-1396", "CVE-2020-1362", "CVE-2020-1431", "CVE-2020-1388", "CVE-2020-1426", "CVE-2020-1397", "CVE-2020-1407", "CVE-2020-1384", "CVE-2020-1463", "CVE-2020-1427", "CVE-2020-1363", "CVE-2020-1381", "CVE-2020-1395", "CVE-2020-1267", "CVE-2020-1399", "CVE-2020-1368", "CVE-2020-1249", "CVE-2020-1430", "CVE-2020-1357", "CVE-2020-1412", "CVE-2020-1409", "CVE-2020-1462", "CVE-2020-1374", "CVE-2020-1421", "CVE-2020-1365", "CVE-2020-1435", "CVE-2020-1369", "CVE-2020-1408", "CVE-2020-1394", "CVE-2020-1437", "CVE-2020-1434", "CVE-2020-1366", "CVE-2020-1361", "CVE-2020-1400", "CVE-2020-1398", "CVE-2020-1359", "CVE-2020-1424", "CVE-2020-1428", "CVE-2020-1351", "CVE-2020-1429", "CVE-2020-1364", "CVE-2020-1387", "CVE-2020-1410"], "immutableFields": [], "lastseen": "2020-07-21T19:50:57", "viewCount": 20, "enchantments": {"dependencies": {"references": [{"type": "attackerkb", "idList": ["AKB:1DE0ADEC-8107-491A-BC8F-DCC3BF6EB3AB"]}, {"type": "avleonov", "idList": ["AVLEONOV:13BED8E5AD26449401A37E1273217B9A", "AVLEONOV:1ABE5F69187E5F9F8625DA462772F80C", "AVLEONOV:7DAB33D28205885E8979C4C664958CDC"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2020-0570", "CPAI-2020-0571", "CPAI-2020-0572", "CPAI-2020-0573", "CPAI-2020-0574", "CPAI-2020-0658", "CPAI-2020-0660", "CPAI-2020-0661"]}, {"type": "cisa", "idList": ["CISA:0A6DEB06CFB7BDA5A3D72E0F236C5665", "CISA:72803FA1C7CD81E274A0417B0A34353E"]}, {"type": "cisa_kev", "idList": ["CISA-KEV-CVE-2020-1350"]}, {"type": "cnvd", "idList": ["CNVD-2021-63329", "CNVD-2021-63330", "CNVD-2021-63331", "CNVD-2021-65603", "CNVD-2021-65604", "CNVD-2021-65605", "CNVD-2021-67488", "CNVD-2021-67489", "CNVD-2021-67490", "CNVD-2021-67491", "CNVD-2021-67492", "CNVD-2021-67493", "CNVD-2021-90801", "CNVD-2021-90802", "CNVD-2021-90803"]}, {"type": "cve", "idList": ["CVE-2020-1085", "CVE-2020-1249", "CVE-2020-1267", "CVE-2020-1330", "CVE-2020-1333", "CVE-2020-1336", "CVE-2020-1344", "CVE-2020-1347", "CVE-2020-1350", "CVE-2020-1351", "CVE-2020-1352", "CVE-2020-1353", "CVE-2020-1354", "CVE-2020-1355", "CVE-2020-1356", "CVE-2020-1357", "CVE-2020-1358", "CVE-2020-1359", "CVE-2020-1360", "CVE-2020-1361", "CVE-2020-1362", "CVE-2020-1363", "CVE-2020-1364", "CVE-2020-1365", "CVE-2020-1366", "CVE-2020-1367", "CVE-2020-1368", "CVE-2020-1369", "CVE-2020-1370", "CVE-2020-1371", "CVE-2020-1372", "CVE-2020-1373", "CVE-2020-1374", "CVE-2020-1375", "CVE-2020-1381", "CVE-2020-1382", "CVE-2020-1384", "CVE-2020-1385", "CVE-2020-1386", "CVE-2020-1387", "CVE-2020-1388", "CVE-2020-1389", "CVE-2020-1390", "CVE-2020-1391", "CVE-2020-1392", "CVE-2020-1393", "CVE-2020-1394", "CVE-2020-1395", "CVE-2020-1396", "CVE-2020-1397", "CVE-2020-13977", "CVE-2020-1398", "CVE-2020-1399", "CVE-2020-1400", "CVE-2020-1401", "CVE-2020-1402", "CVE-2020-1403", "CVE-2020-1404", "CVE-2020-1405", "CVE-2020-1406", "CVE-2020-1407", "CVE-2020-1408", "CVE-2020-1409", "CVE-2020-1410", "CVE-2020-1411", "CVE-2020-1412", "CVE-2020-1413", "CVE-2020-1414", "CVE-2020-1415", "CVE-2020-1418", "CVE-2020-1419", "CVE-2020-1420", "CVE-2020-1421", "CVE-2020-1422", "CVE-2020-1424", "CVE-2020-1426", "CVE-2020-1427", "CVE-2020-1428", "CVE-2020-1429", "CVE-2020-1430", "CVE-2020-1431", "CVE-2020-1432", "CVE-2020-1433", "CVE-2020-1434", "CVE-2020-1435", "CVE-2020-1436", "CVE-2020-1437", "CVE-2020-1438", "CVE-2020-1462", "CVE-2020-1463", "CVE-2020-1468"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2020-13977"]}, {"type": "fireeye", "idList": ["FIREEYE:378138E74601CDF1A714585138CDFF3C"]}, {"type": "githubexploit", "idList": ["0AF42B8A-DF0D-58F8-AB60-9E7C63ED9EEB", "2A7F5F31-A737-556D-A869-05B87FD1F625", "37D3D343-97C5-5C12-8595-042E337E31C0", "479FD3C0-1269-5BC3-BD67-CDEE0485485A", "5D864A74-9452-5F59-B783-A6A773AE8213", "5F6BE6F7-C220-5BDD-BE92-A5156F21A1B2", "730EEC4F-BE81-5690-BA8D-B89482C5C3D0", "93EEDE73-1DB4-5905-BCAB-CDC6F98831CD", "9DE76D04-93D7-5923-9AE3-457D591197D6", "A37C8010-D2C6-52F5-9079-96E8A538B6CA", "C96C8DD1-344C-5476-85AC-6D2865A5C00F", "CB69BCC3-2317-5740-8B01-4F6F0D320AC3", "DD3676BD-E792-5189-86EE-4765FF68EFCB", "F14BCE6F-3415-59C7-AC9D-A5D7ABE1BB8E", "F3CF4A79-402B-56C0-8689-1AF5EBFECF3F", "FA6C0B5A-E89D-54A7-B603-4D8095BF66DD", "FB0D7C2A-01EB-5929-A539-96230C17B90F", "FFF6ABA4-7461-5653-836A-79F11037A7FF"]}, {"type": "huawei", "idList": ["HUAWEI-SA-20200716-01-DNS"]}, {"type": "ics", "idList": ["AA20-275A"]}, {"type": "impervablog", "idList": ["IMPERVABLOG:020B268DFC760B88704D35A6F4CF30D7"]}, {"type": "kaspersky", "idList": ["KLA11858", "KLA11859", "KLA11863", "KLA11864", "KLA11865"]}, {"type": "krebs", "idList": ["KREBS:1A886B22AAF8ADC53874F0E126C5A96D"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:D8FE6720785E2D0A74968E661F817C57"]}, {"type": "mscve", "idList": ["MS:CVE-2020-1085", "MS:CVE-2020-1249", "MS:CVE-2020-1267", "MS:CVE-2020-1330", "MS:CVE-2020-1333", "MS:CVE-2020-1336", "MS:CVE-2020-1344", "MS:CVE-2020-1347", "MS:CVE-2020-1350", "MS:CVE-2020-1351", "MS:CVE-2020-1352", "MS:CVE-2020-1353", "MS:CVE-2020-1354", "MS:CVE-2020-1355", "MS:CVE-2020-1356", "MS:CVE-2020-1357", "MS:CVE-2020-1358", "MS:CVE-2020-1359", "MS:CVE-2020-1360", "MS:CVE-2020-1361", "MS:CVE-2020-1362", "MS:CVE-2020-1363", "MS:CVE-2020-1364", "MS:CVE-2020-1365", "MS:CVE-2020-1366", "MS:CVE-2020-1367", "MS:CVE-2020-1368", "MS:CVE-2020-1369", "MS:CVE-2020-1370", "MS:CVE-2020-1371", "MS:CVE-2020-1372", "MS:CVE-2020-1373", "MS:CVE-2020-1374", "MS:CVE-2020-1375", "MS:CVE-2020-1381", "MS:CVE-2020-1382", "MS:CVE-2020-1384", "MS:CVE-2020-1385", "MS:CVE-2020-1386", "MS:CVE-2020-1387", "MS:CVE-2020-1388", "MS:CVE-2020-1389", "MS:CVE-2020-1390", "MS:CVE-2020-1391", "MS:CVE-2020-1392", "MS:CVE-2020-1393", "MS:CVE-2020-1394", "MS:CVE-2020-1395", "MS:CVE-2020-1396", "MS:CVE-2020-1397", "MS:CVE-2020-1398", "MS:CVE-2020-1399", "MS:CVE-2020-1400", "MS:CVE-2020-1401", "MS:CVE-2020-1402", "MS:CVE-2020-1403", "MS:CVE-2020-1404", "MS:CVE-2020-1405", "MS:CVE-2020-1406", "MS:CVE-2020-1407", "MS:CVE-2020-1408", "MS:CVE-2020-1409", "MS:CVE-2020-1410", "MS:CVE-2020-1411", "MS:CVE-2020-1412", "MS:CVE-2020-1413", "MS:CVE-2020-1414", "MS:CVE-2020-1415", "MS:CVE-2020-1418", "MS:CVE-2020-1419", "MS:CVE-2020-1420", "MS:CVE-2020-1421", "MS:CVE-2020-1422", "MS:CVE-2020-1424", "MS:CVE-2020-1426", "MS:CVE-2020-1427", "MS:CVE-2020-1428", "MS:CVE-2020-1429", "MS:CVE-2020-1430", "MS:CVE-2020-1431", "MS:CVE-2020-1432", "MS:CVE-2020-1433", "MS:CVE-2020-1434", "MS:CVE-2020-1435", "MS:CVE-2020-1436", "MS:CVE-2020-1437", "MS:CVE-2020-1438", "MS:CVE-2020-1462", "MS:CVE-2020-1463", "MS:CVE-2020-1468"]}, {"type": "mskb", "idList": ["KB4558998", "KB4565479", "KB4565483", "KB4565489", "KB4565503", "KB4565508", "KB4565511", "KB4565513", "KB4565524", "KB4565529", "KB4565535", "KB4565536", "KB4565537", "KB4565539", "KB4565540", "KB4565541", "KB4567703"]}, {"type": "msrc", "idList": ["MSRC:0299F0ADFFEC3249877020E014342A78", "MSRC:0BBBB55B6F489CA387A82715A7CF6E11", "MSRC:79080D1EA83C3BB4689C763E5FACBDB5"]}, {"type": "nessus", "idList": ["FEDORA_2021-5689072A7E.NASL", "FEDORA_2021-B5E897A2E5.NASL", "MACOS_MS20_JUL_OFFICE.NASL", "MS_DNS_CVE-2020-1350.NASL", "SMB_NT_MS20_JUL_4558998.NASL", "SMB_NT_MS20_JUL_4565483.NASL", "SMB_NT_MS20_JUL_4565489.NASL", "SMB_NT_MS20_JUL_4565503.NASL", "SMB_NT_MS20_JUL_4565508.NASL", "SMB_NT_MS20_JUL_4565511.NASL", "SMB_NT_MS20_JUL_4565513.NASL", "SMB_NT_MS20_JUL_4565524.NASL", "SMB_NT_MS20_JUL_4565536.NASL", "SMB_NT_MS20_JUL_4565537.NASL", "SMB_NT_MS20_JUL_4565541.NASL", "SMB_NT_MS20_JUL_DNS_CHECK.NASL", "SMB_NT_MS20_JUL_INTERNET_EXPLORER.NASL", "SMB_NT_MS20_JUL_VISUAL_STUDIO.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310144107", "OPENVAS:1361412562310817223", "OPENVAS:1361412562310817224", "OPENVAS:1361412562310817226", "OPENVAS:1361412562310817227", "OPENVAS:1361412562310817228", "OPENVAS:1361412562310817229", "OPENVAS:1361412562310817230", "OPENVAS:1361412562310817231", "OPENVAS:1361412562310817232"]}, {"type": "pentestpartners", "idList": ["PENTESTPARTNERS:8FD1C9A0D76A3084445136A0275847C0"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:0082A77BD8EFFF48B406D107FEFD0DD3", "QUALYSBLOG:8028F138635C78F91B08AB2CF72FA154", "QUALYSBLOG:A0F20902D80081B44813D92C6DCCDAAF", "QUALYSBLOG:BC22CE22A3E70823D5F0E944CBD5CE4A", "QUALYSBLOG:DE1FEC2B9B661D42DAA0BA398DBFD24E", "QUALYSBLOG:F343178EEC11B54CFAFBD0B4D505010B"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:E36C557104ECB6E144C21C3C499B0492"]}, {"type": "thn", "idList": ["THN:DBFCCEBE2752BA05D9181D55D3477666"]}, {"type": "threatpost", "idList": ["THREATPOST:363C332F7046A481C24C7172C55CF758", "THREATPOST:547711F4B3BD7FF6F94D605387B3DD50", "THREATPOST:7E6D2DBA11B2CCCE264B0982306FBEB1", "THREATPOST:96E775E045D4DF55CC1B9A3AA0C28F70"]}, {"type": "trellix", "idList": ["TRELLIX:1C43DDFF23D74094DC43986305E2F780"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2020-13977"]}, {"type": "zdi", "idList": ["ZDI-20-872", "ZDI-20-873", "ZDI-20-875", "ZDI-20-877", "ZDI-20-923", "ZDI-20-924"]}]}, "score": {"value": -0.0, "vector": "NONE"}, "backreferences": {"references": [{"type": "attackerkb", "idList": ["AKB:1DE0ADEC-8107-491A-BC8F-DCC3BF6EB3AB"]}, {"type": "avleonov", "idList": ["AVLEONOV:1ABE5F69187E5F9F8625DA462772F80C"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2020-0570", "CPAI-2020-0571", "CPAI-2020-0572", "CPAI-2020-0573", "CPAI-2020-0574", "CPAI-2020-0658", "CPAI-2020-0660", "CPAI-2020-0661"]}, {"type": "cisa", "idList": ["CISA:0A6DEB06CFB7BDA5A3D72E0F236C5665", "CISA:72803FA1C7CD81E274A0417B0A34353E"]}, {"type": "cve", "idList": ["CVE-2020-1085", "CVE-2020-1249", "CVE-2020-1267", "CVE-2020-1330", "CVE-2020-1333", "CVE-2020-1336", "CVE-2020-1344", "CVE-2020-1347", "CVE-2020-1350", "CVE-2020-1351", "CVE-2020-1352", "CVE-2020-1353", "CVE-2020-1354", "CVE-2020-1355", "CVE-2020-1356", "CVE-2020-1357", "CVE-2020-1358", "CVE-2020-1359", "CVE-2020-1360", "CVE-2020-1361", "CVE-2020-1362", "CVE-2020-1363", "CVE-2020-1364", "CVE-2020-1365", "CVE-2020-1366", "CVE-2020-1367", "CVE-2020-1368", "CVE-2020-1369", "CVE-2020-1370", "CVE-2020-1371", "CVE-2020-1372", "CVE-2020-1373", "CVE-2020-1374", "CVE-2020-1375", "CVE-2020-1381", "CVE-2020-1382", "CVE-2020-1384", "CVE-2020-1385", "CVE-2020-1386", "CVE-2020-1387", "CVE-2020-1388", "CVE-2020-1389", "CVE-2020-1390", "CVE-2020-1391", "CVE-2020-1392", "CVE-2020-1393", "CVE-2020-1394", "CVE-2020-1395", "CVE-2020-1396", "CVE-2020-1397", "CVE-2020-1398", "CVE-2020-1399", "CVE-2020-1400", "CVE-2020-1401", "CVE-2020-1402", "CVE-2020-1403", "CVE-2020-1404", "CVE-2020-1405", "CVE-2020-1406", "CVE-2020-1407", "CVE-2020-1408", "CVE-2020-1409", "CVE-2020-1410", "CVE-2020-1411", "CVE-2020-1412", "CVE-2020-1413", "CVE-2020-1414", "CVE-2020-1415", "CVE-2020-1418", "CVE-2020-1419", "CVE-2020-1420", "CVE-2020-1421", "CVE-2020-1422", "CVE-2020-1424", "CVE-2020-1426", "CVE-2020-1427", "CVE-2020-1428", "CVE-2020-1429", "CVE-2020-1430", "CVE-2020-1431", "CVE-2020-1432", "CVE-2020-1433", "CVE-2020-1434", "CVE-2020-1435", "CVE-2020-1436", "CVE-2020-1437", "CVE-2020-1438", "CVE-2020-1462", "CVE-2020-1463", "CVE-2020-1468"]}, {"type": "githubexploit", "idList": ["0AF42B8A-DF0D-58F8-AB60-9E7C63ED9EEB", "2A7F5F31-A737-556D-A869-05B87FD1F625", "37D3D343-97C5-5C12-8595-042E337E31C0", "479FD3C0-1269-5BC3-BD67-CDEE0485485A", "5D864A74-9452-5F59-B783-A6A773AE8213", "5F6BE6F7-C220-5BDD-BE92-A5156F21A1B2", "93EEDE73-1DB4-5905-BCAB-CDC6F98831CD", "9DE76D04-93D7-5923-9AE3-457D591197D6", "A37C8010-D2C6-52F5-9079-96E8A538B6CA", "C96C8DD1-344C-5476-85AC-6D2865A5C00F", "CB69BCC3-2317-5740-8B01-4F6F0D320AC3", "DD3676BD-E792-5189-86EE-4765FF68EFCB", "F14BCE6F-3415-59C7-AC9D-A5D7ABE1BB8E", "F3CF4A79-402B-56C0-8689-1AF5EBFECF3F", "FA6C0B5A-E89D-54A7-B603-4D8095BF66DD", "FB0D7C2A-01EB-5929-A539-96230C17B90F", "FFF6ABA4-7461-5653-836A-79F11037A7FF"]}, {"type": "huawei", "idList": ["HUAWEI-SA-20200716-01-DNS"]}, {"type": "impervablog", "idList": ["IMPERVABLOG:020B268DFC760B88704D35A6F4CF30D7"]}, {"type": "kaspersky", "idList": ["KLA11858", "KLA11859", "KLA11863", "KLA11864", "KLA11865"]}, {"type": "krebs", "idList": ["KREBS:1A886B22AAF8ADC53874F0E126C5A96D"]}, {"type": "mscve", "idList": ["MS:CVE-2020-1085", "MS:CVE-2020-1249", "MS:CVE-2020-1267", "MS:CVE-2020-1330", "MS:CVE-2020-1333", "MS:CVE-2020-1336", "MS:CVE-2020-1344", "MS:CVE-2020-1347", "MS:CVE-2020-1350", "MS:CVE-2020-1351", "MS:CVE-2020-1352", "MS:CVE-2020-1353", "MS:CVE-2020-1354", "MS:CVE-2020-1355", "MS:CVE-2020-1356", "MS:CVE-2020-1357", "MS:CVE-2020-1358", "MS:CVE-2020-1359", "MS:CVE-2020-1360", "MS:CVE-2020-1361", "MS:CVE-2020-1362", "MS:CVE-2020-1363", "MS:CVE-2020-1364", "MS:CVE-2020-1365", "MS:CVE-2020-1366", "MS:CVE-2020-1367", "MS:CVE-2020-1368", "MS:CVE-2020-1369", "MS:CVE-2020-1370", "MS:CVE-2020-1371", "MS:CVE-2020-1372", "MS:CVE-2020-1373", "MS:CVE-2020-1374", "MS:CVE-2020-1375", "MS:CVE-2020-1381", "MS:CVE-2020-1382", "MS:CVE-2020-1384", "MS:CVE-2020-1385", "MS:CVE-2020-1386", "MS:CVE-2020-1387", "MS:CVE-2020-1388", "MS:CVE-2020-1389", "MS:CVE-2020-1390", "MS:CVE-2020-1391", "MS:CVE-2020-1392", "MS:CVE-2020-1393", "MS:CVE-2020-1394", "MS:CVE-2020-1395", "MS:CVE-2020-1396", "MS:CVE-2020-1397", "MS:CVE-2020-1398", "MS:CVE-2020-1399", "MS:CVE-2020-1400", "MS:CVE-2020-1401", "MS:CVE-2020-1402", "MS:CVE-2020-1403", "MS:CVE-2020-1404", "MS:CVE-2020-1405", "MS:CVE-2020-1406", "MS:CVE-2020-1407", "MS:CVE-2020-1408", "MS:CVE-2020-1409", "MS:CVE-2020-1410", "MS:CVE-2020-1411", "MS:CVE-2020-1412", "MS:CVE-2020-1413", "MS:CVE-2020-1414", "MS:CVE-2020-1415", "MS:CVE-2020-1418", "MS:CVE-2020-1419", "MS:CVE-2020-1420", "MS:CVE-2020-1421", "MS:CVE-2020-1422", "MS:CVE-2020-1424", "MS:CVE-2020-1426", "MS:CVE-2020-1427", "MS:CVE-2020-1428", "MS:CVE-2020-1429", "MS:CVE-2020-1430", "MS:CVE-2020-1431", "MS:CVE-2020-1432", "MS:CVE-2020-1433", "MS:CVE-2020-1434", "MS:CVE-2020-1435", "MS:CVE-2020-1436", "MS:CVE-2020-1437", "MS:CVE-2020-1438", "MS:CVE-2020-1462", "MS:CVE-2020-1463", "MS:CVE-2020-1468"]}, {"type": "mskb", "idList": ["KB4558998", "KB4565536", "KB4565539", "KB4565541"]}, {"type": "msrc", "idList": ["MSRC:79080D1EA83C3BB4689C763E5FACBDB5"]}, {"type": "nessus", "idList": ["MACOS_MS20_JUL_OFFICE.NASL", "SMB_NT_MS20_JUL_VISUAL_STUDIO.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310144107", "OPENVAS:1361412562310817223", "OPENVAS:1361412562310817224", "OPENVAS:1361412562310817226", "OPENVAS:1361412562310817227", "OPENVAS:1361412562310817228", "OPENVAS:1361412562310817229", "OPENVAS:1361412562310817230", "OPENVAS:1361412562310817231", "OPENVAS:1361412562310817232"]}, {"type": "pentestpartners", "idList": ["PENTESTPARTNERS:8FD1C9A0D76A3084445136A0275847C0"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:8028F138635C78F91B08AB2CF72FA154", "QUALYSBLOG:F343178EEC11B54CFAFBD0B4D505010B"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:E36C557104ECB6E144C21C3C499B0492"]}, {"type": "thn", "idList": ["THN:DBFCCEBE2752BA05D9181D55D3477666"]}, {"type": "threatpost", "idList": ["THREATPOST:363C332F7046A481C24C7172C55CF758", "THREATPOST:7E6D2DBA11B2CCCE264B0982306FBEB1", "THREATPOST:96E775E045D4DF55CC1B9A3AA0C28F70"]}, {"type": "zdi", "idList": ["ZDI-20-872", "ZDI-20-873", "ZDI-20-875", "ZDI-20-877"]}]}, "exploitation": null, "epss": [{"cve": "CVE-2020-1373", "epss": "0.000430000", "percentile": "0.073850000", "modified": "2023-03-16"}, {"cve": "CVE-2020-1382", "epss": "0.895900000", "percentile": "0.981440000", "modified": "2023-03-16"}, {"cve": "CVE-2020-1367", "epss": "0.000430000", "percentile": "0.073850000", "modified": "2023-03-16"}, {"cve": "CVE-2020-1330", "epss": "0.000430000", "percentile": "0.073850000", "modified": "2023-03-16"}, {"cve": "CVE-2020-1354", "epss": "0.000470000", "percentile": "0.141430000", "modified": "2023-03-16"}, {"cve": "CVE-2020-1438", "epss": "0.000430000", "percentile": "0.073850000", "modified": "2023-03-16"}, {"cve": "CVE-2020-1404", "epss": "0.000430000", "percentile": "0.073850000", "modified": "2023-03-16"}, {"cve": "CVE-2020-1432", "epss": "0.002150000", "percentile": "0.577520000", "modified": "2023-03-16"}, {"cve": "CVE-2020-1401", "epss": "0.054630000", "percentile": "0.919750000", "modified": "2023-03-16"}, {"cve": "CVE-2020-1372", "epss": "0.000430000", "percentile": "0.073850000", "modified": "2023-03-16"}, {"cve": "CVE-2020-1403", "epss": "0.011830000", "percentile": "0.828870000", "modified": "2023-03-16"}, {"cve": "CVE-2020-1420", "epss": "0.000470000", "percentile": "0.141430000", "modified": "2023-03-16"}, {"cve": "CVE-2020-1413", "epss": "0.000430000", "percentile": "0.073850000", "modified": "2023-03-16"}, {"cve": "CVE-2020-1392", "epss": "0.000430000", "percentile": "0.073850000", "modified": "2023-03-16"}, {"cve": "CVE-2020-1405", "epss": "0.000430000", "percentile": "0.073850000", "modified": "2023-03-16"}, {"cve": "CVE-2020-1344", "epss": "0.000430000", "percentile": "0.073850000", "modified": "2023-03-16"}, {"cve": "CVE-2020-1414", "epss": "0.000430000", "percentile": "0.073850000", "modified": "2023-03-16"}, {"cve": "CVE-2020-1433", "epss": "0.016050000", "percentile": "0.854250000", "modified": "2023-03-16"}, {"cve": "CVE-2020-1353", "epss": "0.000430000", "percentile": "0.073850000", "modified": "2023-03-16"}, {"cve": "CVE-2020-1355", "epss": "0.013340000", "percentile": "0.839660000", "modified": "2023-03-16"}, {"cve": "CVE-2020-1415", "epss": "0.000430000", "percentile": "0.073850000", "modified": "2023-03-16"}, {"cve": "CVE-2020-1436", "epss": "0.039780000", "percentile": "0.906480000", "modified": "2023-03-16"}, {"cve": "CVE-2020-1375", "epss": "0.000430000", "percentile": "0.073850000", "modified": "2023-03-16"}, {"cve": "CVE-2020-1085", "epss": "0.000430000", "percentile": "0.073850000", "modified": "2023-03-16"}, {"cve": "CVE-2020-1390", "epss": "0.000430000", "percentile": "0.073850000", "modified": "2023-03-16"}, {"cve": "CVE-2020-1358", "epss": "0.000470000", "percentile": "0.141430000", "modified": "2023-03-16"}, {"cve": "CVE-2020-1402", "epss": "0.000470000", "percentile": "0.141430000", "modified": "2023-03-16"}, {"cve": "CVE-2020-1406", "epss": "0.000430000", "percentile": "0.073850000", "modified": "2023-03-16"}, {"cve": "CVE-2020-1371", "epss": "0.000470000", "percentile": "0.141430000", "modified": "2023-03-16"}, {"cve": "CVE-2020-1352", "epss": "0.000470000", "percentile": "0.141430000", "modified": "2023-03-16"}, {"cve": "CVE-2020-1350", "epss": "0.928020000", "percentile": "0.984330000", "modified": "2023-03-16"}, {"cve": "CVE-2020-1391", "epss": "0.000430000", "percentile": "0.073850000", "modified": "2023-03-16"}, {"cve": "CVE-2020-1411", "epss": "0.000430000", "percentile": "0.073850000", "modified": "2023-03-16"}, {"cve": "CVE-2020-1393", "epss": "0.000430000", "percentile": "0.073850000", "modified": "2023-03-16"}, {"cve": "CVE-2020-1386", "epss": "0.000430000", "percentile": "0.073850000", "modified": "2023-03-16"}, {"cve": "CVE-2020-1468", "epss": "0.016050000", "percentile": "0.854250000", "modified": "2023-03-16"}, {"cve": "CVE-2020-1422", "epss": "0.000430000", "percentile": "0.073850000", "modified": "2023-03-16"}, {"cve": "CVE-2020-1370", "epss": "0.000430000", "percentile": "0.073850000", "modified": "2023-03-16"}, {"cve": "CVE-2020-1347", "epss": "0.000430000", "percentile": "0.073850000", "modified": "2023-03-16"}, {"cve": "CVE-2020-1360", "epss": "0.000430000", "percentile": "0.073850000", "modified": "2023-03-16"}, {"cve": "CVE-2020-1419", "epss": "0.000430000", "percentile": "0.073850000", "modified": "2023-03-16"}, {"cve": "CVE-2020-1333", "epss": "0.000470000", "percentile": "0.143180000", "modified": "2023-03-16"}, {"cve": "CVE-2020-1356", "epss": "0.000430000", "percentile": "0.073850000", "modified": "2023-03-16"}, {"cve": "CVE-2020-1336", "epss": "0.000430000", "percentile": "0.073850000", "modified": "2023-03-16"}, {"cve": "CVE-2020-1389", "epss": "0.000430000", "percentile": "0.073850000", "modified": "2023-03-16"}, {"cve": "CVE-2020-1418", "epss": "0.000470000", "percentile": "0.141430000", "modified": "2023-03-16"}, {"cve": "CVE-2020-1385", "epss": "0.000430000", "percentile": "0.073850000", "modified": "2023-03-16"}, {"cve": "CVE-2020-1396", "epss": "0.000430000", "percentile": "0.073850000", "modified": "2023-03-16"}, {"cve": "CVE-2020-1362", "epss": "0.000430000", "percentile": "0.073850000", "modified": "2023-03-16"}, {"cve": "CVE-2020-1431", "epss": "0.000430000", "percentile": "0.073850000", "modified": "2023-03-16"}, {"cve": "CVE-2020-1388", "epss": "0.000430000", "percentile": "0.073850000", "modified": "2023-03-16"}, {"cve": "CVE-2020-1426", "epss": "0.000430000", "percentile": "0.073850000", "modified": "2023-03-16"}, {"cve": "CVE-2020-1397", "epss": "0.016050000", "percentile": "0.854250000", "modified": "2023-03-16"}, {"cve": "CVE-2020-1407", "epss": "0.054630000", "percentile": "0.919750000", "modified": "2023-03-16"}, {"cve": "CVE-2020-1384", "epss": "0.000430000", "percentile": "0.073850000", "modified": "2023-03-16"}, {"cve": "CVE-2020-1463", "epss": "0.000430000", "percentile": "0.073850000", "modified": "2023-03-16"}, {"cve": "CVE-2020-1427", "epss": "0.000430000", "percentile": "0.073850000", "modified": "2023-03-16"}, {"cve": "CVE-2020-1363", "epss": "0.000470000", "percentile": "0.141430000", "modified": "2023-03-16"}, {"cve": "CVE-2020-1381", "epss": "0.895900000", "percentile": "0.981440000", "modified": "2023-03-16"}, {"cve": "CVE-2020-1395", "epss": "0.000430000", "percentile": "0.073850000", "modified": "2023-03-16"}, {"cve": "CVE-2020-1267", "epss": "0.001470000", "percentile": "0.490240000", "modified": "2023-03-16"}, {"cve": "CVE-2020-1399", "epss": "0.000430000", "percentile": "0.073850000", "modified": "2023-03-16"}, {"cve": "CVE-2020-1368", "epss": "0.000430000", "percentile": "0.073850000", "modified": "2023-03-16"}, {"cve": "CVE-2020-1249", "epss": "0.000430000", "percentile": "0.073850000", "modified": "2023-03-16"}, {"cve": "CVE-2020-1430", "epss": "0.000470000", "percentile": "0.141430000", "modified": "2023-03-16"}, {"cve": "CVE-2020-1357", "epss": "0.000430000", "percentile": "0.073850000", "modified": "2023-03-16"}, {"cve": "CVE-2020-1412", "epss": "0.019850000", "percentile": "0.869830000", "modified": "2023-03-16"}, {"cve": "CVE-2020-1409", "epss": "0.054630000", "percentile": "0.919750000", "modified": "2023-03-16"}, {"cve": "CVE-2020-1462", "epss": "0.002150000", "percentile": "0.577520000", "modified": "2023-03-16"}, {"cve": "CVE-2020-1374", "epss": "0.011830000", "percentile": "0.828870000", "modified": "2023-03-16"}, {"cve": "CVE-2020-1421", "epss": "0.073890000", "percentile": "0.930110000", "modified": "2023-03-16"}, {"cve": "CVE-2020-1365", "epss": "0.000470000", "percentile": "0.141430000", "modified": "2023-03-16"}, {"cve": "CVE-2020-1435", "epss": "0.052520000", "percentile": "0.918110000", "modified": "2023-03-16"}, {"cve": "CVE-2020-1369", "epss": "0.000430000", "percentile": "0.073850000", "modified": "2023-03-16"}, {"cve": "CVE-2020-1408", "epss": "0.032910000", "percentile": "0.897760000", "modified": "2023-03-16"}, {"cve": "CVE-2020-1394", "epss": "0.000430000", "percentile": "0.073850000", "modified": "2023-03-16"}, {"cve": "CVE-2020-1437", "epss": "0.000430000", "percentile": "0.073850000", "modified": "2023-03-16"}, {"cve": "CVE-2020-1434", "epss": "0.000430000", "percentile": "0.073850000", "modified": "2023-03-16"}, {"cve": "CVE-2020-1366", "epss": "0.000430000", "percentile": "0.073850000", "modified": "2023-03-16"}, {"cve": "CVE-2020-1361", "epss": "0.000470000", "percentile": "0.141430000", "modified": "2023-03-16"}, {"cve": "CVE-2020-1400", "epss": "0.014470000", "percentile": "0.846020000", "modified": "2023-03-16"}, {"cve": "CVE-2020-1398", "epss": "0.000520000", "percentile": "0.180820000", "modified": "2023-03-16"}, {"cve": "CVE-2020-1359", "epss": "0.000430000", "percentile": "0.073850000", "modified": "2023-03-16"}, {"cve": "CVE-2020-1424", "epss": "0.000430000", "percentile": "0.073850000", "modified": "2023-03-16"}, {"cve": "CVE-2020-1428", "epss": "0.000430000", "percentile": "0.073850000", "modified": "2023-03-16"}, {"cve": "CVE-2020-1351", "epss": "0.000430000", "percentile": "0.073850000", "modified": "2023-03-16"}, {"cve": "CVE-2020-1429", "epss": "0.000430000", "percentile": "0.073850000", "modified": "2023-03-16"}, {"cve": "CVE-2020-1364", "epss": "0.000430000", "percentile": "0.073850000", "modified": "2023-03-16"}, {"cve": "CVE-2020-1387", "epss": "0.000430000", "percentile": "0.073850000", "modified": "2023-03-16"}, {"cve": "CVE-2020-1410", "epss": "0.054630000", "percentile": "0.919750000", "modified": "2023-03-16"}], "vulnersScore": -0.0}, "_state": {"dependencies": 1678960192, "score": 1684001907, "epss": 1678993763}, "_internal": {"score_hash": "4bbcfb74961b5c003d7b622166f5323d"}, "pluginID": "1361412562310817088", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.817088\");\n script_version(\"2020-07-20T05:00:04+0000\");\n script_cve_id(\"CVE-2020-1085\", \"CVE-2020-1249\", \"CVE-2020-1267\", \"CVE-2020-1330\",\n \"CVE-2020-1333\", \"CVE-2020-1336\", \"CVE-2020-1344\", \"CVE-2020-1347\",\n \"CVE-2020-1350\", \"CVE-2020-1351\", \"CVE-2020-1352\", \"CVE-2020-1353\",\n \"CVE-2020-1354\", \"CVE-2020-1355\", \"CVE-2020-1356\", \"CVE-2020-1357\",\n \"CVE-2020-1358\", \"CVE-2020-1359\", \"CVE-2020-1360\", \"CVE-2020-1361\",\n \"CVE-2020-1362\", \"CVE-2020-1363\", \"CVE-2020-1364\", \"CVE-2020-1365\",\n \"CVE-2020-1366\", \"CVE-2020-1367\", \"CVE-2020-1368\", \"CVE-2020-1369\",\n \"CVE-2020-1370\", \"CVE-2020-1371\", \"CVE-2020-1372\", \"CVE-2020-1373\",\n \"CVE-2020-1374\", \"CVE-2020-1375\", \"CVE-2020-1381\", \"CVE-2020-1382\",\n \"CVE-2020-1384\", \"CVE-2020-1385\", \"CVE-2020-1386\", \"CVE-2020-1387\",\n \"CVE-2020-1388\", \"CVE-2020-1389\", \"CVE-2020-1390\", \"CVE-2020-1391\",\n \"CVE-2020-1392\", \"CVE-2020-1393\", \"CVE-2020-1394\", \"CVE-2020-1395\",\n \"CVE-2020-1396\", \"CVE-2020-1397\", \"CVE-2020-1398\", \"CVE-2020-1399\",\n \"CVE-2020-1400\", \"CVE-2020-1401\", \"CVE-2020-1402\", \"CVE-2020-1403\",\n \"CVE-2020-1404\", \"CVE-2020-1405\", \"CVE-2020-1406\", \"CVE-2020-1407\",\n \"CVE-2020-1408\", \"CVE-2020-1409\", \"CVE-2020-1410\", \"CVE-2020-1411\",\n \"CVE-2020-1412\", \"CVE-2020-1413\", \"CVE-2020-1414\", \"CVE-2020-1415\",\n \"CVE-2020-1418\", \"CVE-2020-1419\", \"CVE-2020-1420\", \"CVE-2020-1421\",\n \"CVE-2020-1422\", \"CVE-2020-1424\", \"CVE-2020-1426\", \"CVE-2020-1427\",\n \"CVE-2020-1428\", \"CVE-2020-1429\", \"CVE-2020-1430\", \"CVE-2020-1431\",\n \"CVE-2020-1432\", \"CVE-2020-1433\", \"CVE-2020-1434\", \"CVE-2020-1435\",\n \"CVE-2020-1436\", \"CVE-2020-1437\", \"CVE-2020-1438\", \"CVE-2020-1462\",\n \"CVE-2020-1463\", \"CVE-2020-1468\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-07-20 05:00:04 +0000 (Mon, 20 Jul 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-07-15 14:47:24 +0530 (Wed, 15 Jul 2020)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4565483)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4565483\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\n on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to,\n\n - Windows Domain Name System servers fail to properly handle requests (SIGRed, CVE-2020-1350).\n\n - Windows System Events Broker fails to properly handle file operations.\n\n - Windows WalletService fails to properly handle objects in memory.\n\n - Windows Mobile Device Management (MDM) Diagnostics fails to\n properly handle objects in memory.\n\n - Windows Jet Database Engine fails to properly handle objects in memory.\n\n - Windows Network Connections Service fails to properly handle\n objects in memory.\n\n - SharedStream Library fails to handle objects in memory.\n\n Please see the references for more information about the vulnerabilities.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n to execute arbitrary code, elevate privilges, disclose sensitive information\n and denial of service attacks.\");\n\n script_tag(name:\"affected\", value:\"- Microsoft Windows 10 Version 1903 for 32-bit Systems\n\n - Microsoft Windows 10 Version 1909 for 32-bit Systems\n\n - Microsoft Windows 10 Version 1903 for x64-based Systems\n\n - Microsoft Windows 10 Version 1909 for x64-based Systems\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see\n the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4565483\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win10:1, win10x64:1) <= 0)\n exit(0);\n\ndllPath = smb_get_system32root();\nif(!dllPath)\n exit(0);\n\nfileVer = fetch_file_version(sysPath:dllPath, file_name:\"Gdiplus.dll\");\nif(!fileVer)\n exit(0);\n\nif(version_in_range(version:fileVer, test_version:\"10.0.18362.0\", test_version2:\"10.0.18362.959\")) {\n report = report_fixed_ver(file_checked:dllPath + \"\\Gdiplus.dll\",\n file_version:fileVer, vulnerable_range:\"10.0.18362.0 - 10.0.18362.959\");\n security_message(data:report);\n exit(0);\n}\n\nexit(99);\n", "naslFamily": "Windows : Microsoft Bulletins"}

{"openvas": [{"lastseen": "2020-07-21T19:51:36", "description": "This host is missing a critical security\n update according to Microsoft KB4558998", "cvss3": {}, "published": "2020-07-15T00:00:00", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4558998)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-1373", "CVE-2020-1367", "CVE-2020-1330", "CVE-2020-1354", "CVE-2020-1438", "CVE-2020-1404", "CVE-2020-1432", "CVE-2020-1401", "CVE-2020-1372", "CVE-2020-1403", "CVE-2020-1420", "CVE-2020-1413", "CVE-2020-1392", "CVE-2020-1405", "CVE-2020-1344", "CVE-2020-1414", "CVE-2020-1433", "CVE-2020-1353", "CVE-2020-1415", "CVE-2020-1436", "CVE-2020-1375", "CVE-2020-1085", "CVE-2020-1390", "CVE-2020-1358", "CVE-2020-1402", "CVE-2020-1406", "CVE-2020-1371", "CVE-2020-1352", "CVE-2020-1350", "CVE-2020-1411", "CVE-2020-1393", "CVE-2020-1386", "CVE-2020-1468", "CVE-2020-1422", "CVE-2020-1370", "CVE-2020-1347", "CVE-2020-1360", "CVE-2020-1419", "CVE-2020-1333", "CVE-2020-1356", "CVE-2020-1336", "CVE-2020-1389", "CVE-2020-1418", "CVE-2020-1385", "CVE-2020-1396", "CVE-2020-1362", "CVE-2020-1431", "CVE-2020-1388", "CVE-2020-1426", "CVE-2020-1397", "CVE-2020-1407", "CVE-2020-1384", "CVE-2020-1463", "CVE-2020-1427", "CVE-2020-1363", "CVE-2020-1395", "CVE-2020-1267", "CVE-2020-1399", "CVE-2020-1368", "CVE-2020-1249", "CVE-2020-1430", "CVE-2020-1357", "CVE-2020-1412", "CVE-2020-1409", "CVE-2020-1462", "CVE-2020-1374", "CVE-2020-1421", "CVE-2020-1365", "CVE-2020-1435", "CVE-2020-1369", "CVE-2020-1408", "CVE-2020-1394", "CVE-2020-1437", "CVE-2020-1434", "CVE-2020-1366", "CVE-2020-1361", "CVE-2020-1400", "CVE-2020-1398", "CVE-2020-1359", "CVE-2020-1424", "CVE-2020-1428", "CVE-2020-1351", "CVE-2020-1429", "CVE-2020-1364", "CVE-2020-1387", "CVE-2020-1410"], "modified": "2020-07-20T00:00:00", "id": "OPENVAS:1361412562310817228", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310817228", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.817228\");\n script_version(\"2020-07-20T05:00:04+0000\");\n script_cve_id(\"CVE-2020-1085\", \"CVE-2020-1249\", \"CVE-2020-1267\", \"CVE-2020-1330\",\n \"CVE-2020-1333\", \"CVE-2020-1336\", \"CVE-2020-1344\", \"CVE-2020-1347\",\n \"CVE-2020-1350\", \"CVE-2020-1351\", \"CVE-2020-1352\", \"CVE-2020-1353\",\n \"CVE-2020-1354\", \"CVE-2020-1356\", \"CVE-2020-1357\", \"CVE-2020-1358\",\n \"CVE-2020-1359\", \"CVE-2020-1360\", \"CVE-2020-1361\", \"CVE-2020-1362\",\n \"CVE-2020-1363\", \"CVE-2020-1364\", \"CVE-2020-1365\", \"CVE-2020-1366\",\n \"CVE-2020-1367\", \"CVE-2020-1368\", \"CVE-2020-1369\", \"CVE-2020-1370\",\n \"CVE-2020-1371\", \"CVE-2020-1372\", \"CVE-2020-1373\", \"CVE-2020-1374\",\n \"CVE-2020-1375\", \"CVE-2020-1384\", \"CVE-2020-1385\", \"CVE-2020-1386\",\n \"CVE-2020-1387\", \"CVE-2020-1388\", \"CVE-2020-1389\", \"CVE-2020-1390\",\n \"CVE-2020-1392\", \"CVE-2020-1393\", \"CVE-2020-1394\", \"CVE-2020-1395\",\n \"CVE-2020-1396\", \"CVE-2020-1397\", \"CVE-2020-1398\", \"CVE-2020-1399\",\n \"CVE-2020-1400\", \"CVE-2020-1401\", \"CVE-2020-1402\", \"CVE-2020-1403\",\n \"CVE-2020-1404\", \"CVE-2020-1405\", \"CVE-2020-1406\", \"CVE-2020-1407\",\n \"CVE-2020-1408\", \"CVE-2020-1409\", \"CVE-2020-1410\", \"CVE-2020-1411\",\n \"CVE-2020-1412\", \"CVE-2020-1413\", \"CVE-2020-1414\", \"CVE-2020-1415\",\n \"CVE-2020-1418\", \"CVE-2020-1419\", \"CVE-2020-1420\", \"CVE-2020-1421\",\n \"CVE-2020-1422\", \"CVE-2020-1424\", \"CVE-2020-1426\", \"CVE-2020-1427\",\n \"CVE-2020-1428\", \"CVE-2020-1429\", \"CVE-2020-1430\", \"CVE-2020-1431\",\n \"CVE-2020-1432\", \"CVE-2020-1433\", \"CVE-2020-1434\", \"CVE-2020-1435\",\n \"CVE-2020-1436\", \"CVE-2020-1437\", \"CVE-2020-1438\", \"CVE-2020-1462\",\n \"CVE-2020-1463\", \"CVE-2020-1468\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-07-20 05:00:04 +0000 (Mon, 20 Jul 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-07-15 17:15:21 +0530 (Wed, 15 Jul 2020)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4558998)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4558998\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\n on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to,\n\n - Windows Domain Name System servers fail to properly handle requests (SIGRed, CVE-2020-1350).\n\n - Windows System Events Broker fails to properly handle file operations.\n\n - Windows WalletService fails to properly handle objects in memory.\n\n - Windows Mobile Device Management (MDM) Diagnostics fails to\n properly handle objects in memory.\n\n - Windows Jet Database Engine fails to properly handle objects in memory.\n\n - Windows Network Connections Service fails to properly handle\n objects in memory.\n\n - SharedStream Library fails to handle objects in memory.\n\n Please see the references for more information about the vulnerabilities.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n to execute arbitrary code, elevate privilges, disclose sensitive information\n and denial of service attacks.\");\n\n script_tag(name:\"affected\", value:\"- Microsoft Windows 10 Version 1809 for 32-bit Systems\n\n - Microsoft Windows 10 Version 1809 for x64-based Systems\n\n - Microsoft Windows Server 2019\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see\n the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4558998\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win10:1, win10x64:1, win2019:1) <= 0){\n exit(0);\n}\n\ndllPath = smb_get_system32root();\nif(!dllPath)\n exit(0);\n\nfileVer = fetch_file_version(sysPath:dllPath, file_name:\"Gdiplus.dll\");\nif(!fileVer)\n exit(0);\n\nif(version_in_range(version:fileVer, test_version:\"10.0.17763.0\", test_version2:\"10.0.17763.1338\")) {\n report = report_fixed_ver(file_checked:dllPath + \"\\Gdiplus.dll\",\n file_version:fileVer, vulnerable_range:\"10.0.17763.0 - 10.0.17763.1338\");\n security_message(data:report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-21T19:50:55", "description": "This host is missing a critical security\n update according to Microsoft KB4565489", "cvss3": {}, "published": "2020-07-15T00:00:00", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4565489)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-1373", "CVE-2020-1354", "CVE-2020-1438", "CVE-2020-1404", "CVE-2020-1432", "CVE-2020-1401", "CVE-2020-1372", "CVE-2020-1403", "CVE-2020-1420", "CVE-2020-1413", "CVE-2020-1392", "CVE-2020-1344", "CVE-2020-1414", "CVE-2020-1433", "CVE-2020-1353", "CVE-2020-1415", "CVE-2020-1436", "CVE-2020-1375", "CVE-2020-1085", "CVE-2020-1390", "CVE-2020-1358", "CVE-2020-1402", "CVE-2020-1406", "CVE-2020-1371", "CVE-2020-1352", "CVE-2020-1411", "CVE-2020-1393", "CVE-2020-1386", "CVE-2020-1468", "CVE-2020-1422", "CVE-2020-1370", "CVE-2020-1347", "CVE-2020-1360", "CVE-2020-1419", "CVE-2020-1333", "CVE-2020-1336", "CVE-2020-1389", "CVE-2020-1418", "CVE-2020-1385", "CVE-2020-1396", "CVE-2020-1362", "CVE-2020-1431", "CVE-2020-1388", "CVE-2020-1426", "CVE-2020-1397", "CVE-2020-1407", "CVE-2020-1384", "CVE-2020-1463", "CVE-2020-1427", "CVE-2020-1363", "CVE-2020-1395", "CVE-2020-1267", "CVE-2020-1399", "CVE-2020-1368", "CVE-2020-1249", "CVE-2020-1430", "CVE-2020-1357", "CVE-2020-1412", "CVE-2020-1409", "CVE-2020-1147", "CVE-2020-1462", "CVE-2020-1374", "CVE-2020-1421", "CVE-2020-1365", "CVE-2020-1435", "CVE-2020-1369", "CVE-2020-1408", "CVE-2020-1394", "CVE-2020-1437", "CVE-2020-1434", "CVE-2020-1366", "CVE-2020-1361", "CVE-2020-1400", "CVE-2020-1398", "CVE-2020-1359", "CVE-2020-1424", "CVE-2020-1428", "CVE-2020-1351", "CVE-2020-1429", "CVE-2020-1364", "CVE-2020-1387", "CVE-2020-1410"], "modified": "2020-07-17T00:00:00", "id": "OPENVAS:1361412562310817227", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310817227", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.817227\");\n script_version(\"2020-07-17T05:57:41+0000\");\n script_cve_id(\"CVE-2020-1085\", \"CVE-2020-1147\", \"CVE-2020-1249\", \"CVE-2020-1267\",\n \"CVE-2020-1333\", \"CVE-2020-1336\", \"CVE-2020-1344\", \"CVE-2020-1347\",\n \"CVE-2020-1351\", \"CVE-2020-1352\", \"CVE-2020-1353\", \"CVE-2020-1354\",\n \"CVE-2020-1357\", \"CVE-2020-1358\", \"CVE-2020-1359\", \"CVE-2020-1360\",\n \"CVE-2020-1361\", \"CVE-2020-1362\", \"CVE-2020-1363\", \"CVE-2020-1364\",\n \"CVE-2020-1365\", \"CVE-2020-1366\", \"CVE-2020-1368\", \"CVE-2020-1369\",\n \"CVE-2020-1370\", \"CVE-2020-1371\", \"CVE-2020-1372\", \"CVE-2020-1373\",\n \"CVE-2020-1374\", \"CVE-2020-1375\", \"CVE-2020-1384\", \"CVE-2020-1385\",\n \"CVE-2020-1386\", \"CVE-2020-1387\", \"CVE-2020-1388\", \"CVE-2020-1389\",\n \"CVE-2020-1390\", \"CVE-2020-1392\", \"CVE-2020-1393\", \"CVE-2020-1394\",\n \"CVE-2020-1395\", \"CVE-2020-1396\", \"CVE-2020-1397\", \"CVE-2020-1398\",\n \"CVE-2020-1399\", \"CVE-2020-1400\", \"CVE-2020-1401\", \"CVE-2020-1402\",\n \"CVE-2020-1403\", \"CVE-2020-1404\", \"CVE-2020-1406\", \"CVE-2020-1407\",\n \"CVE-2020-1408\", \"CVE-2020-1409\", \"CVE-2020-1410\", \"CVE-2020-1411\",\n \"CVE-2020-1412\", \"CVE-2020-1413\", \"CVE-2020-1414\", \"CVE-2020-1415\",\n \"CVE-2020-1418\", \"CVE-2020-1419\", \"CVE-2020-1420\", \"CVE-2020-1421\",\n \"CVE-2020-1422\", \"CVE-2020-1424\", \"CVE-2020-1426\", \"CVE-2020-1427\",\n \"CVE-2020-1428\", \"CVE-2020-1429\", \"CVE-2020-1430\", \"CVE-2020-1431\",\n \"CVE-2020-1432\", \"CVE-2020-1433\", \"CVE-2020-1434\", \"CVE-2020-1435\",\n \"CVE-2020-1436\", \"CVE-2020-1437\", \"CVE-2020-1438\", \"CVE-2020-1462\",\n \"CVE-2020-1463\", \"CVE-2020-1468\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-07-17 05:57:41 +0000 (Fri, 17 Jul 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-07-15 15:54:53 +0530 (Wed, 15 Jul 2020)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4565489)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4565489\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\n on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to,\n\n - Windows System Events Broker fails to properly handle file operations.\n\n - Windows WalletService fails to properly handle objects in memory.\n\n - Windows Mobile Device Management (MDM) Diagnostics fails to\n properly handle objects in memory.\n\n - Windows Jet Database Engine fails to properly handle objects in memory.\n\n - Windows Network Connections Service fails to properly handle\n objects in memory.\n\n - SharedStream Library fails to handle objects in memory.\n\n Please see the references for more information about the vulnerabilities.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n to execute arbitrary code, elevate privilges, disclose sensitive information\n and denial of service attacks.\");\n\n script_tag(name:\"affected\", value:\"- Microsoft Windows 10 Version 1803 for 32-bit Systems\n\n - Microsoft Windows 10 Version 1803 for x64-based Systems\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see\n the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4565489\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win10:1, win10x64:1) <= 0){\n exit(0);\n}\n\ndllPath = smb_get_system32root();\nif(!dllPath)\n exit(0);\n\nfileVer = fetch_file_version(sysPath:dllPath, file_name:\"User32.dll\");\nif(!fileVer)\n exit(0);\n\nif(version_in_range(version:fileVer, test_version:\"10.0.17134.0\", test_version2:\"10.0.17134.1609\")) {\n report = report_fixed_ver(file_checked:dllPath + \"\\User32.dll\",\n file_version:fileVer, vulnerable_range:\"10.0.17134.0 - 10.0.17134.1609\");\n security_message(data:report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-21T19:50:56", "description": "This host is missing a critical security\n update according to Microsoft KB4565513", "cvss3": {}, "published": "2020-07-15T00:00:00", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4565513)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-1373", "CVE-2020-1354", "CVE-2020-1438", "CVE-2020-1404", "CVE-2020-1432", "CVE-2020-1401", "CVE-2020-1403", "CVE-2020-1420", "CVE-2020-1413", "CVE-2020-1344", "CVE-2020-1433", "CVE-2020-1353", "CVE-2020-1436", "CVE-2020-1085", "CVE-2020-1390", "CVE-2020-1358", "CVE-2020-1402", "CVE-2020-1406", "CVE-2020-1371", "CVE-2020-1352", "CVE-2020-1411", "CVE-2020-1393", "CVE-2020-1468", "CVE-2020-1370", "CVE-2020-1360", "CVE-2020-1419", "CVE-2020-1333", "CVE-2020-1389", "CVE-2020-1385", "CVE-2020-1396", "CVE-2020-1362", "CVE-2020-1397", "CVE-2020-1407", "CVE-2020-1384", "CVE-2020-1427", "CVE-2020-1267", "CVE-2020-1399", "CVE-2020-1368", "CVE-2020-1249", "CVE-2020-1430", "CVE-2020-1412", "CVE-2020-1409", "CVE-2020-1147", "CVE-2020-1374", "CVE-2020-1421", "CVE-2020-1365", "CVE-2020-1435", "CVE-2020-1369", "CVE-2020-1408", "CVE-2020-1437", "CVE-2020-1434", "CVE-2020-1361", "CVE-2020-1400", "CVE-2020-1398", "CVE-2020-1359", "CVE-2020-1428", "CVE-2020-1351", "CVE-2020-1429", "CVE-2020-1364", "CVE-2020-1410"], "modified": "2020-07-17T00:00:00", "id": "OPENVAS:1361412562310817229", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310817229", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.817229\");\n script_version(\"2020-07-17T05:57:41+0000\");\n script_cve_id(\"CVE-2020-1085\", \"CVE-2020-1147\", \"CVE-2020-1249\", \"CVE-2020-1267\",\n \"CVE-2020-1333\", \"CVE-2020-1344\", \"CVE-2020-1351\", \"CVE-2020-1352\",\n \"CVE-2020-1353\", \"CVE-2020-1354\", \"CVE-2020-1358\", \"CVE-2020-1359\",\n \"CVE-2020-1360\", \"CVE-2020-1361\", \"CVE-2020-1362\", \"CVE-2020-1364\",\n \"CVE-2020-1365\", \"CVE-2020-1368\", \"CVE-2020-1369\", \"CVE-2020-1370\",\n \"CVE-2020-1371\", \"CVE-2020-1373\", \"CVE-2020-1374\", \"CVE-2020-1384\",\n \"CVE-2020-1385\", \"CVE-2020-1389\", \"CVE-2020-1390\", \"CVE-2020-1393\",\n \"CVE-2020-1396\", \"CVE-2020-1397\", \"CVE-2020-1398\", \"CVE-2020-1399\",\n \"CVE-2020-1400\", \"CVE-2020-1401\", \"CVE-2020-1402\", \"CVE-2020-1403\",\n \"CVE-2020-1404\", \"CVE-2020-1406\", \"CVE-2020-1407\", \"CVE-2020-1408\",\n \"CVE-2020-1409\", \"CVE-2020-1410\", \"CVE-2020-1411\", \"CVE-2020-1412\",\n \"CVE-2020-1413\", \"CVE-2020-1419\", \"CVE-2020-1420\", \"CVE-2020-1421\",\n \"CVE-2020-1427\", \"CVE-2020-1428\", \"CVE-2020-1429\", \"CVE-2020-1430\",\n \"CVE-2020-1432\", \"CVE-2020-1433\", \"CVE-2020-1434\", \"CVE-2020-1435\",\n \"CVE-2020-1436\", \"CVE-2020-1437\", \"CVE-2020-1438\", \"CVE-2020-1468\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-07-17 05:57:41 +0000 (Fri, 17 Jul 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-07-15 17:56:41 +0530 (Wed, 15 Jul 2020)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4565513)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4565513\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\n on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to,\n\n - Windows Event Logging Service fails to properly handle memory.\n\n - Windows WalletService fails to properly handle objects in memory.\n\n - Windows Network Connections Service fails to properly handle objects in memory.\n\n - Windows Jet Database Engine fails to properly handle objects in memory.\n\n - Windows Network Connections Service fails to properly handle\n objects in memory.\n\n - Windows Error Reporting fails to properly handle file operations.\n\n Please see the references for more information about the vulnerabilities.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n to execute arbitrary code, elevate privilges, disclose sensitive information\n and denial of service attacks.\");\n\n script_tag(name:\"affected\", value:\"- Microsoft Windows 10 for 32-bit Systems\n\n - Microsoft Windows 10 for x64-based Systems\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see\n the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4565513\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win10:1, win10x64:1) <= 0){\n exit(0);\n}\n\ndllPath = smb_get_system32root();\nif(!dllPath)\n exit(0);\n\nfileVer = fetch_file_version(sysPath:dllPath, file_name:\"User32.dll\");\nif(!fileVer)\n exit(0);\n\nif(version_is_less(version:fileVer, test_version:\"10.0.10240.18638\")) {\n report = report_fixed_ver(file_checked:dllPath + \"\\User32.dll\",\n file_version:fileVer, vulnerable_range:\"Less than 10.0.10240.18638\");\n security_message(data:report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-21T19:51:33", "description": "This host is missing a important security\n update according to Microsoft KB4565508", "cvss3": {}, "published": "2020-07-15T00:00:00", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4565508)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-1373", "CVE-2020-1354", "CVE-2020-1438", "CVE-2020-1404", "CVE-2020-1432", "CVE-2020-1401", "CVE-2020-1372", "CVE-2020-1403", "CVE-2020-1420", "CVE-2020-1413", "CVE-2020-1392", "CVE-2020-1344", "CVE-2020-1433", "CVE-2020-1353", "CVE-2020-1436", "CVE-2020-1375", "CVE-2020-1085", "CVE-2020-1390", "CVE-2020-1358", "CVE-2020-1402", "CVE-2020-1406", "CVE-2020-1371", "CVE-2020-1352", "CVE-2020-1411", "CVE-2020-1393", "CVE-2020-1386", "CVE-2020-1468", "CVE-2020-1370", "CVE-2020-1347", "CVE-2020-1360", "CVE-2020-1419", "CVE-2020-1333", "CVE-2020-1336", "CVE-2020-1389", "CVE-2020-1418", "CVE-2020-1385", "CVE-2020-1396", "CVE-2020-1362", "CVE-2020-1388", "CVE-2020-1397", "CVE-2020-1407", "CVE-2020-1384", "CVE-2020-1463", "CVE-2020-1427", "CVE-2020-1363", "CVE-2020-1395", "CVE-2020-1267", "CVE-2020-1399", "CVE-2020-1368", "CVE-2020-1249", "CVE-2020-1430", "CVE-2020-1357", "CVE-2020-1412", "CVE-2020-1409", "CVE-2020-1147", "CVE-2020-1462", "CVE-2020-1374", "CVE-2020-1421", "CVE-2020-1365", "CVE-2020-1435", "CVE-2020-1369", "CVE-2020-1408", "CVE-2020-1394", "CVE-2020-1437", "CVE-2020-1434", "CVE-2020-1366", "CVE-2020-1361", "CVE-2020-1400", "CVE-2020-1398", "CVE-2020-1359", "CVE-2020-1428", "CVE-2020-1351", "CVE-2020-1429", "CVE-2020-1364", "CVE-2020-1387", "CVE-2020-1410"], "modified": "2020-07-17T00:00:00", "id": "OPENVAS:1361412562310817223", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310817223", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.817223\");\n script_version(\"2020-07-17T05:57:41+0000\");\n script_cve_id(\"CVE-2020-1085\", \"CVE-2020-1147\", \"CVE-2020-1249\", \"CVE-2020-1267\",\n \"CVE-2020-1333\", \"CVE-2020-1336\", \"CVE-2020-1344\", \"CVE-2020-1347\",\n \"CVE-2020-1351\", \"CVE-2020-1352\", \"CVE-2020-1353\", \"CVE-2020-1354\",\n \"CVE-2020-1357\", \"CVE-2020-1358\", \"CVE-2020-1359\", \"CVE-2020-1360\",\n \"CVE-2020-1361\", \"CVE-2020-1362\", \"CVE-2020-1363\", \"CVE-2020-1364\",\n \"CVE-2020-1365\", \"CVE-2020-1366\", \"CVE-2020-1368\", \"CVE-2020-1369\",\n \"CVE-2020-1370\", \"CVE-2020-1371\", \"CVE-2020-1372\", \"CVE-2020-1373\",\n \"CVE-2020-1374\", \"CVE-2020-1375\", \"CVE-2020-1384\", \"CVE-2020-1385\",\n \"CVE-2020-1386\", \"CVE-2020-1387\", \"CVE-2020-1388\", \"CVE-2020-1389\",\n \"CVE-2020-1390\", \"CVE-2020-1392\", \"CVE-2020-1393\", \"CVE-2020-1394\",\n \"CVE-2020-1395\", \"CVE-2020-1396\", \"CVE-2020-1397\", \"CVE-2020-1398\",\n \"CVE-2020-1399\", \"CVE-2020-1400\", \"CVE-2020-1401\", \"CVE-2020-1402\",\n \"CVE-2020-1403\", \"CVE-2020-1404\", \"CVE-2020-1406\", \"CVE-2020-1407\",\n \"CVE-2020-1408\", \"CVE-2020-1409\", \"CVE-2020-1410\", \"CVE-2020-1411\",\n \"CVE-2020-1412\", \"CVE-2020-1413\", \"CVE-2020-1418\", \"CVE-2020-1419\",\n \"CVE-2020-1420\", \"CVE-2020-1421\", \"CVE-2020-1427\", \"CVE-2020-1428\",\n \"CVE-2020-1429\", \"CVE-2020-1430\", \"CVE-2020-1432\", \"CVE-2020-1433\",\n \"CVE-2020-1434\", \"CVE-2020-1435\", \"CVE-2020-1436\", \"CVE-2020-1437\",\n \"CVE-2020-1438\", \"CVE-2020-1462\", \"CVE-2020-1463\", \"CVE-2020-1468\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-07-17 05:57:41 +0000 (Fri, 17 Jul 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-07-15 09:51:05 +0530 (Wed, 15 Jul 2020)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4565508)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a important security\n update according to Microsoft KB4565508\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\n on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to,\n\n - Windows System Events Broker fails to properly handle file operations.\n\n - Windows WalletService fails to properly handle objects in memory.\n\n - Windows Mobile Device Management (MDM) Diagnostics fails to\n properly handle objects in memory.\n\n - Windows Jet Database Engine fails to properly handle objects in memory.\n\n - Windows Network Connections Service fails to properly handle\n objects in memory.\n\n - SharedStream Library fails to handle objects in memory.\n Please see the references for more information about the vulnerabilities.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n to execute arbitrary code, elevate privilges, disclose sensitive information\n and denial of service attacks.\");\n\n script_tag(name:\"affected\", value:\"- Microsoft Windows 10 Version 1709 for 32-bit Systems\n\n - Microsoft Windows 10 Version 1709 for x64-based Systems\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see\n the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4565508\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win10:1, win10x64:1) <= 0){\n exit(0);\n}\n\ndllPath = smb_get_system32root();\nif(!dllPath)\n exit(0);\n\nfileVer = fetch_file_version(sysPath:dllPath, file_name:\"User32.dll\");\nif(!fileVer)\n exit(0);\n\nif(version_in_range(version:fileVer, test_version:\"10.0.16299.0\", test_version2:\"10.0.16299.1991\")) {\n report = report_fixed_ver(file_checked:dllPath + \"\\User32.dll\",\n file_version:fileVer, vulnerable_range:\"10.0.16299.0 - 10.0.16299.1991\");\n security_message(data:report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-21T19:51:32", "description": "This host is missing a critical security\n update according to Microsoft KB4565503", "cvss3": {}, "published": "2020-07-15T00:00:00", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4565503)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-1373", "CVE-2020-1382", "CVE-2020-1367", "CVE-2020-1330", "CVE-2019-1469", "CVE-2020-1354", "CVE-2020-1438", "CVE-2020-1404", "CVE-2020-1432", "CVE-2020-1401", "CVE-2020-1372", "CVE-2020-1403", "CVE-2020-1420", "CVE-2020-1413", "CVE-2020-1392", "CVE-2020-1405", "CVE-2020-1344", "CVE-2020-1414", "CVE-2020-1433", "CVE-2020-1353", "CVE-2020-1355", "CVE-2020-1415", "CVE-2020-1436", "CVE-2020-1375", "CVE-2020-1085", "CVE-2020-1390", "CVE-2020-1358", "CVE-2020-1402", "CVE-2020-1406", "CVE-2020-1371", "CVE-2020-1352", "CVE-2020-1350", "CVE-2020-1391", "CVE-2020-1411", "CVE-2020-1393", "CVE-2020-1386", "CVE-2020-1468", "CVE-2020-1422", "CVE-2020-1370", "CVE-2020-1347", "CVE-2020-1360", "CVE-2020-1419", "CVE-2020-1333", "CVE-2020-1356", "CVE-2020-1336", "CVE-2020-1389", "CVE-2020-1418", "CVE-2020-1385", "CVE-2020-1396", "CVE-2020-1362", "CVE-2020-1431", "CVE-2020-1388", "CVE-2020-1423", "CVE-2020-1426", "CVE-2020-1397", "CVE-2020-1407", "CVE-2020-1384", "CVE-2020-1463", "CVE-2020-1427", "CVE-2020-1363", "CVE-2020-1381", "CVE-2020-1395", "CVE-2020-1267", "CVE-2020-1399", "CVE-2020-1368", "CVE-2020-1249", "CVE-2020-1430", "CVE-2020-1357", "CVE-2020-1412", "CVE-2020-1409", "CVE-2020-1462", "CVE-2020-1374", "CVE-2020-1421", "CVE-2020-1365", "CVE-2020-1435", "CVE-2020-1369", "CVE-2020-1408", "CVE-2020-1394", "CVE-2020-1437", "CVE-2020-1434", "CVE-2020-1366", "CVE-2020-1361", "CVE-2020-1400", "CVE-2020-1398", "CVE-2020-1359", "CVE-2020-1424", "CVE-2020-1428", "CVE-2020-1351", "CVE-2020-1429", "CVE-2020-1364", "CVE-2020-1387", "CVE-2020-1410"], "modified": "2020-07-20T00:00:00", "id": "OPENVAS:1361412562310817224", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310817224", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.817224\");\n script_version(\"2020-07-20T05:00:04+0000\");\n script_cve_id(\"CVE-2019-1469\", \"CVE-2020-1085\", \"CVE-2020-1249\", \"CVE-2020-1267\",\n \"CVE-2020-1330\", \"CVE-2020-1333\", \"CVE-2020-1336\", \"CVE-2020-1344\",\n \"CVE-2020-1347\", \"CVE-2020-1350\", \"CVE-2020-1351\", \"CVE-2020-1352\",\n \"CVE-2020-1353\", \"CVE-2020-1354\", \"CVE-2020-1355\", \"CVE-2020-1356\",\n \"CVE-2020-1357\", \"CVE-2020-1358\", \"CVE-2020-1359\", \"CVE-2020-1360\",\n \"CVE-2020-1361\", \"CVE-2020-1362\", \"CVE-2020-1363\", \"CVE-2020-1364\",\n \"CVE-2020-1365\", \"CVE-2020-1366\", \"CVE-2020-1367\", \"CVE-2020-1368\",\n \"CVE-2020-1369\", \"CVE-2020-1370\", \"CVE-2020-1371\", \"CVE-2020-1372\",\n \"CVE-2020-1373\", \"CVE-2020-1374\", \"CVE-2020-1375\", \"CVE-2020-1381\",\n \"CVE-2020-1382\", \"CVE-2020-1384\", \"CVE-2020-1385\", \"CVE-2020-1386\",\n \"CVE-2020-1387\", \"CVE-2020-1388\", \"CVE-2020-1389\", \"CVE-2020-1390\",\n \"CVE-2020-1391\", \"CVE-2020-1392\", \"CVE-2020-1393\", \"CVE-2020-1394\",\n \"CVE-2020-1395\", \"CVE-2020-1396\", \"CVE-2020-1397\", \"CVE-2020-1398\",\n \"CVE-2020-1399\", \"CVE-2020-1400\", \"CVE-2020-1401\", \"CVE-2020-1402\",\n \"CVE-2020-1403\", \"CVE-2020-1404\", \"CVE-2020-1405\", \"CVE-2020-1406\",\n \"CVE-2020-1407\", \"CVE-2020-1408\", \"CVE-2020-1409\", \"CVE-2020-1410\",\n \"CVE-2020-1411\", \"CVE-2020-1412\", \"CVE-2020-1413\", \"CVE-2020-1414\",\n \"CVE-2020-1415\", \"CVE-2020-1418\", \"CVE-2020-1419\", \"CVE-2020-1420\",\n \"CVE-2020-1421\", \"CVE-2020-1422\", \"CVE-2020-1423\", \"CVE-2020-1424\",\n \"CVE-2020-1426\", \"CVE-2020-1427\", \"CVE-2020-1428\", \"CVE-2020-1429\",\n \"CVE-2020-1430\", \"CVE-2020-1431\", \"CVE-2020-1432\", \"CVE-2020-1433\",\n \"CVE-2020-1434\", \"CVE-2020-1435\", \"CVE-2020-1436\", \"CVE-2020-1437\",\n \"CVE-2020-1438\", \"CVE-2020-1462\", \"CVE-2020-1463\", \"CVE-2020-1468\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-07-20 05:00:04 +0000 (Mon, 20 Jul 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-07-15 12:33:34 +0530 (Wed, 15 Jul 2020)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4565503)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4565503\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\n on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to,\n\n - Windows Domain Name System servers fail to properly handle requests (SIGRed, CVE-2020-1350).\n\n - Windows System Events Broker fails to properly handle file operations.\n\n - Windows WalletService fails to properly handle objects in memory.\n\n - Windows Mobile Device Management (MDM) Diagnostics fails to\n properly handle objects in memory.\n\n - Windows Jet Database Engine fails to properly handle objects in memory.\n\n - Windows Network Connections Service fails to properly handle\n objects in memory.\n\n - SharedStream Library fails to handle objects in memory.\n Please see the references for more information about the vulnerabilities.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n to execute arbitrary code, elevate privilges, disclose sensitive information\n and denial of service attacks.\");\n\n script_tag(name:\"affected\", value:\"- Microsoft Windows 10 Version 2004 for 32-bit Systems\n\n - Microsoft Windows 10 Version 2004 for x64-based Systems\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see\n the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4565503\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win10:1, win10x64:1) <= 0)\n exit(0);\n\ndllPath = smb_get_system32root();\nif(!dllPath)\n exit(0);\n\nfileVer = fetch_file_version(sysPath:dllPath, file_name:\"Gdiplus.dll\");\nif(!fileVer)\n exit(0);\n\nif(version_in_range(version:fileVer, test_version:\"10.0.19041.0\", test_version2:\"10.0.19041.387\")) {\n report = report_fixed_ver(file_checked:dllPath + \"\\Gdiplus.dll\",\n file_version:fileVer, vulnerable_range:\"10.0.19041.0 - 10.0.19041.387\");\n security_message(data:report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-21T19:51:37", "description": "This host is missing a critical security\n update according to Microsoft KB4565524", "cvss3": {}, "published": "2020-07-15T00:00:00", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4565524)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-1373", "CVE-2020-1354", "CVE-2020-1438", "CVE-2020-1432", "CVE-2020-1401", "CVE-2020-1403", "CVE-2020-1436", "CVE-2020-1085", "CVE-2020-1390", "CVE-2020-1402", "CVE-2020-1371", "CVE-2020-1350", "CVE-2020-1468", "CVE-2020-1360", "CVE-2020-1419", "CVE-2020-1333", "CVE-2020-1389", "CVE-2020-1396", "CVE-2020-1397", "CVE-2020-1407", "CVE-2020-1384", "CVE-2020-1427", "CVE-2020-1267", "CVE-2020-1430", "CVE-2020-1412", "CVE-2020-1409", "CVE-2020-1374", "CVE-2020-1421", "CVE-2020-1365", "CVE-2020-1435", "CVE-2020-1408", "CVE-2020-1437", "CVE-2020-1400", "CVE-2020-1359", "CVE-2020-1428", "CVE-2020-1351", "CVE-2020-1410"], "modified": "2020-07-20T00:00:00", "id": "OPENVAS:1361412562310817230", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310817230", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.817230\");\n script_version(\"2020-07-20T05:00:04+0000\");\n script_cve_id(\"CVE-2020-1085\", \"CVE-2020-1267\", \"CVE-2020-1333\", \"CVE-2020-1350\",\n \"CVE-2020-1351\", \"CVE-2020-1354\", \"CVE-2020-1359\", \"CVE-2020-1360\",\n \"CVE-2020-1365\", \"CVE-2020-1371\", \"CVE-2020-1373\", \"CVE-2020-1374\",\n \"CVE-2020-1384\", \"CVE-2020-1389\", \"CVE-2020-1390\", \"CVE-2020-1396\",\n \"CVE-2020-1397\", \"CVE-2020-1400\", \"CVE-2020-1401\", \"CVE-2020-1402\",\n \"CVE-2020-1403\", \"CVE-2020-1407\", \"CVE-2020-1408\", \"CVE-2020-1409\",\n \"CVE-2020-1410\", \"CVE-2020-1412\", \"CVE-2020-1419\", \"CVE-2020-1421\",\n \"CVE-2020-1427\", \"CVE-2020-1428\", \"CVE-2020-1430\", \"CVE-2020-1432\",\n \"CVE-2020-1435\", \"CVE-2020-1436\", \"CVE-2020-1437\", \"CVE-2020-1438\",\n \"CVE-2020-1468\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-07-20 05:00:04 +0000 (Mon, 20 Jul 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-07-15 18:26:24 +0530 (Wed, 15 Jul 2020)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4565524)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4565524\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\n on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to,\n\n - Windows Domain Name System servers fail to properly handle requests (SIGRed, CVE-2020-1350).\n\n - Windows Event Logging Service fails to properly handle memory.\n\n - Windows Network Location Awareness Service fails to properly\n handle objects in memory.\n\n - Windows Jet Database Engine fails to properly handle objects in memory.\n\n - Windows Network Connections Service fails to properly handle\n objects in memory.\n\n - Windows Cryptography Next Generation (CNG) Key Isolation service\n fails to properly handle memory.\n\n Please see the references for more information about the vulnerabilities.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n to execute arbitrary code, elevate privilges, disclose sensitive information\n and denial of service attacks.\");\n\n script_tag(name:\"affected\", value:\"- Microsoft Windows Server 2008 R2 for x64-based Systems Service Pack 1\n\n - Microsoft Windows Server 2012\n\n - Microsoft Windows 7 for x64-based Systems Service Pack 1\n\n - Microsoft Windows 7 for 32-bit Systems Service Pack 1\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see\n the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4565524\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win2008r2:2, win2012:1, win7x64:2, win7:2) <= 0){\n exit(0);\n}\n\ndllPath = smb_get_system32root();\nif(!dllPath)\n exit(0);\n\nfileVer = fetch_file_version(sysPath:dllPath, file_name:\"Gdiplus.dll\");\nif(!fileVer)\n exit(0);\n\nif(version_is_less(version:fileVer, test_version:\"5.2.7601.24557\")) {\n report = report_fixed_ver(file_checked:dllPath + \"\\Gdiplus.dll\",\n file_version:fileVer, vulnerable_range:\"Less than 5.2.7601.24557\");\n security_message(data:report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-21T19:51:39", "description": "This host is missing a critical security\n update according to Microsoft KB4565511", "cvss3": {}, "published": "2020-07-15T00:00:00", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4565511)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-1373", "CVE-2020-1354", "CVE-2020-1438", "CVE-2020-1404", "CVE-2020-1432", "CVE-2020-1401", "CVE-2020-1403", "CVE-2020-1420", "CVE-2020-1413", "CVE-2020-1344", "CVE-2020-1433", "CVE-2020-1353", "CVE-2020-1436", "CVE-2020-1085", "CVE-2020-1390", "CVE-2020-1358", "CVE-2020-1402", "CVE-2020-1406", "CVE-2020-1371", "CVE-2020-1352", "CVE-2020-1350", "CVE-2020-1411", "CVE-2020-1393", "CVE-2020-1468", "CVE-2020-1370", "CVE-2020-1360", "CVE-2020-1419", "CVE-2020-1333", "CVE-2020-1356", "CVE-2020-1336", "CVE-2020-1389", "CVE-2020-1385", "CVE-2020-1396", "CVE-2020-1362", "CVE-2020-1388", "CVE-2020-1397", "CVE-2020-1407", "CVE-2020-1384", "CVE-2020-1463", "CVE-2020-1427", "CVE-2020-1395", "CVE-2020-1267", "CVE-2020-1399", "CVE-2020-1368", "CVE-2020-1249", "CVE-2020-1430", "CVE-2020-1357", "CVE-2020-1412", "CVE-2020-1409", "CVE-2020-1147", "CVE-2020-1462", "CVE-2020-1374", "CVE-2020-1421", "CVE-2020-1365", "CVE-2020-1435", "CVE-2020-1369", "CVE-2020-1408", "CVE-2020-1437", "CVE-2020-1434", "CVE-2020-1361", "CVE-2020-1400", "CVE-2020-1398", "CVE-2020-1359", "CVE-2020-1428", "CVE-2020-1351", "CVE-2020-1429", "CVE-2020-1364", "CVE-2020-1410"], "modified": "2020-07-20T00:00:00", "id": "OPENVAS:1361412562310817226", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310817226", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.817226\");\n script_version(\"2020-07-20T05:00:04+0000\");\n script_cve_id(\"CVE-2020-1085\", \"CVE-2020-1147\", \"CVE-2020-1249\", \"CVE-2020-1267\",\n \"CVE-2020-1333\", \"CVE-2020-1336\", \"CVE-2020-1344\", \"CVE-2020-1350\",\n \"CVE-2020-1351\", \"CVE-2020-1352\", \"CVE-2020-1353\", \"CVE-2020-1354\",\n \"CVE-2020-1356\", \"CVE-2020-1357\", \"CVE-2020-1358\", \"CVE-2020-1359\",\n \"CVE-2020-1360\", \"CVE-2020-1361\", \"CVE-2020-1362\", \"CVE-2020-1364\",\n \"CVE-2020-1365\", \"CVE-2020-1368\", \"CVE-2020-1369\", \"CVE-2020-1370\",\n \"CVE-2020-1371\", \"CVE-2020-1373\", \"CVE-2020-1374\", \"CVE-2020-1384\",\n \"CVE-2020-1385\", \"CVE-2020-1388\", \"CVE-2020-1389\", \"CVE-2020-1390\",\n \"CVE-2020-1393\", \"CVE-2020-1395\", \"CVE-2020-1396\", \"CVE-2020-1397\",\n \"CVE-2020-1398\", \"CVE-2020-1399\", \"CVE-2020-1400\", \"CVE-2020-1401\",\n \"CVE-2020-1402\", \"CVE-2020-1403\", \"CVE-2020-1404\", \"CVE-2020-1406\",\n \"CVE-2020-1407\", \"CVE-2020-1408\", \"CVE-2020-1409\", \"CVE-2020-1410\",\n \"CVE-2020-1411\", \"CVE-2020-1412\", \"CVE-2020-1413\", \"CVE-2020-1419\",\n \"CVE-2020-1420\", \"CVE-2020-1421\", \"CVE-2020-1427\", \"CVE-2020-1428\",\n \"CVE-2020-1429\", \"CVE-2020-1430\", \"CVE-2020-1432\", \"CVE-2020-1433\",\n \"CVE-2020-1434\", \"CVE-2020-1435\", \"CVE-2020-1436\", \"CVE-2020-1437\",\n \"CVE-2020-1438\", \"CVE-2020-1462\", \"CVE-2020-1463\", \"CVE-2020-1468\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-07-20 05:00:04 +0000 (Mon, 20 Jul 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-07-15 15:23:26 +0530 (Wed, 15 Jul 2020)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4565511)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4565511\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\n on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to,\n\n - Windows Domain Name System servers fail to properly handle requests (SIGRed, CVE-2020-1350).\n\n - Windows System Events Broker fails to properly handle file operations.\n\n - Windows WalletService fails to properly handle objects in memory.\n\n - Windows Runtime fails to properly handle objects in memory.\n\n - Windows Jet Database Engine fails to properly handle objects in memory.\n\n - Windows Network Connections Service fails to properly handle\n objects in memory.\n\n - SharedStream Library fails to handle objects in memory.\n\n Please see the references for more information about the vulnerabilities.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n to execute arbitrary code, elevate privilges, disclose sensitive information\n and denial of service attacks.\");\n\n script_tag(name:\"affected\", value:\"- Microsoft Windows 10 Version 1607 for 32-bit Systems\n\n - Microsoft Windows 10 Version 1607 for x64-based Systems\n\n - Microsoft Windows Server 2016\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see\n the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4565511\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win10:1, win10x64:1, win2016:1) <= 0)\n exit(0);\n\ndllPath = smb_get_system32root();\nif(!dllPath)\n exit(0);\n\nfileVer = fetch_file_version(sysPath:dllPath, file_name:\"Gdiplus.dll\");\nif(!fileVer)\n exit(0);\n\nif(version_in_range(version:fileVer, test_version:\"10.0.14393.0\", test_version2:\"10.0.14393.3807\")) {\n report = report_fixed_ver(file_checked:dllPath + \"\\Gdiplus.dll\",\n file_version:fileVer, vulnerable_range:\"10.0.14393.0 - 10.0.14393.3807\");\n security_message(data:report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-21T19:51:31", "description": "This host is missing a critical security\n update according to Microsoft KB4565541", "cvss3": {}, "published": "2020-07-15T00:00:00", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4565541)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-1373", "CVE-2020-1354", "CVE-2020-1438", "CVE-2020-1432", "CVE-2020-1401", "CVE-2020-1403", "CVE-2020-1436", "CVE-2020-1085", "CVE-2020-1390", "CVE-2020-1402", "CVE-2020-1406", "CVE-2020-1371", "CVE-2020-1350", "CVE-2020-1468", "CVE-2020-1360", "CVE-2020-1419", "CVE-2020-1333", "CVE-2020-1356", "CVE-2020-1389", "CVE-2020-1385", "CVE-2020-1396", "CVE-2020-1397", "CVE-2020-1407", "CVE-2020-1384", "CVE-2020-1427", "CVE-2020-1267", "CVE-2020-1399", "CVE-2020-1368", "CVE-2020-1249", "CVE-2020-1430", "CVE-2020-1412", "CVE-2020-1409", "CVE-2020-1374", "CVE-2020-1421", "CVE-2020-1365", "CVE-2020-1435", "CVE-2020-1408", "CVE-2020-1437", "CVE-2020-1400", "CVE-2020-1359", "CVE-2020-1428", "CVE-2020-1351", "CVE-2020-1410"], "modified": "2020-07-20T00:00:00", "id": "OPENVAS:1361412562310817231", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310817231", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.817231\");\n script_version(\"2020-07-20T05:00:04+0000\");\n script_cve_id(\"CVE-2020-1085\", \"CVE-2020-1249\", \"CVE-2020-1267\", \"CVE-2020-1333\",\n \"CVE-2020-1350\", \"CVE-2020-1351\", \"CVE-2020-1354\", \"CVE-2020-1356\",\n \"CVE-2020-1359\", \"CVE-2020-1360\", \"CVE-2020-1365\", \"CVE-2020-1368\",\n \"CVE-2020-1371\", \"CVE-2020-1373\", \"CVE-2020-1374\", \"CVE-2020-1384\",\n \"CVE-2020-1385\", \"CVE-2020-1389\", \"CVE-2020-1390\", \"CVE-2020-1396\",\n \"CVE-2020-1397\", \"CVE-2020-1399\", \"CVE-2020-1400\", \"CVE-2020-1401\",\n \"CVE-2020-1402\", \"CVE-2020-1403\", \"CVE-2020-1406\", \"CVE-2020-1407\",\n \"CVE-2020-1408\", \"CVE-2020-1409\", \"CVE-2020-1410\", \"CVE-2020-1412\",\n \"CVE-2020-1419\", \"CVE-2020-1421\", \"CVE-2020-1427\", \"CVE-2020-1428\",\n \"CVE-2020-1430\", \"CVE-2020-1432\", \"CVE-2020-1435\", \"CVE-2020-1436\",\n \"CVE-2020-1437\", \"CVE-2020-1438\", \"CVE-2020-1468\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-07-20 05:00:04 +0000 (Mon, 20 Jul 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-07-15 19:22:27 +0530 (Wed, 15 Jul 2020)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4565541)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4565541\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\n on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to,\n\n - Windows Domain Name System servers fail to properly handle requests (SIGRed, CVE-2020-1350).\n\n - DirectWrite fails to properly handle objects in memory.\n\n - Windows Address Book (WAB) fails to properly processes vcard files.\n\n - Windows Graphics Device Interface (GDI) fails to properly handle\n objects in the memory.\n\n - Windows Network Connections Service fails to handle objects in memory.\n Please see the references for more information about the vulnerabilities.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n to execute arbitrary code, elevate privilges, disclose sensitive information\n and denial of service attacks.\");\n\n script_tag(name:\"affected\", value:\"- Microsoft Windows 8.1 32-bit Systems\n\n - Microsoft Windows 8.1 for x64-based Systems\n\n - Microsoft Windows Server 2012 R2\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see\n the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4565541\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win8_1:1, win8_1x64:1, win2012R2:1) <= 0)\n exit(0);\n\ndllPath = smb_get_system32root();\nif(!dllPath)\n exit(0);\n\nfileVer = fetch_file_version(sysPath:dllPath, file_name:\"Gdiplus.dll\");\nif(!fileVer)\n exit(0);\n\nif(version_is_less(version:fileVer, test_version:\"6.3.9600.19756\")) {\n report = report_fixed_ver(file_checked:dllPath + \"\\Gdiplus.dll\",\n file_version:fileVer, vulnerable_range:\"Less than 6.3.9600.19756\");\n security_message(data:report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-21T19:50:57", "description": "This host is missing a critical security\n update according to Microsoft KB4565536", "cvss3": {}, "published": "2020-07-15T00:00:00", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4565536)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-1373", "CVE-2020-1354", "CVE-2020-1438", "CVE-2020-1401", "CVE-2020-1403", "CVE-2020-1436", "CVE-2020-1085", "CVE-2020-1390", "CVE-2020-1371", "CVE-2020-1350", "CVE-2020-1468", "CVE-2020-1360", "CVE-2020-1419", "CVE-2020-1333", "CVE-2020-1389", "CVE-2020-1396", "CVE-2020-1397", "CVE-2020-1407", "CVE-2020-1384", "CVE-2020-1427", "CVE-2020-1267", "CVE-2020-1430", "CVE-2020-1412", "CVE-2020-1409", "CVE-2020-1421", "CVE-2020-1365", "CVE-2020-1435", "CVE-2020-1408", "CVE-2020-1437", "CVE-2020-1400", "CVE-2020-1359", "CVE-2020-1428", "CVE-2020-1410"], "modified": "2020-07-20T00:00:00", "id": "OPENVAS:1361412562310817232", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310817232", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.817232\");\n script_version(\"2020-07-20T05:00:04+0000\");\n script_cve_id(\"CVE-2020-1085\", \"CVE-2020-1267\", \"CVE-2020-1333\", \"CVE-2020-1350\",\n \"CVE-2020-1354\", \"CVE-2020-1359\", \"CVE-2020-1360\", \"CVE-2020-1365\",\n \"CVE-2020-1371\", \"CVE-2020-1373\", \"CVE-2020-1384\", \"CVE-2020-1389\",\n \"CVE-2020-1390\", \"CVE-2020-1396\", \"CVE-2020-1397\", \"CVE-2020-1400\",\n \"CVE-2020-1401\", \"CVE-2020-1403\", \"CVE-2020-1407\", \"CVE-2020-1408\",\n \"CVE-2020-1409\", \"CVE-2020-1410\", \"CVE-2020-1412\", \"CVE-2020-1419\",\n \"CVE-2020-1421\", \"CVE-2020-1427\", \"CVE-2020-1428\", \"CVE-2020-1430\",\n \"CVE-2020-1435\", \"CVE-2020-1436\", \"CVE-2020-1437\", \"CVE-2020-1438\",\n \"CVE-2020-1468\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-07-20 05:00:04 +0000 (Mon, 20 Jul 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-07-15 20:23:57 +0530 (Wed, 15 Jul 2020)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4565536)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4565536\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\n on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to,\n\n - Windows Domain Name System servers fail to properly handle requests (SIGRed, CVE-2020-1350).\n\n - DirectWrite fails to properly handle objects in memory.\n\n - Windows Address Book (WAB) fails to properly processes vcard files.\n\n - Windows Graphics Device Interface (GDI) fails to properly handle\n objects in the memory.\n\n - Windows Network Connections Service fails to handle objects in memory.\n\n Please see the references for more information about the vulnerabilities.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n to execute arbitrary code, elevate privilges, disclose sensitive information\n and denial of service attacks.\");\n\n script_tag(name:\"affected\", value:\"- Microsoft Windows Server 2008 for 32-bit Systems Service Pack 2\n\n - Microsoft Windows Server 2008 for x64-based Systems Service Pack 2\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see\n the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4565536\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win2008:3, win2008x64:3) <= 0){\n exit(0);\n}\n\ndllPath = smb_get_system32root();\nif(!dllPath)\n exit(0);\n\nfileVer = fetch_file_version(sysPath:dllPath, file_name:\"Gdiplus.dll\");\nif(!fileVer)\n exit(0);\n\nif(version_is_less(version:fileVer, test_version:\"5.2.6003.20883\")) {\n report = report_fixed_ver(file_checked:dllPath + \"\\Gdiplus.dll\",\n file_version:fileVer, vulnerable_range:\"Less than 5.2.6003.20883\");\n security_message(data:report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2023-07-19T15:25:36", "description": "The remote Windows host is missing security update 4565513. It is, therefore, affected by multiple vulnerabilities :\n\n - An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1411)\n\n - An elevation of privilege vulnerability exists when the Windows Diagnostics Hub Standard Collector Service fails to properly sanitize input, leading to an unsecure library-loading behavior. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2020-1393)\n\n - A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage. The security update addresses the vulnerability by correcting how DirectWrite handles objects in memory. (CVE-2020-1409)\n\n - An elevation of privilege vulnerability exists when the Windows Profile Service improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges.\n (CVE-2020-1360)\n\n - A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2020-1403)\n\n - A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server. An attacker who successfully exploited this vulnerability could execute arbitrary code on the computer of the connecting client. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2020-1374)\n\n - A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted fonts. For all systems except Windows 10, an attacker who successfully exploited the vulnerability could execute code remotely. For systems running Windows 10, an attacker who successfully exploited the vulnerability could execute code in an AppContainer sandbox context with limited privileges and capabilities. An attacker could then install programs;\n view, change, or delete data; or create new accounts with full user rights. There are multiple ways an attacker could exploit the vulnerability:\n (CVE-2020-1436)\n\n - An elevation of privilege vulnerability exists in the way that the Credential Enrollment Manager service handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1368)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Network List Service handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1406)\n\n - An information disclosure vulnerability exists when the Windows Graphics component improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. An authenticated attacker could exploit this vulnerability by running a specially crafted application. The update addresses the vulnerability by correcting how the Windows Graphics Component handles objects in memory. (CVE-2020-1351)\n\n - An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory. (CVE-2020-1468)\n\n - An elevation of privilege vulnerability exists when the Windows Event Logging Service improperly handles memory.\n (CVE-2020-1365, CVE-2020-1371)\n\n - An elevation of privilege vulnerability exists in the way that the Windows WalletService handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1344, CVE-2020-1362, CVE-2020-1369)\n\n - An elevation of privilege vulnerability exists when the Windows ActiveX Installer Service improperly handles memory. (CVE-2020-1402)\n\n - This security update corrects a denial of service in the Local Security Authority Subsystem Service (LSASS) caused when an authenticated attacker sends a specially crafted authentication request. A remote attacker who successfully exploited this vulnerability could cause a denial of service on the target system's LSASS service, which triggers an automatic reboot of the system. The security update addresses the vulnerability by changing the way that LSASS handles specially crafted authentication requests. (CVE-2020-1267)\n\n - A remote code execution vulnerability exists when Windows Address Book (WAB) improperly processes vcard files. (CVE-2020-1410)\n\n - An elevation of privilege vulnerability exists when the Windows USO Core Worker improperly handles memory.\n (CVE-2020-1352)\n\n - An elevation of privilege vulnerability exists when the Windows UPnP Device Host improperly handles memory.\n (CVE-2020-1354, CVE-2020-1430)\n\n - An elevation of privilege vulnerability exists when Group Policy Services Policy Processing improperly handle reparse points. An attacker who successfully exploited this vulnerability could overwrite a targeted file that would normally require elevated permissions.\n (CVE-2020-1333)\n\n - A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited the vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1408)\n\n - An elevation of privilege vulnerability exists when the Windows Modules Installer improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges.\n (CVE-2020-1346)\n\n - An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC). An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2020-1396)\n\n - A denial of service vulnerability exists in the way that the WalletService handles files. An attacker who successfully exploited the vulnerability could corrupt system files. (CVE-2020-1364)\n\n - An information disclosure vulnerability exists when Skype for Business is accessed via Internet Explorer. An attacker who exploited the vulnerability could cause the user to place a call without additional consent, leading to information disclosure of the user profile. For the vulnerability to be exploited, a user must click a specially crafted URL that prompts the Skype app.\n (CVE-2020-1432)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Network Location Awareness Service handles objects in memory. An attacker who successfully exploited the vulnerability could allow an application with limited privileges on an affected system to execute code at a medium integrity level. (CVE-2020-1437)\n\n - A remote code execution vulnerability exists in .NET Framework, Microsoft SharePoint, and Visual Studio when the software fails to check the source markup of XML file input. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the process responsible for deserialization of the XML content. (CVE-2020-1147)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Network Connections Service handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1373, CVE-2020-1390, CVE-2020-1427, CVE-2020-1428, CVE-2020-1438)\n\n - An elevation of privilege vulnerability exists when the Windows Cryptography Next Generation (CNG) Key Isolation service improperly handles memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. (CVE-2020-1359, CVE-2020-1384)\n\n - An information disclosure vulnerability exists when the Windows Resource Policy component improperly handles memory. (CVE-2020-1358)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Function Discovery Service handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1085)\n\n - An information disclosure vulnerability exists when Windows Error Reporting improperly handles file operations. (CVE-2020-1420)\n\n - A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code on a target system. (CVE-2020-1412)\n\n - An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The update addresses the vulnerability by correcting the way the Windows Runtime handles objects in memory.\n (CVE-2020-1249, CVE-2020-1353, CVE-2020-1370, CVE-2020-1399, CVE-2020-1404, CVE-2020-1413)\n\n - An information disclosure vulnerability exists when Microsoft Edge PDF Reader improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2020-1433)\n\n - A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory. (CVE-2020-1400, CVE-2020-1401, CVE-2020-1407)\n\n - An elevation of privilege vulnerability exists when Windows Error Reporting manager improperly handles a process crash. An attacker who successfully exploited this vulnerability could delete a targeted file leading to an elevated status. (CVE-2020-1429)\n\n - An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2020-1389, CVE-2020-1419)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Credential Picker handles objects in memory. An attacker who successfully exploited the vulnerability could allow an application with limited privileges on an affected system to execute code at a medium integrity level. (CVE-2020-1385)\n\n - A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. (CVE-2020-1421)\n\n - An information disclosure vulnerability exists in Windows when the Windows Imaging Component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user's system.\n There are multiple ways an attacker could exploit this vulnerability: (CVE-2020-1397)\n\n - A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1435)\n\n - An information disclosure vulnerability exists in the way that the WalletService handles memory.\n (CVE-2020-1361)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Sync Host Service handles objects in memory. An attacker who successfully exploited the vulnerability could allow an application with limited privileges on an affected system to execute code at a medium integrity level. (CVE-2020-1434)\n\n - An elevation of privilege vulnerability exists when Windows Lockscreen fails to properly handle Ease of Access dialog. An attacker who successfully exploited the vulnerability could execute commands with elevated permissions. The security update addresses the vulnerability by ensuring that the Ease of Access dialog is handled properly. (CVE-2020-1398)", "cvss3": {}, "published": "2020-07-14T00:00:00", "type": "nessus", "title": "KB4565513: Windows 10 July 2020 Security Update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-1085", "CVE-2020-1147", "CVE-2020-1249", "CVE-2020-1267", "CVE-2020-1333", "CVE-2020-1344", "CVE-2020-1346", "CVE-2020-1351", "CVE-2020-1352", "CVE-2020-1353", "CVE-2020-1354", "CVE-2020-1358", "CVE-2020-1359", "CVE-2020-1360", "CVE-2020-1361", "CVE-2020-1362", "CVE-2020-1364", "CVE-2020-1365", "CVE-2020-1368", "CVE-2020-1369", "CVE-2020-1370", "CVE-2020-1371", "CVE-2020-1373", "CVE-2020-1374", "CVE-2020-1384", "CVE-2020-1385", "CVE-2020-1389", "CVE-2020-1390", "CVE-2020-1393", "CVE-2020-1396", "CVE-2020-1397", "CVE-2020-1398", "CVE-2020-1399", "CVE-2020-1400", "CVE-2020-1401", "CVE-2020-1402", "CVE-2020-1403", "CVE-2020-1404", "CVE-2020-1406", "CVE-2020-1407", "CVE-2020-1408", "CVE-2020-1409", "CVE-2020-1410", "CVE-2020-1411", "CVE-2020-1412", "CVE-2020-1413", "CVE-2020-1419", "CVE-2020-1420", "CVE-2020-1421", "CVE-2020-1427", "CVE-2020-1428", "CVE-2020-1429", "CVE-2020-1430", "CVE-2020-1432", "CVE-2020-1433", "CVE-2020-1434", "CVE-2020-1435", "CVE-2020-1436", "CVE-2020-1437", "CVE-2020-1438", "CVE-2020-1468"], "modified": "2023-01-24T00:00:00", "cpe": ["cpe:/o:microsoft:windows", "cpe:/a:microsoft:edge"], "id": "SMB_NT_MS20_JUL_4565513.NASL", "href": "https://www.tenable.com/plugins/nessus/138459", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(138459);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/24\");\n\n script_cve_id(\n \"CVE-2020-1085\",\n \"CVE-2020-1147\",\n \"CVE-2020-1249\",\n \"CVE-2020-1267\",\n \"CVE-2020-1333\",\n \"CVE-2020-1344\",\n \"CVE-2020-1346\",\n \"CVE-2020-1351\",\n \"CVE-2020-1352\",\n \"CVE-2020-1353\",\n \"CVE-2020-1354\",\n \"CVE-2020-1358\",\n \"CVE-2020-1359\",\n \"CVE-2020-1360\",\n \"CVE-2020-1361\",\n \"CVE-2020-1362\",\n \"CVE-2020-1364\",\n \"CVE-2020-1365\",\n \"CVE-2020-1368\",\n \"CVE-2020-1369\",\n \"CVE-2020-1370\",\n \"CVE-2020-1371\",\n \"CVE-2020-1373\",\n \"CVE-2020-1374\",\n \"CVE-2020-1384\",\n \"CVE-2020-1385\",\n \"CVE-2020-1389\",\n \"CVE-2020-1390\",\n \"CVE-2020-1393\",\n \"CVE-2020-1396\",\n \"CVE-2020-1397\",\n \"CVE-2020-1398\",\n \"CVE-2020-1399\",\n \"CVE-2020-1400\",\n \"CVE-2020-1401\",\n \"CVE-2020-1402\",\n \"CVE-2020-1403\",\n \"CVE-2020-1404\",\n \"CVE-2020-1406\",\n \"CVE-2020-1407\",\n \"CVE-2020-1408\",\n \"CVE-2020-1409\",\n \"CVE-2020-1410\",\n \"CVE-2020-1411\",\n \"CVE-2020-1412\",\n \"CVE-2020-1413\",\n \"CVE-2020-1419\",\n \"CVE-2020-1420\",\n \"CVE-2020-1421\",\n \"CVE-2020-1427\",\n \"CVE-2020-1428\",\n \"CVE-2020-1429\",\n \"CVE-2020-1430\",\n \"CVE-2020-1432\",\n \"CVE-2020-1433\",\n \"CVE-2020-1434\",\n \"CVE-2020-1435\",\n \"CVE-2020-1436\",\n \"CVE-2020-1437\",\n \"CVE-2020-1438\",\n \"CVE-2020-1468\"\n );\n script_xref(name:\"MSKB\", value:\"4565513\");\n script_xref(name:\"MSFT\", value:\"MS20-4565513\");\n script_xref(name:\"IAVA\", value:\"2020-A-0300-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0302-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0313-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/03\");\n\n script_name(english:\"KB4565513: Windows 10 July 2020 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4565513. It is, \ntherefore, affected by multiple vulnerabilities :\n\n - An elevation of privilege vulnerability exists when the\n Windows kernel fails to properly handle objects in\n memory. An attacker who successfully exploited this\n vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change,\n or delete data; or create new accounts with full user\n rights. (CVE-2020-1411)\n\n - An elevation of privilege vulnerability exists when the\n Windows Diagnostics Hub Standard Collector Service fails\n to properly sanitize input, leading to an unsecure\n library-loading behavior. An attacker who successfully\n exploited this vulnerability could run arbitrary code\n with elevated system privileges. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2020-1393)\n\n - A remote code execution vulnerability exists in the way\n that DirectWrite handles objects in memory. An attacker\n who successfully exploited this vulnerability could take\n control of the affected system. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights. There are\n multiple ways an attacker could exploit the\n vulnerability, such as by convincing a user to open a\n specially crafted document, or by convincing a user to\n visit an untrusted webpage. The security update\n addresses the vulnerability by correcting how\n DirectWrite handles objects in memory. (CVE-2020-1409)\n\n - An elevation of privilege vulnerability exists when the\n Windows Profile Service improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could gain elevated privileges.\n (CVE-2020-1360)\n\n - A remote code execution vulnerability exists in the way\n that the VBScript engine handles objects in memory. The\n vulnerability could corrupt memory in such a way that an\n attacker could execute arbitrary code in the context of\n the current user. An attacker who successfully exploited\n the vulnerability could gain the same user rights as the\n current user. (CVE-2020-1403)\n\n - A remote code execution vulnerability exists in the\n Windows Remote Desktop Client when a user connects to a\n malicious server. An attacker who successfully exploited\n this vulnerability could execute arbitrary code on the\n computer of the connecting client. An attacker could\n then install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2020-1374)\n\n - A remote code execution vulnerability exists when the\n Windows font library improperly handles specially\n crafted fonts. For all systems except Windows 10, an\n attacker who successfully exploited the vulnerability\n could execute code remotely. For systems running Windows\n 10, an attacker who successfully exploited the\n vulnerability could execute code in an AppContainer\n sandbox context with limited privileges and\n capabilities. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. There are multiple ways an\n attacker could exploit the vulnerability:\n (CVE-2020-1436)\n\n - An elevation of privilege vulnerability exists in the\n way that the Credential Enrollment Manager service\n handles objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2020-1368)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Network List Service handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2020-1406)\n\n - An information disclosure vulnerability exists when the\n Windows Graphics component improperly handles objects in\n memory. An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. An authenticated attacker\n could exploit this vulnerability by running a specially\n crafted application. The update addresses the\n vulnerability by correcting how the Windows Graphics\n Component handles objects in memory. (CVE-2020-1351)\n\n - An information disclosure vulnerability exists when the\n Windows GDI component improperly discloses the contents\n of its memory. An attacker who successfully exploited\n the vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document,\n or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by\n correcting how the Windows GDI component handles objects\n in memory. (CVE-2020-1468)\n\n - An elevation of privilege vulnerability exists when the\n Windows Event Logging Service improperly handles memory.\n (CVE-2020-1365, CVE-2020-1371)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows WalletService handles objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute code with elevated\n permissions. (CVE-2020-1344, CVE-2020-1362,\n CVE-2020-1369)\n\n - An elevation of privilege vulnerability exists when the\n Windows ActiveX Installer Service improperly handles\n memory. (CVE-2020-1402)\n\n - This security update corrects a denial of service in the\n Local Security Authority Subsystem Service (LSASS)\n caused when an authenticated attacker sends a specially\n crafted authentication request. A remote attacker who\n successfully exploited this vulnerability could cause a\n denial of service on the target system's LSASS service,\n which triggers an automatic reboot of the system. The\n security update addresses the vulnerability by changing\n the way that LSASS handles specially crafted\n authentication requests. (CVE-2020-1267)\n\n - A remote code execution vulnerability exists when\n Windows Address Book (WAB) improperly processes vcard\n files. (CVE-2020-1410)\n\n - An elevation of privilege vulnerability exists when the\n Windows USO Core Worker improperly handles memory.\n (CVE-2020-1352)\n\n - An elevation of privilege vulnerability exists when the\n Windows UPnP Device Host improperly handles memory.\n (CVE-2020-1354, CVE-2020-1430)\n\n - An elevation of privilege vulnerability exists when\n Group Policy Services Policy Processing improperly\n handle reparse points. An attacker who successfully\n exploited this vulnerability could overwrite a targeted\n file that would normally require elevated permissions.\n (CVE-2020-1333)\n\n - A remote code execution vulnerability exists when the\n Windows font library improperly handles specially\n crafted embedded fonts. An attacker who successfully\n exploited the vulnerability could take control of the\n affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. (CVE-2020-1408)\n\n - An elevation of privilege vulnerability exists when the\n Windows Modules Installer improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could gain elevated privileges.\n (CVE-2020-1346)\n\n - An elevation of privilege vulnerability exists when\n Windows improperly handles calls to Advanced Local\n Procedure Call (ALPC). An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n the security context of the local system. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n (CVE-2020-1396)\n\n - A denial of service vulnerability exists in the way that\n the WalletService handles files. An attacker who\n successfully exploited the vulnerability could corrupt\n system files. (CVE-2020-1364)\n\n - An information disclosure vulnerability exists when\n Skype for Business is accessed via Internet Explorer. An\n attacker who exploited the vulnerability could cause the\n user to place a call without additional consent, leading\n to information disclosure of the user profile. For the\n vulnerability to be exploited, a user must click a\n specially crafted URL that prompts the Skype app.\n (CVE-2020-1432)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Network Location Awareness Service\n handles objects in memory. An attacker who successfully\n exploited the vulnerability could allow an application\n with limited privileges on an affected system to execute\n code at a medium integrity level. (CVE-2020-1437)\n\n - A remote code execution vulnerability exists in .NET\n Framework, Microsoft SharePoint, and Visual Studio when\n the software fails to check the source markup of XML\n file input. An attacker who successfully exploited the\n vulnerability could run arbitrary code in the context of\n the process responsible for deserialization of the XML\n content. (CVE-2020-1147)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Network Connections Service handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2020-1373, CVE-2020-1390,\n CVE-2020-1427, CVE-2020-1428, CVE-2020-1438)\n\n - An elevation of privilege vulnerability exists when the\n Windows Cryptography Next Generation (CNG) Key Isolation\n service improperly handles memory. An attacker who\n successfully exploited this vulnerability could run\n processes in an elevated context. (CVE-2020-1359,\n CVE-2020-1384)\n\n - An information disclosure vulnerability exists when the\n Windows Resource Policy component improperly handles\n memory. (CVE-2020-1358)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Function Discovery Service handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2020-1085)\n\n - An information disclosure vulnerability exists when\n Windows Error Reporting improperly handles file\n operations. (CVE-2020-1420)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft Graphics Components handle objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute arbitrary code on a target\n system. (CVE-2020-1412)\n\n - An elevation of privilege vulnerability exists when the\n Windows Runtime improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could run arbitrary code in an elevated context. An\n attacker could exploit this vulnerability by running a\n specially crafted application on the victim system. The\n update addresses the vulnerability by correcting the way\n the Windows Runtime handles objects in memory.\n (CVE-2020-1249, CVE-2020-1353, CVE-2020-1370,\n CVE-2020-1399, CVE-2020-1404, CVE-2020-1413)\n\n - An information disclosure vulnerability exists when\n Microsoft Edge PDF Reader improperly handles objects in\n memory. An attacker who successfully exploited the\n vulnerability could obtain information to further\n compromise the users system. (CVE-2020-1433)\n\n - A remote code execution vulnerability exists when the\n Windows Jet Database Engine improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on a victim\n system. An attacker could exploit this vulnerability by\n enticing a victim to open a specially crafted file. The\n update addresses the vulnerability by correcting the way\n the Windows Jet Database Engine handles objects in\n memory. (CVE-2020-1400, CVE-2020-1401, CVE-2020-1407)\n\n - An elevation of privilege vulnerability exists when\n Windows Error Reporting manager improperly handles a\n process crash. An attacker who successfully exploited\n this vulnerability could delete a targeted file leading\n to an elevated status. (CVE-2020-1429)\n\n - An information disclosure vulnerability exists when the\n Windows kernel fails to properly initialize a memory\n address. An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. (CVE-2020-1389,\n CVE-2020-1419)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Credential Picker handles objects\n in memory. An attacker who successfully exploited the\n vulnerability could allow an application with limited\n privileges on an affected system to execute code at a\n medium integrity level. (CVE-2020-1385)\n\n - A remote code execution vulnerability exists in\n Microsoft Windows that could allow remote code execution\n if a .LNK file is processed. An attacker who\n successfully exploited this vulnerability could gain the\n same user rights as the local user. (CVE-2020-1421)\n\n - An information disclosure vulnerability exists in\n Windows when the Windows Imaging Component fails to\n properly handle objects in memory. An attacker who\n successfully exploited this vulnerability could obtain\n information to further compromise the user's system.\n There are multiple ways an attacker could exploit this\n vulnerability: (CVE-2020-1397)\n\n - A remote code execution vulnerability exists in the way\n that the Windows Graphics Device Interface (GDI) handles\n objects in the memory. An attacker who successfully\n exploited this vulnerability could take control of the\n affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. (CVE-2020-1435)\n\n - An information disclosure vulnerability exists in the\n way that the WalletService handles memory.\n (CVE-2020-1361)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Sync Host Service handles objects\n in memory. An attacker who successfully exploited the\n vulnerability could allow an application with limited\n privileges on an affected system to execute code at a\n medium integrity level. (CVE-2020-1434)\n\n - An elevation of privilege vulnerability exists when\n Windows Lockscreen fails to properly handle Ease of\n Access dialog. An attacker who successfully exploited\n the vulnerability could execute commands with elevated\n permissions. The security update addresses the\n vulnerability by ensuring that the Ease of Access dialog\n is handled properly. (CVE-2020-1398)\");\n # https://support.microsoft.com/en-us/help/4565513/windows-10-update-kb4565513\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d0366a03\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update KB4565513.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-1435\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-1436\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'SharePoint DataSet / DataTable Deserialization');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/07/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/07/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('smb_func.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_reg_query.inc');\ninclude('install_func.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = 'MS20-07';\nkbs = make_list(\n '4565513'\n);\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:'10',\n sp:0,\n os_build:'10240',\n rollup_date:'07_2020',\n bulletin:bulletin,\n rollup_kb_list:[4565513])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n\n\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-19T15:25:06", "description": "The remote Windows host is missing security update 4565508. It is, therefore, affected by multiple vulnerabilities :\n\n - An elevation of privilege vulnerability exists when the Windows System Events Broker improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges.\n (CVE-2020-1357)\n\n - An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1411)\n\n - An elevation of privilege vulnerability exists when the Windows Diagnostics Execution Service fails to properly sanitize input, leading to an unsecure library-loading behavior. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1418)\n\n - An elevation of privilege vulnerability exists when the Windows USO Core Worker improperly handles memory.\n (CVE-2020-1352)\n\n - An elevation of privilege vulnerability exists when Windows improperly handles COM object creation. An attacker who successfully exploited the vulnerability could run arbitrary code with elevated privileges.\n (CVE-2020-1375)\n\n - A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage. The security update addresses the vulnerability by correcting how DirectWrite handles objects in memory. (CVE-2020-1409)\n\n - An elevation of privilege vulnerability exists when the Windows Profile Service improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges.\n (CVE-2020-1360)\n\n - An elevation of privilege vulnerability exists when Windows Mobile Device Management (MDM) Diagnostics improperly handles objects in memory. An attacker who successfully exploited this vulnerability could bypass access restrictions to delete files. (CVE-2020-1372)\n\n - An elevation of privilege vulnerability exists when the Windows Picker Platform improperly handles memory.\n (CVE-2020-1363)\n\n - An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC). An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2020-1396)\n\n - A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2020-1403)\n\n - A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server. An attacker who successfully exploited this vulnerability could execute arbitrary code on the computer of the connecting client. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2020-1374)\n\n - A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted fonts. For all systems except Windows 10, an attacker who successfully exploited the vulnerability could execute code remotely. For systems running Windows 10, an attacker who successfully exploited the vulnerability could execute code in an AppContainer sandbox context with limited privileges and capabilities. An attacker could then install programs;\n view, change, or delete data; or create new accounts with full user rights. There are multiple ways an attacker could exploit the vulnerability:\n (CVE-2020-1436)\n\n - An elevation of privilege vulnerability exists in the way that the Credential Enrollment Manager service handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1368)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Network List Service handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1406)\n\n - An information disclosure vulnerability exists when the Windows Graphics component improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. An authenticated attacker could exploit this vulnerability by running a specially crafted application. The update addresses the vulnerability by correcting how the Windows Graphics Component handles objects in memory. (CVE-2020-1351)\n\n - An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory. (CVE-2020-1468)\n\n - An elevation of privilege vulnerability exists when the Windows Event Logging Service improperly handles memory.\n (CVE-2020-1365, CVE-2020-1371)\n\n - An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2020-1389, CVE-2020-1419)\n\n - An elevation of privilege vulnerability exists when the Windows Print Workflow Service improperly handles objects in memory. An attacker who successfully exploited this vulnerability could gain elevated privileges and break out of the AppContainer sandbox.\n (CVE-2020-1366)\n\n - An elevation of privilege vulnerability exists in the way that the Windows WalletService handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1344, CVE-2020-1362, CVE-2020-1369)\n\n - An elevation of privilege vulnerability exists when the Windows ActiveX Installer Service improperly handles memory. (CVE-2020-1402)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Geolocation Framework handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1394)\n\n - An information vulnerability exists when Windows Connected User Experiences and Telemetry Service improperly discloses file information. Successful exploitation of the vulnerability could allow the attacker to read any file on the file system.\n (CVE-2020-1386)\n\n - This security update corrects a denial of service in the Local Security Authority Subsystem Service (LSASS) caused when an authenticated attacker sends a specially crafted authentication request. A remote attacker who successfully exploited this vulnerability could cause a denial of service on the target system's LSASS service, which triggers an automatic reboot of the system. The security update addresses the vulnerability by changing the way that LSASS handles specially crafted authentication requests. (CVE-2020-1267)\n\n - An elevation of privilege vulnerability exists when the Windows Delivery Optimization service improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2020-1392)\n\n - A remote code execution vulnerability exists when Windows Address Book (WAB) improperly processes vcard files. (CVE-2020-1410)\n\n - An elevation of privilege vulnerability exists when the Windows Modules Installer improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges.\n (CVE-2020-1346)\n\n - An elevation of privilege vulnerability exists when the Windows UPnP Device Host improperly handles memory.\n (CVE-2020-1354, CVE-2020-1430)\n\n - An elevation of privilege vulnerability exists in the way that the SharedStream Library handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1463)\n\n - An elevation of privilege vulnerability exists when Group Policy Services Policy Processing improperly handle reparse points. An attacker who successfully exploited this vulnerability could overwrite a targeted file that would normally require elevated permissions.\n (CVE-2020-1333)\n\n - An elevation of privilege vulnerability exists in the way the Windows Push Notification Service handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could then install programs; view, change or delete data. (CVE-2020-1387)\n\n - A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited the vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1408)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory.\n An attacker who successfully exploited the vulnerability could execute code with elevated permissions.\n (CVE-2020-1336)\n\n - An elevation of privilege vulnerability exists when the Windows Storage Services improperly handle file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges.\n (CVE-2020-1347)\n\n - A denial of service vulnerability exists in the way that the WalletService handles files. An attacker who successfully exploited the vulnerability could corrupt system files. (CVE-2020-1364)\n\n - An information disclosure vulnerability exists when Skype for Business is accessed via Internet Explorer. An attacker who exploited the vulnerability could cause the user to place a call without additional consent, leading to information disclosure of the user profile. For the vulnerability to be exploited, a user must click a specially crafted URL that prompts the Skype app.\n (CVE-2020-1432)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Network Location Awareness Service handles objects in memory. An attacker who successfully exploited the vulnerability could allow an application with limited privileges on an affected system to execute code at a medium integrity level. (CVE-2020-1437)\n\n - An elevation of privilege vulnerability exists when the Windows Diagnostics Hub Standard Collector Service fails to properly sanitize input, leading to an unsecure library-loading behavior. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2020-1393)\n\n - A remote code execution vulnerability exists in .NET Framework, Microsoft SharePoint, and Visual Studio when the software fails to check the source markup of XML file input. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the process responsible for deserialization of the XML content. (CVE-2020-1147)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Network Connections Service handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1373, CVE-2020-1390, CVE-2020-1427, CVE-2020-1428, CVE-2020-1438)\n\n - An elevation of privilege vulnerability exists when the Windows Cryptography Next Generation (CNG) Key Isolation service improperly handles memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. (CVE-2020-1359, CVE-2020-1384)\n\n - An information disclosure vulnerability exists when the Windows Resource Policy component improperly handles memory. (CVE-2020-1358)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Speech Brokered API handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1395)\n\n - An information disclosure vulnerability exists when Windows Error Reporting improperly handles file operations. (CVE-2020-1420)\n\n - A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code on a target system. (CVE-2020-1412)\n\n - An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The update addresses the vulnerability by correcting the way the Windows Runtime handles objects in memory.\n (CVE-2020-1249, CVE-2020-1353, CVE-2020-1370, CVE-2020-1399, CVE-2020-1404, CVE-2020-1413)\n\n - An information disclosure vulnerability exists when Microsoft Edge PDF Reader improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2020-1433)\n\n - A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory. (CVE-2020-1400, CVE-2020-1401, CVE-2020-1407)\n\n - An elevation of privilege vulnerability exists when Windows Error Reporting manager improperly handles a process crash. An attacker who successfully exploited this vulnerability could delete a targeted file leading to an elevated status. (CVE-2020-1429)\n\n - An elevation of privilege vulnerability exists in the way that the psmsrv.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.\n (CVE-2020-1388)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Credential Picker handles objects in memory. An attacker who successfully exploited the vulnerability could allow an application with limited privileges on an affected system to execute code at a medium integrity level. (CVE-2020-1385)\n\n - A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. (CVE-2020-1421)\n\n - An information disclosure vulnerability exists in Windows when the Windows Imaging Component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user's system.\n There are multiple ways an attacker could exploit this vulnerability: (CVE-2020-1397)\n\n - A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1435)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Function Discovery Service handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1085)\n\n - An information disclosure vulnerability exists in the way that the WalletService handles memory.\n (CVE-2020-1361)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Sync Host Service handles objects in memory. An attacker who successfully exploited the vulnerability could allow an application with limited privileges on an affected system to execute code at a medium integrity level. (CVE-2020-1434)\n\n - An information disclosure vulnerability exists when Skype for Business is accessed via Microsoft Edge (EdgeHTML-based). An attacker who exploited the vulnerability could cause the user to place a call without additional consent, leading to information disclosure of the user profile. For the vulnerability to be exploited, a user must click a specially crafted URL that prompts the Skype app. (CVE-2020-1462)\n\n - An elevation of privilege vulnerability exists when Windows Lockscreen fails to properly handle Ease of Access dialog. An attacker who successfully exploited the vulnerability could execute commands with elevated permissions. The security update addresses the vulnerability by ensuring that the Ease of Access dialog is handled properly. (CVE-2020-1398)", "cvss3": {}, "published": "2020-07-14T00:00:00", "type": "nessus", "title": "KB4565508: Windows 10 Version 1709 July 2020 Security Update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-1085", "CVE-2020-1147", "CVE-2020-1249", "CVE-2020-1267", "CVE-2020-1333", "CVE-2020-1336", "CVE-2020-1344", "CVE-2020-1346", "CVE-2020-1347", "CVE-2020-1351", "CVE-2020-1352", "CVE-2020-1353", "CVE-2020-1354", "CVE-2020-1357", "CVE-2020-1358", "CVE-2020-1359", "CVE-2020-1360", "CVE-2020-1361", "CVE-2020-1362", "CVE-2020-1363", "CVE-2020-1364", "CVE-2020-1365", "CVE-2020-1366", "CVE-2020-1368", "CVE-2020-1369", "CVE-2020-1370", "CVE-2020-1371", "CVE-2020-1372", "CVE-2020-1373", "CVE-2020-1374", "CVE-2020-1375", "CVE-2020-1384", "CVE-2020-1385", "CVE-2020-1386", "CVE-2020-1387", "CVE-2020-1388", "CVE-2020-1389", "CVE-2020-1390", "CVE-2020-1392", "CVE-2020-1393", "CVE-2020-1394", "CVE-2020-1395", "CVE-2020-1396", "CVE-2020-1397", "CVE-2020-1398", "CVE-2020-1399", "CVE-2020-1400", "CVE-2020-1401", "CVE-2020-1402", "CVE-2020-1403", "CVE-2020-1404", "CVE-2020-1406", "CVE-2020-1407", "CVE-2020-1408", "CVE-2020-1409", "CVE-2020-1410", "CVE-2020-1411", "CVE-2020-1412", "CVE-2020-1413", "CVE-2020-1418", "CVE-2020-1419", "CVE-2020-1420", "CVE-2020-1421", "CVE-2020-1427", "CVE-2020-1428", "CVE-2020-1429", "CVE-2020-1430", "CVE-2020-1432", "CVE-2020-1433", "CVE-2020-1434", "CVE-2020-1435", "CVE-2020-1436", "CVE-2020-1437", "CVE-2020-1438", "CVE-2020-1462", "CVE-2020-1463", "CVE-2020-1468"], "modified": "2023-01-24T00:00:00", "cpe": ["cpe:/o:microsoft:windows", "cpe:/a:microsoft:edge"], "id": "SMB_NT_MS20_JUL_4565508.NASL", "href": "https://www.tenable.com/plugins/nessus/138457", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(138457);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/24\");\n\n script_cve_id(\n \"CVE-2020-1085\",\n \"CVE-2020-1147\",\n \"CVE-2020-1249\",\n \"CVE-2020-1267\",\n \"CVE-2020-1333\",\n \"CVE-2020-1336\",\n \"CVE-2020-1344\",\n \"CVE-2020-1346\",\n \"CVE-2020-1347\",\n \"CVE-2020-1351\",\n \"CVE-2020-1352\",\n \"CVE-2020-1353\",\n \"CVE-2020-1354\",\n \"CVE-2020-1357\",\n \"CVE-2020-1358\",\n \"CVE-2020-1359\",\n \"CVE-2020-1360\",\n \"CVE-2020-1361\",\n \"CVE-2020-1362\",\n \"CVE-2020-1363\",\n \"CVE-2020-1364\",\n \"CVE-2020-1365\",\n \"CVE-2020-1366\",\n \"CVE-2020-1368\",\n \"CVE-2020-1369\",\n \"CVE-2020-1370\",\n \"CVE-2020-1371\",\n \"CVE-2020-1372\",\n \"CVE-2020-1373\",\n \"CVE-2020-1374\",\n \"CVE-2020-1375\",\n \"CVE-2020-1384\",\n \"CVE-2020-1385\",\n \"CVE-2020-1386\",\n \"CVE-2020-1387\",\n \"CVE-2020-1388\",\n \"CVE-2020-1389\",\n \"CVE-2020-1390\",\n \"CVE-2020-1392\",\n \"CVE-2020-1393\",\n \"CVE-2020-1394\",\n \"CVE-2020-1395\",\n \"CVE-2020-1396\",\n \"CVE-2020-1397\",\n \"CVE-2020-1398\",\n \"CVE-2020-1399\",\n \"CVE-2020-1400\",\n \"CVE-2020-1401\",\n \"CVE-2020-1402\",\n \"CVE-2020-1403\",\n \"CVE-2020-1404\",\n \"CVE-2020-1406\",\n \"CVE-2020-1407\",\n \"CVE-2020-1408\",\n \"CVE-2020-1409\",\n \"CVE-2020-1410\",\n \"CVE-2020-1411\",\n \"CVE-2020-1412\",\n \"CVE-2020-1413\",\n \"CVE-2020-1418\",\n \"CVE-2020-1419\",\n \"CVE-2020-1420\",\n \"CVE-2020-1421\",\n \"CVE-2020-1427\",\n \"CVE-2020-1428\",\n \"CVE-2020-1429\",\n \"CVE-2020-1430\",\n \"CVE-2020-1432\",\n \"CVE-2020-1433\",\n \"CVE-2020-1434\",\n \"CVE-2020-1435\",\n \"CVE-2020-1436\",\n \"CVE-2020-1437\",\n \"CVE-2020-1438\",\n \"CVE-2020-1462\",\n \"CVE-2020-1463\",\n \"CVE-2020-1468\"\n );\n script_xref(name:\"MSKB\", value:\"4565508\");\n script_xref(name:\"MSFT\", value:\"MS20-4565508\");\n script_xref(name:\"IAVA\", value:\"2020-A-0300-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0302-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0313-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/03\");\n\n script_name(english:\"KB4565508: Windows 10 Version 1709 July 2020 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4565508. It is, \ntherefore, affected by multiple vulnerabilities :\n\n - An elevation of privilege vulnerability exists when the\n Windows System Events Broker improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could gain elevated privileges.\n (CVE-2020-1357)\n\n - An elevation of privilege vulnerability exists when the\n Windows kernel fails to properly handle objects in\n memory. An attacker who successfully exploited this\n vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change,\n or delete data; or create new accounts with full user\n rights. (CVE-2020-1411)\n\n - An elevation of privilege vulnerability exists when the\n Windows Diagnostics Execution Service fails to properly\n sanitize input, leading to an unsecure library-loading\n behavior. An attacker who successfully exploited this\n vulnerability could run arbitrary code with elevated\n system privileges. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. (CVE-2020-1418)\n\n - An elevation of privilege vulnerability exists when the\n Windows USO Core Worker improperly handles memory.\n (CVE-2020-1352)\n\n - An elevation of privilege vulnerability exists when\n Windows improperly handles COM object creation. An\n attacker who successfully exploited the vulnerability\n could run arbitrary code with elevated privileges.\n (CVE-2020-1375)\n\n - A remote code execution vulnerability exists in the way\n that DirectWrite handles objects in memory. An attacker\n who successfully exploited this vulnerability could take\n control of the affected system. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights. There are\n multiple ways an attacker could exploit the\n vulnerability, such as by convincing a user to open a\n specially crafted document, or by convincing a user to\n visit an untrusted webpage. The security update\n addresses the vulnerability by correcting how\n DirectWrite handles objects in memory. (CVE-2020-1409)\n\n - An elevation of privilege vulnerability exists when the\n Windows Profile Service improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could gain elevated privileges.\n (CVE-2020-1360)\n\n - An elevation of privilege vulnerability exists when\n Windows Mobile Device Management (MDM) Diagnostics\n improperly handles objects in memory. An attacker who\n successfully exploited this vulnerability could bypass\n access restrictions to delete files. (CVE-2020-1372)\n\n - An elevation of privilege vulnerability exists when the\n Windows Picker Platform improperly handles memory.\n (CVE-2020-1363)\n\n - An elevation of privilege vulnerability exists when\n Windows improperly handles calls to Advanced Local\n Procedure Call (ALPC). An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n the security context of the local system. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n (CVE-2020-1396)\n\n - A remote code execution vulnerability exists in the way\n that the VBScript engine handles objects in memory. The\n vulnerability could corrupt memory in such a way that an\n attacker could execute arbitrary code in the context of\n the current user. An attacker who successfully exploited\n the vulnerability could gain the same user rights as the\n current user. (CVE-2020-1403)\n\n - A remote code execution vulnerability exists in the\n Windows Remote Desktop Client when a user connects to a\n malicious server. An attacker who successfully exploited\n this vulnerability could execute arbitrary code on the\n computer of the connecting client. An attacker could\n then install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2020-1374)\n\n - A remote code execution vulnerability exists when the\n Windows font library improperly handles specially\n crafted fonts. For all systems except Windows 10, an\n attacker who successfully exploited the vulnerability\n could execute code remotely. For systems running Windows\n 10, an attacker who successfully exploited the\n vulnerability could execute code in an AppContainer\n sandbox context with limited privileges and\n capabilities. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. There are multiple ways an\n attacker could exploit the vulnerability:\n (CVE-2020-1436)\n\n - An elevation of privilege vulnerability exists in the\n way that the Credential Enrollment Manager service\n handles objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2020-1368)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Network List Service handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2020-1406)\n\n - An information disclosure vulnerability exists when the\n Windows Graphics component improperly handles objects in\n memory. An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. An authenticated attacker\n could exploit this vulnerability by running a specially\n crafted application. The update addresses the\n vulnerability by correcting how the Windows Graphics\n Component handles objects in memory. (CVE-2020-1351)\n\n - An information disclosure vulnerability exists when the\n Windows GDI component improperly discloses the contents\n of its memory. An attacker who successfully exploited\n the vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document,\n or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by\n correcting how the Windows GDI component handles objects\n in memory. (CVE-2020-1468)\n\n - An elevation of privilege vulnerability exists when the\n Windows Event Logging Service improperly handles memory.\n (CVE-2020-1365, CVE-2020-1371)\n\n - An information disclosure vulnerability exists when the\n Windows kernel fails to properly initialize a memory\n address. An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. (CVE-2020-1389,\n CVE-2020-1419)\n\n - An elevation of privilege vulnerability exists when the\n Windows Print Workflow Service improperly handles\n objects in memory. An attacker who successfully\n exploited this vulnerability could gain elevated\n privileges and break out of the AppContainer sandbox.\n (CVE-2020-1366)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows WalletService handles objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute code with elevated\n permissions. (CVE-2020-1344, CVE-2020-1362,\n CVE-2020-1369)\n\n - An elevation of privilege vulnerability exists when the\n Windows ActiveX Installer Service improperly handles\n memory. (CVE-2020-1402)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Geolocation Framework handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2020-1394)\n\n - An information vulnerability exists when Windows\n Connected User Experiences and Telemetry Service\n improperly discloses file information. Successful\n exploitation of the vulnerability could allow the\n attacker to read any file on the file system.\n (CVE-2020-1386)\n\n - This security update corrects a denial of service in the\n Local Security Authority Subsystem Service (LSASS)\n caused when an authenticated attacker sends a specially\n crafted authentication request. A remote attacker who\n successfully exploited this vulnerability could cause a\n denial of service on the target system's LSASS service,\n which triggers an automatic reboot of the system. The\n security update addresses the vulnerability by changing\n the way that LSASS handles specially crafted\n authentication requests. (CVE-2020-1267)\n\n - An elevation of privilege vulnerability exists when the\n Windows Delivery Optimization service improperly handles\n objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code\n with elevated system privileges. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2020-1392)\n\n - A remote code execution vulnerability exists when\n Windows Address Book (WAB) improperly processes vcard\n files. (CVE-2020-1410)\n\n - An elevation of privilege vulnerability exists when the\n Windows Modules Installer improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could gain elevated privileges.\n (CVE-2020-1346)\n\n - An elevation of privilege vulnerability exists when the\n Windows UPnP Device Host improperly handles memory.\n (CVE-2020-1354, CVE-2020-1430)\n\n - An elevation of privilege vulnerability exists in the\n way that the SharedStream Library handles objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute code with elevated\n permissions. (CVE-2020-1463)\n\n - An elevation of privilege vulnerability exists when\n Group Policy Services Policy Processing improperly\n handle reparse points. An attacker who successfully\n exploited this vulnerability could overwrite a targeted\n file that would normally require elevated permissions.\n (CVE-2020-1333)\n\n - An elevation of privilege vulnerability exists in the\n way the Windows Push Notification Service handles\n objects in memory. An attacker who successfully\n exploited this vulnerability could run processes in an\n elevated context. An attacker could then install\n programs; view, change or delete data. (CVE-2020-1387)\n\n - A remote code execution vulnerability exists when the\n Windows font library improperly handles specially\n crafted embedded fonts. An attacker who successfully\n exploited the vulnerability could take control of the\n affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. (CVE-2020-1408)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Kernel handles objects in memory.\n An attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2020-1336)\n\n - An elevation of privilege vulnerability exists when the\n Windows Storage Services improperly handle file\n operations. An attacker who successfully exploited this\n vulnerability could gain elevated privileges.\n (CVE-2020-1347)\n\n - A denial of service vulnerability exists in the way that\n the WalletService handles files. An attacker who\n successfully exploited the vulnerability could corrupt\n system files. (CVE-2020-1364)\n\n - An information disclosure vulnerability exists when\n Skype for Business is accessed via Internet Explorer. An\n attacker who exploited the vulnerability could cause the\n user to place a call without additional consent, leading\n to information disclosure of the user profile. For the\n vulnerability to be exploited, a user must click a\n specially crafted URL that prompts the Skype app.\n (CVE-2020-1432)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Network Location Awareness Service\n handles objects in memory. An attacker who successfully\n exploited the vulnerability could allow an application\n with limited privileges on an affected system to execute\n code at a medium integrity level. (CVE-2020-1437)\n\n - An elevation of privilege vulnerability exists when the\n Windows Diagnostics Hub Standard Collector Service fails\n to properly sanitize input, leading to an unsecure\n library-loading behavior. An attacker who successfully\n exploited this vulnerability could run arbitrary code\n with elevated system privileges. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2020-1393)\n\n - A remote code execution vulnerability exists in .NET\n Framework, Microsoft SharePoint, and Visual Studio when\n the software fails to check the source markup of XML\n file input. An attacker who successfully exploited the\n vulnerability could run arbitrary code in the context of\n the process responsible for deserialization of the XML\n content. (CVE-2020-1147)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Network Connections Service handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2020-1373, CVE-2020-1390,\n CVE-2020-1427, CVE-2020-1428, CVE-2020-1438)\n\n - An elevation of privilege vulnerability exists when the\n Windows Cryptography Next Generation (CNG) Key Isolation\n service improperly handles memory. An attacker who\n successfully exploited this vulnerability could run\n processes in an elevated context. (CVE-2020-1359,\n CVE-2020-1384)\n\n - An information disclosure vulnerability exists when the\n Windows Resource Policy component improperly handles\n memory. (CVE-2020-1358)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Speech Brokered API handles objects\n in memory. An attacker who successfully exploited the\n vulnerability could execute code with elevated\n permissions. (CVE-2020-1395)\n\n - An information disclosure vulnerability exists when\n Windows Error Reporting improperly handles file\n operations. (CVE-2020-1420)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft Graphics Components handle objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute arbitrary code on a target\n system. (CVE-2020-1412)\n\n - An elevation of privilege vulnerability exists when the\n Windows Runtime improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could run arbitrary code in an elevated context. An\n attacker could exploit this vulnerability by running a\n specially crafted application on the victim system. The\n update addresses the vulnerability by correcting the way\n the Windows Runtime handles objects in memory.\n (CVE-2020-1249, CVE-2020-1353, CVE-2020-1370,\n CVE-2020-1399, CVE-2020-1404, CVE-2020-1413)\n\n - An information disclosure vulnerability exists when\n Microsoft Edge PDF Reader improperly handles objects in\n memory. An attacker who successfully exploited the\n vulnerability could obtain information to further\n compromise the users system. (CVE-2020-1433)\n\n - A remote code execution vulnerability exists when the\n Windows Jet Database Engine improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on a victim\n system. An attacker could exploit this vulnerability by\n enticing a victim to open a specially crafted file. The\n update addresses the vulnerability by correcting the way\n the Windows Jet Database Engine handles objects in\n memory. (CVE-2020-1400, CVE-2020-1401, CVE-2020-1407)\n\n - An elevation of privilege vulnerability exists when\n Windows Error Reporting manager improperly handles a\n process crash. An attacker who successfully exploited\n this vulnerability could delete a targeted file leading\n to an elevated status. (CVE-2020-1429)\n\n - An elevation of privilege vulnerability exists in the\n way that the psmsrv.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2020-1388)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Credential Picker handles objects\n in memory. An attacker who successfully exploited the\n vulnerability could allow an application with limited\n privileges on an affected system to execute code at a\n medium integrity level. (CVE-2020-1385)\n\n - A remote code execution vulnerability exists in\n Microsoft Windows that could allow remote code execution\n if a .LNK file is processed. An attacker who\n successfully exploited this vulnerability could gain the\n same user rights as the local user. (CVE-2020-1421)\n\n - An information disclosure vulnerability exists in\n Windows when the Windows Imaging Component fails to\n properly handle objects in memory. An attacker who\n successfully exploited this vulnerability could obtain\n information to further compromise the user's system.\n There are multiple ways an attacker could exploit this\n vulnerability: (CVE-2020-1397)\n\n - A remote code execution vulnerability exists in the way\n that the Windows Graphics Device Interface (GDI) handles\n objects in the memory. An attacker who successfully\n exploited this vulnerability could take control of the\n affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. (CVE-2020-1435)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Function Discovery Service handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2020-1085)\n\n - An information disclosure vulnerability exists in the\n way that the WalletService handles memory.\n (CVE-2020-1361)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Sync Host Service handles objects\n in memory. An attacker who successfully exploited the\n vulnerability could allow an application with limited\n privileges on an affected system to execute code at a\n medium integrity level. (CVE-2020-1434)\n\n - An information disclosure vulnerability exists when\n Skype for Business is accessed via Microsoft Edge\n (EdgeHTML-based). An attacker who exploited the\n vulnerability could cause the user to place a call\n without additional consent, leading to information\n disclosure of the user profile. For the vulnerability to\n be exploited, a user must click a specially crafted URL\n that prompts the Skype app. (CVE-2020-1462)\n\n - An elevation of privilege vulnerability exists when\n Windows Lockscreen fails to properly handle Ease of\n Access dialog. An attacker who successfully exploited\n the vulnerability could execute commands with elevated\n permissions. The security update addresses the\n vulnerability by ensuring that the Ease of Access dialog\n is handled properly. (CVE-2020-1398)\");\n # https://support.microsoft.com/en-us/help/4565508/windows-10-update-kb4565508\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?b2aadf5b\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update KB4565508.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-1435\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-1436\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'SharePoint DataSet / DataTable Deserialization');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/07/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/07/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('smb_func.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_reg_query.inc');\ninclude('install_func.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = 'MS20-07';\nkbs = make_list(\n '4565508'\n);\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:'10',\n sp:0,\n os_build:'16299',\n rollup_date:'07_2020',\n bulletin:bulletin,\n rollup_kb_list:[4565508])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n\n\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-21T16:03:44", "description": "The remote Windows host is missing security update 4558998. It is, therefore, affected by multiple vulnerabilities :\n\n - An elevation of privilege vulnerability exists when the Windows System Events Broker improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges.\n (CVE-2020-1357)\n\n - An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1411)\n\n - An elevation of privilege vulnerability exists when the Windows Diagnostics Execution Service fails to properly sanitize input, leading to an unsecure library-loading behavior. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1418)\n\n - An elevation of privilege vulnerability exists when the Windows USO Core Worker improperly handles memory.\n (CVE-2020-1352)\n\n - An elevation of privilege vulnerability exists when the Windows Modules Installer improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges.\n (CVE-2020-1346)\n\n - An elevation of privilege vulnerability exists when the Windows Diagnostics Hub Standard Collector Service fails to properly sanitize input, leading to an unsecure library-loading behavior. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2020-1393)\n\n - A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage. The security update addresses the vulnerability by correcting how DirectWrite handles objects in memory. (CVE-2020-1409)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Credential Picker handles objects in memory. An attacker who successfully exploited the vulnerability could allow an application with limited privileges on an affected system to execute code at a medium integrity level. (CVE-2020-1385)\n\n - An elevation of privilege vulnerability exists when the Windows Profile Service improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges.\n (CVE-2020-1360)\n\n - An elevation of privilege vulnerability exists when Windows Mobile Device Management (MDM) Diagnostics improperly handles objects in memory. An attacker who successfully exploited this vulnerability could bypass access restrictions to delete files. (CVE-2020-1372)\n\n - An elevation of privilege vulnerability exists when the Windows Picker Platform improperly handles memory.\n (CVE-2020-1363)\n\n - An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC). An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2020-1396)\n\n - An information disclosure vulnerability exists when Windows Mobile Device Management (MDM) Diagnostics improperly handles junctions. An attacker who successfully exploited this vulnerability could bypass access restrictions to read files. (CVE-2020-1330)\n\n - A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server. An attacker who successfully exploited this vulnerability could execute arbitrary code on the computer of the connecting client. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2020-1374)\n\n - A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted fonts. For all systems except Windows 10, an attacker who successfully exploited the vulnerability could execute code remotely. For systems running Windows 10, an attacker who successfully exploited the vulnerability could execute code in an AppContainer sandbox context with limited privileges and capabilities. An attacker could then install programs;\n view, change, or delete data; or create new accounts with full user rights. There are multiple ways an attacker could exploit the vulnerability:\n (CVE-2020-1436)\n\n - An elevation of privilege vulnerability exists in the way that the Credential Enrollment Manager service handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1368)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Network List Service handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1406)\n\n - An information disclosure vulnerability exists when the Windows Graphics component improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. An authenticated attacker could exploit this vulnerability by running a specially crafted application. The update addresses the vulnerability by correcting how the Windows Graphics Component handles objects in memory. (CVE-2020-1351)\n\n - An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory. (CVE-2020-1468)\n\n - An elevation of privilege vulnerability exists when the Windows Event Logging Service improperly handles memory.\n (CVE-2020-1365, CVE-2020-1371)\n\n - An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2020-1389, CVE-2020-1419)\n\n - An elevation of privilege vulnerability exists when the Windows Print Workflow Service improperly handles objects in memory. An attacker who successfully exploited this vulnerability could gain elevated privileges and break out of the AppContainer sandbox.\n (CVE-2020-1366)\n\n - An elevation of privilege vulnerability exists in the way that the Windows WalletService handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1344, CVE-2020-1362, CVE-2020-1369)\n\n - An elevation of privilege vulnerability exists when the Windows ActiveX Installer Service improperly handles memory. (CVE-2020-1402)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Geolocation Framework handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1394)\n\n - An information vulnerability exists when Windows Connected User Experiences and Telemetry Service improperly discloses file information. Successful exploitation of the vulnerability could allow the attacker to read any file on the file system.\n (CVE-2020-1386)\n\n - This security update corrects a denial of service in the Local Security Authority Subsystem Service (LSASS) caused when an authenticated attacker sends a specially crafted authentication request. A remote attacker who successfully exploited this vulnerability could cause a denial of service on the target system's LSASS service, which triggers an automatic reboot of the system. The security update addresses the vulnerability by changing the way that LSASS handles specially crafted authentication requests. (CVE-2020-1267)\n\n - An elevation of privilege vulnerability exists when the Windows Delivery Optimization service improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2020-1392)\n\n - A remote code execution vulnerability exists when Windows Address Book (WAB) improperly processes vcard files. (CVE-2020-1410)\n\n - An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The update addresses the vulnerability by correcting the way the Windows Runtime handles objects in memory.\n (CVE-2020-1249, CVE-2020-1353, CVE-2020-1370, CVE-2020-1399, CVE-2020-1404, CVE-2020-1413, CVE-2020-1414, CVE-2020-1415, CVE-2020-1422)\n\n - A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1435)\n\n - An elevation of privilege vulnerability exists when the Windows UPnP Device Host improperly handles memory.\n (CVE-2020-1354, CVE-2020-1430)\n\n - An elevation of privilege vulnerability exists when the Windows Update Stack fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1424)\n\n - An elevation of privilege vulnerability exists in the way that the SharedStream Library handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1463)\n\n - An elevation of privilege vulnerability exists when Group Policy Services Policy Processing improperly handle reparse points. An attacker who successfully exploited this vulnerability could overwrite a targeted file that would normally require elevated permissions.\n (CVE-2020-1333)\n\n - An elevation of privilege vulnerability exists in the way the Windows Push Notification Service handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could then install programs; view, change or delete data. (CVE-2020-1387)\n\n - A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited the vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1408)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory.\n An attacker who successfully exploited the vulnerability could execute code with elevated permissions.\n (CVE-2020-1336)\n\n - An elevation of privilege vulnerability exists when the Windows Storage Services improperly handle file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges.\n (CVE-2020-1347)\n\n - A denial of service vulnerability exists in the way that the WalletService handles files. An attacker who successfully exploited the vulnerability could corrupt system files. (CVE-2020-1364)\n\n - An information disclosure vulnerability exists when Skype for Business is accessed via Internet Explorer. An attacker who exploited the vulnerability could cause the user to place a call without additional consent, leading to information disclosure of the user profile. For the vulnerability to be exploited, a user must click a specially crafted URL that prompts the Skype app.\n (CVE-2020-1432)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Network Location Awareness Service handles objects in memory. An attacker who successfully exploited the vulnerability could allow an application with limited privileges on an affected system to execute code at a medium integrity level. (CVE-2020-1437)\n\n - An elevation of privilege vulnerability exists when Windows improperly handles COM object creation. An attacker who successfully exploited the vulnerability could run arbitrary code with elevated privileges.\n (CVE-2020-1375)\n\n - A remote code execution vulnerability exists in .NET Framework, Microsoft SharePoint, and Visual Studio when the software fails to check the source markup of XML file input. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the process responsible for deserialization of the XML content. (CVE-2020-1147)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Network Connections Service handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1373, CVE-2020-1390, CVE-2020-1427, CVE-2020-1428, CVE-2020-1438)\n\n - An elevation of privilege vulnerability exists when the Windows Cryptography Next Generation (CNG) Key Isolation service improperly handles memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. (CVE-2020-1359, CVE-2020-1384)\n\n - An information disclosure vulnerability exists when the Windows Resource Policy component improperly handles memory. (CVE-2020-1358)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Speech Brokered API handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1395)\n\n - An information disclosure vulnerability exists when Windows Error Reporting improperly handles file operations. (CVE-2020-1420)\n\n - A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code on a target system. (CVE-2020-1412)\n\n - An elevation of privilege vulnerability exists when the Windows AppX Deployment Extensions improperly performs privilege management, resulting in access to system files. (CVE-2020-1431)\n\n - An information disclosure vulnerability exists when Microsoft Edge PDF Reader improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2020-1433)\n\n - A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory. (CVE-2020-1400, CVE-2020-1401, CVE-2020-1407)\n\n - An elevation of privilege vulnerability exists when Windows Error Reporting manager improperly handles a process crash. An attacker who successfully exploited this vulnerability could delete a targeted file leading to an elevated status. (CVE-2020-1429)\n\n - An elevation of privilege vulnerability exists in the way that the psmsrv.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.\n (CVE-2020-1388)\n\n - An elevation of privilege vulnerability exists when Windows Mobile Device Management (MDM) Diagnostics improperly handles junctions. An attacker who successfully exploited this vulnerability could bypass access restrictions to delete files. (CVE-2020-1405)\n\n - An elevation of privilege vulnerability exists when the Windows iSCSI Target Service improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges.\n (CVE-2020-1356)\n\n - A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. (CVE-2020-1421)\n\n - An information disclosure vulnerability exists in Windows when the Windows Imaging Component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user's system.\n There are multiple ways an attacker could exploit this vulnerability: (CVE-2020-1397)\n\n - An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. An authenticated attacker could exploit this vulnerability by running a specially crafted application. The update addresses the vulnerability by correcting how the Windows kernel handles objects in memory. (CVE-2020-1367, CVE-2020-1426)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Function Discovery Service handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1085)\n\n - An information disclosure vulnerability exists in the way that the WalletService handles memory.\n (CVE-2020-1361)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Sync Host Service handles objects in memory. An attacker who successfully exploited the vulnerability could allow an application with limited privileges on an affected system to execute code at a medium integrity level. (CVE-2020-1434)\n\n - An information disclosure vulnerability exists when Skype for Business is accessed via Microsoft Edge (EdgeHTML-based). An attacker who exploited the vulnerability could cause the user to place a call without additional consent, leading to information disclosure of the user profile. For the vulnerability to be exploited, a user must click a specially crafted URL that prompts the Skype app. (CVE-2020-1462)\n\n - An elevation of privilege vulnerability exists when Windows Lockscreen fails to properly handle Ease of Access dialog. An attacker who successfully exploited the vulnerability could execute commands with elevated permissions. The security update addresses the vulnerability by ensuring that the Ease of Access dialog is handled properly. (CVE-2020-1398)\n\n - A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2020-1403)", "cvss3": {}, "published": "2020-07-14T00:00:00", "type": "nessus", "title": "KB4558998: Windows 10 Version 1809 and Windows Server 2019 July 2020 Security Update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-1085", "CVE-2020-1147", "CVE-2020-1249", "CVE-2020-1267", "CVE-2020-1330", "CVE-2020-1333", "CVE-2020-1336", "CVE-2020-1344", "CVE-2020-1346", "CVE-2020-1347", "CVE-2020-1351", "CVE-2020-1352", "CVE-2020-1353", "CVE-2020-1354", "CVE-2020-1356", "CVE-2020-1357", "CVE-2020-1358", "CVE-2020-1359", "CVE-2020-1360", "CVE-2020-1361", "CVE-2020-1362", "CVE-2020-1363", "CVE-2020-1364", "CVE-2020-1365", "CVE-2020-1366", "CVE-2020-1367", "CVE-2020-1368", "CVE-2020-1369", "CVE-2020-1370", "CVE-2020-1371", "CVE-2020-1372", "CVE-2020-1373", "CVE-2020-1374", "CVE-2020-1375", "CVE-2020-1384", "CVE-2020-1385", "CVE-2020-1386", "CVE-2020-1387", "CVE-2020-1388", "CVE-2020-1389", "CVE-2020-1390", "CVE-2020-1392", "CVE-2020-1393", "CVE-2020-1394", "CVE-2020-1395", "CVE-2020-1396", "CVE-2020-1397", "CVE-2020-1398", "CVE-2020-1399", "CVE-2020-1400", "CVE-2020-1401", "CVE-2020-1402", "CVE-2020-1403", "CVE-2020-1404", "CVE-2020-1405", "CVE-2020-1406", "CVE-2020-1407", "CVE-2020-1408", "CVE-2020-1409", "CVE-2020-1410", "CVE-2020-1411", "CVE-2020-1412", "CVE-2020-1413", "CVE-2020-1414", "CVE-2020-1415", "CVE-2020-1418", "CVE-2020-1419", "CVE-2020-1420", "CVE-2020-1421", "CVE-2020-1422", "CVE-2020-1424", "CVE-2020-1426", "CVE-2020-1427", "CVE-2020-1428", "CVE-2020-1429", "CVE-2020-1430", "CVE-2020-1431", "CVE-2020-1432", "CVE-2020-1433", "CVE-2020-1434", "CVE-2020-1435", "CVE-2020-1436", "CVE-2020-1437", "CVE-2020-1438", "CVE-2020-1462", "CVE-2020-1463", "CVE-2020-1468"], "modified": "2023-04-25T00:00:00", "cpe": ["cpe:/o:microsoft:windows", "cpe:/a:microsoft:edge"], "id": "SMB_NT_MS20_JUL_4558998.NASL", "href": "https://www.tenable.com/plugins/nessus/138453", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(138453);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/04/25\");\n\n script_cve_id(\n \"CVE-2020-1085\",\n \"CVE-2020-1147\",\n \"CVE-2020-1249\",\n \"CVE-2020-1267\",\n \"CVE-2020-1330\",\n \"CVE-2020-1333\",\n \"CVE-2020-1336\",\n \"CVE-2020-1344\",\n \"CVE-2020-1346\",\n \"CVE-2020-1347\",\n \"CVE-2020-1351\",\n \"CVE-2020-1352\",\n \"CVE-2020-1353\",\n \"CVE-2020-1354\",\n \"CVE-2020-1356\",\n \"CVE-2020-1357\",\n \"CVE-2020-1358\",\n \"CVE-2020-1359\",\n \"CVE-2020-1360\",\n \"CVE-2020-1361\",\n \"CVE-2020-1362\",\n \"CVE-2020-1363\",\n \"CVE-2020-1364\",\n \"CVE-2020-1365\",\n \"CVE-2020-1366\",\n \"CVE-2020-1367\",\n \"CVE-2020-1368\",\n \"CVE-2020-1369\",\n \"CVE-2020-1370\",\n \"CVE-2020-1371\",\n \"CVE-2020-1372\",\n \"CVE-2020-1373\",\n \"CVE-2020-1374\",\n \"CVE-2020-1375\",\n \"CVE-2020-1384\",\n \"CVE-2020-1385\",\n \"CVE-2020-1386\",\n \"CVE-2020-1387\",\n \"CVE-2020-1388\",\n \"CVE-2020-1389\",\n \"CVE-2020-1390\",\n \"CVE-2020-1392\",\n \"CVE-2020-1393\",\n \"CVE-2020-1394\",\n \"CVE-2020-1395\",\n \"CVE-2020-1396\",\n \"CVE-2020-1397\",\n \"CVE-2020-1398\",\n \"CVE-2020-1399\",\n \"CVE-2020-1400\",\n \"CVE-2020-1401\",\n \"CVE-2020-1402\",\n \"CVE-2020-1403\",\n \"CVE-2020-1404\",\n \"CVE-2020-1405\",\n \"CVE-2020-1406\",\n \"CVE-2020-1407\",\n \"CVE-2020-1408\",\n \"CVE-2020-1409\",\n \"CVE-2020-1410\",\n \"CVE-2020-1411\",\n \"CVE-2020-1412\",\n \"CVE-2020-1413\",\n \"CVE-2020-1414\",\n \"CVE-2020-1415\",\n \"CVE-2020-1418\",\n \"CVE-2020-1419\",\n \"CVE-2020-1420\",\n \"CVE-2020-1421\",\n \"CVE-2020-1422\",\n \"CVE-2020-1424\",\n \"CVE-2020-1426\",\n \"CVE-2020-1427\",\n \"CVE-2020-1428\",\n \"CVE-2020-1429\",\n \"CVE-2020-1430\",\n \"CVE-2020-1431\",\n \"CVE-2020-1432\",\n \"CVE-2020-1433\",\n \"CVE-2020-1434\",\n \"CVE-2020-1435\",\n \"CVE-2020-1436\",\n \"CVE-2020-1437\",\n \"CVE-2020-1438\",\n \"CVE-2020-1462\",\n \"CVE-2020-1463\",\n \"CVE-2020-1468\"\n );\n script_xref(name:\"MSKB\", value:\"4558998\");\n script_xref(name:\"MSFT\", value:\"MS20-4558998\");\n script_xref(name:\"IAVA\", value:\"2020-A-0300-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0302-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0306-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0313-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/03\");\n\n script_name(english:\"KB4558998: Windows 10 Version 1809 and Windows Server 2019 July 2020 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4558998. It is, \ntherefore, affected by multiple vulnerabilities :\n\n - An elevation of privilege vulnerability exists when the\n Windows System Events Broker improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could gain elevated privileges.\n (CVE-2020-1357)\n\n - An elevation of privilege vulnerability exists when the\n Windows kernel fails to properly handle objects in\n memory. An attacker who successfully exploited this\n vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change,\n or delete data; or create new accounts with full user\n rights. (CVE-2020-1411)\n\n - An elevation of privilege vulnerability exists when the\n Windows Diagnostics Execution Service fails to properly\n sanitize input, leading to an unsecure library-loading\n behavior. An attacker who successfully exploited this\n vulnerability could run arbitrary code with elevated\n system privileges. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. (CVE-2020-1418)\n\n - An elevation of privilege vulnerability exists when the\n Windows USO Core Worker improperly handles memory.\n (CVE-2020-1352)\n\n - An elevation of privilege vulnerability exists when the\n Windows Modules Installer improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could gain elevated privileges.\n (CVE-2020-1346)\n\n - An elevation of privilege vulnerability exists when the\n Windows Diagnostics Hub Standard Collector Service fails\n to properly sanitize input, leading to an unsecure\n library-loading behavior. An attacker who successfully\n exploited this vulnerability could run arbitrary code\n with elevated system privileges. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2020-1393)\n\n - A remote code execution vulnerability exists in the way\n that DirectWrite handles objects in memory. An attacker\n who successfully exploited this vulnerability could take\n control of the affected system. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights. There are\n multiple ways an attacker could exploit the\n vulnerability, such as by convincing a user to open a\n specially crafted document, or by convincing a user to\n visit an untrusted webpage. The security update\n addresses the vulnerability by correcting how\n DirectWrite handles objects in memory. (CVE-2020-1409)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Credential Picker handles objects\n in memory. An attacker who successfully exploited the\n vulnerability could allow an application with limited\n privileges on an affected system to execute code at a\n medium integrity level. (CVE-2020-1385)\n\n - An elevation of privilege vulnerability exists when the\n Windows Profile Service improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could gain elevated privileges.\n (CVE-2020-1360)\n\n - An elevation of privilege vulnerability exists when\n Windows Mobile Device Management (MDM) Diagnostics\n improperly handles objects in memory. An attacker who\n successfully exploited this vulnerability could bypass\n access restrictions to delete files. (CVE-2020-1372)\n\n - An elevation of privilege vulnerability exists when the\n Windows Picker Platform improperly handles memory.\n (CVE-2020-1363)\n\n - An elevation of privilege vulnerability exists when\n Windows improperly handles calls to Advanced Local\n Procedure Call (ALPC). An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n the security context of the local system. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n (CVE-2020-1396)\n\n - An information disclosure vulnerability exists when\n Windows Mobile Device Management (MDM) Diagnostics\n improperly handles junctions. An attacker who\n successfully exploited this vulnerability could bypass\n access restrictions to read files. (CVE-2020-1330)\n\n - A remote code execution vulnerability exists in the\n Windows Remote Desktop Client when a user connects to a\n malicious server. An attacker who successfully exploited\n this vulnerability could execute arbitrary code on the\n computer of the connecting client. An attacker could\n then install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2020-1374)\n\n - A remote code execution vulnerability exists when the\n Windows font library improperly handles specially\n crafted fonts. For all systems except Windows 10, an\n attacker who successfully exploited the vulnerability\n could execute code remotely. For systems running Windows\n 10, an attacker who successfully exploited the\n vulnerability could execute code in an AppContainer\n sandbox context with limited privileges and\n capabilities. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. There are multiple ways an\n attacker could exploit the vulnerability:\n (CVE-2020-1436)\n\n - An elevation of privilege vulnerability exists in the\n way that the Credential Enrollment Manager service\n handles objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2020-1368)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Network List Service handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2020-1406)\n\n - An information disclosure vulnerability exists when the\n Windows Graphics component improperly handles objects in\n memory. An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. An authenticated attacker\n could exploit this vulnerability by running a specially\n crafted application. The update addresses the\n vulnerability by correcting how the Windows Graphics\n Component handles objects in memory. (CVE-2020-1351)\n\n - An information disclosure vulnerability exists when the\n Windows GDI component improperly discloses the contents\n of its memory. An attacker who successfully exploited\n the vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document,\n or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by\n correcting how the Windows GDI component handles objects\n in memory. (CVE-2020-1468)\n\n - An elevation of privilege vulnerability exists when the\n Windows Event Logging Service improperly handles memory.\n (CVE-2020-1365, CVE-2020-1371)\n\n - An information disclosure vulnerability exists when the\n Windows kernel fails to properly initialize a memory\n address. An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. (CVE-2020-1389,\n CVE-2020-1419)\n\n - An elevation of privilege vulnerability exists when the\n Windows Print Workflow Service improperly handles\n objects in memory. An attacker who successfully\n exploited this vulnerability could gain elevated\n privileges and break out of the AppContainer sandbox.\n (CVE-2020-1366)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows WalletService handles objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute code with elevated\n permissions. (CVE-2020-1344, CVE-2020-1362,\n CVE-2020-1369)\n\n - An elevation of privilege vulnerability exists when the\n Windows ActiveX Installer Service improperly handles\n memory. (CVE-2020-1402)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Geolocation Framework handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2020-1394)\n\n - An information vulnerability exists when Windows\n Connected User Experiences and Telemetry Service\n improperly discloses file information. Successful\n exploitation of the vulnerability could allow the\n attacker to read any file on the file system.\n (CVE-2020-1386)\n\n - This security update corrects a denial of service in the\n Local Security Authority Subsystem Service (LSASS)\n caused when an authenticated attacker sends a specially\n crafted authentication request. A remote attacker who\n successfully exploited this vulnerability could cause a\n denial of service on the target system's LSASS service,\n which triggers an automatic reboot of the system. The\n security update addresses the vulnerability by changing\n the way that LSASS handles specially crafted\n authentication requests. (CVE-2020-1267)\n\n - An elevation of privilege vulnerability exists when the\n Windows Delivery Optimization service improperly handles\n objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code\n with elevated system privileges. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2020-1392)\n\n - A remote code execution vulnerability exists when\n Windows Address Book (WAB) improperly processes vcard\n files. (CVE-2020-1410)\n\n - An elevation of privilege vulnerability exists when the\n Windows Runtime improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could run arbitrary code in an elevated context. An\n attacker could exploit this vulnerability by running a\n specially crafted application on the victim system. The\n update addresses the vulnerability by correcting the way\n the Windows Runtime handles objects in memory.\n (CVE-2020-1249, CVE-2020-1353, CVE-2020-1370,\n CVE-2020-1399, CVE-2020-1404, CVE-2020-1413,\n CVE-2020-1414, CVE-2020-1415, CVE-2020-1422)\n\n - A remote code execution vulnerability exists in the way\n that the Windows Graphics Device Interface (GDI) handles\n objects in the memory. An attacker who successfully\n exploited this vulnerability could take control of the\n affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. (CVE-2020-1435)\n\n - An elevation of privilege vulnerability exists when the\n Windows UPnP Device Host improperly handles memory.\n (CVE-2020-1354, CVE-2020-1430)\n\n - An elevation of privilege vulnerability exists when the\n Windows Update Stack fails to properly handle objects in\n memory. An attacker who successfully exploited this\n vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change,\n or delete data; or create new accounts with full user\n rights. (CVE-2020-1424)\n\n - An elevation of privilege vulnerability exists in the\n way that the SharedStream Library handles objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute code with elevated\n permissions. (CVE-2020-1463)\n\n - An elevation of privilege vulnerability exists when\n Group Policy Services Policy Processing improperly\n handle reparse points. An attacker who successfully\n exploited this vulnerability could overwrite a targeted\n file that would normally require elevated permissions.\n (CVE-2020-1333)\n\n - An elevation of privilege vulnerability exists in the\n way the Windows Push Notification Service handles\n objects in memory. An attacker who successfully\n exploited this vulnerability could run processes in an\n elevated context. An attacker could then install\n programs; view, change or delete data. (CVE-2020-1387)\n\n - A remote code execution vulnerability exists when the\n Windows font library improperly handles specially\n crafted embedded fonts. An attacker who successfully\n exploited the vulnerability could take control of the\n affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. (CVE-2020-1408)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Kernel handles objects in memory.\n An attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2020-1336)\n\n - An elevation of privilege vulnerability exists when the\n Windows Storage Services improperly handle file\n operations. An attacker who successfully exploited this\n vulnerability could gain elevated privileges.\n (CVE-2020-1347)\n\n - A denial of service vulnerability exists in the way that\n the WalletService handles files. An attacker who\n successfully exploited the vulnerability could corrupt\n system files. (CVE-2020-1364)\n\n - An information disclosure vulnerability exists when\n Skype for Business is accessed via Internet Explorer. An\n attacker who exploited the vulnerability could cause the\n user to place a call without additional consent, leading\n to information disclosure of the user profile. For the\n vulnerability to be exploited, a user must click a\n specially crafted URL that prompts the Skype app.\n (CVE-2020-1432)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Network Location Awareness Service\n handles objects in memory. An attacker who successfully\n exploited the vulnerability could allow an application\n with limited privileges on an affected system to execute\n code at a medium integrity level. (CVE-2020-1437)\n\n - An elevation of privilege vulnerability exists when\n Windows improperly handles COM object creation. An\n attacker who successfully exploited the vulnerability\n could run arbitrary code with elevated privileges.\n (CVE-2020-1375)\n\n - A remote code execution vulnerability exists in .NET\n Framework, Microsoft SharePoint, and Visual Studio when\n the software fails to check the source markup of XML\n file input. An attacker who successfully exploited the\n vulnerability could run arbitrary code in the context of\n the process responsible for deserialization of the XML\n content. (CVE-2020-1147)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Network Connections Service handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2020-1373, CVE-2020-1390,\n CVE-2020-1427, CVE-2020-1428, CVE-2020-1438)\n\n - An elevation of privilege vulnerability exists when the\n Windows Cryptography Next Generation (CNG) Key Isolation\n service improperly handles memory. An attacker who\n successfully exploited this vulnerability could run\n processes in an elevated context. (CVE-2020-1359,\n CVE-2020-1384)\n\n - An information disclosure vulnerability exists when the\n Windows Resource Policy component improperly handles\n memory. (CVE-2020-1358)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Speech Brokered API handles objects\n in memory. An attacker who successfully exploited the\n vulnerability could execute code with elevated\n permissions. (CVE-2020-1395)\n\n - An information disclosure vulnerability exists when\n Windows Error Reporting improperly handles file\n operations. (CVE-2020-1420)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft Graphics Components handle objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute arbitrary code on a target\n system. (CVE-2020-1412)\n\n - An elevation of privilege vulnerability exists when the\n Windows AppX Deployment Extensions improperly performs\n privilege management, resulting in access to system\n files. (CVE-2020-1431)\n\n - An information disclosure vulnerability exists when\n Microsoft Edge PDF Reader improperly handles objects in\n memory. An attacker who successfully exploited the\n vulnerability could obtain information to further\n compromise the users system. (CVE-2020-1433)\n\n - A remote code execution vulnerability exists when the\n Windows Jet Database Engine improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on a victim\n system. An attacker could exploit this vulnerability by\n enticing a victim to open a specially crafted file. The\n update addresses the vulnerability by correcting the way\n the Windows Jet Database Engine handles objects in\n memory. (CVE-2020-1400, CVE-2020-1401, CVE-2020-1407)\n\n - An elevation of privilege vulnerability exists when\n Windows Error Reporting manager improperly handles a\n process crash. An attacker who successfully exploited\n this vulnerability could delete a targeted file leading\n to an elevated status. (CVE-2020-1429)\n\n - An elevation of privilege vulnerability exists in the\n way that the psmsrv.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2020-1388)\n\n - An elevation of privilege vulnerability exists when\n Windows Mobile Device Management (MDM) Diagnostics\n improperly handles junctions. An attacker who\n successfully exploited this vulnerability could bypass\n access restrictions to delete files. (CVE-2020-1405)\n\n - An elevation of privilege vulnerability exists when the\n Windows iSCSI Target Service improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could gain elevated privileges.\n (CVE-2020-1356)\n\n - A remote code execution vulnerability exists in\n Microsoft Windows that could allow remote code execution\n if a .LNK file is processed. An attacker who\n successfully exploited this vulnerability could gain the\n same user rights as the local user. (CVE-2020-1421)\n\n - An information disclosure vulnerability exists in\n Windows when the Windows Imaging Component fails to\n properly handle objects in memory. An attacker who\n successfully exploited this vulnerability could obtain\n information to further compromise the user's system.\n There are multiple ways an attacker could exploit this\n vulnerability: (CVE-2020-1397)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. An authenticated attacker could exploit this\n vulnerability by running a specially crafted\n application. The update addresses the vulnerability by\n correcting how the Windows kernel handles objects in\n memory. (CVE-2020-1367, CVE-2020-1426)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Function Discovery Service handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2020-1085)\n\n - An information disclosure vulnerability exists in the\n way that the WalletService handles memory.\n (CVE-2020-1361)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Sync Host Service handles objects\n in memory. An attacker who successfully exploited the\n vulnerability could allow an application with limited\n privileges on an affected system to execute code at a\n medium integrity level. (CVE-2020-1434)\n\n - An information disclosure vulnerability exists when\n Skype for Business is accessed via Microsoft Edge\n (EdgeHTML-based). An attacker who exploited the\n vulnerability could cause the user to place a call\n without additional consent, leading to information\n disclosure of the user profile. For the vulnerability to\n be exploited, a user must click a specially crafted URL\n that prompts the Skype app. (CVE-2020-1462)\n\n - An elevation of privilege vulnerability exists when\n Windows Lockscreen fails to properly handle Ease of\n Access dialog. An attacker who successfully exploited\n the vulnerability could execute commands with elevated\n permissions. The security update addresses the\n vulnerability by ensuring that the Ease of Access dialog\n is handled properly. (CVE-2020-1398)\n\n - A remote code execution vulnerability exists in the way\n that the VBScript engine handles objects in memory. The\n vulnerability could corrupt memory in such a way that an\n attacker could execute arbitrary code in the context of\n the current user. An attacker who successfully exploited\n the vulnerability could gain the same user rights as the\n current user. (CVE-2020-1403)\");\n # https://support.microsoft.com/en-us/help/4558998/windows-10-update-kb4558998\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?a508fbe1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update KB4558998.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-1435\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-1436\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'SharePoint DataSet / DataTable Deserialization');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/07/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/07/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS20-07\";\nkbs = make_list('4558998');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:\"17763\",\n rollup_date:\"07_2020\",\n bulletin:bulletin,\n rollup_kb_list:[4558998])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n\n\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-21T16:03:44", "description": "The remote Windows host is missing security update 4565503. It is, therefore, affected by multiple vulnerabilities :\n\n - An elevation of privilege vulnerability exists when the Windows System Events Broker improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges.\n (CVE-2020-1357)\n\n - An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1411)\n\n - An elevation of privilege vulnerability exists when the Windows Diagnostics Execution Service fails to properly sanitize input, leading to an unsecure library-loading behavior. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1418)\n\n - An elevation of privilege vulnerability exists when the Windows USO Core Worker improperly handles memory.\n (CVE-2020-1352)\n\n - An elevation of privilege vulnerability exists when the Windows Modules Installer improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges.\n (CVE-2020-1346)\n\n - An elevation of privilege vulnerability exists when the Windows Diagnostics Hub Standard Collector Service fails to properly sanitize input, leading to an unsecure library-loading behavior. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2020-1393)\n\n - A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage. The security update addresses the vulnerability by correcting how DirectWrite handles objects in memory. (CVE-2020-1409)\n\n - An elevation of privilege vulnerability exists when the Windows AppX Deployment Extensions improperly performs privilege management, resulting in access to system files. (CVE-2020-1431)\n\n - An elevation of privilege vulnerability exists when the Windows Profile Service improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges.\n (CVE-2020-1360)\n\n - An elevation of privilege vulnerability exists when Windows Mobile Device Management (MDM) Diagnostics improperly handles objects in memory. An attacker who successfully exploited this vulnerability could bypass access restrictions to delete files. (CVE-2020-1372)\n\n - An elevation of privilege vulnerability exists when the Windows Picker Platform improperly handles memory.\n (CVE-2020-1363)\n\n - An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC). An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2020-1396)\n\n - An information disclosure vulnerability exists when Windows Mobile Device Management (MDM) Diagnostics improperly handles junctions. An attacker who successfully exploited this vulnerability could bypass access restrictions to read files. (CVE-2020-1330)\n\n - A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server. An attacker who successfully exploited this vulnerability could execute arbitrary code on the computer of the connecting client. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2020-1374)\n\n - A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted fonts. For all systems except Windows 10, an attacker who successfully exploited the vulnerability could execute code remotely. For systems running Windows 10, an attacker who successfully exploited the vulnerability could execute code in an AppContainer sandbox context with limited privileges and capabilities. An attacker could then install programs;\n view, change, or delete data; or create new accounts with full user rights. There are multiple ways an attacker could exploit the vulnerability:\n (CVE-2020-1436)\n\n - An elevation of privilege vulnerability exists in the way that the Credential Enrollment Manager service handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1368)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Network List Service handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1406)\n\n - An information disclosure vulnerability exists when the Windows Graphics component improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. An authenticated attacker could exploit this vulnerability by running a specially crafted application. The update addresses the vulnerability by correcting how the Windows Graphics Component handles objects in memory. (CVE-2020-1351)\n\n - An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory. (CVE-2020-1468)\n\n - An elevation of privilege vulnerability exists when the Windows Event Logging Service improperly handles memory.\n (CVE-2020-1365, CVE-2020-1371)\n\n - An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2020-1389, CVE-2020-1419)\n\n - An elevation of privilege vulnerability exists when the Windows Print Workflow Service improperly handles objects in memory. An attacker who successfully exploited this vulnerability could gain elevated privileges and break out of the AppContainer sandbox.\n (CVE-2020-1366)\n\n - An elevation of privilege vulnerability exists in the way that the Windows WalletService handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1344, CVE-2020-1362, CVE-2020-1369)\n\n - An elevation of privilege vulnerability exists when the Windows ActiveX Installer Service improperly handles memory. (CVE-2020-1402)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Geolocation Framework handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1394)\n\n - An information vulnerability exists when Windows Connected User Experiences and Telemetry Service improperly discloses file information. Successful exploitation of the vulnerability could allow the attacker to read any file on the file system.\n (CVE-2020-1386)\n\n - This security update corrects a denial of service in the Local Security Authority Subsystem Service (LSASS) caused when an authenticated attacker sends a specially crafted authentication request. A remote attacker who successfully exploited this vulnerability could cause a denial of service on the target system's LSASS service, which triggers an automatic reboot of the system. The security update addresses the vulnerability by changing the way that LSASS handles specially crafted authentication requests. (CVE-2020-1267)\n\n - An elevation of privilege vulnerability exists when the Windows Delivery Optimization service improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2020-1392)\n\n - A remote code execution vulnerability exists when Windows Address Book (WAB) improperly processes vcard files. (CVE-2020-1410)\n\n - An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The update addresses the vulnerability by correcting the way the Windows Runtime handles objects in memory.\n (CVE-2020-1249, CVE-2020-1353, CVE-2020-1370, CVE-2020-1399, CVE-2020-1404, CVE-2020-1413, CVE-2020-1414, CVE-2020-1415, CVE-2020-1422)\n\n - A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1435)\n\n - An elevation of privilege vulnerability exists when the Windows UPnP Device Host improperly handles memory.\n (CVE-2020-1354, CVE-2020-1430)\n\n - An elevation of privilege vulnerability exists when the Windows Update Stack fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1424)\n\n - An elevation of privilege vulnerability exists in the way that the SharedStream Library handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1463)\n\n - An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. (CVE-2020-1381, CVE-2020-1382)\n\n - An elevation of privilege vulnerability exists when Group Policy Services Policy Processing improperly handle reparse points. An attacker who successfully exploited this vulnerability could overwrite a targeted file that would normally require elevated permissions.\n (CVE-2020-1333)\n\n - An elevation of privilege vulnerability exists in the way the Windows Push Notification Service handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could then install programs; view, change or delete data. (CVE-2020-1387)\n\n - A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited the vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1408)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory.\n An attacker who successfully exploited the vulnerability could execute code with elevated permissions.\n (CVE-2020-1336)\n\n - A remote code execution vulnerability exists in .NET Framework, Microsoft SharePoint, and Visual Studio when the software fails to check the source markup of XML file input. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the process responsible for deserialization of the XML content. (CVE-2020-1147)\n\n - An elevation of privilege vulnerability exists when the Windows Storage Services improperly handle file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges.\n (CVE-2020-1347)\n\n - A denial of service vulnerability exists in the way that the WalletService handles files. An attacker who successfully exploited the vulnerability could corrupt system files. (CVE-2020-1364)\n\n - An information disclosure vulnerability exists when Skype for Business is accessed via Internet Explorer. An attacker who exploited the vulnerability could cause the user to place a call without additional consent, leading to information disclosure of the user profile. For the vulnerability to be exploited, a user must click a specially crafted URL that prompts the Skype app.\n (CVE-2020-1432)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Network Location Awareness Service handles objects in memory. An attacker who successfully exploited the vulnerability could allow an application with limited privileges on an affected system to execute code at a medium integrity level. (CVE-2020-1437)\n\n - An elevation of privilege vulnerability exists when Windows improperly handles COM object creation. An attacker who successfully exploited the vulnerability could run arbitrary code with elevated privileges.\n (CVE-2020-1375)\n\n - A remote code execution vulnerability exists when the Windows Font Driver Host improperly handles memory. An attacker who successfully exploited the vulnerability would gain execution on a victim system. The security update addresses the vulnerability by correcting how the Windows Font Driver Host handles memory. (CVE-2020-1355)\n\n - An information disclosure vulnerability exists when the Windows Agent Activation Runtime (AarSvc) fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.\n (CVE-2020-1391)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Subsystem for Linux handles files.\n An attacker who successfully exploited the vulnerability could execute code with elevated privileges.\n (CVE-2020-1423)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Network Connections Service handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1373, CVE-2020-1390, CVE-2020-1427, CVE-2020-1428, CVE-2020-1438)\n\n - An elevation of privilege vulnerability exists when the Windows Cryptography Next Generation (CNG) Key Isolation service improperly handles memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. (CVE-2020-1359, CVE-2020-1384)\n\n - An information disclosure vulnerability exists when the Windows Resource Policy component improperly handles memory. (CVE-2020-1358)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Speech Brokered API handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1395)\n\n - An information disclosure vulnerability exists when Windows Error Reporting improperly handles file operations. (CVE-2020-1420)\n\n - A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code on a target system. (CVE-2020-1412)\n\n - An information disclosure vulnerability exists when Microsoft Edge PDF Reader improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2020-1433)\n\n - A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory. (CVE-2020-1400, CVE-2020-1401, CVE-2020-1407)\n\n - An elevation of privilege vulnerability exists when Windows Error Reporting manager improperly handles a process crash. An attacker who successfully exploited this vulnerability could delete a targeted file leading to an elevated status. (CVE-2020-1429)\n\n - An elevation of privilege vulnerability exists in the way that the psmsrv.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.\n (CVE-2020-1388)\n\n - An elevation of privilege vulnerability exists when Windows Mobile Device Management (MDM) Diagnostics improperly handles junctions. An attacker who successfully exploited this vulnerability could bypass access restrictions to delete files. (CVE-2020-1405)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Credential Picker handles objects in memory. An attacker who successfully exploited the vulnerability could allow an application with limited privileges on an affected system to execute code at a medium integrity level. (CVE-2020-1385)\n\n - A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. (CVE-2020-1421)\n\n - An information disclosure vulnerability exists in Windows when the Windows Imaging Component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user's system.\n There are multiple ways an attacker could exploit this vulnerability: (CVE-2020-1397)\n\n - An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. An authenticated attacker could exploit this vulnerability by running a specially crafted application. The update addresses the vulnerability by correcting how the Windows kernel handles objects in memory. (CVE-2020-1367, CVE-2020-1426)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Function Discovery Service handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1085)\n\n - An information disclosure vulnerability exists in the way that the WalletService handles memory.\n (CVE-2020-1361)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Sync Host Service handles objects in memory. An attacker who successfully exploited the vulnerability could allow an application with limited privileges on an affected system to execute code at a medium integrity level. (CVE-2020-1434)\n\n - An information disclosure vulnerability exists when Skype for Business is accessed via Microsoft Edge (EdgeHTML-based). An attacker who exploited the vulnerability could cause the user to place a call without additional consent, leading to information disclosure of the user profile. For the vulnerability to be exploited, a user must click a specially crafted URL that prompts the Skype app. (CVE-2020-1462)\n\n - An elevation of privilege vulnerability exists when Windows Lockscreen fails to properly handle Ease of Access dialog. An attacker who successfully exploited the vulnerability could execute commands with elevated permissions. The security update addresses the vulnerability by ensuring that the Ease of Access dialog is handled properly. (CVE-2020-1398)\n\n - A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2020-1403)", "cvss3": {}, "published": "2020-07-14T00:00:00", "type": "nessus", "title": "KB4565503: Windows 10 Version 2004 July 2020 Security Update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-1085", "CVE-2020-1147", "CVE-2020-1249", "CVE-2020-1267", "CVE-2020-1330", "CVE-2020-1333", "CVE-2020-1336", "CVE-2020-1344", "CVE-2020-1346", "CVE-2020-1347", "CVE-2020-1351", "CVE-2020-1352", "CVE-2020-1353", "CVE-2020-1354", "CVE-2020-1355", "CVE-2020-1357", "CVE-2020-1358", "CVE-2020-1359", "CVE-2020-1360", "CVE-2020-1361", "CVE-2020-1362", "CVE-2020-1363", "CVE-2020-1364", "CVE-2020-1365", "CVE-2020-1366", "CVE-2020-1367", "CVE-2020-1368", "CVE-2020-1369", "CVE-2020-1370", "CVE-2020-1371", "CVE-2020-1372", "CVE-2020-1373", "CVE-2020-1374", "CVE-2020-1375", "CVE-2020-1381", "CVE-2020-1382", "CVE-2020-1384", "CVE-2020-1385", "CVE-2020-1386", "CVE-2020-1387", "CVE-2020-1388", "CVE-2020-1389", "CVE-2020-1390", "CVE-2020-1391", "CVE-2020-1392", "CVE-2020-1393", "CVE-2020-1394", "CVE-2020-1395", "CVE-2020-1396", "CVE-2020-1397", "CVE-2020-1398", "CVE-2020-1399", "CVE-2020-1400", "CVE-2020-1401", "CVE-2020-1402", "CVE-2020-1403", "CVE-2020-1404", "CVE-2020-1405", "CVE-2020-1406", "CVE-2020-1407", "CVE-2020-1408", "CVE-2020-1409", "CVE-2020-1410", "CVE-2020-1411", "CVE-2020-1412", "CVE-2020-1413", "CVE-2020-1414", "CVE-2020-1415", "CVE-2020-1418", "CVE-2020-1419", "CVE-2020-1420", "CVE-2020-1421", "CVE-2020-1422", "CVE-2020-1423", "CVE-2020-1424", "CVE-2020-1426", "CVE-2020-1427", "CVE-2020-1428", "CVE-2020-1429", "CVE-2020-1430", "CVE-2020-1431", "CVE-2020-1432", "CVE-2020-1433", "CVE-2020-1434", "CVE-2020-1435", "CVE-2020-1436", "CVE-2020-1437", "CVE-2020-1438", "CVE-2020-1462", "CVE-2020-1463", "CVE-2020-1468"], "modified": "2023-01-24T00:00:00", "cpe": ["cpe:/o:microsoft:windows", "cpe:/a:microsoft:edge"], "id": "SMB_NT_MS20_JUL_4565503.NASL", "href": "https://www.tenable.com/plugins/nessus/138456", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(138456);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/24\");\n\n script_cve_id(\n \"CVE-2020-1085\",\n \"CVE-2020-1147\",\n \"CVE-2020-1249\",\n \"CVE-2020-1267\",\n \"CVE-2020-1330\",\n \"CVE-2020-1333\",\n \"CVE-2020-1336\",\n \"CVE-2020-1344\",\n \"CVE-2020-1346\",\n \"CVE-2020-1347\",\n \"CVE-2020-1351\",\n \"CVE-2020-1352\",\n \"CVE-2020-1353\",\n \"CVE-2020-1354\",\n \"CVE-2020-1355\",\n \"CVE-2020-1357\",\n \"CVE-2020-1358\",\n \"CVE-2020-1359\",\n \"CVE-2020-1360\",\n \"CVE-2020-1361\",\n \"CVE-2020-1362\",\n \"CVE-2020-1363\",\n \"CVE-2020-1364\",\n \"CVE-2020-1365\",\n \"CVE-2020-1366\",\n \"CVE-2020-1367\",\n \"CVE-2020-1368\",\n \"CVE-2020-1369\",\n \"CVE-2020-1370\",\n \"CVE-2020-1371\",\n \"CVE-2020-1372\",\n \"CVE-2020-1373\",\n \"CVE-2020-1374\",\n \"CVE-2020-1375\",\n \"CVE-2020-1381\",\n \"CVE-2020-1382\",\n \"CVE-2020-1384\",\n \"CVE-2020-1385\",\n \"CVE-2020-1386\",\n \"CVE-2020-1387\",\n \"CVE-2020-1388\",\n \"CVE-2020-1389\",\n \"CVE-2020-1390\",\n \"CVE-2020-1391\",\n \"CVE-2020-1392\",\n \"CVE-2020-1393\",\n \"CVE-2020-1394\",\n \"CVE-2020-1395\",\n \"CVE-2020-1396\",\n \"CVE-2020-1397\",\n \"CVE-2020-1398\",\n \"CVE-2020-1399\",\n \"CVE-2020-1400\",\n \"CVE-2020-1401\",\n \"CVE-2020-1402\",\n \"CVE-2020-1403\",\n \"CVE-2020-1404\",\n \"CVE-2020-1405\",\n \"CVE-2020-1406\",\n \"CVE-2020-1407\",\n \"CVE-2020-1408\",\n \"CVE-2020-1409\",\n \"CVE-2020-1410\",\n \"CVE-2020-1411\",\n \"CVE-2020-1412\",\n \"CVE-2020-1413\",\n \"CVE-2020-1414\",\n \"CVE-2020-1415\",\n \"CVE-2020-1418\",\n \"CVE-2020-1419\",\n \"CVE-2020-1420\",\n \"CVE-2020-1421\",\n \"CVE-2020-1422\",\n \"CVE-2020-1423\",\n \"CVE-2020-1424\",\n \"CVE-2020-1426\",\n \"CVE-2020-1427\",\n \"CVE-2020-1428\",\n \"CVE-2020-1429\",\n \"CVE-2020-1430\",\n \"CVE-2020-1431\",\n \"CVE-2020-1432\",\n \"CVE-2020-1433\",\n \"CVE-2020-1434\",\n \"CVE-2020-1435\",\n \"CVE-2020-1436\",\n \"CVE-2020-1437\",\n \"CVE-2020-1438\",\n \"CVE-2020-1462\",\n \"CVE-2020-1463\",\n \"CVE-2020-1468\"\n );\n script_xref(name:\"MSKB\", value:\"4565503\");\n script_xref(name:\"MSFT\", value:\"MS20-4565503\");\n script_xref(name:\"IAVA\", value:\"2020-A-0300-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0302-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0313-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/03\");\n\n script_name(english:\"KB4565503: Windows 10 Version 2004 July 2020 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4565503. It is, \ntherefore, affected by multiple vulnerabilities :\n\n - An elevation of privilege vulnerability exists when the\n Windows System Events Broker improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could gain elevated privileges.\n (CVE-2020-1357)\n\n - An elevation of privilege vulnerability exists when the\n Windows kernel fails to properly handle objects in\n memory. An attacker who successfully exploited this\n vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change,\n or delete data; or create new accounts with full user\n rights. (CVE-2020-1411)\n\n - An elevation of privilege vulnerability exists when the\n Windows Diagnostics Execution Service fails to properly\n sanitize input, leading to an unsecure library-loading\n behavior. An attacker who successfully exploited this\n vulnerability could run arbitrary code with elevated\n system privileges. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. (CVE-2020-1418)\n\n - An elevation of privilege vulnerability exists when the\n Windows USO Core Worker improperly handles memory.\n (CVE-2020-1352)\n\n - An elevation of privilege vulnerability exists when the\n Windows Modules Installer improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could gain elevated privileges.\n (CVE-2020-1346)\n\n - An elevation of privilege vulnerability exists when the\n Windows Diagnostics Hub Standard Collector Service fails\n to properly sanitize input, leading to an unsecure\n library-loading behavior. An attacker who successfully\n exploited this vulnerability could run arbitrary code\n with elevated system privileges. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2020-1393)\n\n - A remote code execution vulnerability exists in the way\n that DirectWrite handles objects in memory. An attacker\n who successfully exploited this vulnerability could take\n control of the affected system. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights. There are\n multiple ways an attacker could exploit the\n vulnerability, such as by convincing a user to open a\n specially crafted document, or by convincing a user to\n visit an untrusted webpage. The security update\n addresses the vulnerability by correcting how\n DirectWrite handles objects in memory. (CVE-2020-1409)\n\n - An elevation of privilege vulnerability exists when the\n Windows AppX Deployment Extensions improperly performs\n privilege management, resulting in access to system\n files. (CVE-2020-1431)\n\n - An elevation of privilege vulnerability exists when the\n Windows Profile Service improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could gain elevated privileges.\n (CVE-2020-1360)\n\n - An elevation of privilege vulnerability exists when\n Windows Mobile Device Management (MDM) Diagnostics\n improperly handles objects in memory. An attacker who\n successfully exploited this vulnerability could bypass\n access restrictions to delete files. (CVE-2020-1372)\n\n - An elevation of privilege vulnerability exists when the\n Windows Picker Platform improperly handles memory.\n (CVE-2020-1363)\n\n - An elevation of privilege vulnerability exists when\n Windows improperly handles calls to Advanced Local\n Procedure Call (ALPC). An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n the security context of the local system. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n (CVE-2020-1396)\n\n - An information disclosure vulnerability exists when\n Windows Mobile Device Management (MDM) Diagnostics\n improperly handles junctions. An attacker who\n successfully exploited this vulnerability could bypass\n access restrictions to read files. (CVE-2020-1330)\n\n - A remote code execution vulnerability exists in the\n Windows Remote Desktop Client when a user connects to a\n malicious server. An attacker who successfully exploited\n this vulnerability could execute arbitrary code on the\n computer of the connecting client. An attacker could\n then install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2020-1374)\n\n - A remote code execution vulnerability exists when the\n Windows font library improperly handles specially\n crafted fonts. For all systems except Windows 10, an\n attacker who successfully exploited the vulnerability\n could execute code remotely. For systems running Windows\n 10, an attacker who successfully exploited the\n vulnerability could execute code in an AppContainer\n sandbox context with limited privileges and\n capabilities. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. There are multiple ways an\n attacker could exploit the vulnerability:\n (CVE-2020-1436)\n\n - An elevation of privilege vulnerability exists in the\n way that the Credential Enrollment Manager service\n handles objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2020-1368)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Network List Service handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2020-1406)\n\n - An information disclosure vulnerability exists when the\n Windows Graphics component improperly handles objects in\n memory. An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. An authenticated attacker\n could exploit this vulnerability by running a specially\n crafted application. The update addresses the\n vulnerability by correcting how the Windows Graphics\n Component handles objects in memory. (CVE-2020-1351)\n\n - An information disclosure vulnerability exists when the\n Windows GDI component improperly discloses the contents\n of its memory. An attacker who successfully exploited\n the vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document,\n or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by\n correcting how the Windows GDI component handles objects\n in memory. (CVE-2020-1468)\n\n - An elevation of privilege vulnerability exists when the\n Windows Event Logging Service improperly handles memory.\n (CVE-2020-1365, CVE-2020-1371)\n\n - An information disclosure vulnerability exists when the\n Windows kernel fails to properly initialize a memory\n address. An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. (CVE-2020-1389,\n CVE-2020-1419)\n\n - An elevation of privilege vulnerability exists when the\n Windows Print Workflow Service improperly handles\n objects in memory. An attacker who successfully\n exploited this vulnerability could gain elevated\n privileges and break out of the AppContainer sandbox.\n (CVE-2020-1366)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows WalletService handles objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute code with elevated\n permissions. (CVE-2020-1344, CVE-2020-1362,\n CVE-2020-1369)\n\n - An elevation of privilege vulnerability exists when the\n Windows ActiveX Installer Service improperly handles\n memory. (CVE-2020-1402)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Geolocation Framework handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2020-1394)\n\n - An information vulnerability exists when Windows\n Connected User Experiences and Telemetry Service\n improperly discloses file information. Successful\n exploitation of the vulnerability could allow the\n attacker to read any file on the file system.\n (CVE-2020-1386)\n\n - This security update corrects a denial of service in the\n Local Security Authority Subsystem Service (LSASS)\n caused when an authenticated attacker sends a specially\n crafted authentication request. A remote attacker who\n successfully exploited this vulnerability could cause a\n denial of service on the target system's LSASS service,\n which triggers an automatic reboot of the system. The\n security update addresses the vulnerability by changing\n the way that LSASS handles specially crafted\n authentication requests. (CVE-2020-1267)\n\n - An elevation of privilege vulnerability exists when the\n Windows Delivery Optimization service improperly handles\n objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code\n with elevated system privileges. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2020-1392)\n\n - A remote code execution vulnerability exists when\n Windows Address Book (WAB) improperly processes vcard\n files. (CVE-2020-1410)\n\n - An elevation of privilege vulnerability exists when the\n Windows Runtime improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could run arbitrary code in an elevated context. An\n attacker could exploit this vulnerability by running a\n specially crafted application on the victim system. The\n update addresses the vulnerability by correcting the way\n the Windows Runtime handles objects in memory.\n (CVE-2020-1249, CVE-2020-1353, CVE-2020-1370,\n CVE-2020-1399, CVE-2020-1404, CVE-2020-1413,\n CVE-2020-1414, CVE-2020-1415, CVE-2020-1422)\n\n - A remote code execution vulnerability exists in the way\n that the Windows Graphics Device Interface (GDI) handles\n objects in the memory. An attacker who successfully\n exploited this vulnerability could take control of the\n affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. (CVE-2020-1435)\n\n - An elevation of privilege vulnerability exists when the\n Windows UPnP Device Host improperly handles memory.\n (CVE-2020-1354, CVE-2020-1430)\n\n - An elevation of privilege vulnerability exists when the\n Windows Update Stack fails to properly handle objects in\n memory. An attacker who successfully exploited this\n vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change,\n or delete data; or create new accounts with full user\n rights. (CVE-2020-1424)\n\n - An elevation of privilege vulnerability exists in the\n way that the SharedStream Library handles objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute code with elevated\n permissions. (CVE-2020-1463)\n\n - An elevation of privilege vulnerability exists when the\n Windows Graphics Component improperly handles objects in\n memory. An attacker who successfully exploited this\n vulnerability could run processes in an elevated\n context. (CVE-2020-1381, CVE-2020-1382)\n\n - An elevation of privilege vulnerability exists when\n Group Policy Services Policy Processing improperly\n handle reparse points. An attacker who successfully\n exploited this vulnerability could overwrite a targeted\n file that would normally require elevated permissions.\n (CVE-2020-1333)\n\n - An elevation of privilege vulnerability exists in the\n way the Windows Push Notification Service handles\n objects in memory. An attacker who successfully\n exploited this vulnerability could run processes in an\n elevated context. An attacker could then install\n programs; view, change or delete data. (CVE-2020-1387)\n\n - A remote code execution vulnerability exists when the\n Windows font library improperly handles specially\n crafted embedded fonts. An attacker who successfully\n exploited the vulnerability could take control of the\n affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. (CVE-2020-1408)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Kernel handles objects in memory.\n An attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2020-1336)\n\n - A remote code execution vulnerability exists in .NET\n Framework, Microsoft SharePoint, and Visual Studio when\n the software fails to check the source markup of XML\n file input. An attacker who successfully exploited the\n vulnerability could run arbitrary code in the context of\n the process responsible for deserialization of the XML\n content. (CVE-2020-1147)\n\n - An elevation of privilege vulnerability exists when the\n Windows Storage Services improperly handle file\n operations. An attacker who successfully exploited this\n vulnerability could gain elevated privileges.\n (CVE-2020-1347)\n\n - A denial of service vulnerability exists in the way that\n the WalletService handles files. An attacker who\n successfully exploited the vulnerability could corrupt\n system files. (CVE-2020-1364)\n\n - An information disclosure vulnerability exists when\n Skype for Business is accessed via Internet Explorer. An\n attacker who exploited the vulnerability could cause the\n user to place a call without additional consent, leading\n to information disclosure of the user profile. For the\n vulnerability to be exploited, a user must click a\n specially crafted URL that prompts the Skype app.\n (CVE-2020-1432)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Network Location Awareness Service\n handles objects in memory. An attacker who successfully\n exploited the vulnerability could allow an application\n with limited privileges on an affected system to execute\n code at a medium integrity level. (CVE-2020-1437)\n\n - An elevation of privilege vulnerability exists when\n Windows improperly handles COM object creation. An\n attacker who successfully exploited the vulnerability\n could run arbitrary code with elevated privileges.\n (CVE-2020-1375)\n\n - A remote code execution vulnerability exists when the\n Windows Font Driver Host improperly handles memory. An\n attacker who successfully exploited the vulnerability\n would gain execution on a victim system. The security\n update addresses the vulnerability by correcting how the\n Windows Font Driver Host handles memory. (CVE-2020-1355)\n\n - An information disclosure vulnerability exists when the\n Windows Agent Activation Runtime (AarSvc) fails to\n properly handle objects in memory. An attacker who\n successfully exploited the vulnerability could obtain\n information to further compromise the users system.\n (CVE-2020-1391)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Subsystem for Linux handles files.\n An attacker who successfully exploited the vulnerability\n could execute code with elevated privileges.\n (CVE-2020-1423)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Network Connections Service handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2020-1373, CVE-2020-1390,\n CVE-2020-1427, CVE-2020-1428, CVE-2020-1438)\n\n - An elevation of privilege vulnerability exists when the\n Windows Cryptography Next Generation (CNG) Key Isolation\n service improperly handles memory. An attacker who\n successfully exploited this vulnerability could run\n processes in an elevated context. (CVE-2020-1359,\n CVE-2020-1384)\n\n - An information disclosure vulnerability exists when the\n Windows Resource Policy component improperly handles\n memory. (CVE-2020-1358)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Speech Brokered API handles objects\n in memory. An attacker who successfully exploited the\n vulnerability could execute code with elevated\n permissions. (CVE-2020-1395)\n\n - An information disclosure vulnerability exists when\n Windows Error Reporting improperly handles file\n operations. (CVE-2020-1420)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft Graphics Components handle objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute arbitrary code on a target\n system. (CVE-2020-1412)\n\n - An information disclosure vulnerability exists when\n Microsoft Edge PDF Reader improperly handles objects in\n memory. An attacker who successfully exploited the\n vulnerability could obtain information to further\n compromise the users system. (CVE-2020-1433)\n\n - A remote code execution vulnerability exists when the\n Windows Jet Database Engine improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on a victim\n system. An attacker could exploit this vulnerability by\n enticing a victim to open a specially crafted file. The\n update addresses the vulnerability by correcting the way\n the Windows Jet Database Engine handles objects in\n memory. (CVE-2020-1400, CVE-2020-1401, CVE-2020-1407)\n\n - An elevation of privilege vulnerability exists when\n Windows Error Reporting manager improperly handles a\n process crash. An attacker who successfully exploited\n this vulnerability could delete a targeted file leading\n to an elevated status. (CVE-2020-1429)\n\n - An elevation of privilege vulnerability exists in the\n way that the psmsrv.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2020-1388)\n\n - An elevation of privilege vulnerability exists when\n Windows Mobile Device Management (MDM) Diagnostics\n improperly handles junctions. An attacker who\n successfully exploited this vulnerability could bypass\n access restrictions to delete files. (CVE-2020-1405)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Credential Picker handles objects\n in memory. An attacker who successfully exploited the\n vulnerability could allow an application with limited\n privileges on an affected system to execute code at a\n medium integrity level. (CVE-2020-1385)\n\n - A remote code execution vulnerability exists in\n Microsoft Windows that could allow remote code execution\n if a .LNK file is processed. An attacker who\n successfully exploited this vulnerability could gain the\n same user rights as the local user. (CVE-2020-1421)\n\n - An information disclosure vulnerability exists in\n Windows when the Windows Imaging Component fails to\n properly handle objects in memory. An attacker who\n successfully exploited this vulnerability could obtain\n information to further compromise the user's system.\n There are multiple ways an attacker could exploit this\n vulnerability: (CVE-2020-1397)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. An authenticated attacker could exploit this\n vulnerability by running a specially crafted\n application. The update addresses the vulnerability by\n correcting how the Windows kernel handles objects in\n memory. (CVE-2020-1367, CVE-2020-1426)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Function Discovery Service handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2020-1085)\n\n - An information disclosure vulnerability exists in the\n way that the WalletService handles memory.\n (CVE-2020-1361)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Sync Host Service handles objects\n in memory. An attacker who successfully exploited the\n vulnerability could allow an application with limited\n privileges on an affected system to execute code at a\n medium integrity level. (CVE-2020-1434)\n\n - An information disclosure vulnerability exists when\n Skype for Business is accessed via Microsoft Edge\n (EdgeHTML-based). An attacker who exploited the\n vulnerability could cause the user to place a call\n without additional consent, leading to information\n disclosure of the user profile. For the vulnerability to\n be exploited, a user must click a specially crafted URL\n that prompts the Skype app. (CVE-2020-1462)\n\n - An elevation of privilege vulnerability exists when\n Windows Lockscreen fails to properly handle Ease of\n Access dialog. An attacker who successfully exploited\n the vulnerability could execute commands with elevated\n permissions. The security update addresses the\n vulnerability by ensuring that the Ease of Access dialog\n is handled properly. (CVE-2020-1398)\n\n - A remote code execution vulnerability exists in the way\n that the VBScript engine handles objects in memory. The\n vulnerability could corrupt memory in such a way that an\n attacker could execute arbitrary code in the context of\n the current user. An attacker who successfully exploited\n the vulnerability could gain the same user rights as the\n current user. (CVE-2020-1403)\");\n # https://support.microsoft.com/en-us/help/4565503/windows-10-update-kb4565503\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?7a974e0a\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update KB4565503.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-1435\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-1436\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'SharePoint DataSet / DataTable Deserialization');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/07/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/07/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS20-07\";\nkbs = make_list('4565503');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:\"19041\",\n rollup_date:\"07_2020\",\n bulletin:bulletin,\n rollup_kb_list:[4565503])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n\n\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-21T16:03:44", "description": "The remote Windows host is missing security update 4565483 or 4565554. It is, therefore, affected by multiple vulnerabilities :\n\n - An elevation of privilege vulnerability exists when the Windows System Events Broker improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges.\n (CVE-2020-1357)\n\n - An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1411)\n\n - An elevation of privilege vulnerability exists when the Windows Diagnostics Execution Service fails to properly sanitize input, leading to an unsecure library-loading behavior. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1418)\n\n - An elevation of privilege vulnerability exists when the Windows USO Core Worker improperly handles memory.\n (CVE-2020-1352)\n\n - An elevation of privilege vulnerability exists when the Windows Modules Installer improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges.\n (CVE-2020-1346)\n\n - An elevation of privilege vulnerability exists when the Windows Diagnostics Hub Standard Collector Service fails to properly sanitize input, leading to an unsecure library-loading behavior. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2020-1393)\n\n - A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage. The security update addresses the vulnerability by correcting how DirectWrite handles objects in memory. (CVE-2020-1409)\n\n - An elevation of privilege vulnerability exists when the Windows AppX Deployment Extensions improperly performs privilege management, resulting in access to system files. (CVE-2020-1431)\n\n - An elevation of privilege vulnerability exists when the Windows Profile Service improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges.\n (CVE-2020-1360)\n\n - An elevation of privilege vulnerability exists when Windows Mobile Device Management (MDM) Diagnostics improperly handles objects in memory. An attacker who successfully exploited this vulnerability could bypass access restrictions to delete files. (CVE-2020-1372)\n\n - An elevation of privilege vulnerability exists when the Windows Picker Platform improperly handles memory.\n (CVE-2020-1363)\n\n - An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC). An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2020-1396)\n\n - An information disclosure vulnerability exists when Windows Mobile Device Management (MDM) Diagnostics improperly handles junctions. An attacker who successfully exploited this vulnerability could bypass access restrictions to read files. (CVE-2020-1330)\n\n - A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server. An attacker who successfully exploited this vulnerability could execute arbitrary code on the computer of the connecting client. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2020-1374)\n\n - A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted fonts. For all systems except Windows 10, an attacker who successfully exploited the vulnerability could execute code remotely. For systems running Windows 10, an attacker who successfully exploited the vulnerability could execute code in an AppContainer sandbox context with limited privileges and capabilities. An attacker could then install programs;\n view, change, or delete data; or create new accounts with full user rights. There are multiple ways an attacker could exploit the vulnerability:\n (CVE-2020-1436)\n\n - An elevation of privilege vulnerability exists in the way that the Credential Enrollment Manager service handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1368)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Network List Service handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1406)\n\n - An information disclosure vulnerability exists when the Windows Graphics component improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. An authenticated attacker could exploit this vulnerability by running a specially crafted application. The update addresses the vulnerability by correcting how the Windows Graphics Component handles objects in memory. (CVE-2020-1351)\n\n - An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory. (CVE-2020-1468)\n\n - An elevation of privilege vulnerability exists when the Windows Event Logging Service improperly handles memory.\n (CVE-2020-1365, CVE-2020-1371)\n\n - An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2020-1389, CVE-2020-1419)\n\n - An elevation of privilege vulnerability exists when the Windows Print Workflow Service improperly handles objects in memory. An attacker who successfully exploited this vulnerability could gain elevated privileges and break out of the AppContainer sandbox.\n (CVE-2020-1366)\n\n - An elevation of privilege vulnerability exists in the way that the Windows WalletService handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1344, CVE-2020-1362, CVE-2020-1369)\n\n - An elevation of privilege vulnerability exists when the Windows ActiveX Installer Service improperly handles memory. (CVE-2020-1402)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Geolocation Framework handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1394)\n\n - An information vulnerability exists when Windows Connected User Experiences and Telemetry Service improperly discloses file information. Successful exploitation of the vulnerability could allow the attacker to read any file on the file system.\n (CVE-2020-1386)\n\n - This security update corrects a denial of service in the Local Security Authority Subsystem Service (LSASS) caused when an authenticated attacker sends a specially crafted authentication request. A remote attacker who successfully exploited this vulnerability could cause a denial of service on the target system's LSASS service, which triggers an automatic reboot of the system. The security update addresses the vulnerability by changing the way that LSASS handles specially crafted authentication requests. (CVE-2020-1267)\n\n - An elevation of privilege vulnerability exists when the Windows Delivery Optimization service improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2020-1392)\n\n - A remote code execution vulnerability exists when Windows Address Book (WAB) improperly processes vcard files. (CVE-2020-1410)\n\n - An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The update addresses the vulnerability by correcting the way the Windows Runtime handles objects in memory.\n (CVE-2020-1249, CVE-2020-1353, CVE-2020-1370, CVE-2020-1399, CVE-2020-1404, CVE-2020-1413, CVE-2020-1414, CVE-2020-1415, CVE-2020-1422)\n\n - A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1435)\n\n - An elevation of privilege vulnerability exists when the Windows Update Stack fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1424)\n\n - An elevation of privilege vulnerability exists in the way that the SharedStream Library handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1463)\n\n - An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. (CVE-2020-1381, CVE-2020-1382)\n\n - An elevation of privilege vulnerability exists when Group Policy Services Policy Processing improperly handle reparse points. An attacker who successfully exploited this vulnerability could overwrite a targeted file that would normally require elevated permissions.\n (CVE-2020-1333)\n\n - An elevation of privilege vulnerability exists in the way the Windows Push Notification Service handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could then install programs; view, change or delete data. (CVE-2020-1387)\n\n - A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited the vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1408)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory.\n An attacker who successfully exploited the vulnerability could execute code with elevated permissions.\n (CVE-2020-1336)\n\n - A remote code execution vulnerability exists in .NET Framework, Microsoft SharePoint, and Visual Studio when the software fails to check the source markup of XML file input. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the process responsible for deserialization of the XML content. (CVE-2020-1147)\n\n - An elevation of privilege vulnerability exists when the Windows Storage Services improperly handle file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges.\n (CVE-2020-1347)\n\n - A denial of service vulnerability exists in the way that the WalletService handles files. An attacker who successfully exploited the vulnerability could corrupt system files. (CVE-2020-1364)\n\n - An elevation of privilege vulnerability exists when the Windows UPnP Device Host improperly handles memory.\n (CVE-2020-1430)\n\n - An information disclosure vulnerability exists when Skype for Business is accessed via Internet Explorer. An attacker who exploited the vulnerability could cause the user to place a call without additional consent, leading to information disclosure of the user profile. For the vulnerability to be exploited, a user must click a specially crafted URL that prompts the Skype app.\n (CVE-2020-1432)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Network Location Awareness Service handles objects in memory. An attacker who successfully exploited the vulnerability could allow an application with limited privileges on an affected system to execute code at a medium integrity level. (CVE-2020-1437)\n\n - An elevation of privilege vulnerability exists when Windows improperly handles COM object creation. An attacker who successfully exploited the vulnerability could run arbitrary code with elevated privileges.\n (CVE-2020-1375)\n\n - A remote code execution vulnerability exists when the Windows Font Driver Host improperly handles memory. An attacker who successfully exploited the vulnerability would gain execution on a victim system. The security update addresses the vulnerability by correcting how the Windows Font Driver Host handles memory. (CVE-2020-1355)\n\n - An information disclosure vulnerability exists when the Windows Agent Activation Runtime (AarSvc) fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.\n (CVE-2020-1391)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Network Connections Service handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1373, CVE-2020-1390, CVE-2020-1427, CVE-2020-1428, CVE-2020-1438)\n\n - An elevation of privilege vulnerability exists when the Windows Cryptography Next Generation (CNG) Key Isolation service improperly handles memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. (CVE-2020-1359, CVE-2020-1384)\n\n - An information disclosure vulnerability exists when the Windows Resource Policy component improperly handles memory. (CVE-2020-1358)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Speech Brokered API handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1395)\n\n - An information disclosure vulnerability exists when Windows Error Reporting improperly handles file operations. (CVE-2020-1420)\n\n - A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code on a target system. (CVE-2020-1412)\n\n - An information disclosure vulnerability exists when Microsoft Edge PDF Reader improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2020-1433)\n\n - A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory. (CVE-2020-1400, CVE-2020-1401, CVE-2020-1407)\n\n - An elevation of privilege vulnerability exists when Windows Error Reporting manager improperly handles a process crash. An attacker who successfully exploited this vulnerability could delete a targeted file leading to an elevated status. (CVE-2020-1429)\n\n - An elevation of privilege vulnerability exists in the way that the psmsrv.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.\n (CVE-2020-1388)\n\n - An elevation of privilege vulnerability exists when Windows Mobile Device Management (MDM) Diagnostics improperly handles junctions. An attacker who successfully exploited this vulnerability could bypass access restrictions to delete files. (CVE-2020-1405)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Credential Picker handles objects in memory. An attacker who successfully exploited the vulnerability could allow an application with limited privileges on an affected system to execute code at a medium integrity level. (CVE-2020-1385)\n\n - A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. (CVE-2020-1421)\n\n - An information disclosure vulnerability exists in Windows when the Windows Imaging Component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user's system.\n There are multiple ways an attacker could exploit this vulnerability: (CVE-2020-1397)\n\n - An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. An authenticated attacker could exploit this vulnerability by running a specially crafted application. The update addresses the vulnerability by correcting how the Windows kernel handles objects in memory. (CVE-2020-1367, CVE-2020-1426)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Function Discovery Service handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1085)\n\n - An information disclosure vulnerability exists in the way that the WalletService handles memory.\n (CVE-2020-1361)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Sync Host Service handles objects in memory. An attacker who successfully exploited the vulnerability could allow an application with limited privileges on an affected system to execute code at a medium integrity level. (CVE-2020-1434)\n\n - An information disclosure vulnerability exists when Skype for Business is accessed via Microsoft Edge (EdgeHTML-based). An attacker who exploited the vulnerability could cause the user to place a call without additional consent, leading to information disclosure of the user profile. For the vulnerability to be exploited, a user must click a specially crafted URL that prompts the Skype app. (CVE-2020-1462)\n\n - An elevation of privilege vulnerability exists when Windows Lockscreen fails to properly handle Ease of Access dialog. An attacker who successfully exploited the vulnerability could execute commands with elevated permissions. The security update addresses the vulnerability by ensuring that the Ease of Access dialog is handled properly. (CVE-2020-1398)\n\n - A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2020-1403)", "cvss3": {}, "published": "2020-07-14T00:00:00", "type": "nessus", "title": "KB4565483: Windows 10 Version 1903 and Windows 10 Version 1909 July 2020 Security Update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-1085", "CVE-2020-1147", "CVE-2020-1249", "CVE-2020-1267", "CVE-2020-1330", "CVE-2020-1333", "CVE-2020-1336", "CVE-2020-1344", "CVE-2020-1346", "CVE-2020-1347", "CVE-2020-1351", "CVE-2020-1352", "CVE-2020-1353", "CVE-2020-1355", "CVE-2020-1357", "CVE-2020-1358", "CVE-2020-1359", "CVE-2020-1360", "CVE-2020-1361", "CVE-2020-1362", "CVE-2020-1363", "CVE-2020-1364", "CVE-2020-1365", "CVE-2020-1366", "CVE-2020-1367", "CVE-2020-1368", "CVE-2020-1369", "CVE-2020-1370", "CVE-2020-1371", "CVE-2020-1372", "CVE-2020-1373", "CVE-2020-1374", "CVE-2020-1375", "CVE-2020-1381", "CVE-2020-1382", "CVE-2020-1384", "CVE-2020-1385", "CVE-2020-1386", "CVE-2020-1387", "CVE-2020-1388", "CVE-2020-1389", "CVE-2020-1390", "CVE-2020-1391", "CVE-2020-1392", "CVE-2020-1393", "CVE-2020-1394", "CVE-2020-1395", "CVE-2020-1396", "CVE-2020-1397", "CVE-2020-1398", "CVE-2020-1399", "CVE-2020-1400", "CVE-2020-1401", "CVE-2020-1402", "CVE-2020-1403", "CVE-2020-1404", "CVE-2020-1405", "CVE-2020-1406", "CVE-2020-1407", "CVE-2020-1408", "CVE-2020-1409", "CVE-2020-1410", "CVE-2020-1411", "CVE-2020-1412", "CVE-2020-1413", "CVE-2020-1414", "CVE-2020-1415", "CVE-2020-1418", "CVE-2020-1419", "CVE-2020-1420", "CVE-2020-1421", "CVE-2020-1422", "CVE-2020-1424", "CVE-2020-1426", "CVE-2020-1427", "CVE-2020-1428", "CVE-2020-1429", "CVE-2020-1430", "CVE-2020-1431", "CVE-2020-1432", "CVE-2020-1433", "CVE-2020-1434", "CVE-2020-1435", "CVE-2020-1436", "CVE-2020-1437", "CVE-2020-1438", "CVE-2020-1462", "CVE-2020-1463", "CVE-2020-1468"], "modified": "2023-01-24T00:00:00", "cpe": ["cpe:/o:microsoft:windows", "cpe:/a:microsoft:edge"], "id": "SMB_NT_MS20_JUL_4565483.NASL", "href": "https://www.tenable.com/plugins/nessus/138454", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(138454);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/24\");\n\n script_cve_id(\n \"CVE-2020-1085\",\n \"CVE-2020-1147\",\n \"CVE-2020-1249\",\n \"CVE-2020-1267\",\n \"CVE-2020-1330\",\n \"CVE-2020-1333\",\n \"CVE-2020-1336\",\n \"CVE-2020-1344\",\n \"CVE-2020-1346\",\n \"CVE-2020-1347\",\n \"CVE-2020-1351\",\n \"CVE-2020-1352\",\n \"CVE-2020-1353\",\n \"CVE-2020-1355\",\n \"CVE-2020-1357\",\n \"CVE-2020-1358\",\n \"CVE-2020-1359\",\n \"CVE-2020-1360\",\n \"CVE-2020-1361\",\n \"CVE-2020-1362\",\n \"CVE-2020-1363\",\n \"CVE-2020-1364\",\n \"CVE-2020-1365\",\n \"CVE-2020-1366\",\n \"CVE-2020-1367\",\n \"CVE-2020-1368\",\n \"CVE-2020-1369\",\n \"CVE-2020-1370\",\n \"CVE-2020-1371\",\n \"CVE-2020-1372\",\n \"CVE-2020-1373\",\n \"CVE-2020-1374\",\n \"CVE-2020-1375\",\n \"CVE-2020-1381\",\n \"CVE-2020-1382\",\n \"CVE-2020-1384\",\n \"CVE-2020-1385\",\n \"CVE-2020-1386\",\n \"CVE-2020-1387\",\n \"CVE-2020-1388\",\n \"CVE-2020-1389\",\n \"CVE-2020-1390\",\n \"CVE-2020-1391\",\n \"CVE-2020-1392\",\n \"CVE-2020-1393\",\n \"CVE-2020-1394\",\n \"CVE-2020-1395\",\n \"CVE-2020-1396\",\n \"CVE-2020-1397\",\n \"CVE-2020-1398\",\n \"CVE-2020-1399\",\n \"CVE-2020-1400\",\n \"CVE-2020-1401\",\n \"CVE-2020-1402\",\n \"CVE-2020-1403\",\n \"CVE-2020-1404\",\n \"CVE-2020-1405\",\n \"CVE-2020-1406\",\n \"CVE-2020-1407\",\n \"CVE-2020-1408\",\n \"CVE-2020-1409\",\n \"CVE-2020-1410\",\n \"CVE-2020-1411\",\n \"CVE-2020-1412\",\n \"CVE-2020-1413\",\n \"CVE-2020-1414\",\n \"CVE-2020-1415\",\n \"CVE-2020-1418\",\n \"CVE-2020-1419\",\n \"CVE-2020-1420\",\n \"CVE-2020-1421\",\n \"CVE-2020-1422\",\n \"CVE-2020-1424\",\n \"CVE-2020-1426\",\n \"CVE-2020-1427\",\n \"CVE-2020-1428\",\n \"CVE-2020-1429\",\n \"CVE-2020-1430\",\n \"CVE-2020-1431\",\n \"CVE-2020-1432\",\n \"CVE-2020-1433\",\n \"CVE-2020-1434\",\n \"CVE-2020-1435\",\n \"CVE-2020-1436\",\n \"CVE-2020-1437\",\n \"CVE-2020-1438\",\n \"CVE-2020-1462\",\n \"CVE-2020-1463\",\n \"CVE-2020-1468\"\n );\n script_xref(name:\"MSKB\", value:\"4565483\");\n script_xref(name:\"MSFT\", value:\"MS20-4565483\");\n script_xref(name:\"IAVA\", value:\"2020-A-0300-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0302-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0313-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/03\");\n\n script_name(english:\"KB4565483: Windows 10 Version 1903 and Windows 10 Version 1909 July 2020 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4565483\nor 4565554. It is, therefore, affected by multiple\nvulnerabilities :\n\n - An elevation of privilege vulnerability exists when the\n Windows System Events Broker improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could gain elevated privileges.\n (CVE-2020-1357)\n\n - An elevation of privilege vulnerability exists when the\n Windows kernel fails to properly handle objects in\n memory. An attacker who successfully exploited this\n vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change,\n or delete data; or create new accounts with full user\n rights. (CVE-2020-1411)\n\n - An elevation of privilege vulnerability exists when the\n Windows Diagnostics Execution Service fails to properly\n sanitize input, leading to an unsecure library-loading\n behavior. An attacker who successfully exploited this\n vulnerability could run arbitrary code with elevated\n system privileges. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. (CVE-2020-1418)\n\n - An elevation of privilege vulnerability exists when the\n Windows USO Core Worker improperly handles memory.\n (CVE-2020-1352)\n\n - An elevation of privilege vulnerability exists when the\n Windows Modules Installer improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could gain elevated privileges.\n (CVE-2020-1346)\n\n - An elevation of privilege vulnerability exists when the\n Windows Diagnostics Hub Standard Collector Service fails\n to properly sanitize input, leading to an unsecure\n library-loading behavior. An attacker who successfully\n exploited this vulnerability could run arbitrary code\n with elevated system privileges. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2020-1393)\n\n - A remote code execution vulnerability exists in the way\n that DirectWrite handles objects in memory. An attacker\n who successfully exploited this vulnerability could take\n control of the affected system. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights. There are\n multiple ways an attacker could exploit the\n vulnerability, such as by convincing a user to open a\n specially crafted document, or by convincing a user to\n visit an untrusted webpage. The security update\n addresses the vulnerability by correcting how\n DirectWrite handles objects in memory. (CVE-2020-1409)\n\n - An elevation of privilege vulnerability exists when the\n Windows AppX Deployment Extensions improperly performs\n privilege management, resulting in access to system\n files. (CVE-2020-1431)\n\n - An elevation of privilege vulnerability exists when the\n Windows Profile Service improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could gain elevated privileges.\n (CVE-2020-1360)\n\n - An elevation of privilege vulnerability exists when\n Windows Mobile Device Management (MDM) Diagnostics\n improperly handles objects in memory. An attacker who\n successfully exploited this vulnerability could bypass\n access restrictions to delete files. (CVE-2020-1372)\n\n - An elevation of privilege vulnerability exists when the\n Windows Picker Platform improperly handles memory.\n (CVE-2020-1363)\n\n - An elevation of privilege vulnerability exists when\n Windows improperly handles calls to Advanced Local\n Procedure Call (ALPC). An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n the security context of the local system. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n (CVE-2020-1396)\n\n - An information disclosure vulnerability exists when\n Windows Mobile Device Management (MDM) Diagnostics\n improperly handles junctions. An attacker who\n successfully exploited this vulnerability could bypass\n access restrictions to read files. (CVE-2020-1330)\n\n - A remote code execution vulnerability exists in the\n Windows Remote Desktop Client when a user connects to a\n malicious server. An attacker who successfully exploited\n this vulnerability could execute arbitrary code on the\n computer of the connecting client. An attacker could\n then install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2020-1374)\n\n - A remote code execution vulnerability exists when the\n Windows font library improperly handles specially\n crafted fonts. For all systems except Windows 10, an\n attacker who successfully exploited the vulnerability\n could execute code remotely. For systems running Windows\n 10, an attacker who successfully exploited the\n vulnerability could execute code in an AppContainer\n sandbox context with limited privileges and\n capabilities. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. There are multiple ways an\n attacker could exploit the vulnerability:\n (CVE-2020-1436)\n\n - An elevation of privilege vulnerability exists in the\n way that the Credential Enrollment Manager service\n handles objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2020-1368)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Network List Service handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2020-1406)\n\n - An information disclosure vulnerability exists when the\n Windows Graphics component improperly handles objects in\n memory. An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. An authenticated attacker\n could exploit this vulnerability by running a specially\n crafted application. The update addresses the\n vulnerability by correcting how the Windows Graphics\n Component handles objects in memory. (CVE-2020-1351)\n\n - An information disclosure vulnerability exists when the\n Windows GDI component improperly discloses the contents\n of its memory. An attacker who successfully exploited\n the vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document,\n or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by\n correcting how the Windows GDI component handles objects\n in memory. (CVE-2020-1468)\n\n - An elevation of privilege vulnerability exists when the\n Windows Event Logging Service improperly handles memory.\n (CVE-2020-1365, CVE-2020-1371)\n\n - An information disclosure vulnerability exists when the\n Windows kernel fails to properly initialize a memory\n address. An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. (CVE-2020-1389,\n CVE-2020-1419)\n\n - An elevation of privilege vulnerability exists when the\n Windows Print Workflow Service improperly handles\n objects in memory. An attacker who successfully\n exploited this vulnerability could gain elevated\n privileges and break out of the AppContainer sandbox.\n (CVE-2020-1366)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows WalletService handles objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute code with elevated\n permissions. (CVE-2020-1344, CVE-2020-1362,\n CVE-2020-1369)\n\n - An elevation of privilege vulnerability exists when the\n Windows ActiveX Installer Service improperly handles\n memory. (CVE-2020-1402)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Geolocation Framework handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2020-1394)\n\n - An information vulnerability exists when Windows\n Connected User Experiences and Telemetry Service\n improperly discloses file information. Successful\n exploitation of the vulnerability could allow the\n attacker to read any file on the file system.\n (CVE-2020-1386)\n\n - This security update corrects a denial of service in the\n Local Security Authority Subsystem Service (LSASS)\n caused when an authenticated attacker sends a specially\n crafted authentication request. A remote attacker who\n successfully exploited this vulnerability could cause a\n denial of service on the target system's LSASS service,\n which triggers an automatic reboot of the system. The\n security update addresses the vulnerability by changing\n the way that LSASS handles specially crafted\n authentication requests. (CVE-2020-1267)\n\n - An elevation of privilege vulnerability exists when the\n Windows Delivery Optimization service improperly handles\n objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code\n with elevated system privileges. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2020-1392)\n\n - A remote code execution vulnerability exists when\n Windows Address Book (WAB) improperly processes vcard\n files. (CVE-2020-1410)\n\n - An elevation of privilege vulnerability exists when the\n Windows Runtime improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could run arbitrary code in an elevated context. An\n attacker could exploit this vulnerability by running a\n specially crafted application on the victim system. The\n update addresses the vulnerability by correcting the way\n the Windows Runtime handles objects in memory.\n (CVE-2020-1249, CVE-2020-1353, CVE-2020-1370,\n CVE-2020-1399, CVE-2020-1404, CVE-2020-1413,\n CVE-2020-1414, CVE-2020-1415, CVE-2020-1422)\n\n - A remote code execution vulnerability exists in the way\n that the Windows Graphics Device Interface (GDI) handles\n objects in the memory. An attacker who successfully\n exploited this vulnerability could take control of the\n affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. (CVE-2020-1435)\n\n - An elevation of privilege vulnerability exists when the\n Windows Update Stack fails to properly handle objects in\n memory. An attacker who successfully exploited this\n vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change,\n or delete data; or create new accounts with full user\n rights. (CVE-2020-1424)\n\n - An elevation of privilege vulnerability exists in the\n way that the SharedStream Library handles objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute code with elevated\n permissions. (CVE-2020-1463)\n\n - An elevation of privilege vulnerability exists when the\n Windows Graphics Component improperly handles objects in\n memory. An attacker who successfully exploited this\n vulnerability could run processes in an elevated\n context. (CVE-2020-1381, CVE-2020-1382)\n\n - An elevation of privilege vulnerability exists when\n Group Policy Services Policy Processing improperly\n handle reparse points. An attacker who successfully\n exploited this vulnerability could overwrite a targeted\n file that would normally require elevated permissions.\n (CVE-2020-1333)\n\n - An elevation of privilege vulnerability exists in the\n way the Windows Push Notification Service handles\n objects in memory. An attacker who successfully\n exploited this vulnerability could run processes in an\n elevated context. An attacker could then install\n programs; view, change or delete data. (CVE-2020-1387)\n\n - A remote code execution vulnerability exists when the\n Windows font library improperly handles specially\n crafted embedded fonts. An attacker who successfully\n exploited the vulnerability could take control of the\n affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. (CVE-2020-1408)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Kernel handles objects in memory.\n An attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2020-1336)\n\n - A remote code execution vulnerability exists in .NET\n Framework, Microsoft SharePoint, and Visual Studio when\n the software fails to check the source markup of XML\n file input. An attacker who successfully exploited the\n vulnerability could run arbitrary code in the context of\n the process responsible for deserialization of the XML\n content. (CVE-2020-1147)\n\n - An elevation of privilege vulnerability exists when the\n Windows Storage Services improperly handle file\n operations. An attacker who successfully exploited this\n vulnerability could gain elevated privileges.\n (CVE-2020-1347)\n\n - A denial of service vulnerability exists in the way that\n the WalletService handles files. An attacker who\n successfully exploited the vulnerability could corrupt\n system files. (CVE-2020-1364)\n\n - An elevation of privilege vulnerability exists when the\n Windows UPnP Device Host improperly handles memory.\n (CVE-2020-1430)\n\n - An information disclosure vulnerability exists when\n Skype for Business is accessed via Internet Explorer. An\n attacker who exploited the vulnerability could cause the\n user to place a call without additional consent, leading\n to information disclosure of the user profile. For the\n vulnerability to be exploited, a user must click a\n specially crafted URL that prompts the Skype app.\n (CVE-2020-1432)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Network Location Awareness Service\n handles objects in memory. An attacker who successfully\n exploited the vulnerability could allow an application\n with limited privileges on an affected system to execute\n code at a medium integrity level. (CVE-2020-1437)\n\n - An elevation of privilege vulnerability exists when\n Windows improperly handles COM object creation. An\n attacker who successfully exploited the vulnerability\n could run arbitrary code with elevated privileges.\n (CVE-2020-1375)\n\n - A remote code execution vulnerability exists when the\n Windows Font Driver Host improperly handles memory. An\n attacker who successfully exploited the vulnerability\n would gain execution on a victim system. The security\n update addresses the vulnerability by correcting how the\n Windows Font Driver Host handles memory. (CVE-2020-1355)\n\n - An information disclosure vulnerability exists when the\n Windows Agent Activation Runtime (AarSvc) fails to\n properly handle objects in memory. An attacker who\n successfully exploited the vulnerability could obtain\n information to further compromise the users system.\n (CVE-2020-1391)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Network Connections Service handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2020-1373, CVE-2020-1390,\n CVE-2020-1427, CVE-2020-1428, CVE-2020-1438)\n\n - An elevation of privilege vulnerability exists when the\n Windows Cryptography Next Generation (CNG) Key Isolation\n service improperly handles memory. An attacker who\n successfully exploited this vulnerability could run\n processes in an elevated context. (CVE-2020-1359,\n CVE-2020-1384)\n\n - An information disclosure vulnerability exists when the\n Windows Resource Policy component improperly handles\n memory. (CVE-2020-1358)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Speech Brokered API handles objects\n in memory. An attacker who successfully exploited the\n vulnerability could execute code with elevated\n permissions. (CVE-2020-1395)\n\n - An information disclosure vulnerability exists when\n Windows Error Reporting improperly handles file\n operations. (CVE-2020-1420)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft Graphics Components handle objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute arbitrary code on a target\n system. (CVE-2020-1412)\n\n - An information disclosure vulnerability exists when\n Microsoft Edge PDF Reader improperly handles objects in\n memory. An attacker who successfully exploited the\n vulnerability could obtain information to further\n compromise the users system. (CVE-2020-1433)\n\n - A remote code execution vulnerability exists when the\n Windows Jet Database Engine improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on a victim\n system. An attacker could exploit this vulnerability by\n enticing a victim to open a specially crafted file. The\n update addresses the vulnerability by correcting the way\n the Windows Jet Database Engine handles objects in\n memory. (CVE-2020-1400, CVE-2020-1401, CVE-2020-1407)\n\n - An elevation of privilege vulnerability exists when\n Windows Error Reporting manager improperly handles a\n process crash. An attacker who successfully exploited\n this vulnerability could delete a targeted file leading\n to an elevated status. (CVE-2020-1429)\n\n - An elevation of privilege vulnerability exists in the\n way that the psmsrv.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2020-1388)\n\n - An elevation of privilege vulnerability exists when\n Windows Mobile Device Management (MDM) Diagnostics\n improperly handles junctions. An attacker who\n successfully exploited this vulnerability could bypass\n access restrictions to delete files. (CVE-2020-1405)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Credential Picker handles objects\n in memory. An attacker who successfully exploited the\n vulnerability could allow an application with limited\n privileges on an affected system to execute code at a\n medium integrity level. (CVE-2020-1385)\n\n - A remote code execution vulnerability exists in\n Microsoft Windows that could allow remote code execution\n if a .LNK file is processed. An attacker who\n successfully exploited this vulnerability could gain the\n same user rights as the local user. (CVE-2020-1421)\n\n - An information disclosure vulnerability exists in\n Windows when the Windows Imaging Component fails to\n properly handle objects in memory. An attacker who\n successfully exploited this vulnerability could obtain\n information to further compromise the user's system.\n There are multiple ways an attacker could exploit this\n vulnerability: (CVE-2020-1397)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. An authenticated attacker could exploit this\n vulnerability by running a specially crafted\n application. The update addresses the vulnerability by\n correcting how the Windows kernel handles objects in\n memory. (CVE-2020-1367, CVE-2020-1426)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Function Discovery Service handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2020-1085)\n\n - An information disclosure vulnerability exists in the\n way that the WalletService handles memory.\n (CVE-2020-1361)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Sync Host Service handles objects\n in memory. An attacker who successfully exploited the\n vulnerability could allow an application with limited\n privileges on an affected system to execute code at a\n medium integrity level. (CVE-2020-1434)\n\n - An information disclosure vulnerability exists when\n Skype for Business is accessed via Microsoft Edge\n (EdgeHTML-based). An attacker who exploited the\n vulnerability could cause the user to place a call\n without additional consent, leading to information\n disclosure of the user profile. For the vulnerability to\n be exploited, a user must click a specially crafted URL\n that prompts the Skype app. (CVE-2020-1462)\n\n - An elevation of privilege vulnerability exists when\n Windows Lockscreen fails to properly handle Ease of\n Access dialog. An attacker who successfully exploited\n the vulnerability could execute commands with elevated\n permissions. The security update addresses the\n vulnerability by ensuring that the Ease of Access dialog\n is handled properly. (CVE-2020-1398)\n\n - A remote code execution vulnerability exists in the way\n that the VBScript engine handles objects in memory. The\n vulnerability could corrupt memory in such a way that an\n attacker could execute arbitrary code in the context of\n the current user. An attacker who successfully exploited\n the vulnerability could gain the same user rights as the\n current user. (CVE-2020-1403)\");\n # https://support.microsoft.com/en-us/help/4565483/windows-10-update-kb4565483\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?e066b7e3\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update KB4565483.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-1435\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-1436\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'SharePoint DataSet / DataTable Deserialization');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/07/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/07/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS20-07\";\nkbs = make_list('4565483');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:\"18362\",\n rollup_date:\"07_2020\",\n bulletin:bulletin,\n rollup_kb_list:[4565483])\n ||\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:\"18363\",\n rollup_date:\"07_2020\",\n bulletin:bulletin,\n rollup_kb_list:[4565483])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n\n\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-19T15:24:04", "description": "The remote Windows host is missing security update 4565511. It is, therefore, affected by multiple vulnerabilities :\n\n - An elevation of privilege vulnerability exists when the Windows System Events Broker improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges.\n (CVE-2020-1357)\n\n - An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1411)\n\n - An elevation of privilege vulnerability exists when the Windows USO Core Worker improperly handles memory.\n (CVE-2020-1352)\n\n - An elevation of privilege vulnerability exists when the Windows Diagnostics Hub Standard Collector Service fails to properly sanitize input, leading to an unsecure library-loading behavior. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2020-1393)\n\n - A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage. The security update addresses the vulnerability by correcting how DirectWrite handles objects in memory. (CVE-2020-1409)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Credential Picker handles objects in memory. An attacker who successfully exploited the vulnerability could allow an application with limited privileges on an affected system to execute code at a medium integrity level. (CVE-2020-1385)\n\n - An elevation of privilege vulnerability exists when the Windows Profile Service improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges.\n (CVE-2020-1360)\n\n - A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2020-1403)\n\n - A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server. An attacker who successfully exploited this vulnerability could execute arbitrary code on the computer of the connecting client. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2020-1374)\n\n - A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted fonts. For all systems except Windows 10, an attacker who successfully exploited the vulnerability could execute code remotely. For systems running Windows 10, an attacker who successfully exploited the vulnerability could execute code in an AppContainer sandbox context with limited privileges and capabilities. An attacker could then install programs;\n view, change, or delete data; or create new accounts with full user rights. There are multiple ways an attacker could exploit the vulnerability:\n (CVE-2020-1436)\n\n - An elevation of privilege vulnerability exists in the way that the Credential Enrollment Manager service handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1368)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Network List Service handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1406)\n\n - An information disclosure vulnerability exists when the Windows Graphics component improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. An authenticated attacker could exploit this vulnerability by running a specially crafted application. The update addresses the vulnerability by correcting how the Windows Graphics Component handles objects in memory. (CVE-2020-1351)\n\n - An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory. (CVE-2020-1468)\n\n - An elevation of privilege vulnerability exists when the Windows Event Logging Service improperly handles memory.\n (CVE-2020-1365, CVE-2020-1371)\n\n - An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2020-1389, CVE-2020-1419)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Speech Brokered API handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1395)\n\n - An elevation of privilege vulnerability exists in the way that the Windows WalletService handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1344, CVE-2020-1362, CVE-2020-1369)\n\n - An elevation of privilege vulnerability exists when the Windows ActiveX Installer Service improperly handles memory. (CVE-2020-1402)\n\n - This security update corrects a denial of service in the Local Security Authority Subsystem Service (LSASS) caused when an authenticated attacker sends a specially crafted authentication request. A remote attacker who successfully exploited this vulnerability could cause a denial of service on the target system's LSASS service, which triggers an automatic reboot of the system. The security update addresses the vulnerability by changing the way that LSASS handles specially crafted authentication requests. (CVE-2020-1267)\n\n - A remote code execution vulnerability exists when Windows Address Book (WAB) improperly processes vcard files. (CVE-2020-1410)\n\n - An elevation of privilege vulnerability exists when the Windows Modules Installer improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges.\n (CVE-2020-1346)\n\n - An elevation of privilege vulnerability exists when the Windows UPnP Device Host improperly handles memory.\n (CVE-2020-1354, CVE-2020-1430)\n\n - An elevation of privilege vulnerability exists in the way that the SharedStream Library handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1463)\n\n - An elevation of privilege vulnerability exists when Group Policy Services Policy Processing improperly handle reparse points. An attacker who successfully exploited this vulnerability could overwrite a targeted file that would normally require elevated permissions.\n (CVE-2020-1333)\n\n - An information disclosure vulnerability exists when Skype for Business is accessed via Microsoft Edge (EdgeHTML-based). An attacker who exploited the vulnerability could cause the user to place a call without additional consent, leading to information disclosure of the user profile. For the vulnerability to be exploited, a user must click a specially crafted URL that prompts the Skype app. (CVE-2020-1462)\n\n - A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited the vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1408)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory.\n An attacker who successfully exploited the vulnerability could execute code with elevated permissions.\n (CVE-2020-1336)\n\n - An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC). An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2020-1396)\n\n - A denial of service vulnerability exists in the way that the WalletService handles files. An attacker who successfully exploited the vulnerability could corrupt system files. (CVE-2020-1364)\n\n - An information disclosure vulnerability exists when Skype for Business is accessed via Internet Explorer. An attacker who exploited the vulnerability could cause the user to place a call without additional consent, leading to information disclosure of the user profile. For the vulnerability to be exploited, a user must click a specially crafted URL that prompts the Skype app.\n (CVE-2020-1432)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Network Location Awareness Service handles objects in memory. An attacker who successfully exploited the vulnerability could allow an application with limited privileges on an affected system to execute code at a medium integrity level. (CVE-2020-1437)\n\n - A remote code execution vulnerability exists in .NET Framework, Microsoft SharePoint, and Visual Studio when the software fails to check the source markup of XML file input. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the process responsible for deserialization of the XML content. (CVE-2020-1147)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Network Connections Service handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1373, CVE-2020-1390, CVE-2020-1427, CVE-2020-1428, CVE-2020-1438)\n\n - An elevation of privilege vulnerability exists when the Windows Cryptography Next Generation (CNG) Key Isolation service improperly handles memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. (CVE-2020-1359, CVE-2020-1384)\n\n - An information disclosure vulnerability exists when the Windows Resource Policy component improperly handles memory. (CVE-2020-1358)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Function Discovery Service handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1085)\n\n - An information disclosure vulnerability exists when Windows Error Reporting improperly handles file operations. (CVE-2020-1420)\n\n - A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code on a target system. (CVE-2020-1412)\n\n - An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The update addresses the vulnerability by correcting the way the Windows Runtime handles objects in memory.\n (CVE-2020-1249, CVE-2020-1353, CVE-2020-1370, CVE-2020-1399, CVE-2020-1404, CVE-2020-1413)\n\n - An information disclosure vulnerability exists when Microsoft Edge PDF Reader improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2020-1433)\n\n - A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory. (CVE-2020-1400, CVE-2020-1401, CVE-2020-1407)\n\n - An elevation of privilege vulnerability exists when Windows Error Reporting manager improperly handles a process crash. An attacker who successfully exploited this vulnerability could delete a targeted file leading to an elevated status. (CVE-2020-1429)\n\n - An elevation of privilege vulnerability exists in the way that the psmsrv.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.\n (CVE-2020-1388)\n\n - An elevation of privilege vulnerability exists when the Windows iSCSI Target Service improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges.\n (CVE-2020-1356)\n\n - A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. (CVE-2020-1421)\n\n - An information disclosure vulnerability exists in Windows when the Windows Imaging Component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user's system.\n There are multiple ways an attacker could exploit this vulnerability: (CVE-2020-1397)\n\n - A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1435)\n\n - An information disclosure vulnerability exists in the way that the WalletService handles memory.\n (CVE-2020-1361)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Sync Host Service handles objects in memory. An attacker who successfully exploited the vulnerability could allow an application with limited privileges on an affected system to execute code at a medium integrity level. (CVE-2020-1434)\n\n - An elevation of privilege vulnerability exists when Windows Lockscreen fails to properly handle Ease of Access dialog. An attacker who successfully exploited the vulnerability could execute commands with elevated permissions. The security update addresses the vulnerability by ensuring that the Ease of Access dialog is handled properly. (CVE-2020-1398)", "cvss3": {}, "published": "2020-07-14T00:00:00", "type": "nessus", "title": "KB4565511: Windows 10 Version 1607 and Windows Server 2016 July 2020 Security Update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-1085", "CVE-2020-1147", "CVE-2020-1249", "CVE-2020-1267", "CVE-2020-1333", "CVE-2020-1336", "CVE-2020-1344", "CVE-2020-1346", "CVE-2020-1351", "CVE-2020-1352", "CVE-2020-1353", "CVE-2020-1354", "CVE-2020-1356", "CVE-2020-1357", "CVE-2020-1358", "CVE-2020-1359", "CVE-2020-1360", "CVE-2020-1361", "CVE-2020-1362", "CVE-2020-1364", "CVE-2020-1365", "CVE-2020-1368", "CVE-2020-1369", "CVE-2020-1370", "CVE-2020-1371", "CVE-2020-1373", "CVE-2020-1374", "CVE-2020-1384", "CVE-2020-1385", "CVE-2020-1388", "CVE-2020-1389", "CVE-2020-1390", "CVE-2020-1393", "CVE-2020-1395", "CVE-2020-1396", "CVE-2020-1397", "CVE-2020-1398", "CVE-2020-1399", "CVE-2020-1400", "CVE-2020-1401", "CVE-2020-1402", "CVE-2020-1403", "CVE-2020-1404", "CVE-2020-1406", "CVE-2020-1407", "CVE-2020-1408", "CVE-2020-1409", "CVE-2020-1410", "CVE-2020-1411", "CVE-2020-1412", "CVE-2020-1413", "CVE-2020-1419", "CVE-2020-1420", "CVE-2020-1421", "CVE-2020-1427", "CVE-2020-1428", "CVE-2020-1429", "CVE-2020-1430", "CVE-2020-1432", "CVE-2020-1433", "CVE-2020-1434", "CVE-2020-1435", "CVE-2020-1436", "CVE-2020-1437", "CVE-2020-1438", "CVE-2020-1462", "CVE-2020-1463", "CVE-2020-1468"], "modified": "2023-04-25T00:00:00", "cpe": ["cpe:/o:microsoft:windows", "cpe:/a:microsoft:edge"], "id": "SMB_NT_MS20_JUL_4565511.NASL", "href": "https://www.tenable.com/plugins/nessus/138458", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(138458);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/04/25\");\n\n script_cve_id(\n \"CVE-2020-1085\",\n \"CVE-2020-1147\",\n \"CVE-2020-1249\",\n \"CVE-2020-1267\",\n \"CVE-2020-1333\",\n \"CVE-2020-1336\",\n \"CVE-2020-1344\",\n \"CVE-2020-1346\",\n \"CVE-2020-1351\",\n \"CVE-2020-1352\",\n \"CVE-2020-1353\",\n \"CVE-2020-1354\",\n \"CVE-2020-1356\",\n \"CVE-2020-1357\",\n \"CVE-2020-1358\",\n \"CVE-2020-1359\",\n \"CVE-2020-1360\",\n \"CVE-2020-1361\",\n \"CVE-2020-1362\",\n \"CVE-2020-1364\",\n \"CVE-2020-1365\",\n \"CVE-2020-1368\",\n \"CVE-2020-1369\",\n \"CVE-2020-1370\",\n \"CVE-2020-1371\",\n \"CVE-2020-1373\",\n \"CVE-2020-1374\",\n \"CVE-2020-1384\",\n \"CVE-2020-1385\",\n \"CVE-2020-1388\",\n \"CVE-2020-1389\",\n \"CVE-2020-1390\",\n \"CVE-2020-1393\",\n \"CVE-2020-1395\",\n \"CVE-2020-1396\",\n \"CVE-2020-1397\",\n \"CVE-2020-1398\",\n \"CVE-2020-1399\",\n \"CVE-2020-1400\",\n \"CVE-2020-1401\",\n \"CVE-2020-1402\",\n \"CVE-2020-1403\",\n \"CVE-2020-1404\",\n \"CVE-2020-1406\",\n \"CVE-2020-1407\",\n \"CVE-2020-1408\",\n \"CVE-2020-1409\",\n \"CVE-2020-1410\",\n \"CVE-2020-1411\",\n \"CVE-2020-1412\",\n \"CVE-2020-1413\",\n \"CVE-2020-1419\",\n \"CVE-2020-1420\",\n \"CVE-2020-1421\",\n \"CVE-2020-1427\",\n \"CVE-2020-1428\",\n \"CVE-2020-1429\",\n \"CVE-2020-1430\",\n \"CVE-2020-1432\",\n \"CVE-2020-1433\",\n \"CVE-2020-1434\",\n \"CVE-2020-1435\",\n \"CVE-2020-1436\",\n \"CVE-2020-1437\",\n \"CVE-2020-1438\",\n \"CVE-2020-1462\",\n \"CVE-2020-1463\",\n \"CVE-2020-1468\"\n );\n script_xref(name:\"MSKB\", value:\"4565511\");\n script_xref(name:\"MSFT\", value:\"MS20-4565511\");\n script_xref(name:\"IAVA\", value:\"2020-A-0300-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0302-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0306-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0313-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/03\");\n\n script_name(english:\"KB4565511: Windows 10 Version 1607 and Windows Server 2016 July 2020 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4565511. It is, \ntherefore, affected by multiple vulnerabilities :\n\n - An elevation of privilege vulnerability exists when the\n Windows System Events Broker improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could gain elevated privileges.\n (CVE-2020-1357)\n\n - An elevation of privilege vulnerability exists when the\n Windows kernel fails to properly handle objects in\n memory. An attacker who successfully exploited this\n vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change,\n or delete data; or create new accounts with full user\n rights. (CVE-2020-1411)\n\n - An elevation of privilege vulnerability exists when the\n Windows USO Core Worker improperly handles memory.\n (CVE-2020-1352)\n\n - An elevation of privilege vulnerability exists when the\n Windows Diagnostics Hub Standard Collector Service fails\n to properly sanitize input, leading to an unsecure\n library-loading behavior. An attacker who successfully\n exploited this vulnerability could run arbitrary code\n with elevated system privileges. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2020-1393)\n\n - A remote code execution vulnerability exists in the way\n that DirectWrite handles objects in memory. An attacker\n who successfully exploited this vulnerability could take\n control of the affected system. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights. There are\n multiple ways an attacker could exploit the\n vulnerability, such as by convincing a user to open a\n specially crafted document, or by convincing a user to\n visit an untrusted webpage. The security update\n addresses the vulnerability by correcting how\n DirectWrite handles objects in memory. (CVE-2020-1409)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Credential Picker handles objects\n in memory. An attacker who successfully exploited the\n vulnerability could allow an application with limited\n privileges on an affected system to execute code at a\n medium integrity level. (CVE-2020-1385)\n\n - An elevation of privilege vulnerability exists when the\n Windows Profile Service improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could gain elevated privileges.\n (CVE-2020-1360)\n\n - A remote code execution vulnerability exists in the way\n that the VBScript engine handles objects in memory. The\n vulnerability could corrupt memory in such a way that an\n attacker could execute arbitrary code in the context of\n the current user. An attacker who successfully exploited\n the vulnerability could gain the same user rights as the\n current user. (CVE-2020-1403)\n\n - A remote code execution vulnerability exists in the\n Windows Remote Desktop Client when a user connects to a\n malicious server. An attacker who successfully exploited\n this vulnerability could execute arbitrary code on the\n computer of the connecting client. An attacker could\n then install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2020-1374)\n\n - A remote code execution vulnerability exists when the\n Windows font library improperly handles specially\n crafted fonts. For all systems except Windows 10, an\n attacker who successfully exploited the vulnerability\n could execute code remotely. For systems running Windows\n 10, an attacker who successfully exploited the\n vulnerability could execute code in an AppContainer\n sandbox context with limited privileges and\n capabilities. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. There are multiple ways an\n attacker could exploit the vulnerability:\n (CVE-2020-1436)\n\n - An elevation of privilege vulnerability exists in the\n way that the Credential Enrollment Manager service\n handles objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2020-1368)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Network List Service handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2020-1406)\n\n - An information disclosure vulnerability exists when the\n Windows Graphics component improperly handles objects in\n memory. An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. An authenticated attacker\n could exploit this vulnerability by running a specially\n crafted application. The update addresses the\n vulnerability by correcting how the Windows Graphics\n Component handles objects in memory. (CVE-2020-1351)\n\n - An information disclosure vulnerability exists when the\n Windows GDI component improperly discloses the contents\n of its memory. An attacker who successfully exploited\n the vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document,\n or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by\n correcting how the Windows GDI component handles objects\n in memory. (CVE-2020-1468)\n\n - An elevation of privilege vulnerability exists when the\n Windows Event Logging Service improperly handles memory.\n (CVE-2020-1365, CVE-2020-1371)\n\n - An information disclosure vulnerability exists when the\n Windows kernel fails to properly initialize a memory\n address. An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. (CVE-2020-1389,\n CVE-2020-1419)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Speech Brokered API handles objects\n in memory. An attacker who successfully exploited the\n vulnerability could execute code with elevated\n permissions. (CVE-2020-1395)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows WalletService handles objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute code with elevated\n permissions. (CVE-2020-1344, CVE-2020-1362,\n CVE-2020-1369)\n\n - An elevation of privilege vulnerability exists when the\n Windows ActiveX Installer Service improperly handles\n memory. (CVE-2020-1402)\n\n - This security update corrects a denial of service in the\n Local Security Authority Subsystem Service (LSASS)\n caused when an authenticated attacker sends a specially\n crafted authentication request. A remote attacker who\n successfully exploited this vulnerability could cause a\n denial of service on the target system's LSASS service,\n which triggers an automatic reboot of the system. The\n security update addresses the vulnerability by changing\n the way that LSASS handles specially crafted\n authentication requests. (CVE-2020-1267)\n\n - A remote code execution vulnerability exists when\n Windows Address Book (WAB) improperly processes vcard\n files. (CVE-2020-1410)\n\n - An elevation of privilege vulnerability exists when the\n Windows Modules Installer improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could gain elevated privileges.\n (CVE-2020-1346)\n\n - An elevation of privilege vulnerability exists when the\n Windows UPnP Device Host improperly handles memory.\n (CVE-2020-1354, CVE-2020-1430)\n\n - An elevation of privilege vulnerability exists in the\n way that the SharedStream Library handles objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute code with elevated\n permissions. (CVE-2020-1463)\n\n - An elevation of privilege vulnerability exists when\n Group Policy Services Policy Processing improperly\n handle reparse points. An attacker who successfully\n exploited this vulnerability could overwrite a targeted\n file that would normally require elevated permissions.\n (CVE-2020-1333)\n\n - An information disclosure vulnerability exists when\n Skype for Business is accessed via Microsoft Edge\n (EdgeHTML-based). An attacker who exploited the\n vulnerability could cause the user to place a call\n without additional consent, leading to information\n disclosure of the user profile. For the vulnerability to\n be exploited, a user must click a specially crafted URL\n that prompts the Skype app. (CVE-2020-1462)\n\n - A remote code execution vulnerability exists when the\n Windows font library improperly handles specially\n crafted embedded fonts. An attacker who successfully\n exploited the vulnerability could take control of the\n affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. (CVE-2020-1408)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Kernel handles objects in memory.\n An attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2020-1336)\n\n - An elevation of privilege vulnerability exists when\n Windows improperly handles calls to Advanced Local\n Procedure Call (ALPC). An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n the security context of the local system. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n (CVE-2020-1396)\n\n - A denial of service vulnerability exists in the way that\n the WalletService handles files. An attacker who\n successfully exploited the vulnerability could corrupt\n system files. (CVE-2020-1364)\n\n - An information disclosure vulnerability exists when\n Skype for Business is accessed via Internet Explorer. An\n attacker who exploited the vulnerability could cause the\n user to place a call without additional consent, leading\n to information disclosure of the user profile. For the\n vulnerability to be exploited, a user must click a\n specially crafted URL that prompts the Skype app.\n (CVE-2020-1432)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Network Location Awareness Service\n handles objects in memory. An attacker who successfully\n exploited the vulnerability could allow an application\n with limited privileges on an affected system to execute\n code at a medium integrity level. (CVE-2020-1437)\n\n - A remote code execution vulnerability exists in .NET\n Framework, Microsoft SharePoint, and Visual Studio when\n the software fails to check the source markup of XML\n file input. An attacker who successfully exploited the\n vulnerability could run arbitrary code in the context of\n the process responsible for deserialization of the XML\n content. (CVE-2020-1147)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Network Connections Service handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2020-1373, CVE-2020-1390,\n CVE-2020-1427, CVE-2020-1428, CVE-2020-1438)\n\n - An elevation of privilege vulnerability exists when the\n Windows Cryptography Next Generation (CNG) Key Isolation\n service improperly handles memory. An attacker who\n successfully exploited this vulnerability could run\n processes in an elevated context. (CVE-2020-1359,\n CVE-2020-1384)\n\n - An information disclosure vulnerability exists when the\n Windows Resource Policy component improperly handles\n memory. (CVE-2020-1358)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Function Discovery Service handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2020-1085)\n\n - An information disclosure vulnerability exists when\n Windows Error Reporting improperly handles file\n operations. (CVE-2020-1420)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft Graphics Components handle objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute arbitrary code on a target\n system. (CVE-2020-1412)\n\n - An elevation of privilege vulnerability exists when the\n Windows Runtime improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could run arbitrary code in an elevated context. An\n attacker could exploit this vulnerability by running a\n specially crafted application on the victim system. The\n update addresses the vulnerability by correcting the way\n the Windows Runtime handles objects in memory.\n (CVE-2020-1249, CVE-2020-1353, CVE-2020-1370,\n CVE-2020-1399, CVE-2020-1404, CVE-2020-1413)\n\n - An information disclosure vulnerability exists when\n Microsoft Edge PDF Reader improperly handles objects in\n memory. An attacker who successfully exploited the\n vulnerability could obtain information to further\n compromise the users system. (CVE-2020-1433)\n\n - A remote code execution vulnerability exists when the\n Windows Jet Database Engine improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on a victim\n system. An attacker could exploit this vulnerability by\n enticing a victim to open a specially crafted file. The\n update addresses the vulnerability by correcting the way\n the Windows Jet Database Engine handles objects in\n memory. (CVE-2020-1400, CVE-2020-1401, CVE-2020-1407)\n\n - An elevation of privilege vulnerability exists when\n Windows Error Reporting manager improperly handles a\n process crash. An attacker who successfully exploited\n this vulnerability could delete a targeted file leading\n to an elevated status. (CVE-2020-1429)\n\n - An elevation of privilege vulnerability exists in the\n way that the psmsrv.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2020-1388)\n\n - An elevation of privilege vulnerability exists when the\n Windows iSCSI Target Service improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could gain elevated privileges.\n (CVE-2020-1356)\n\n - A remote code execution vulnerability exists in\n Microsoft Windows that could allow remote code execution\n if a .LNK file is processed. An attacker who\n successfully exploited this vulnerability could gain the\n same user rights as the local user. (CVE-2020-1421)\n\n - An information disclosure vulnerability exists in\n Windows when the Windows Imaging Component fails to\n properly handle objects in memory. An attacker who\n successfully exploited this vulnerability could obtain\n information to further compromise the user's system.\n There are multiple ways an attacker could exploit this\n vulnerability: (CVE-2020-1397)\n\n - A remote code execution vulnerability exists in the way\n that the Windows Graphics Device Interface (GDI) handles\n objects in the memory. An attacker who successfully\n exploited this vulnerability could take control of the\n affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. (CVE-2020-1435)\n\n - An information disclosure vulnerability exists in the\n way that the WalletService handles memory.\n (CVE-2020-1361)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Sync Host Service handles objects\n in memory. An attacker who successfully exploited the\n vulnerability could allow an application with limited\n privileges on an affected system to execute code at a\n medium integrity level. (CVE-2020-1434)\n\n - An elevation of privilege vulnerability exists when\n Windows Lockscreen fails to properly handle Ease of\n Access dialog. An attacker who successfully exploited\n the vulnerability could execute commands with elevated\n permissions. The security update addresses the\n vulnerability by ensuring that the Ease of Access dialog\n is handled properly. (CVE-2020-1398)\");\n # https://support.microsoft.com/en-us/help/4565511/windows-10-update-kb4565511\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?777905a0\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update KB4565511.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-1435\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-1436\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'SharePoint DataSet / DataTable Deserialization');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/07/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/07/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('smb_func.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_reg_query.inc');\ninclude('install_func.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = 'MS20-07';\nkbs = make_list(\n '4565511'\n);\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:'10',\n sp:0,\n os_build:'14393',\n rollup_date:'07_2020',\n bulletin:bulletin,\n rollup_kb_list:[4565511])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n\n\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-19T15:24:01", "description": "The remote Windows host is missing security update 4565489. It is, therefore, affected by multiple vulnerabilities :\n\n - An elevation of privilege vulnerability exists when the Windows System Events Broker improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges.\n (CVE-2020-1357)\n\n - An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1411)\n\n - An elevation of privilege vulnerability exists when the Windows Diagnostics Execution Service fails to properly sanitize input, leading to an unsecure library-loading behavior. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1418)\n\n - An elevation of privilege vulnerability exists when the Windows USO Core Worker improperly handles memory.\n (CVE-2020-1352)\n\n - An elevation of privilege vulnerability exists when the Windows Modules Installer improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges.\n (CVE-2020-1346)\n\n - An elevation of privilege vulnerability exists when Windows improperly handles COM object creation. An attacker who successfully exploited the vulnerability could run arbitrary code with elevated privileges.\n (CVE-2020-1375)\n\n - A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage. The security update addresses the vulnerability by correcting how DirectWrite handles objects in memory. (CVE-2020-1409)\n\n - An elevation of privilege vulnerability exists when the Windows AppX Deployment Extensions improperly performs privilege management, resulting in access to system files. (CVE-2020-1431)\n\n - An elevation of privilege vulnerability exists when the Windows Profile Service improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges.\n (CVE-2020-1360)\n\n - An elevation of privilege vulnerability exists when Windows Mobile Device Management (MDM) Diagnostics improperly handles objects in memory. An attacker who successfully exploited this vulnerability could bypass access restrictions to delete files. (CVE-2020-1372)\n\n - An elevation of privilege vulnerability exists when the Windows Picker Platform improperly handles memory.\n (CVE-2020-1363)\n\n - An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC). An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2020-1396)\n\n - A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2020-1403)\n\n - A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server. An attacker who successfully exploited this vulnerability could execute arbitrary code on the computer of the connecting client. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2020-1374)\n\n - A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted fonts. For all systems except Windows 10, an attacker who successfully exploited the vulnerability could execute code remotely. For systems running Windows 10, an attacker who successfully exploited the vulnerability could execute code in an AppContainer sandbox context with limited privileges and capabilities. An attacker could then install programs;\n view, change, or delete data; or create new accounts with full user rights. There are multiple ways an attacker could exploit the vulnerability:\n (CVE-2020-1436)\n\n - An elevation of privilege vulnerability exists in the way that the Credential Enrollment Manager service handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1368)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Network List Service handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1406)\n\n - An information disclosure vulnerability exists when the Windows Graphics component improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. An authenticated attacker could exploit this vulnerability by running a specially crafted application. The update addresses the vulnerability by correcting how the Windows Graphics Component handles objects in memory. (CVE-2020-1351)\n\n - An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory. (CVE-2020-1468)\n\n - An elevation of privilege vulnerability exists when the Windows Event Logging Service improperly handles memory.\n (CVE-2020-1365, CVE-2020-1371)\n\n - An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2020-1389, CVE-2020-1419)\n\n - An elevation of privilege vulnerability exists when the Windows Print Workflow Service improperly handles objects in memory. An attacker who successfully exploited this vulnerability could gain elevated privileges and break out of the AppContainer sandbox.\n (CVE-2020-1366)\n\n - An elevation of privilege vulnerability exists in the way that the Windows WalletService handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1344, CVE-2020-1362, CVE-2020-1369)\n\n - An elevation of privilege vulnerability exists when the Windows ActiveX Installer Service improperly handles memory. (CVE-2020-1402)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Geolocation Framework handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1394)\n\n - An information vulnerability exists when Windows Connected User Experiences and Telemetry Service improperly discloses file information. Successful exploitation of the vulnerability could allow the attacker to read any file on the file system.\n (CVE-2020-1386)\n\n - This security update corrects a denial of service in the Local Security Authority Subsystem Service (LSASS) caused when an authenticated attacker sends a specially crafted authentication request. A remote attacker who successfully exploited this vulnerability could cause a denial of service on the target system's LSASS service, which triggers an automatic reboot of the system. The security update addresses the vulnerability by changing the way that LSASS handles specially crafted authentication requests. (CVE-2020-1267)\n\n - An elevation of privilege vulnerability exists when the Windows Delivery Optimization service improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2020-1392)\n\n - A remote code execution vulnerability exists when Windows Address Book (WAB) improperly processes vcard files. (CVE-2020-1410)\n\n - An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The update addresses the vulnerability by correcting the way the Windows Runtime handles objects in memory.\n (CVE-2020-1249, CVE-2020-1353, CVE-2020-1370, CVE-2020-1399, CVE-2020-1404, CVE-2020-1413, CVE-2020-1414, CVE-2020-1415, CVE-2020-1422)\n\n - An elevation of privilege vulnerability exists when the Windows UPnP Device Host improperly handles memory.\n (CVE-2020-1354, CVE-2020-1430)\n\n - An elevation of privilege vulnerability exists when the Windows Update Stack fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1424)\n\n - An elevation of privilege vulnerability exists in the way that the SharedStream Library handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1463)\n\n - An elevation of privilege vulnerability exists when Group Policy Services Policy Processing improperly handle reparse points. An attacker who successfully exploited this vulnerability could overwrite a targeted file that would normally require elevated permissions.\n (CVE-2020-1333)\n\n - An elevation of privilege vulnerability exists in the way the Windows Push Notification Service handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could then install programs; view, change or delete data. (CVE-2020-1387)\n\n - A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited the vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1408)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory.\n An attacker who successfully exploited the vulnerability could execute code with elevated permissions.\n (CVE-2020-1336)\n\n - An elevation of privilege vulnerability exists when the Windows Storage Services improperly handle file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges.\n (CVE-2020-1347)\n\n - A denial of service vulnerability exists in the way that the WalletService handles files. An attacker who successfully exploited the vulnerability could corrupt system files. (CVE-2020-1364)\n\n - An information disclosure vulnerability exists when Skype for Business is accessed via Internet Explorer. An attacker who exploited the vulnerability could cause the user to place a call without additional consent, leading to information disclosure of the user profile. For the vulnerability to be exploited, a user must click a specially crafted URL that prompts the Skype app.\n (CVE-2020-1432)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Network Location Awareness Service handles objects in memory. An attacker who successfully exploited the vulnerability could allow an application with limited privileges on an affected system to execute code at a medium integrity level. (CVE-2020-1437)\n\n - An elevation of privilege vulnerability exists when the Windows Diagnostics Hub Standard Collector Service fails to properly sanitize input, leading to an unsecure library-loading behavior. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2020-1393)\n\n - A remote code execution vulnerability exists in .NET Framework, Microsoft SharePoint, and Visual Studio when the software fails to check the source markup of XML file input. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the process responsible for deserialization of the XML content. (CVE-2020-1147)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Network Connections Service handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1373, CVE-2020-1390, CVE-2020-1427, CVE-2020-1428, CVE-2020-1438)\n\n - An elevation of privilege vulnerability exists when the Windows Cryptography Next Generation (CNG) Key Isolation service improperly handles memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. (CVE-2020-1359, CVE-2020-1384)\n\n - An information disclosure vulnerability exists when the Windows Resource Policy component improperly handles memory. (CVE-2020-1358)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Speech Brokered API handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1395)\n\n - An information disclosure vulnerability exists when Windows Error Reporting improperly handles file operations. (CVE-2020-1420)\n\n - A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code on a target system. (CVE-2020-1412)\n\n - An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. An authenticated attacker could exploit this vulnerability by running a specially crafted application. The update addresses the vulnerability by correcting how the Windows kernel handles objects in memory. (CVE-2020-1426)\n\n - An information disclosure vulnerability exists when Microsoft Edge PDF Reader improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2020-1433)\n\n - A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory. (CVE-2020-1400, CVE-2020-1401, CVE-2020-1407)\n\n - An elevation of privilege vulnerability exists when Windows Error Reporting manager improperly handles a process crash. An attacker who successfully exploited this vulnerability could delete a targeted file leading to an elevated status. (CVE-2020-1429)\n\n - An elevation of privilege vulnerability exists in the way that the psmsrv.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.\n (CVE-2020-1388)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Credential Picker handles objects in memory. An attacker who successfully exploited the vulnerability could allow an application with limited privileges on an affected system to execute code at a medium integrity level. (CVE-2020-1385)\n\n - A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. (CVE-2020-1421)\n\n - An information disclosure vulnerability exists in Windows when the Windows Imaging Component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user's system.\n There are multiple ways an attacker could exploit this vulnerability: (CVE-2020-1397)\n\n - A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1435)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Function Discovery Service handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1085)\n\n - An information disclosure vulnerability exists in the way that the WalletService handles memory.\n (CVE-2020-1361)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Sync Host Service handles objects in memory. An attacker who successfully exploited the vulnerability could allow an application with limited privileges on an affected system to execute code at a medium integrity level. (CVE-2020-1434)\n\n - An information disclosure vulnerability exists when Skype for Business is accessed via Microsoft Edge (EdgeHTML-based). An attacker who exploited the vulnerability could cause the user to place a call without additional consent, leading to information disclosure of the user profile. For the vulnerability to be exploited, a user must click a specially crafted URL that prompts the Skype app. (CVE-2020-1462)\n\n - An elevation of privilege vulnerability exists when Windows Lockscreen fails to properly handle Ease of Access dialog. An attacker who successfully exploited the vulnerability could execute commands with elevated permissions. The security update addresses the vulnerability by ensuring that the Ease of Access dialog is handled properly. (CVE-2020-1398)", "cvss3": {}, "published": "2020-07-14T00:00:00", "type": "nessus", "title": "KB4565489: Windows 10 Version 1803 July 2020 Security Update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-1085", "CVE-2020-1147", "CVE-2020-1249", "CVE-2020-1267", "CVE-2020-1333", "CVE-2020-1336", "CVE-2020-1344", "CVE-2020-1346", "CVE-2020-1347", "CVE-2020-1351", "CVE-2020-1352", "CVE-2020-1353", "CVE-2020-1354", "CVE-2020-1357", "CVE-2020-1358", "CVE-2020-1359", "CVE-2020-1360", "CVE-2020-1361", "CVE-2020-1362", "CVE-2020-1363", "CVE-2020-1364", "CVE-2020-1365", "CVE-2020-1366", "CVE-2020-1368", "CVE-2020-1369", "CVE-2020-1370", "CVE-2020-1371", "CVE-2020-1372", "CVE-2020-1373", "CVE-2020-1374", "CVE-2020-1375", "CVE-2020-1384", "CVE-2020-1385", "CVE-2020-1386", "CVE-2020-1387", "CVE-2020-1388", "CVE-2020-1389", "CVE-2020-1390", "CVE-2020-1392", "CVE-2020-1393", "CVE-2020-1394", "CVE-2020-1395", "CVE-2020-1396", "CVE-2020-1397", "CVE-2020-1398", "CVE-2020-1399", "CVE-2020-1400", "CVE-2020-1401", "CVE-2020-1402", "CVE-2020-1403", "CVE-2020-1404", "CVE-2020-1406", "CVE-2020-1407", "CVE-2020-1408", "CVE-2020-1409", "CVE-2020-1410", "CVE-2020-1411", "CVE-2020-1412", "CVE-2020-1413", "CVE-2020-1414", "CVE-2020-1415", "CVE-2020-1418", "CVE-2020-1419", "CVE-2020-1420", "CVE-2020-1421", "CVE-2020-1422", "CVE-2020-1424", "CVE-2020-1426", "CVE-2020-1427", "CVE-2020-1428", "CVE-2020-1429", "CVE-2020-1430", "CVE-2020-1431", "CVE-2020-1432", "CVE-2020-1433", "CVE-2020-1434", "CVE-2020-1435", "CVE-2020-1436", "CVE-2020-1437", "CVE-2020-1438", "CVE-2020-1462", "CVE-2020-1463", "CVE-2020-1468"], "modified": "2023-01-24T00:00:00", "cpe": ["cpe:/o:microsoft:windows", "cpe:/a:microsoft:edge"], "id": "SMB_NT_MS20_JUL_4565489.NASL", "href": "https://www.tenable.com/plugins/nessus/138455", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(138455);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/24\");\n\n script_cve_id(\n \"CVE-2020-1085\",\n \"CVE-2020-1147\",\n \"CVE-2020-1249\",\n \"CVE-2020-1267\",\n \"CVE-2020-1333\",\n \"CVE-2020-1336\",\n \"CVE-2020-1344\",\n \"CVE-2020-1346\",\n \"CVE-2020-1347\",\n \"CVE-2020-1351\",\n \"CVE-2020-1352\",\n \"CVE-2020-1353\",\n \"CVE-2020-1354\",\n \"CVE-2020-1357\",\n \"CVE-2020-1358\",\n \"CVE-2020-1359\",\n \"CVE-2020-1360\",\n \"CVE-2020-1361\",\n \"CVE-2020-1362\",\n \"CVE-2020-1363\",\n \"CVE-2020-1364\",\n \"CVE-2020-1365\",\n \"CVE-2020-1366\",\n \"CVE-2020-1368\",\n \"CVE-2020-1369\",\n \"CVE-2020-1370\",\n \"CVE-2020-1371\",\n \"CVE-2020-1372\",\n \"CVE-2020-1373\",\n \"CVE-2020-1374\",\n \"CVE-2020-1375\",\n \"CVE-2020-1384\",\n \"CVE-2020-1385\",\n \"CVE-2020-1386\",\n \"CVE-2020-1387\",\n \"CVE-2020-1388\",\n \"CVE-2020-1389\",\n \"CVE-2020-1390\",\n \"CVE-2020-1392\",\n \"CVE-2020-1393\",\n \"CVE-2020-1394\",\n \"CVE-2020-1395\",\n \"CVE-2020-1396\",\n \"CVE-2020-1397\",\n \"CVE-2020-1398\",\n \"CVE-2020-1399\",\n \"CVE-2020-1400\",\n \"CVE-2020-1401\",\n \"CVE-2020-1402\",\n \"CVE-2020-1403\",\n \"CVE-2020-1404\",\n \"CVE-2020-1406\",\n \"CVE-2020-1407\",\n \"CVE-2020-1408\",\n \"CVE-2020-1409\",\n \"CVE-2020-1410\",\n \"CVE-2020-1411\",\n \"CVE-2020-1412\",\n \"CVE-2020-1413\",\n \"CVE-2020-1414\",\n \"CVE-2020-1415\",\n \"CVE-2020-1418\",\n \"CVE-2020-1419\",\n \"CVE-2020-1420\",\n \"CVE-2020-1421\",\n \"CVE-2020-1422\",\n \"CVE-2020-1424\",\n \"CVE-2020-1426\",\n \"CVE-2020-1427\",\n \"CVE-2020-1428\",\n \"CVE-2020-1429\",\n \"CVE-2020-1430\",\n \"CVE-2020-1431\",\n \"CVE-2020-1432\",\n \"CVE-2020-1433\",\n \"CVE-2020-1434\",\n \"CVE-2020-1435\",\n \"CVE-2020-1436\",\n \"CVE-2020-1437\",\n \"CVE-2020-1438\",\n \"CVE-2020-1462\",\n \"CVE-2020-1463\",\n \"CVE-2020-1468\"\n );\n script_xref(name:\"MSKB\", value:\"4565489\");\n script_xref(name:\"MSFT\", value:\"MS20-4565489\");\n script_xref(name:\"IAVA\", value:\"2020-A-0300-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0302-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0313-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/03\");\n\n script_name(english:\"KB4565489: Windows 10 Version 1803 July 2020 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4565489. It is, \ntherefore, affected by multiple vulnerabilities :\n\n - An elevation of privilege vulnerability exists when the\n Windows System Events Broker improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could gain elevated privileges.\n (CVE-2020-1357)\n\n - An elevation of privilege vulnerability exists when the\n Windows kernel fails to properly handle objects in\n memory. An attacker who successfully exploited this\n vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change,\n or delete data; or create new accounts with full user\n rights. (CVE-2020-1411)\n\n - An elevation of privilege vulnerability exists when the\n Windows Diagnostics Execution Service fails to properly\n sanitize input, leading to an unsecure library-loading\n behavior. An attacker who successfully exploited this\n vulnerability could run arbitrary code with elevated\n system privileges. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. (CVE-2020-1418)\n\n - An elevation of privilege vulnerability exists when the\n Windows USO Core Worker improperly handles memory.\n (CVE-2020-1352)\n\n - An elevation of privilege vulnerability exists when the\n Windows Modules Installer improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could gain elevated privileges.\n (CVE-2020-1346)\n\n - An elevation of privilege vulnerability exists when\n Windows improperly handles COM object creation. An\n attacker who successfully exploited the vulnerability\n could run arbitrary code with elevated privileges.\n (CVE-2020-1375)\n\n - A remote code execution vulnerability exists in the way\n that DirectWrite handles objects in memory. An attacker\n who successfully exploited this vulnerability could take\n control of the affected system. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights. There are\n multiple ways an attacker could exploit the\n vulnerability, such as by convincing a user to open a\n specially crafted document, or by convincing a user to\n visit an untrusted webpage. The security update\n addresses the vulnerability by correcting how\n DirectWrite handles objects in memory. (CVE-2020-1409)\n\n - An elevation of privilege vulnerability exists when the\n Windows AppX Deployment Extensions improperly performs\n privilege management, resulting in access to system\n files. (CVE-2020-1431)\n\n - An elevation of privilege vulnerability exists when the\n Windows Profile Service improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could gain elevated privileges.\n (CVE-2020-1360)\n\n - An elevation of privilege vulnerability exists when\n Windows Mobile Device Management (MDM) Diagnostics\n improperly handles objects in memory. An attacker who\n successfully exploited this vulnerability could bypass\n access restrictions to delete files. (CVE-2020-1372)\n\n - An elevation of privilege vulnerability exists when the\n Windows Picker Platform improperly handles memory.\n (CVE-2020-1363)\n\n - An elevation of privilege vulnerability exists when\n Windows improperly handles calls to Advanced Local\n Procedure Call (ALPC). An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n the security context of the local system. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n (CVE-2020-1396)\n\n - A remote code execution vulnerability exists in the way\n that the VBScript engine handles objects in memory. The\n vulnerability could corrupt memory in such a way that an\n attacker could execute arbitrary code in the context of\n the current user. An attacker who successfully exploited\n the vulnerability could gain the same user rights as the\n current user. (CVE-2020-1403)\n\n - A remote code execution vulnerability exists in the\n Windows Remote Desktop Client when a user connects to a\n malicious server. An attacker who successfully exploited\n this vulnerability could execute arbitrary code on the\n computer of the connecting client. An attacker could\n then install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2020-1374)\n\n - A remote code execution vulnerability exists when the\n Windows font library improperly handles specially\n crafted fonts. For all systems except Windows 10, an\n attacker who successfully exploited the vulnerability\n could execute code remotely. For systems running Windows\n 10, an attacker who successfully exploited the\n vulnerability could execute code in an AppContainer\n sandbox context with limited privileges and\n capabilities. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. There are multiple ways an\n attacker could exploit the vulnerability:\n (CVE-2020-1436)\n\n - An elevation of privilege vulnerability exists in the\n way that the Credential Enrollment Manager service\n handles objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2020-1368)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Network List Service handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2020-1406)\n\n - An information disclosure vulnerability exists when the\n Windows Graphics component improperly handles objects in\n memory. An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. An authenticated attacker\n could exploit this vulnerability by running a specially\n crafted application. The update addresses the\n vulnerability by correcting how the Windows Graphics\n Component handles objects in memory. (CVE-2020-1351)\n\n - An information disclosure vulnerability exists when the\n Windows GDI component improperly discloses the contents\n of its memory. An attacker who successfully exploited\n the vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document,\n or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by\n correcting how the Windows GDI component handles objects\n in memory. (CVE-2020-1468)\n\n - An elevation of privilege vulnerability exists when the\n Windows Event Logging Service improperly handles memory.\n (CVE-2020-1365, CVE-2020-1371)\n\n - An information disclosure vulnerability exists when the\n Windows kernel fails to properly initialize a memory\n address. An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. (CVE-2020-1389,\n CVE-2020-1419)\n\n - An elevation of privilege vulnerability exists when the\n Windows Print Workflow Service improperly handles\n objects in memory. An attacker who successfully\n exploited this vulnerability could gain elevated\n privileges and break out of the AppContainer sandbox.\n (CVE-2020-1366)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows WalletService handles objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute code with elevated\n permissions. (CVE-2020-1344, CVE-2020-1362,\n CVE-2020-1369)\n\n - An elevation of privilege vulnerability exists when the\n Windows ActiveX Installer Service improperly handles\n memory. (CVE-2020-1402)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Geolocation Framework handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2020-1394)\n\n - An information vulnerability exists when Windows\n Connected User Experiences and Telemetry Service\n improperly discloses file information. Successful\n exploitation of the vulnerability could allow the\n attacker to read any file on the file system.\n (CVE-2020-1386)\n\n - This security update corrects a denial of service in the\n Local Security Authority Subsystem Service (LSASS)\n caused when an authenticated attacker sends a specially\n crafted authentication request. A remote attacker who\n successfully exploited this vulnerability could cause a\n denial of service on the target system's LSASS service,\n which triggers an automatic reboot of the system. The\n security update addresses the vulnerability by changing\n the way that LSASS handles specially crafted\n authentication requests. (CVE-2020-1267)\n\n - An elevation of privilege vulnerability exists when the\n Windows Delivery Optimization service improperly handles\n objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code\n with elevated system privileges. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2020-1392)\n\n - A remote code execution vulnerability exists when\n Windows Address Book (WAB) improperly processes vcard\n files. (CVE-2020-1410)\n\n - An elevation of privilege vulnerability exists when the\n Windows Runtime improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could run arbitrary code in an elevated context. An\n attacker could exploit this vulnerability by running a\n specially crafted application on the victim system. The\n update addresses the vulnerability by correcting the way\n the Windows Runtime handles objects in memory.\n (CVE-2020-1249, CVE-2020-1353, CVE-2020-1370,\n CVE-2020-1399, CVE-2020-1404, CVE-2020-1413,\n CVE-2020-1414, CVE-2020-1415, CVE-2020-1422)\n\n - An elevation of privilege vulnerability exists when the\n Windows UPnP Device Host improperly handles memory.\n (CVE-2020-1354, CVE-2020-1430)\n\n - An elevation of privilege vulnerability exists when the\n Windows Update Stack fails to properly handle objects in\n memory. An attacker who successfully exploited this\n vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change,\n or delete data; or create new accounts with full user\n rights. (CVE-2020-1424)\n\n - An elevation of privilege vulnerability exists in the\n way that the SharedStream Library handles objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute code with elevated\n permissions. (CVE-2020-1463)\n\n - An elevation of privilege vulnerability exists when\n Group Policy Services Policy Processing improperly\n handle reparse points. An attacker who successfully\n exploited this vulnerability could overwrite a targeted\n file that would normally require elevated permissions.\n (CVE-2020-1333)\n\n - An elevation of privilege vulnerability exists in the\n way the Windows Push Notification Service handles\n objects in memory. An attacker who successfully\n exploited this vulnerability could run processes in an\n elevated context. An attacker could then install\n programs; view, change or delete data. (CVE-2020-1387)\n\n - A remote code execution vulnerability exists when the\n Windows font library improperly handles specially\n crafted embedded fonts. An attacker who successfully\n exploited the vulnerability could take control of the\n affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. (CVE-2020-1408)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Kernel handles objects in memory.\n An attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2020-1336)\n\n - An elevation of privilege vulnerability exists when the\n Windows Storage Services improperly handle file\n operations. An attacker who successfully exploited this\n vulnerability could gain elevated privileges.\n (CVE-2020-1347)\n\n - A denial of service vulnerability exists in the way that\n the WalletService handles files. An attacker who\n successfully exploited the vulnerability could corrupt\n system files. (CVE-2020-1364)\n\n - An information disclosure vulnerability exists when\n Skype for Business is accessed via Internet Explorer. An\n attacker who exploited the vulnerability could cause the\n user to place a call without additional consent, leading\n to information disclosure of the user profile. For the\n vulnerability to be exploited, a user must click a\n specially crafted URL that prompts the Skype app.\n (CVE-2020-1432)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Network Location Awareness Service\n handles objects in memory. An attacker who successfully\n exploited the vulnerability could allow an application\n with limited privileges on an affected system to execute\n code at a medium integrity level. (CVE-2020-1437)\n\n - An elevation of privilege vulnerability exists when the\n Windows Diagnostics Hub Standard Collector Service fails\n to properly sanitize input, leading to an unsecure\n library-loading behavior. An attacker who successfully\n exploited this vulnerability could run arbitrary code\n with elevated system privileges. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2020-1393)\n\n - A remote code execution vulnerability exists in .NET\n Framework, Microsoft SharePoint, and Visual Studio when\n the software fails to check the source markup of XML\n file input. An attacker who successfully exploited the\n vulnerability could run arbitrary code in the context of\n the process responsible for deserialization of the XML\n content. (CVE-2020-1147)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Network Connections Service handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2020-1373, CVE-2020-1390,\n CVE-2020-1427, CVE-2020-1428, CVE-2020-1438)\n\n - An elevation of privilege vulnerability exists when the\n Windows Cryptography Next Generation (CNG) Key Isolation\n service improperly handles memory. An attacker who\n successfully exploited this vulnerability could run\n processes in an elevated context. (CVE-2020-1359,\n CVE-2020-1384)\n\n - An information disclosure vulnerability exists when the\n Windows Resource Policy component improperly handles\n memory. (CVE-2020-1358)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Speech Brokered API handles objects\n in memory. An attacker who successfully exploited the\n vulnerability could execute code with elevated\n permissions. (CVE-2020-1395)\n\n - An information disclosure vulnerability exists when\n Windows Error Reporting improperly handles file\n operations. (CVE-2020-1420)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft Graphics Components handle objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute arbitrary code on a target\n system. (CVE-2020-1412)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. An authenticated attacker could exploit this\n vulnerability by running a specially crafted\n application. The update addresses the vulnerability by\n correcting how the Windows kernel handles objects in\n memory. (CVE-2020-1426)\n\n - An information disclosure vulnerability exists when\n Microsoft Edge PDF Reader improperly handles objects in\n memory. An attacker who successfully exploited the\n vulnerability could obtain information to further\n compromise the users system. (CVE-2020-1433)\n\n - A remote code execution vulnerability exists when the\n Windows Jet Database Engine improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on a victim\n system. An attacker could exploit this vulnerability by\n enticing a victim to open a specially crafted file. The\n update addresses the vulnerability by correcting the way\n the Windows Jet Database Engine handles objects in\n memory. (CVE-2020-1400, CVE-2020-1401, CVE-2020-1407)\n\n - An elevation of privilege vulnerability exists when\n Windows Error Reporting manager improperly handles a\n process crash. An attacker who successfully exploited\n this vulnerability could delete a targeted file leading\n to an elevated status. (CVE-2020-1429)\n\n - An elevation of privilege vulnerability exists in the\n way that the psmsrv.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2020-1388)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Credential Picker handles objects\n in memory. An attacker who successfully exploited the\n vulnerability could allow an application with limited\n privileges on an affected system to execute code at a\n medium integrity level. (CVE-2020-1385)\n\n - A remote code execution vulnerability exists in\n Microsoft Windows that could allow remote code execution\n if a .LNK file is processed. An attacker who\n successfully exploited this vulnerability could gain the\n same user rights as the local user. (CVE-2020-1421)\n\n - An information disclosure vulnerability exists in\n Windows when the Windows Imaging Component fails to\n properly handle objects in memory. An attacker who\n successfully exploited this vulnerability could obtain\n information to further compromise the user's system.\n There are multiple ways an attacker could exploit this\n vulnerability: (CVE-2020-1397)\n\n - A remote code execution vulnerability exists in the way\n that the Windows Graphics Device Interface (GDI) handles\n objects in the memory. An attacker who successfully\n exploited this vulnerability could take control of the\n affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. (CVE-2020-1435)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Function Discovery Service handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2020-1085)\n\n - An information disclosure vulnerability exists in the\n way that the WalletService handles memory.\n (CVE-2020-1361)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Sync Host Service handles objects\n in memory. An attacker who successfully exploited the\n vulnerability could allow an application with limited\n privileges on an affected system to execute code at a\n medium integrity level. (CVE-2020-1434)\n\n - An information disclosure vulnerability exists when\n Skype for Business is accessed via Microsoft Edge\n (EdgeHTML-based). An attacker who exploited the\n vulnerability could cause the user to place a call\n without additional consent, leading to information\n disclosure of the user profile. For the vulnerability to\n be exploited, a user must click a specially crafted URL\n that prompts the Skype app. (CVE-2020-1462)\n\n - An elevation of privilege vulnerability exists when\n Windows Lockscreen fails to properly handle Ease of\n Access dialog. An attacker who successfully exploited\n the vulnerability could execute commands with elevated\n permissions. The security update addresses the\n vulnerability by ensuring that the Ease of Access dialog\n is handled properly. (CVE-2020-1398)\");\n # https://support.microsoft.com/en-us/help/4565489/windows-10-update-kb4565489\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?e6e77e0f\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update KB4565489.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-1435\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-1436\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'SharePoint DataSet / DataTable Deserialization');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/07/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/07/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('smb_func.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_reg_query.inc');\ninclude('install_func.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = 'MS20-07';\nkbs = make_list(\n '4565489'\n);\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:'10',\n sp:0,\n os_build:'17134',\n rollup_date:'07_2020',\n bulletin:bulletin,\n rollup_kb_list:[4565489])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n\n\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:04:05", "description": "The remote Windows host is missing security update 4565540 or cumulative update 4565541. It is, therefore, affected by multiple vulnerabilities :\n\n - A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage. The security update addresses the vulnerability by correcting how DirectWrite handles objects in memory. (CVE-2020-1409)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Credential Picker handles objects in memory. An attacker who successfully exploited the vulnerability could allow an application with limited privileges on an affected system to execute code at a medium integrity level. (CVE-2020-1385)\n\n - An elevation of privilege vulnerability exists when the Windows Profile Service improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges.\n (CVE-2020-1360)\n\n - A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2020-1403)\n\n - A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server. An attacker who successfully exploited this vulnerability could execute arbitrary code on the computer of the connecting client. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2020-1374)\n\n - A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted fonts. For all systems except Windows 10, an attacker who successfully exploited the vulnerability could execute code remotely. For systems running Windows 10, an attacker who successfully exploited the vulnerability could execute code in an AppContainer sandbox context with limited privileges and capabilities. An attacker could then install programs;\n view, change, or delete data; or create new accounts with full user rights. There are multiple ways an attacker could exploit the vulnerability:\n (CVE-2020-1436)\n\n - An elevation of privilege vulnerability exists in the way that the Credential Enrollment Manager service handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1368)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Network List Service handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1406)\n\n - An elevation of privilege vulnerability exists when the Windows UPnP Device Host improperly handles memory.\n (CVE-2020-1354, CVE-2020-1430)\n\n - An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory. (CVE-2020-1468)\n\n - An elevation of privilege vulnerability exists when the Windows Event Logging Service improperly handles memory.\n (CVE-2020-1365, CVE-2020-1371)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Network Location Awareness Service handles objects in memory. An attacker who successfully exploited the vulnerability could allow an application with limited privileges on an affected system to execute code at a medium integrity level. (CVE-2020-1437)\n\n - An information disclosure vulnerability exists in Windows when the Windows Imaging Component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user's system.\n There are multiple ways an attacker could exploit this vulnerability: (CVE-2020-1397)\n\n - A remote code execution vulnerability exists when Windows Address Book (WAB) improperly processes vcard files. (CVE-2020-1410)\n\n - An information disclosure vulnerability exists when the Windows Graphics component improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. An authenticated attacker could exploit this vulnerability by running a specially crafted application. The update addresses the vulnerability by correcting how the Windows Graphics Component handles objects in memory. (CVE-2020-1351)\n\n - An elevation of privilege vulnerability exists when Group Policy Services Policy Processing improperly handle reparse points. An attacker who successfully exploited this vulnerability could overwrite a targeted file that would normally require elevated permissions.\n (CVE-2020-1333)\n\n - A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited the vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1408)\n\n - An elevation of privilege vulnerability exists when the Windows Modules Installer improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges.\n (CVE-2020-1346)\n\n - An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC). An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2020-1396)\n\n - An information disclosure vulnerability exists when Skype for Business is accessed via Internet Explorer. An attacker who exploited the vulnerability could cause the user to place a call without additional consent, leading to information disclosure of the user profile. For the vulnerability to be exploited, a user must click a specially crafted URL that prompts the Skype app.\n (CVE-2020-1432)\n\n - An elevation of privilege vulnerability exists when the Windows ActiveX Installer Service improperly handles memory. (CVE-2020-1402)\n\n - A remote code execution vulnerability exists in .NET Framework, Microsoft SharePoint, and Visual Studio when the software fails to check the source markup of XML file input. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the process responsible for deserialization of the XML content. (CVE-2020-1147)\n\n - An elevation of privilege vulnerability exists when the Windows Cryptography Next Generation (CNG) Key Isolation service improperly handles memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. (CVE-2020-1359, CVE-2020-1384)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Network Connections Service handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1373, CVE-2020-1390, CVE-2020-1427, CVE-2020-1428, CVE-2020-1438)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Function Discovery Service handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1085)\n\n - A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code on a target system. (CVE-2020-1412)\n\n - A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory. (CVE-2020-1400, CVE-2020-1401, CVE-2020-1407)\n\n - An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2020-1389, CVE-2020-1419)\n\n - An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The update addresses the vulnerability by correcting the way the Windows Runtime handles objects in memory.\n (CVE-2020-1249, CVE-2020-1399)\n\n - An elevation of privilege vulnerability exists when the Windows iSCSI Target Service improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges.\n (CVE-2020-1356)\n\n - This security update corrects a denial of service in the Local Security Authority Subsystem Service (LSASS) caused when an authenticated attacker sends a specially crafted authentication request. A remote attacker who successfully exploited this vulnerability could cause a denial of service on the target system's LSASS service, which triggers an automatic reboot of the system. The security update addresses the vulnerability by changing the way that LSASS handles specially crafted authentication requests. (CVE-2020-1267)\n\n - A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1435)\n\n - A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. (CVE-2020-1421)", "cvss3": {}, "published": "2020-07-14T00:00:00", "type": "nessus", "title": "KB4565540: Windows 8.1 and Windows Server 2012 R2 July 2020 Security Update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-1085", "CVE-2020-1147", "CVE-2020-1249", "CVE-2020-1267", "CVE-2020-1333", "CVE-2020-1346", "CVE-2020-1351", "CVE-2020-1354", "CVE-2020-1356", "CVE-2020-1359", "CVE-2020-1360", "CVE-2020-1365", "CVE-2020-1368", "CVE-2020-1371", "CVE-2020-1373", "CVE-2020-1374", "CVE-2020-1384", "CVE-2020-1385", "CVE-2020-1389", "CVE-2020-1390", "CVE-2020-1396", "CVE-2020-1397", "CVE-2020-1399", "CVE-2020-1400", "CVE-2020-1401", "CVE-2020-1402", "CVE-2020-1403", "CVE-2020-1406", "CVE-2020-1407", "CVE-2020-1408", "CVE-2020-1409", "CVE-2020-1410", "CVE-2020-1412", "CVE-2020-1419", "CVE-2020-1421", "CVE-2020-1427", "CVE-2020-1428", "CVE-2020-1430", "CVE-2020-1432", "CVE-2020-1435", "CVE-2020-1436", "CVE-2020-1437", "CVE-2020-1438", "CVE-2020-1468"], "modified": "2023-04-25T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS20_JUL_4565541.NASL", "href": "https://www.tenable.com/plugins/nessus/138463", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(138463);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/04/25\");\n\n script_cve_id(\n \"CVE-2020-1085\",\n \"CVE-2020-1147\",\n \"CVE-2020-1249\",\n \"CVE-2020-1267\",\n \"CVE-2020-1333\",\n \"CVE-2020-1346\",\n \"CVE-2020-1351\",\n \"CVE-2020-1354\",\n \"CVE-2020-1356\",\n \"CVE-2020-1359\",\n \"CVE-2020-1360\",\n \"CVE-2020-1365\",\n \"CVE-2020-1368\",\n \"CVE-2020-1371\",\n \"CVE-2020-1373\",\n \"CVE-2020-1374\",\n \"CVE-2020-1384\",\n \"CVE-2020-1385\",\n \"CVE-2020-1389\",\n \"CVE-2020-1390\",\n \"CVE-2020-1396\",\n \"CVE-2020-1397\",\n \"CVE-2020-1399\",\n \"CVE-2020-1400\",\n \"CVE-2020-1401\",\n \"CVE-2020-1402\",\n \"CVE-2020-1403\",\n \"CVE-2020-1406\",\n \"CVE-2020-1407\",\n \"CVE-2020-1408\",\n \"CVE-2020-1409\",\n \"CVE-2020-1410\",\n \"CVE-2020-1412\",\n \"CVE-2020-1419\",\n \"CVE-2020-1421\",\n \"CVE-2020-1427\",\n \"CVE-2020-1428\",\n \"CVE-2020-1430\",\n \"CVE-2020-1432\",\n \"CVE-2020-1435\",\n \"CVE-2020-1436\",\n \"CVE-2020-1437\",\n \"CVE-2020-1438\",\n \"CVE-2020-1468\"\n );\n script_xref(name:\"MSKB\", value:\"4565540\");\n script_xref(name:\"MSKB\", value:\"4565541\");\n script_xref(name:\"MSFT\", value:\"MS20-4565540\");\n script_xref(name:\"MSFT\", value:\"MS20-4565541\");\n script_xref(name:\"IAVA\", value:\"2020-A-0306-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0313-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/03\");\n\n script_name(english:\"KB4565540: Windows 8.1 and Windows Server 2012 R2 July 2020 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4565540\nor cumulative update 4565541. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - A remote code execution vulnerability exists in the way\n that DirectWrite handles objects in memory. An attacker\n who successfully exploited this vulnerability could take\n control of the affected system. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights. There are\n multiple ways an attacker could exploit the\n vulnerability, such as by convincing a user to open a\n specially crafted document, or by convincing a user to\n visit an untrusted webpage. The security update\n addresses the vulnerability by correcting how\n DirectWrite handles objects in memory. (CVE-2020-1409)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Credential Picker handles objects\n in memory. An attacker who successfully exploited the\n vulnerability could allow an application with limited\n privileges on an affected system to execute code at a\n medium integrity level. (CVE-2020-1385)\n\n - An elevation of privilege vulnerability exists when the\n Windows Profile Service improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could gain elevated privileges.\n (CVE-2020-1360)\n\n - A remote code execution vulnerability exists in the way\n that the VBScript engine handles objects in memory. The\n vulnerability could corrupt memory in such a way that an\n attacker could execute arbitrary code in the context of\n the current user. An attacker who successfully exploited\n the vulnerability could gain the same user rights as the\n current user. (CVE-2020-1403)\n\n - A remote code execution vulnerability exists in the\n Windows Remote Desktop Client when a user connects to a\n malicious server. An attacker who successfully exploited\n this vulnerability could execute arbitrary code on the\n computer of the connecting client. An attacker could\n then install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2020-1374)\n\n - A remote code execution vulnerability exists when the\n Windows font library improperly handles specially\n crafted fonts. For all systems except Windows 10, an\n attacker who successfully exploited the vulnerability\n could execute code remotely. For systems running Windows\n 10, an attacker who successfully exploited the\n vulnerability could execute code in an AppContainer\n sandbox context with limited privileges and\n capabilities. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. There are multiple ways an\n attacker could exploit the vulnerability:\n (CVE-2020-1436)\n\n - An elevation of privilege vulnerability exists in the\n way that the Credential Enrollment Manager service\n handles objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2020-1368)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Network List Service handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2020-1406)\n\n - An elevation of privilege vulnerability exists when the\n Windows UPnP Device Host improperly handles memory.\n (CVE-2020-1354, CVE-2020-1430)\n\n - An information disclosure vulnerability exists when the\n Windows GDI component improperly discloses the contents\n of its memory. An attacker who successfully exploited\n the vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document,\n or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by\n correcting how the Windows GDI component handles objects\n in memory. (CVE-2020-1468)\n\n - An elevation of privilege vulnerability exists when the\n Windows Event Logging Service improperly handles memory.\n (CVE-2020-1365, CVE-2020-1371)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Network Location Awareness Service\n handles objects in memory. An attacker who successfully\n exploited the vulnerability could allow an application\n with limited privileges on an affected system to execute\n code at a medium integrity level. (CVE-2020-1437)\n\n - An information disclosure vulnerability exists in\n Windows when the Windows Imaging Component fails to\n properly handle objects in memory. An attacker who\n successfully exploited this vulnerability could obtain\n information to further compromise the user's system.\n There are multiple ways an attacker could exploit this\n vulnerability: (CVE-2020-1397)\n\n - A remote code execution vulnerability exists when\n Windows Address Book (WAB) improperly processes vcard\n files. (CVE-2020-1410)\n\n - An information disclosure vulnerability exists when the\n Windows Graphics component improperly handles objects in\n memory. An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. An authenticated attacker\n could exploit this vulnerability by running a specially\n crafted application. The update addresses the\n vulnerability by correcting how the Windows Graphics\n Component handles objects in memory. (CVE-2020-1351)\n\n - An elevation of privilege vulnerability exists when\n Group Policy Services Policy Processing improperly\n handle reparse points. An attacker who successfully\n exploited this vulnerability could overwrite a targeted\n file that would normally require elevated permissions.\n (CVE-2020-1333)\n\n - A remote code execution vulnerability exists when the\n Windows font library improperly handles specially\n crafted embedded fonts. An attacker who successfully\n exploited the vulnerability could take control of the\n affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. (CVE-2020-1408)\n\n - An elevation of privilege vulnerability exists when the\n Windows Modules Installer improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could gain elevated privileges.\n (CVE-2020-1346)\n\n - An elevation of privilege vulnerability exists when\n Windows improperly handles calls to Advanced Local\n Procedure Call (ALPC). An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n the security context of the local system. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n (CVE-2020-1396)\n\n - An information disclosure vulnerability exists when\n Skype for Business is accessed via Internet Explorer. An\n attacker who exploited the vulnerability could cause the\n user to place a call without additional consent, leading\n to information disclosure of the user profile. For the\n vulnerability to be exploited, a user must click a\n specially crafted URL that prompts the Skype app.\n (CVE-2020-1432)\n\n - An elevation of privilege vulnerability exists when the\n Windows ActiveX Installer Service improperly handles\n memory. (CVE-2020-1402)\n\n - A remote code execution vulnerability exists in .NET\n Framework, Microsoft SharePoint, and Visual Studio when\n the software fails to check the source markup of XML\n file input. An attacker who successfully exploited the\n vulnerability could run arbitrary code in the context of\n the process responsible for deserialization of the XML\n content. (CVE-2020-1147)\n\n - An elevation of privilege vulnerability exists when the\n Windows Cryptography Next Generation (CNG) Key Isolation\n service improperly handles memory. An attacker who\n successfully exploited this vulnerability could run\n processes in an elevated context. (CVE-2020-1359,\n CVE-2020-1384)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Network Connections Service handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2020-1373, CVE-2020-1390,\n CVE-2020-1427, CVE-2020-1428, CVE-2020-1438)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Function Discovery Service handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2020-1085)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft Graphics Components handle objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute arbitrary code on a target\n system. (CVE-2020-1412)\n\n - A remote code execution vulnerability exists when the\n Windows Jet Database Engine improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on a victim\n system. An attacker could exploit this vulnerability by\n enticing a victim to open a specially crafted file. The\n update addresses the vulnerability by correcting the way\n the Windows Jet Database Engine handles objects in\n memory. (CVE-2020-1400, CVE-2020-1401, CVE-2020-1407)\n\n - An information disclosure vulnerability exists when the\n Windows kernel fails to properly initialize a memory\n address. An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. (CVE-2020-1389,\n CVE-2020-1419)\n\n - An elevation of privilege vulnerability exists when the\n Windows Runtime improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could run arbitrary code in an elevated context. An\n attacker could exploit this vulnerability by running a\n specially crafted application on the victim system. The\n update addresses the vulnerability by correcting the way\n the Windows Runtime handles objects in memory.\n (CVE-2020-1249, CVE-2020-1399)\n\n - An elevation of privilege vulnerability exists when the\n Windows iSCSI Target Service improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could gain elevated privileges.\n (CVE-2020-1356)\n\n - This security update corrects a denial of service in the\n Local Security Authority Subsystem Service (LSASS)\n caused when an authenticated attacker sends a specially\n crafted authentication request. A remote attacker who\n successfully exploited this vulnerability could cause a\n denial of service on the target system's LSASS service,\n which triggers an automatic reboot of the system. The\n security update addresses the vulnerability by changing\n the way that LSASS handles specially crafted\n authentication requests. (CVE-2020-1267)\n\n - A remote code execution vulnerability exists in the way\n that the Windows Graphics Device Interface (GDI) handles\n objects in the memory. An attacker who successfully\n exploited this vulnerability could take control of the\n affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. (CVE-2020-1435)\n\n - A remote code execution vulnerability exists in\n Microsoft Windows that could allow remote code execution\n if a .LNK file is processed. An attacker who\n successfully exploited this vulnerability could gain the\n same user rights as the local user. (CVE-2020-1421)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/help/4565540/windows-8-1-kb4565540\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/help/4565541/windows-8-1-kb4565541\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Security Only update KB4565540 or Cumulative Update KB4565541.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-1435\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-1436\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'SharePoint DataSet / DataTable Deserialization');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/07/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/07/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('smb_func.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_reg_query.inc');\ninclude('install_func.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = 'MS20-07';\nkbs = make_list(\n '4565541',\n '4565540'\n);\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(win81:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\n# Windows 8 EOL\nproductname = get_kb_item_or_exit(\"SMB/ProductName\", exit_code:1);\nif (\"Windows 8\" >< productname && \"8.1\" >!< productname)\n audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:'6.3', \n sp:0,\n rollup_date:'07_2020',\n bulletin:bulletin,\n rollup_kb_list:[4565541, 4565540])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n\n\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:04:05", "description": "The remote Windows host is missing security update 4565529 or cumulative update 4565536. It is, therefore, affected by multiple vulnerabilities :\n\n - A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage. The security update addresses the vulnerability by correcting how DirectWrite handles objects in memory. (CVE-2020-1409)\n\n - An elevation of privilege vulnerability exists when the Windows Profile Service improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges.\n (CVE-2020-1360)\n\n - A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2020-1403)\n\n - An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory. (CVE-2020-1468)\n\n - A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted fonts. For all systems except Windows 10, an attacker who successfully exploited the vulnerability could execute code remotely. For systems running Windows 10, an attacker who successfully exploited the vulnerability could execute code in an AppContainer sandbox context with limited privileges and capabilities. An attacker could then install programs;\n view, change, or delete data; or create new accounts with full user rights. There are multiple ways an attacker could exploit the vulnerability:\n (CVE-2020-1436)\n\n - An elevation of privilege vulnerability exists when the Windows UPnP Device Host improperly handles memory.\n (CVE-2020-1354, CVE-2020-1430)\n\n - An elevation of privilege vulnerability exists when the Windows Modules Installer improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges.\n (CVE-2020-1346)\n\n - An information disclosure vulnerability exists in Windows when the Windows Imaging Component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user's system.\n There are multiple ways an attacker could exploit this vulnerability: (CVE-2020-1397)\n\n - A remote code execution vulnerability exists when Windows Address Book (WAB) improperly processes vcard files. (CVE-2020-1410)\n\n - An elevation of privilege vulnerability exists when Group Policy Services Policy Processing improperly handle reparse points. An attacker who successfully exploited this vulnerability could overwrite a targeted file that would normally require elevated permissions.\n (CVE-2020-1333)\n\n - A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited the vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1408)\n\n - An elevation of privilege vulnerability exists when the Windows Event Logging Service improperly handles memory.\n (CVE-2020-1365, CVE-2020-1371)\n\n - An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC). An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2020-1396)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Network Location Awareness Service handles objects in memory. An attacker who successfully exploited the vulnerability could allow an application with limited privileges on an affected system to execute code at a medium integrity level. (CVE-2020-1437)\n\n - A remote code execution vulnerability exists in .NET Framework, Microsoft SharePoint, and Visual Studio when the software fails to check the source markup of XML file input. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the process responsible for deserialization of the XML content. (CVE-2020-1147)\n\n - An elevation of privilege vulnerability exists when the Windows Cryptography Next Generation (CNG) Key Isolation service improperly handles memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. (CVE-2020-1359, CVE-2020-1384)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Network Connections Service handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1373, CVE-2020-1390, CVE-2020-1427, CVE-2020-1428, CVE-2020-1438)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Function Discovery Service handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1085)\n\n - A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code on a target system. (CVE-2020-1412)\n\n - A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory. (CVE-2020-1400, CVE-2020-1401, CVE-2020-1407)\n\n - An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2020-1389, CVE-2020-1419)\n\n - This security update corrects a denial of service in the Local Security Authority Subsystem Service (LSASS) caused when an authenticated attacker sends a specially crafted authentication request. A remote attacker who successfully exploited this vulnerability could cause a denial of service on the target system's LSASS service, which triggers an automatic reboot of the system. The security update addresses the vulnerability by changing the way that LSASS handles specially crafted authentication requests. (CVE-2020-1267)\n\n - A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1435)\n\n - A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. (CVE-2020-1421)", "cvss3": {}, "published": "2020-07-14T00:00:00", "type": "nessus", "title": "KB4565529: Windows Server 2008 July 2020 Security Update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-1085", "CVE-2020-1147", "CVE-2020-1267", "CVE-2020-1333", "CVE-2020-1346", "CVE-2020-1354", "CVE-2020-1359", "CVE-2020-1360", "CVE-2020-1365", "CVE-2020-1371", "CVE-2020-1373", "CVE-2020-1384", "CVE-2020-1389", "CVE-2020-1390", "CVE-2020-1396", "CVE-2020-1397", "CVE-2020-1400", "CVE-2020-1401", "CVE-2020-1403", "CVE-2020-1407", "CVE-2020-1408", "CVE-2020-1409", "CVE-2020-1410", "CVE-2020-1412", "CVE-2020-1419", "CVE-2020-1421", "CVE-2020-1427", "CVE-2020-1428", "CVE-2020-1430", "CVE-2020-1435", "CVE-2020-1436", "CVE-2020-1437", "CVE-2020-1438", "CVE-2020-1468"], "modified": "2023-04-25T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS20_JUL_4565536.NASL", "href": "https://www.tenable.com/plugins/nessus/138461", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(138461);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/04/25\");\n\n script_cve_id(\n \"CVE-2020-1085\",\n \"CVE-2020-1147\",\n \"CVE-2020-1267\",\n \"CVE-2020-1333\",\n \"CVE-2020-1346\",\n \"CVE-2020-1354\",\n \"CVE-2020-1359\",\n \"CVE-2020-1360\",\n \"CVE-2020-1365\",\n \"CVE-2020-1371\",\n \"CVE-2020-1373\",\n \"CVE-2020-1384\",\n \"CVE-2020-1389\",\n \"CVE-2020-1390\",\n \"CVE-2020-1396\",\n \"CVE-2020-1397\",\n \"CVE-2020-1400\",\n \"CVE-2020-1401\",\n \"CVE-2020-1403\",\n \"CVE-2020-1407\",\n \"CVE-2020-1408\",\n \"CVE-2020-1409\",\n \"CVE-2020-1410\",\n \"CVE-2020-1412\",\n \"CVE-2020-1419\",\n \"CVE-2020-1421\",\n \"CVE-2020-1427\",\n \"CVE-2020-1428\",\n \"CVE-2020-1430\",\n \"CVE-2020-1435\",\n \"CVE-2020-1436\",\n \"CVE-2020-1437\",\n \"CVE-2020-1438\",\n \"CVE-2020-1468\"\n );\n script_xref(name:\"MSKB\", value:\"4565536\");\n script_xref(name:\"MSKB\", value:\"4565529\");\n script_xref(name:\"MSFT\", value:\"MS20-4565536\");\n script_xref(name:\"MSFT\", value:\"MS20-4565529\");\n script_xref(name:\"IAVA\", value:\"2020-A-0306-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0313-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/03\");\n\n script_name(english:\"KB4565529: Windows Server 2008 July 2020 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4565529\nor cumulative update 4565536. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - A remote code execution vulnerability exists in the way\n that DirectWrite handles objects in memory. An attacker\n who successfully exploited this vulnerability could take\n control of the affected system. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights. There are\n multiple ways an attacker could exploit the\n vulnerability, such as by convincing a user to open a\n specially crafted document, or by convincing a user to\n visit an untrusted webpage. The security update\n addresses the vulnerability by correcting how\n DirectWrite handles objects in memory. (CVE-2020-1409)\n\n - An elevation of privilege vulnerability exists when the\n Windows Profile Service improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could gain elevated privileges.\n (CVE-2020-1360)\n\n - A remote code execution vulnerability exists in the way\n that the VBScript engine handles objects in memory. The\n vulnerability could corrupt memory in such a way that an\n attacker could execute arbitrary code in the context of\n the current user. An attacker who successfully exploited\n the vulnerability could gain the same user rights as the\n current user. (CVE-2020-1403)\n\n - An information disclosure vulnerability exists when the\n Windows GDI component improperly discloses the contents\n of its memory. An attacker who successfully exploited\n the vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document,\n or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by\n correcting how the Windows GDI component handles objects\n in memory. (CVE-2020-1468)\n\n - A remote code execution vulnerability exists when the\n Windows font library improperly handles specially\n crafted fonts. For all systems except Windows 10, an\n attacker who successfully exploited the vulnerability\n could execute code remotely. For systems running Windows\n 10, an attacker who successfully exploited the\n vulnerability could execute code in an AppContainer\n sandbox context with limited privileges and\n capabilities. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. There are multiple ways an\n attacker could exploit the vulnerability:\n (CVE-2020-1436)\n\n - An elevation of privilege vulnerability exists when the\n Windows UPnP Device Host improperly handles memory.\n (CVE-2020-1354, CVE-2020-1430)\n\n - An elevation of privilege vulnerability exists when the\n Windows Modules Installer improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could gain elevated privileges.\n (CVE-2020-1346)\n\n - An information disclosure vulnerability exists in\n Windows when the Windows Imaging Component fails to\n properly handle objects in memory. An attacker who\n successfully exploited this vulnerability could obtain\n information to further compromise the user's system.\n There are multiple ways an attacker could exploit this\n vulnerability: (CVE-2020-1397)\n\n - A remote code execution vulnerability exists when\n Windows Address Book (WAB) improperly processes vcard\n files. (CVE-2020-1410)\n\n - An elevation of privilege vulnerability exists when\n Group Policy Services Policy Processing improperly\n handle reparse points. An attacker who successfully\n exploited this vulnerability could overwrite a targeted\n file that would normally require elevated permissions.\n (CVE-2020-1333)\n\n - A remote code execution vulnerability exists when the\n Windows font library improperly handles specially\n crafted embedded fonts. An attacker who successfully\n exploited the vulnerability could take control of the\n affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. (CVE-2020-1408)\n\n - An elevation of privilege vulnerability exists when the\n Windows Event Logging Service improperly handles memory.\n (CVE-2020-1365, CVE-2020-1371)\n\n - An elevation of privilege vulnerability exists when\n Windows improperly handles calls to Advanced Local\n Procedure Call (ALPC). An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n the security context of the local system. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n (CVE-2020-1396)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Network Location Awareness Service\n handles objects in memory. An attacker who successfully\n exploited the vulnerability could allow an application\n with limited privileges on an affected system to execute\n code at a medium integrity level. (CVE-2020-1437)\n\n - A remote code execution vulnerability exists in .NET\n Framework, Microsoft SharePoint, and Visual Studio when\n the software fails to check the source markup of XML\n file input. An attacker who successfully exploited the\n vulnerability could run arbitrary code in the context of\n the process responsible for deserialization of the XML\n content. (CVE-2020-1147)\n\n - An elevation of privilege vulnerability exists when the\n Windows Cryptography Next Generation (CNG) Key Isolation\n service improperly handles memory. An attacker who\n successfully exploited this vulnerability could run\n processes in an elevated context. (CVE-2020-1359,\n CVE-2020-1384)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Network Connections Service handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2020-1373, CVE-2020-1390,\n CVE-2020-1427, CVE-2020-1428, CVE-2020-1438)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Function Discovery Service handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2020-1085)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft Graphics Components handle objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute arbitrary code on a target\n system. (CVE-2020-1412)\n\n - A remote code execution vulnerability exists when the\n Windows Jet Database Engine improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on a victim\n system. An attacker could exploit this vulnerability by\n enticing a victim to open a specially crafted file. The\n update addresses the vulnerability by correcting the way\n the Windows Jet Database Engine handles objects in\n memory. (CVE-2020-1400, CVE-2020-1401, CVE-2020-1407)\n\n - An information disclosure vulnerability exists when the\n Windows kernel fails to properly initialize a memory\n address. An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. (CVE-2020-1389,\n CVE-2020-1419)\n\n - This security update corrects a denial of service in the\n Local Security Authority Subsystem Service (LSASS)\n caused when an authenticated attacker sends a specially\n crafted authentication request. A remote attacker who\n successfully exploited this vulnerability could cause a\n denial of service on the target system's LSASS service,\n which triggers an automatic reboot of the system. The\n security update addresses the vulnerability by changing\n the way that LSASS handles specially crafted\n authentication requests. (CVE-2020-1267)\n\n - A remote code execution vulnerability exists in the way\n that the Windows Graphics Device Interface (GDI) handles\n objects in the memory. An attacker who successfully\n exploited this vulnerability could take control of the\n affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. (CVE-2020-1435)\n\n - A remote code execution vulnerability exists in\n Microsoft Windows that could allow remote code execution\n if a .LNK file is processed. An attacker who\n successfully exploited this vulnerability could gain the\n same user rights as the local user. (CVE-2020-1421)\");\n # https://support.microsoft.com/en-us/help/4565536/windows-server-2008-update-kb4565536\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?9e9e22c7\");\n # https://support.microsoft.com/en-us/help/4565529/windows-server-2008-update-kb4565529\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?4c89c5a1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Security Only update KB4565529 or Cumulative Update KB4565536.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-1435\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-1436\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'SharePoint DataSet / DataTable Deserialization');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/07/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/07/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('smb_func.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_reg_query.inc');\ninclude('install_func.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = 'MS20-07';\nkbs = make_list(\n '4565536',\n '4565529'\n);\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(vista:'2') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:'6.0', \n sp:2,\n rollup_date:'07_2020',\n bulletin:bulletin,\n rollup_kb_list:[4565536, 4565529])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:05:02", "description": "The remote Windows host is missing security update 4565535 or cumulative update 4565537. It is, therefore, affected by multiple vulnerabilities :\n\n - A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage. The security update addresses the vulnerability by correcting how DirectWrite handles objects in memory. (CVE-2020-1409)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Credential Picker handles objects in memory. An attacker who successfully exploited the vulnerability could allow an application with limited privileges on an affected system to execute code at a medium integrity level. (CVE-2020-1385)\n\n - An elevation of privilege vulnerability exists when the Windows Profile Service improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges.\n (CVE-2020-1360)\n\n - A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2020-1403)\n\n - A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server. An attacker who successfully exploited this vulnerability could execute arbitrary code on the computer of the connecting client. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2020-1374)\n\n - A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted fonts. For all systems except Windows 10, an attacker who successfully exploited the vulnerability could execute code remotely. For systems running Windows 10, an attacker who successfully exploited the vulnerability could execute code in an AppContainer sandbox context with limited privileges and capabilities. An attacker could then install programs;\n view, change, or delete data; or create new accounts with full user rights. There are multiple ways an attacker could exploit the vulnerability:\n (CVE-2020-1436)\n\n - An elevation of privilege vulnerability exists in the way that the Credential Enrollment Manager service handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1368)\n\n - An elevation of privilege vulnerability exists when the Windows UPnP Device Host improperly handles memory.\n (CVE-2020-1354, CVE-2020-1430)\n\n - An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory. (CVE-2020-1468)\n\n - An elevation of privilege vulnerability exists when the Windows Event Logging Service improperly handles memory.\n (CVE-2020-1365, CVE-2020-1371)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Network Location Awareness Service handles objects in memory. An attacker who successfully exploited the vulnerability could allow an application with limited privileges on an affected system to execute code at a medium integrity level. (CVE-2020-1437)\n\n - An information disclosure vulnerability exists in Windows when the Windows Imaging Component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user's system.\n There are multiple ways an attacker could exploit this vulnerability: (CVE-2020-1397)\n\n - A remote code execution vulnerability exists when Windows Address Book (WAB) improperly processes vcard files. (CVE-2020-1410)\n\n - An information disclosure vulnerability exists when the Windows Graphics component improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. An authenticated attacker could exploit this vulnerability by running a specially crafted application. The update addresses the vulnerability by correcting how the Windows Graphics Component handles objects in memory. (CVE-2020-1351)\n\n - An elevation of privilege vulnerability exists when Group Policy Services Policy Processing improperly handle reparse points. An attacker who successfully exploited this vulnerability could overwrite a targeted file that would normally require elevated permissions.\n (CVE-2020-1333)\n\n - A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited the vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1408)\n\n - An elevation of privilege vulnerability exists when the Windows Modules Installer improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges.\n (CVE-2020-1346)\n\n - An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC). An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2020-1396)\n\n - An information disclosure vulnerability exists when Skype for Business is accessed via Internet Explorer. An attacker who exploited the vulnerability could cause the user to place a call without additional consent, leading to information disclosure of the user profile. For the vulnerability to be exploited, a user must click a specially crafted URL that prompts the Skype app.\n (CVE-2020-1432)\n\n - An elevation of privilege vulnerability exists when the Windows ActiveX Installer Service improperly handles memory. (CVE-2020-1402)\n\n - A remote code execution vulnerability exists in .NET Framework, Microsoft SharePoint, and Visual Studio when the software fails to check the source markup of XML file input. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the process responsible for deserialization of the XML content. (CVE-2020-1147)\n\n - An elevation of privilege vulnerability exists when the Windows Cryptography Next Generation (CNG) Key Isolation service improperly handles memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. (CVE-2020-1359, CVE-2020-1384)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Network Connections Service handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1373, CVE-2020-1390, CVE-2020-1427, CVE-2020-1428, CVE-2020-1438)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Function Discovery Service handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1085)\n\n - A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code on a target system. (CVE-2020-1412)\n\n - A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory. (CVE-2020-1400, CVE-2020-1401, CVE-2020-1407)\n\n - An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2020-1389, CVE-2020-1419)\n\n - An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The update addresses the vulnerability by correcting the way the Windows Runtime handles objects in memory.\n (CVE-2020-1249, CVE-2020-1399)\n\n - An elevation of privilege vulnerability exists when the Windows iSCSI Target Service improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges.\n (CVE-2020-1356)\n\n - This security update corrects a denial of service in the Local Security Authority Subsystem Service (LSASS) caused when an authenticated attacker sends a specially crafted authentication request. A remote attacker who successfully exploited this vulnerability could cause a denial of service on the target system's LSASS service, which triggers an automatic reboot of the system. The security update addresses the vulnerability by changing the way that LSASS handles specially crafted authentication requests. (CVE-2020-1267)\n\n - A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1435)\n\n - A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. (CVE-2020-1421)", "cvss3": {}, "published": "2020-07-14T00:00:00", "type": "nessus", "title": "KB4565535: Windows Server 2012 July 2020 Security Update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-1085", "CVE-2020-1147", "CVE-2020-1249", "CVE-2020-1267", "CVE-2020-1333", "CVE-2020-1346", "CVE-2020-1351", "CVE-2020-1354", "CVE-2020-1356", "CVE-2020-1359", "CVE-2020-1360", "CVE-2020-1365", "CVE-2020-1368", "CVE-2020-1371", "CVE-2020-1373", "CVE-2020-1374", "CVE-2020-1384", "CVE-2020-1385", "CVE-2020-1389", "CVE-2020-1390", "CVE-2020-1396", "CVE-2020-1397", "CVE-2020-1399", "CVE-2020-1400", "CVE-2020-1401", "CVE-2020-1402", "CVE-2020-1403", "CVE-2020-1407", "CVE-2020-1408", "CVE-2020-1409", "CVE-2020-1410", "CVE-2020-1412", "CVE-2020-1419", "CVE-2020-1421", "CVE-2020-1427", "CVE-2020-1428", "CVE-2020-1430", "CVE-2020-1432", "CVE-2020-1435", "CVE-2020-1436", "CVE-2020-1437", "CVE-2020-1438", "CVE-2020-1468"], "modified": "2023-04-25T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS20_JUL_4565537.NASL", "href": "https://www.tenable.com/plugins/nessus/138462", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(138462);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/04/25\");\n\n script_cve_id(\n \"CVE-2020-1085\",\n \"CVE-2020-1147\",\n \"CVE-2020-1249\",\n \"CVE-2020-1267\",\n \"CVE-2020-1333\",\n \"CVE-2020-1346\",\n \"CVE-2020-1351\",\n \"CVE-2020-1354\",\n \"CVE-2020-1356\",\n \"CVE-2020-1359\",\n \"CVE-2020-1360\",\n \"CVE-2020-1365\",\n \"CVE-2020-1368\",\n \"CVE-2020-1371\",\n \"CVE-2020-1373\",\n \"CVE-2020-1374\",\n \"CVE-2020-1384\",\n \"CVE-2020-1385\",\n \"CVE-2020-1389\",\n \"CVE-2020-1390\",\n \"CVE-2020-1396\",\n \"CVE-2020-1397\",\n \"CVE-2020-1399\",\n \"CVE-2020-1400\",\n \"CVE-2020-1401\",\n \"CVE-2020-1402\",\n \"CVE-2020-1403\",\n \"CVE-2020-1407\",\n \"CVE-2020-1408\",\n \"CVE-2020-1409\",\n \"CVE-2020-1410\",\n \"CVE-2020-1412\",\n \"CVE-2020-1419\",\n \"CVE-2020-1421\",\n \"CVE-2020-1427\",\n \"CVE-2020-1428\",\n \"CVE-2020-1430\",\n \"CVE-2020-1432\",\n \"CVE-2020-1435\",\n \"CVE-2020-1436\",\n \"CVE-2020-1437\",\n \"CVE-2020-1438\",\n \"CVE-2020-1468\"\n );\n script_xref(name:\"MSKB\", value:\"4565535\");\n script_xref(name:\"MSKB\", value:\"4565537\");\n script_xref(name:\"MSFT\", value:\"MS20-4565535\");\n script_xref(name:\"MSFT\", value:\"MS20-4565537\");\n script_xref(name:\"IAVA\", value:\"2020-A-0306-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0313-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/03\");\n\n script_name(english:\"KB4565535: Windows Server 2012 July 2020 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4565535\nor cumulative update 4565537. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - A remote code execution vulnerability exists in the way\n that DirectWrite handles objects in memory. An attacker\n who successfully exploited this vulnerability could take\n control of the affected system. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights. There are\n multiple ways an attacker could exploit the\n vulnerability, such as by convincing a user to open a\n specially crafted document, or by convincing a user to\n visit an untrusted webpage. The security update\n addresses the vulnerability by correcting how\n DirectWrite handles objects in memory. (CVE-2020-1409)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Credential Picker handles objects\n in memory. An attacker who successfully exploited the\n vulnerability could allow an application with limited\n privileges on an affected system to execute code at a\n medium integrity level. (CVE-2020-1385)\n\n - An elevation of privilege vulnerability exists when the\n Windows Profile Service improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could gain elevated privileges.\n (CVE-2020-1360)\n\n - A remote code execution vulnerability exists in the way\n that the VBScript engine handles objects in memory. The\n vulnerability could corrupt memory in such a way that an\n attacker could execute arbitrary code in the context of\n the current user. An attacker who successfully exploited\n the vulnerability could gain the same user rights as the\n current user. (CVE-2020-1403)\n\n - A remote code execution vulnerability exists in the\n Windows Remote Desktop Client when a user connects to a\n malicious server. An attacker who successfully exploited\n this vulnerability could execute arbitrary code on the\n computer of the connecting client. An attacker could\n then install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2020-1374)\n\n - A remote code execution vulnerability exists when the\n Windows font library improperly handles specially\n crafted fonts. For all systems except Windows 10, an\n attacker who successfully exploited the vulnerability\n could execute code remotely. For systems running Windows\n 10, an attacker who successfully exploited the\n vulnerability could execute code in an AppContainer\n sandbox context with limited privileges and\n capabilities. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. There are multiple ways an\n attacker could exploit the vulnerability:\n (CVE-2020-1436)\n\n - An elevation of privilege vulnerability exists in the\n way that the Credential Enrollment Manager service\n handles objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2020-1368)\n\n - An elevation of privilege vulnerability exists when the\n Windows UPnP Device Host improperly handles memory.\n (CVE-2020-1354, CVE-2020-1430)\n\n - An information disclosure vulnerability exists when the\n Windows GDI component improperly discloses the contents\n of its memory. An attacker who successfully exploited\n the vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document,\n or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by\n correcting how the Windows GDI component handles objects\n in memory. (CVE-2020-1468)\n\n - An elevation of privilege vulnerability exists when the\n Windows Event Logging Service improperly handles memory.\n (CVE-2020-1365, CVE-2020-1371)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Network Location Awareness Service\n handles objects in memory. An attacker who successfully\n exploited the vulnerability could allow an application\n with limited privileges on an affected system to execute\n code at a medium integrity level. (CVE-2020-1437)\n\n - An information disclosure vulnerability exists in\n Windows when the Windows Imaging Component fails to\n properly handle objects in memory. An attacker who\n successfully exploited this vulnerability could obtain\n information to further compromise the user's system.\n There are multiple ways an attacker could exploit this\n vulnerability: (CVE-2020-1397)\n\n - A remote code execution vulnerability exists when\n Windows Address Book (WAB) improperly processes vcard\n files. (CVE-2020-1410)\n\n - An information disclosure vulnerability exists when the\n Windows Graphics component improperly handles objects in\n memory. An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. An authenticated attacker\n could exploit this vulnerability by running a specially\n crafted application. The update addresses the\n vulnerability by correcting how the Windows Graphics\n Component handles objects in memory. (CVE-2020-1351)\n\n - An elevation of privilege vulnerability exists when\n Group Policy Services Policy Processing improperly\n handle reparse points. An attacker who successfully\n exploited this vulnerability could overwrite a targeted\n file that would normally require elevated permissions.\n (CVE-2020-1333)\n\n - A remote code execution vulnerability exists when the\n Windows font library improperly handles specially\n crafted embedded fonts. An attacker who successfully\n exploited the vulnerability could take control of the\n affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. (CVE-2020-1408)\n\n - An elevation of privilege vulnerability exists when the\n Windows Modules Installer improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could gain elevated privileges.\n (CVE-2020-1346)\n\n - An elevation of privilege vulnerability exists when\n Windows improperly handles calls to Advanced Local\n Procedure Call (ALPC). An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n the security context of the local system. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n (CVE-2020-1396)\n\n - An information disclosure vulnerability exists when\n Skype for Business is accessed via Internet Explorer. An\n attacker who exploited the vulnerability could cause the\n user to place a call without additional consent, leading\n to information disclosure of the user profile. For the\n vulnerability to be exploited, a user must click a\n specially crafted URL that prompts the Skype app.\n (CVE-2020-1432)\n\n - An elevation of privilege vulnerability exists when the\n Windows ActiveX Installer Service improperly handles\n memory. (CVE-2020-1402)\n\n - A remote code execution vulnerability exists in .NET\n Framework, Microsoft SharePoint, and Visual Studio when\n the software fails to check the source markup of XML\n file input. An attacker who successfully exploited the\n vulnerability could run arbitrary code in the context of\n the process responsible for deserialization of the XML\n content. (CVE-2020-1147)\n\n - An elevation of privilege vulnerability exists when the\n Windows Cryptography Next Generation (CNG) Key Isolation\n service improperly handles memory. An attacker who\n successfully exploited this vulnerability could run\n processes in an elevated context. (CVE-2020-1359,\n CVE-2020-1384)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Network Connections Service handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2020-1373, CVE-2020-1390,\n CVE-2020-1427, CVE-2020-1428, CVE-2020-1438)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Function Discovery Service handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2020-1085)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft Graphics Components handle objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute arbitrary code on a target\n system. (CVE-2020-1412)\n\n - A remote code execution vulnerability exists when the\n Windows Jet Database Engine improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on a victim\n system. An attacker could exploit this vulnerability by\n enticing a victim to open a specially crafted file. The\n update addresses the vulnerability by correcting the way\n the Windows Jet Database Engine handles objects in\n memory. (CVE-2020-1400, CVE-2020-1401, CVE-2020-1407)\n\n - An information disclosure vulnerability exists when the\n Windows kernel fails to properly initialize a memory\n address. An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. (CVE-2020-1389,\n CVE-2020-1419)\n\n - An elevation of privilege vulnerability exists when the\n Windows Runtime improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could run arbitrary code in an elevated context. An\n attacker could exploit this vulnerability by running a\n specially crafted application on the victim system. The\n update addresses the vulnerability by correcting the way\n the Windows Runtime handles objects in memory.\n (CVE-2020-1249, CVE-2020-1399)\n\n - An elevation of privilege vulnerability exists when the\n Windows iSCSI Target Service improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could gain elevated privileges.\n (CVE-2020-1356)\n\n - This security update corrects a denial of service in the\n Local Security Authority Subsystem Service (LSASS)\n caused when an authenticated attacker sends a specially\n crafted authentication request. A remote attacker who\n successfully exploited this vulnerability could cause a\n denial of service on the target system's LSASS service,\n which triggers an automatic reboot of the system. The\n security update addresses the vulnerability by changing\n the way that LSASS handles specially crafted\n authentication requests. (CVE-2020-1267)\n\n - A remote code execution vulnerability exists in the way\n that the Windows Graphics Device Interface (GDI) handles\n objects in the memory. An attacker who successfully\n exploited this vulnerability could take control of the\n affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. (CVE-2020-1435)\n\n - A remote code execution vulnerability exists in\n Microsoft Windows that could allow remote code execution\n if a .LNK file is processed. An attacker who\n successfully exploited this vulnerability could gain the\n same user rights as the local user. (CVE-2020-1421)\");\n # https://support.microsoft.com/en-us/help/4565535/windows-server-2012-update-kb4565535\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?33ff1388\");\n # https://support.microsoft.com/en-us/help/4565537/windows-server-2012-update-kb4565537\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?81575436\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Security Only update KB4565535 or Cumulative Update KB4565537.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-1435\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-1436\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'SharePoint DataSet / DataTable Deserialization');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/07/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/07/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('smb_func.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_reg_query.inc');\ninclude('install_func.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = 'MS20-07';\nkbs = make_list(\n '4565537',\n '4565535'\n);\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(win8:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\n# Windows 8 EOL\nproductname = get_kb_item_or_exit(\"SMB/ProductName\", exit_code:1);\nif (\"Windows 8\" >< productname) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:'6.2', \n sp:0,\n rollup_date:'07_2020',\n bulletin:bulletin,\n rollup_kb_list:[4565537, 4565535])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n\n\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:04:33", "description": "The remote Windows host is missing security update 4565539 or cumulative update 4565524. It is, therefore, affected by multiple vulnerabilities :\n\n - A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage. The security update addresses the vulnerability by correcting how DirectWrite handles objects in memory. (CVE-2020-1409)\n\n - An elevation of privilege vulnerability exists when the Windows Profile Service improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges.\n (CVE-2020-1360)\n\n - A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2020-1403)\n\n - A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server. An attacker who successfully exploited this vulnerability could execute arbitrary code on the computer of the connecting client. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2020-1374)\n\n - A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted fonts. For all systems except Windows 10, an attacker who successfully exploited the vulnerability could execute code remotely. For systems running Windows 10, an attacker who successfully exploited the vulnerability could execute code in an AppContainer sandbox context with limited privileges and capabilities. An attacker could then install programs;\n view, change, or delete data; or create new accounts with full user rights. There are multiple ways an attacker could exploit the vulnerability:\n (CVE-2020-1436)\n\n - An elevation of privilege vulnerability exists when the Windows UPnP Device Host improperly handles memory.\n (CVE-2020-1354, CVE-2020-1430)\n\n - An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory. (CVE-2020-1468)\n\n - An elevation of privilege vulnerability exists when the Windows Event Logging Service improperly handles memory.\n (CVE-2020-1365, CVE-2020-1371)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Network Location Awareness Service handles objects in memory. An attacker who successfully exploited the vulnerability could allow an application with limited privileges on an affected system to execute code at a medium integrity level. (CVE-2020-1437)\n\n - An information disclosure vulnerability exists in Windows when the Windows Imaging Component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user's system.\n There are multiple ways an attacker could exploit this vulnerability: (CVE-2020-1397)\n\n - A remote code execution vulnerability exists when Windows Address Book (WAB) improperly processes vcard files. (CVE-2020-1410)\n\n - An information disclosure vulnerability exists when the Windows Graphics component improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. An authenticated attacker could exploit this vulnerability by running a specially crafted application. The update addresses the vulnerability by correcting how the Windows Graphics Component handles objects in memory. (CVE-2020-1351)\n\n - An elevation of privilege vulnerability exists when Group Policy Services Policy Processing improperly handle reparse points. An attacker who successfully exploited this vulnerability could overwrite a targeted file that would normally require elevated permissions.\n (CVE-2020-1333)\n\n - A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited the vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1408)\n\n - An elevation of privilege vulnerability exists when the Windows Modules Installer improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges.\n (CVE-2020-1346)\n\n - An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC). An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2020-1396)\n\n - An information disclosure vulnerability exists when Skype for Business is accessed via Internet Explorer. An attacker who exploited the vulnerability could cause the user to place a call without additional consent, leading to information disclosure of the user profile. For the vulnerability to be exploited, a user must click a specially crafted URL that prompts the Skype app.\n (CVE-2020-1432)\n\n - An elevation of privilege vulnerability exists when the Windows ActiveX Installer Service improperly handles memory. (CVE-2020-1402)\n\n - A remote code execution vulnerability exists in .NET Framework, Microsoft SharePoint, and Visual Studio when the software fails to check the source markup of XML file input. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the process responsible for deserialization of the XML content. (CVE-2020-1147)\n\n - An elevation of privilege vulnerability exists when the Windows Cryptography Next Generation (CNG) Key Isolation service improperly handles memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. (CVE-2020-1359, CVE-2020-1384)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Network Connections Service handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1373, CVE-2020-1390, CVE-2020-1427, CVE-2020-1428, CVE-2020-1438)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Function Discovery Service handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1085)\n\n - A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code on a target system. (CVE-2020-1412)\n\n - A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory. (CVE-2020-1400, CVE-2020-1401, CVE-2020-1407)\n\n - An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2020-1389, CVE-2020-1419)\n\n - This security update corrects a denial of service in the Local Security Authority Subsystem Service (LSASS) caused when an authenticated attacker sends a specially crafted authentication request. A remote attacker who successfully exploited this vulnerability could cause a denial of service on the target system's LSASS service, which triggers an automatic reboot of the system. The security update addresses the vulnerability by changing the way that LSASS handles specially crafted authentication requests. (CVE-2020-1267)\n\n - A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1435)\n\n - A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. (CVE-2020-1421)", "cvss3": {}, "published": "2020-07-14T00:00:00", "type": "nessus", "title": "KB4565539: Windows 7 and Windows Server 2008 R2 July 2020 Security Update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-1085", "CVE-2020-1147", "CVE-2020-1267", "CVE-2020-1333", "CVE-2020-1346", "CVE-2020-1351", "CVE-2020-1354", "CVE-2020-1359", "CVE-2020-1360", "CVE-2020-1365", "CVE-2020-1371", "CVE-2020-1373", "CVE-2020-1374", "CVE-2020-1384", "CVE-2020-1389", "CVE-2020-1390", "CVE-2020-1396", "CVE-2020-1397", "CVE-2020-1400", "CVE-2020-1401", "CVE-2020-1402", "CVE-2020-1403", "CVE-2020-1407", "CVE-2020-1408", "CVE-2020-1409", "CVE-2020-1410", "CVE-2020-1412", "CVE-2020-1419", "CVE-2020-1421", "CVE-2020-1427", "CVE-2020-1428", "CVE-2020-1430", "CVE-2020-1432", "CVE-2020-1435", "CVE-2020-1436", "CVE-2020-1437", "CVE-2020-1438", "CVE-2020-1468"], "modified": "2023-04-25T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS20_JUL_4565524.NASL", "href": "https://www.tenable.com/plugins/nessus/138460", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(138460);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/04/25\");\n\n script_cve_id(\n \"CVE-2020-1085\",\n \"CVE-2020-1147\",\n \"CVE-2020-1267\",\n \"CVE-2020-1333\",\n \"CVE-2020-1346\",\n \"CVE-2020-1351\",\n \"CVE-2020-1354\",\n \"CVE-2020-1359\",\n \"CVE-2020-1360\",\n \"CVE-2020-1365\",\n \"CVE-2020-1371\",\n \"CVE-2020-1373\",\n \"CVE-2020-1374\",\n \"CVE-2020-1384\",\n \"CVE-2020-1389\",\n \"CVE-2020-1390\",\n \"CVE-2020-1396\",\n \"CVE-2020-1397\",\n \"CVE-2020-1400\",\n \"CVE-2020-1401\",\n \"CVE-2020-1402\",\n \"CVE-2020-1403\",\n \"CVE-2020-1407\",\n \"CVE-2020-1408\",\n \"CVE-2020-1409\",\n \"CVE-2020-1410\",\n \"CVE-2020-1412\",\n \"CVE-2020-1419\",\n \"CVE-2020-1421\",\n \"CVE-2020-1427\",\n \"CVE-2020-1428\",\n \"CVE-2020-1430\",\n \"CVE-2020-1432\",\n \"CVE-2020-1435\",\n \"CVE-2020-1436\",\n \"CVE-2020-1437\",\n \"CVE-2020-1438\",\n \"CVE-2020-1468\"\n );\n script_xref(name:\"MSKB\", value:\"4565539\");\n script_xref(name:\"MSKB\", value:\"4565524\");\n script_xref(name:\"MSFT\", value:\"MS20-4565539\");\n script_xref(name:\"MSFT\", value:\"MS20-4565524\");\n script_xref(name:\"IAVA\", value:\"2020-A-0306-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0313-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/03\");\n\n script_name(english:\"KB4565539: Windows 7 and Windows Server 2008 R2 July 2020 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4565539\nor cumulative update 4565524. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - A remote code execution vulnerability exists in the way\n that DirectWrite handles objects in memory. An attacker\n who successfully exploited this vulnerability could take\n control of the affected system. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights. There are\n multiple ways an attacker could exploit the\n vulnerability, such as by convincing a user to open a\n specially crafted document, or by convincing a user to\n visit an untrusted webpage. The security update\n addresses the vulnerability by correcting how\n DirectWrite handles objects in memory. (CVE-2020-1409)\n\n - An elevation of privilege vulnerability exists when the\n Windows Profile Service improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could gain elevated privileges.\n (CVE-2020-1360)\n\n - A remote code execution vulnerability exists in the way\n that the VBScript engine handles objects in memory. The\n vulnerability could corrupt memory in such a way that an\n attacker could execute arbitrary code in the context of\n the current user. An attacker who successfully exploited\n the vulnerability could gain the same user rights as the\n current user. (CVE-2020-1403)\n\n - A remote code execution vulnerability exists in the\n Windows Remote Desktop Client when a user connects to a\n malicious server. An attacker who successfully exploited\n this vulnerability could execute arbitrary code on the\n computer of the connecting client. An attacker could\n then install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2020-1374)\n\n - A remote code execution vulnerability exists when the\n Windows font library improperly handles specially\n crafted fonts. For all systems except Windows 10, an\n attacker who successfully exploited the vulnerability\n could execute code remotely. For systems running Windows\n 10, an attacker who successfully exploited the\n vulnerability could execute code in an AppContainer\n sandbox context with limited privileges and\n capabilities. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. There are multiple ways an\n attacker could exploit the vulnerability:\n (CVE-2020-1436)\n\n - An elevation of privilege vulnerability exists when the\n Windows UPnP Device Host improperly handles memory.\n (CVE-2020-1354, CVE-2020-1430)\n\n - An information disclosure vulnerability exists when the\n Windows GDI component improperly discloses the contents\n of its memory. An attacker who successfully exploited\n the vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document,\n or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by\n correcting how the Windows GDI component handles objects\n in memory. (CVE-2020-1468)\n\n - An elevation of privilege vulnerability exists when the\n Windows Event Logging Service improperly handles memory.\n (CVE-2020-1365, CVE-2020-1371)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Network Location Awareness Service\n handles objects in memory. An attacker who successfully\n exploited the vulnerability could allow an application\n with limited privileges on an affected system to execute\n code at a medium integrity level. (CVE-2020-1437)\n\n - An information disclosure vulnerability exists in\n Windows when the Windows Imaging Component fails to\n properly handle objects in memory. An attacker who\n successfully exploited this vulnerability could obtain\n information to further compromise the user's system.\n There are multiple ways an attacker could exploit this\n vulnerability: (CVE-2020-1397)\n\n - A remote code execution vulnerability exists when\n Windows Address Book (WAB) improperly processes vcard\n files. (CVE-2020-1410)\n\n - An information disclosure vulnerability exists when the\n Windows Graphics component improperly handles objects in\n memory. An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. An authenticated attacker\n could exploit this vulnerability by running a specially\n crafted application. The update addresses the\n vulnerability by correcting how the Windows Graphics\n Component handles objects in memory. (CVE-2020-1351)\n\n - An elevation of privilege vulnerability exists when\n Group Policy Services Policy Processing improperly\n handle reparse points. An attacker who successfully\n exploited this vulnerability could overwrite a targeted\n file that would normally require elevated permissions.\n (CVE-2020-1333)\n\n - A remote code execution vulnerability exists when the\n Windows font library improperly handles specially\n crafted embedded fonts. An attacker who successfully\n exploited the vulnerability could take control of the\n affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. (CVE-2020-1408)\n\n - An elevation of privilege vulnerability exists when the\n Windows Modules Installer improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could gain elevated privileges.\n (CVE-2020-1346)\n\n - An elevation of privilege vulnerability exists when\n Windows improperly handles calls to Advanced Local\n Procedure Call (ALPC). An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n the security context of the local system. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n (CVE-2020-1396)\n\n - An information disclosure vulnerability exists when\n Skype for Business is accessed via Internet Explorer. An\n attacker who exploited the vulnerability could cause the\n user to place a call without additional consent, leading\n to information disclosure of the user profile. For the\n vulnerability to be exploited, a user must click a\n specially crafted URL that prompts the Skype app.\n (CVE-2020-1432)\n\n - An elevation of privilege vulnerability exists when the\n Windows ActiveX Installer Service improperly handles\n memory. (CVE-2020-1402)\n\n - A remote code execution vulnerability exists in .NET\n Framework, Microsoft SharePoint, and Visual Studio when\n the software fails to check the source markup of XML\n file input. An attacker who successfully exploited the\n vulnerability could run arbitrary code in the context of\n the process responsible for deserialization of the XML\n content. (CVE-2020-1147)\n\n - An elevation of privilege vulnerability exists when the\n Windows Cryptography Next Generation (CNG) Key Isolation\n service improperly handles memory. An attacker who\n successfully exploited this vulnerability could run\n processes in an elevated context. (CVE-2020-1359,\n CVE-2020-1384)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Network Connections Service handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2020-1373, CVE-2020-1390,\n CVE-2020-1427, CVE-2020-1428, CVE-2020-1438)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Function Discovery Service handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2020-1085)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft Graphics Components handle objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute arbitrary code on a target\n system. (CVE-2020-1412)\n\n - A remote code execution vulnerability exists when the\n Windows Jet Database Engine improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on a victim\n system. An attacker could exploit this vulnerability by\n enticing a victim to open a specially crafted file. The\n update addresses the vulnerability by correcting the way\n the Windows Jet Database Engine handles objects in\n memory. (CVE-2020-1400, CVE-2020-1401, CVE-2020-1407)\n\n - An information disclosure vulnerability exists when the\n Windows kernel fails to properly initialize a memory\n address. An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. (CVE-2020-1389,\n CVE-2020-1419)\n\n - This security update corrects a denial of service in the\n Local Security Authority Subsystem Service (LSASS)\n caused when an authenticated attacker sends a specially\n crafted authentication request. A remote attacker who\n successfully exploited this vulnerability could cause a\n denial of service on the target system's LSASS service,\n which triggers an automatic reboot of the system. The\n security update addresses the vulnerability by changing\n the way that LSASS handles specially crafted\n authentication requests. (CVE-2020-1267)\n\n - A remote code execution vulnerability exists in the way\n that the Windows Graphics Device Interface (GDI) handles\n objects in the memory. An attacker who successfully\n exploited this vulnerability could take control of the\n affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. (CVE-2020-1435)\n\n - A remote code execution vulnerability exists in\n Microsoft Windows that could allow remote code execution\n if a .LNK file is processed. An attacker who\n successfully exploited this vulnerability could gain the\n same user rights as the local user. (CVE-2020-1421)\");\n # https://support.microsoft.com/en-us/help/4565539/windows-7-update-kb4565539\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?f84b756f\");\n # https://support.microsoft.com/en-us/help/4565524/windows-7-update-kb4565524\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d3552b4f\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Security Only update KB4565539 or Cumulative Update KB4565524.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-1435\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-1436\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'SharePoint DataSet / DataTable Deserialization');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/07/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/07/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('smb_func.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_reg_query.inc');\ninclude('install_func.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = 'MS20-07';\nkbs = make_list(\n '4565524',\n '4565539'\n);\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(win7:'1') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:'6.1', \n sp:1,\n rollup_date:'07_2020',\n bulletin:bulletin,\n rollup_kb_list:[4565524, 4565539])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n\n\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:03:43", "description": "The Internet Explorer installation on the remote host is missing security updates. It is, therefore, affected by multiple vulnerabilities :\n\n - An information disclosure vulnerability exists when Skype for Business is accessed via Internet Explorer. An attacker who exploited the vulnerability could cause the user to place a call without additional consent, leading to information disclosure of the user profile. For the vulnerability to be exploited, a user must click a specially crafted URL that prompts the Skype app.\n (CVE-2020-1432)\n\n - A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2020-1403)", "cvss3": {}, "published": "2020-07-14T00:00:00", "type": "nessus", "title": "Security Updates for Internet Explorer (July 2020)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-1403", "CVE-2020-1432"], "modified": "2020-08-14T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS20_JUL_INTERNET_EXPLORER.NASL", "href": "https://www.tenable.com/plugins/nessus/138467", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(138467);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/08/14\");\n\n script_cve_id(\"CVE-2020-1403\", \"CVE-2020-1432\");\n script_xref(name:\"MSKB\", value:\"4565541\");\n script_xref(name:\"MSKB\", value:\"4565524\");\n script_xref(name:\"MSKB\", value:\"4565479\");\n script_xref(name:\"MSKB\", value:\"4565536\");\n script_xref(name:\"MSFT\", value:\"MS20-4565541\");\n script_xref(name:\"MSFT\", value:\"MS20-4565524\");\n script_xref(name:\"MSFT\", value:\"MS20-4565479\");\n script_xref(name:\"MSFT\", value:\"MS20-4565536\");\n script_xref(name:\"IAVA\", value:\"2020-A-0313-S\");\n\n script_name(english:\"Security Updates for Internet Explorer (July 2020)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The Internet Explorer installation on the remote host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The Internet Explorer installation on the remote host is\nmissing security updates. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - An information disclosure vulnerability exists when\n Skype for Business is accessed via Internet Explorer. An\n attacker who exploited the vulnerability could cause the\n user to place a call without additional consent, leading\n to information disclosure of the user profile. For the\n vulnerability to be exploited, a user must click a\n specially crafted URL that prompts the Skype app.\n (CVE-2020-1432)\n\n - A remote code execution vulnerability exists in the way\n that the VBScript engine handles objects in memory. The\n vulnerability could corrupt memory in such a way that an\n attacker could execute arbitrary code in the context of\n the current user. An attacker who successfully exploited\n the vulnerability could gain the same user rights as the\n current user. (CVE-2020-1403)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/help/4565541/windows-8-1-kb4565541\");\n # https://support.microsoft.com/en-us/help/4565524/windows-7-update-kb4565524\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d3552b4f\");\n # https://support.microsoft.com/en-us/help/4565479/cumulative-security-update-for-internet-explorer\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?542e5e22\");\n # https://support.microsoft.com/en-us/help/4565536/windows-server-2008-update-kb4565536\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?9e9e22c7\");\n script_set_attribute(attribute:\"solution\", value:\n\"Microsoft has released the following security updates to address this issue: \n -KB4565541\n -KB4565524\n -KB4565479\n -KB4565536\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-1403\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/07/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/07/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = 'MS20-07';\nkbs = make_list(\n'4565479',\n'4565537',\n'4565536',\n'4565541',\n'4565524'\n);\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nos = get_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(vista:'2', win7:'1', win8:'0', win81:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nproductname = get_kb_item_or_exit(\"SMB/ProductName\", exit_code:1);\nif (\"Windows 8\" >< productname && \"8.1\" >!< productname)\n audit(AUDIT_OS_SP_NOT_VULN);\nif (\"Vista\" >< productname) audit(AUDIT_OS_SP_NOT_VULN);\n\nif (hotfix_check_server_core() == 1) audit(AUDIT_WIN_SERVER_CORE);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n # Windows 8.1 / Windows Server 2012 R2\n # Internet Explorer 11\n hotfix_is_vulnerable(os:\"6.3\", sp:0, file:\"mshtml.dll\", version:\"11.0.9600.19750\", min_version:\"11.0.9600.16000\", dir:\"\\system32\", bulletin:bulletin, kb:\"4565479\") ||\n\n # Windows Server 2012\n# Internet Explorer 11\n hotfix_is_vulnerable(os:\"6.2\", sp:0, file:\"mshtml.dll\", version:\"11.0.9600.19750\", min_version:\"11.0.9600.16000\", dir:\"\\system32\", bulletin:bulletin, kb:\"4565479\") ||\n \n # Windows 7 / Server 2008 R2\n # Internet Explorer 11\n hotfix_is_vulnerable(os:\"6.1\", sp:1, file:\"mshtml.dll\", version:\"11.0.9600.19750\", min_version:\"11.0.9600.16000\", dir:\"\\system32\", bulletin:bulletin, kb:\"4565479\") ||\n\n # Windows Server 2008\n # Internet Explorer 9\n hotfix_is_vulnerable(os:\"6.0\", sp:2, file:\"mshtml.dll\", version:\"9.0.8112.21461\", min_version:\"9.0.8112.16000\", dir:\"\\system32\", bulletin:bulletin, kb:\"4565479\")\n)\n{\n report = '\\nNote: The fix for this issue is available in either of the following updates:\\n';\n report += ' - KB4565479 : Cumulative Security Update for Internet Explorer\\n';\n if(os == \"6.3\")\n {\n report += ' - KB4565541 : Windows 8.1 / Server 2012 R2 Monthly Rollup\\n';\n hotfix_add_report(bulletin:'MS20-07', kb:'4565541', report);\n }\n else if(os == \"6.2\")\n {\n report += ' - KB4565537 : Windows Server 2012 Monthly Rollup\\n';\n hotfix_add_report(bulletin:'MS20-07', kb:'4565537', report);\n }\n else if(os == \"6.1\")\n {\n report += ' - KB4565524 : Windows 7 / Server 2008 R2 Monthly Rollup\\n';\n hotfix_add_report(bulletin:'MS20-07', kb:'4565524', report);\n }\n else if(os == \"6.0\")\n {\n report += ' - KB4565536 : Windows Server 2008 Monthly Rollup\\n';\n hotfix_add_report(bulletin:'MS20-07', kb:'4565536', report);\n }\n set_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n\n", "cvss": {"score": 0.0, "vector": "NONE"}}], "kaspersky": [{"lastseen": "2023-06-06T15:24:15", "description": "### *Detect date*:\n07/14/2020\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to gain privileges, obtain sensitive information, execute arbitrary code, cause denial of service.\n\n### *Exploitation*:\nMalware exists for this vulnerability. Usually such malware is classified as Exploit. [More details](<https://threats.kaspersky.com/en/class/Exploit/>).\n\n### *Affected products*:\nWindows 10 Version 2004 for ARM64-based Systems \nWindows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) \nWindows 10 Version 1903 for 32-bit Systems \nWindows Server 2019 (Server Core installation) \nWindows 10 Version 1809 for x64-based Systems \nWindows 10 Version 1607 for x64-based Systems \nWindows Server 2012 R2 \nWindows Server 2012 \nWindows Server 2008 for x64-based Systems Service Pack 2 \nWindows 10 Version 1909 for 32-bit Systems \nWindows Server, version 2004 (Server Core installation) \nWindows 10 for x64-based Systems \nWindows Server 2016 (Server Core installation) \nWindows 8.1 for x64-based systems \nWindows Server 2012 (Server Core installation) \nWindows 10 Version 1709 for x64-based Systems \nWindows 7 for 32-bit Systems Service Pack 1 \nWindows 10 Version 1709 for ARM64-based Systems \nWindows 8.1 for 32-bit systems \nWindows 10 Version 1607 for 32-bit Systems \nWindows Server 2016 \nWindows 10 Version 1903 for ARM64-based Systems \nWindows 10 Version 1803 for 32-bit Systems \nWindows 7 for x64-based Systems Service Pack 1 \nWindows 10 Version 1909 for x64-based Systems \nWindows 10 Version 1903 for x64-based Systems \nWindows 10 Version 1909 for ARM64-based Systems \nWindows Server 2008 for 32-bit Systems Service Pack 2 \nWindows 10 Version 2004 for 32-bit Systems \nWindows 10 Version 1809 for 32-bit Systems \nWindows Server, version 1903 (Server Core installation) \nWindows 10 Version 1803 for x64-based Systems \nWindows RT 8.1 \nWindows 10 Version 2004 for x64-based Systems \nWindows Server 2008 R2 for x64-based Systems Service Pack 1 \nWindows Server 2019 \nWindows 10 Version 1803 for ARM64-based Systems \nWindows Server, version 1909 (Server Core installation) \nWindows 10 Version 1809 for ARM64-based Systems \nWindows Server 2012 R2 (Server Core installation) \nWindows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) \nWindows 10 for 32-bit Systems \nWindows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) \nWindows 10 Version 1709 for 32-bit Systems\n\n### *Solution*:\nInstall necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)\n\n### *Original advisories*:\n[CVE-2020-1347](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1347>) \n[CVE-2020-1346](<https://nvd.nist.gov/vuln/detail/CVE-2020-1346>) \n[CVE-2020-1344](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1344>) \n[CVE-2020-1267](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1267>) \n[CVE-2020-1419](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1419>) \n[CVE-2020-1418](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1418>) \n[CVE-2020-1413](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1413>) \n[CVE-2020-1412](<https://nvd.nist.gov/vuln/detail/CVE-2020-1412>) \n[CVE-2020-1411](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1411>) \n[CVE-2020-1410](<https://nvd.nist.gov/vuln/detail/CVE-2020-1410>) \n[CVE-2020-1415](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1415>) \n[CVE-2020-1414](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1414>) \n[CVE-2020-1358](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1358>) \n[CVE-2020-1359](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1359>) \n[CVE-2020-1350](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1350>) \n[CVE-2020-1351](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1351>) \n[CVE-2020-1352](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1352>) \n[CVE-2020-1353](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1353>) \n[CVE-2020-1354](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1354>) \n[CVE-2020-1355](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1355>) \n[CVE-2020-1356](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1356>) \n[CVE-2020-1357](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1357>) \n[CVE-2020-1085](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1085>) \n[CVE-2020-1404](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1404>) \n[CVE-2020-1405](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1405>) \n[CVE-2020-1406](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1406>) \n[CVE-2020-1407](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1407>) \n[CVE-2020-1400](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1400>) \n[CVE-2020-1401](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1401>) \n[CVE-2020-1402](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1402>) \n[CVE-2020-1408](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1408>) \n[CVE-2020-1409](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1409>) \n[CVE-2020-1336](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1336>) \n[CVE-2020-1333](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1333>) \n[CVE-2020-1330](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1330>) \n[CVE-2020-1463](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1463>) \n[CVE-2020-1468](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1468>) \n[CVE-2020-1382](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1382>) \n[CVE-2020-1381](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1381>) \n[CVE-2020-1387](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1387>) \n[CVE-2020-1386](<https://nvd.nist.gov/vuln/detail/CVE-2020-1386>) \n[CVE-2020-1385](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1385>) \n[CVE-2020-1384](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1384>) \n[CVE-2020-1389](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1389>) \n[CVE-2020-1388](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1388>) \n[CVE-2020-1398](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1398>) \n[CVE-2020-1399](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1399>) \n[CVE-2020-1394](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1394>) \n[CVE-2020-1395](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1395>) \n[CVE-2020-1396](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1396>) \n[CVE-2020-1397](<https://nvd.nist.gov/vuln/detail/CVE-2020-1397>) \n[CVE-2020-1390](<https://nvd.nist.gov/vuln/detail/CVE-2020-1390>) \n[CVE-2020-1391](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1391>) \n[CVE-2020-1392](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1392>) \n[CVE-2020-1393](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1393>) \n[CVE-2020-1040](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1040>) \n[CVE-2020-1041](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1041>) \n[CVE-2020-1042](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1042>) \n[CVE-2020-1043](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1043>) \n[CVE-2020-1032](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1032>) \n[CVE-2020-1036](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1036>) \n[CVE-2020-1361](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1361>) \n[CVE-2020-1360](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1360>) \n[CVE-2020-1363](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1363>) \n[CVE-2020-1362](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1362>) \n[CVE-2020-1365](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1365>) \n[CVE-2020-1364](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1364>) \n[CVE-2020-1367](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1367>) \n[CVE-2020-1366](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1366>) \n[CVE-2020-1369](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1369>) \n[CVE-2020-1368](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1368>) \n[CVE-2020-1438](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1438>) \n[CVE-2020-1435](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1435>) \n[CVE-2020-1434](<https://nvd.nist.gov/vuln/detail/CVE-2020-1434>) \n[CVE-2020-1437](<https://nvd.nist.gov/vuln/detail/CVE-2020-1437>) \n[CVE-2020-1436](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1436>) \n[CVE-2020-1431](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1431>) \n[CVE-2020-1430](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1430>) \n[CVE-2020-1372](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1372>) \n[CVE-2020-1373](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1373>) \n[CVE-2020-1370](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1370>) \n[CVE-2020-1371](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1371>) \n[CVE-2020-1374](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1374>) \n[CVE-2020-1375](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1375>) \n[CVE-2020-1249](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1249>) \n[CVE-2020-1428](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1428>) \n[CVE-2020-1429](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1429>) \n[CVE-2020-1426](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1426>) \n[CVE-2020-1427](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1427>) \n[CVE-2020-1424](<https://nvd.nist.gov/vuln/detail/CVE-2020-1424>) \n[CVE-2020-1422](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1422>) \n[CVE-2020-1423](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1423>) \n[CVE-2020-1420](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1420>) \n[CVE-2020-1421](<https://nvd.nist.gov/vuln/detail/CVE-2020-1421>) \n[ADV200008](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200008>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Microsoft Windows](<https://threats.kaspersky.com/en/product/Microsoft-Windows/>)\n\n### *CVE-IDS*:\n[CVE-2020-1393](<https://vulners.com/cve/CVE-2020-1393>)4.6Warning \n[CVE-2020-1333](<https://vulners.com/cve/CVE-2020-1333>)3.7Warning \n[CVE-2020-1384](<https://vulners.com/cve/CVE-2020-1384>)4.6Warning \n[CVE-2020-1346](<https://vulners.com/cve/CVE-2020-1346>)4.6Warning \n[CVE-2020-1389](<https://vulners.com/cve/CVE-2020-1389>)2.1Warning \n[CVE-2020-1032](<https://vulners.com/cve/CVE-2020-1032>)7.7Critical \n[CVE-2020-1036](<https://vulners.com/cve/CVE-2020-1036>)7.7Critical \n[CVE-2020-1360](<https://vulners.com/cve/CVE-2020-1360>)4.6Warning \n[CVE-2020-1267](<https://vulners.com/cve/CVE-2020-1267>)4.0Warning \n[CVE-2020-1365](<https://vulners.com/cve/CVE-2020-1365>)4.6Warning \n[CVE-2020-1354](<https://vulners.com/cve/CVE-2020-1354>)4.6Warning \n[CVE-2020-1419](<https://vulners.com/cve/CVE-2020-1419>)2.1Warning \n[CVE-2020-1438](<https://vulners.com/cve/CVE-2020-1438>)4.6Warning \n[CVE-2020-1435](<https://vulners.com/cve/CVE-2020-1435>)9.3Critical \n[CVE-2020-1412](<https://vulners.com/cve/CVE-2020-1412>)9.3Critical \n[CVE-2020-1437](<https://vulners.com/cve/CVE-2020-1437>)4.6Warning \n[CVE-2020-1436](<https://vulners.com/cve/CVE-2020-1436>)6.8High \n[CVE-2020-1430](<https://vulners.com/cve/CVE-2020-1430>)4.6Warning \n[CVE-2020-1428](<https://vulners.com/cve/CVE-2020-1428>)4.6Warning \n[CVE-2020-1396](<https://vulners.com/cve/CVE-2020-1396>)4.6Warning \n[CVE-2020-1397](<https://vulners.com/cve/CVE-2020-1397>)4.3Warning \n[CVE-2020-1390](<https://vulners.com/cve/CVE-2020-1390>)4.6Warning \n[CVE-2020-1359](<https://vulners.com/cve/CVE-2020-1359>)4.6Warning \n[CVE-2020-1371](<https://vulners.com/cve/CVE-2020-1371>)4.6Warning \n[CVE-2020-1351](<https://vulners.com/cve/CVE-2020-1351>)2.1Warning \n[CVE-2020-1040](<https://vulners.com/cve/CVE-2020-1040>)7.7Critical \n[CVE-2020-1041](<https://vulners.com/cve/CVE-2020-1041>)7.7Critical \n[CVE-2020-1042](<https://vulners.com/cve/CVE-2020-1042>)7.7Critical \n[CVE-2020-1043](<https://vulners.com/cve/CVE-2020-1043>)7.7Critical \n[CVE-2020-1373](<https://vulners.com/cve/CVE-2020-1373>)4.6Warning \n[CVE-2020-1410](<https://vulners.com/cve/CVE-2020-1410>)9.3Critical \n[CVE-2020-1374](<https://vulners.com/cve/CVE-2020-1374>)5.1High \n[CVE-2020-1085](<https://vulners.com/cve/CVE-2020-1085>)4.6Warning \n[CVE-2020-1407](<https://vulners.com/cve/CVE-2020-1407>)9.3Critical \n[CVE-2020-1400](<https://vulners.com/cve/CVE-2020-1400>)9.3Critical \n[CVE-2020-1401](<https://vulners.com/cve/CVE-2020-1401>)9.3Critical \n[CVE-2020-1402](<https://vulners.com/cve/CVE-2020-1402>)7.2High \n[CVE-2020-1427](<https://vulners.com/cve/CVE-2020-1427>)4.6Warning \n[CVE-2020-1468](<https://vulners.com/cve/CVE-2020-1468>)4.3Warning \n[CVE-2020-1408](<https://vulners.com/cve/CVE-2020-1408>)9.3Critical \n[CVE-2020-1409](<https://vulners.com/cve/CVE-2020-1409>)9.3Critical \n[CVE-2020-1421](<https://vulners.com/cve/CVE-2020-1421>)9.3Critical \n[CVE-2020-1347](<https://vulners.com/cve/CVE-2020-1347>)4.6Warning \n[CVE-2020-1344](<https://vulners.com/cve/CVE-2020-1344>)4.6Warning \n[CVE-2020-1418](<https://vulners.com/cve/CVE-2020-1418>)7.2High \n[CVE-2020-1413](<https://vulners.com/cve/CVE-2020-1413>)4.6Warning \n[CVE-2020-1411](<https://vulners.com/cve/CVE-2020-1411>)7.2High \n[CVE-2020-1415](<https://vulners.com/cve/CVE-2020-1415>)4.6Warning \n[CVE-2020-1414](<https://vulners.com/cve/CVE-2020-1414>)4.6Warning \n[CVE-2020-1358](<https://vulners.com/cve/CVE-2020-1358>)2.1Warning \n[CVE-2020-1352](<https://vulners.com/cve/CVE-2020-1352>)4.6Warning \n[CVE-2020-1353](<https://vulners.com/cve/CVE-2020-1353>)4.6Warning \n[CVE-2020-1355](<https://vulners.com/cve/CVE-2020-1355>)4.6Warning \n[CVE-2020-1356](<https://vulners.com/cve/CVE-2020-1356>)4.6Warning \n[CVE-2020-1357](<https://vulners.com/cve/CVE-2020-1357>)4.6Warning \n[CVE-2020-1404](<https://vulners.com/cve/CVE-2020-1404>)4.6Warning \n[CVE-2020-1405](<https://vulners.com/cve/CVE-2020-1405>)3.6Warning \n[CVE-2020-1406](<https://vulners.com/cve/CVE-2020-1406>)7.2High \n[CVE-2020-1336](<https://vulners.com/cve/CVE-2020-1336>)4.6Warning \n[CVE-2020-1330](<https://vulners.com/cve/CVE-2020-1330>)2.1Warning \n[CVE-2020-1463](<https://vulners.com/cve/CVE-2020-1463>)4.6Warning \n[CVE-2020-1382](<https://vulners.com/cve/CVE-2020-1382>)4.6Warning \n[CVE-2020-1381](<https://vulners.com/cve/CVE-2020-1381>)4.6Warning \n[CVE-2020-1387](<https://vulners.com/cve/CVE-2020-1387>)4.6Warning \n[CVE-2020-1386](<https://vulners.com/cve/CVE-2020-1386>)2.1Warning \n[CVE-2020-1385](<https://vulners.com/cve/CVE-2020-1385>)4.6Warning \n[CVE-2020-1388](<https://vulners.com/cve/CVE-2020-1388>)4.6Warning \n[CVE-2020-1398](<https://vulners.com/cve/CVE-2020-1398>)4.6Warning \n[CVE-2020-1399](<https://vulners.com/cve/CVE-2020-1399>)4.6Warning \n[CVE-2020-1394](<https://vulners.com/cve/CVE-2020-1394>)4.6Warning \n[CVE-2020-1395](<https://vulners.com/cve/CVE-2020-1395>)4.6Warning \n[CVE-2020-1391](<https://vulners.com/cve/CVE-2020-1391>)2.1Warning \n[CVE-2020-1392](<https://vulners.com/cve/CVE-2020-1392>)4.6Warning \n[CVE-2020-1361](<https://vulners.com/cve/CVE-2020-1361>)2.1Warning \n[CVE-2020-1363](<https://vulners.com/cve/CVE-2020-1363>)4.6Warning \n[CVE-2020-1362](<https://vulners.com/cve/CVE-2020-1362>)4.6Warning \n[CVE-2020-1364](<https://vulners.com/cve/CVE-2020-1364>)3.6Warning \n[CVE-2020-1367](<https://vulners.com/cve/CVE-2020-1367>)2.1Warning \n[CVE-2020-1366](<https://vulners.com/cve/CVE-2020-1366>)4.6Warning \n[CVE-2020-1369](<https://vulners.com/cve/CVE-2020-1369>)4.6Warning \n[CVE-2020-1368](<https://vulners.com/cve/CVE-2020-1368>)4.6Warning \n[CVE-2020-1434](<https://vulners.com/cve/CVE-2020-1434>)4.6Warning \n[CVE-2020-1431](<https://vulners.com/cve/CVE-2020-1431>)4.6Warning \n[CVE-2020-1372](<https://vulners.com/cve/CVE-2020-1372>)4.6Warning \n[CVE-2020-1370](<https://vulners.com/cve/CVE-2020-1370>)4.6Warning \n[CVE-2020-1375](<https://vulners.com/cve/CVE-2020-1375>)4.6Warning \n[CVE-2020-1249](<https://vulners.com/cve/CVE-2020-1249>)4.6Warning \n[CVE-2020-1429](<https://vulners.com/cve/CVE-2020-1429>)7.2High \n[CVE-2020-1426](<https://vulners.com/cve/CVE-2020-1426>)2.1Warning \n[CVE-2020-1424](<https://vulners.com/cve/CVE-2020-1424>)7.2High \n[CVE-2020-1422](<https://vulners.com/cve/CVE-2020-1422>)4.6Warning \n[CVE-2020-1423](<https://vulners.com/cve/CVE-2020-1423>)4.6Warning \n[CVE-2020-1420](<https://vulners.com/cve/CVE-2020-1420>)2.1Warning\n\n### *KB list*:\n[4565541](<http://support.microsoft.com/kb/4565541>) \n[4558998](<http://support.microsoft.com/kb/4558998>) \n[4565489](<http://support.microsoft.com/kb/4565489>) \n[4565483](<http://support.microsoft.com/kb/4565483>) \n[4565508](<http://support.microsoft.com/kb/4565508>) \n[4565511](<http://support.microsoft.com/kb/4565511>) \n[4565513](<http://support.microsoft.com/kb/4565513>) \n[4565537](<http://support.microsoft.com/kb/4565537>) \n[4565503](<http://support.microsoft.com/kb/4565503>) \n[4565540](<http://support.microsoft.com/kb/4565540>) \n[4565554](<http://support.microsoft.com/kb/4565554>) \n[4565553](<http://support.microsoft.com/kb/4565553>) \n[4566425](<http://support.microsoft.com/kb/4566425>) \n[4558997](<http://support.microsoft.com/kb/4558997>) \n[4565911](<http://support.microsoft.com/kb/4565911>) \n[4565912](<http://support.microsoft.com/kb/4565912>) \n[4566785](<http://support.microsoft.com/kb/4566785>) \n[4566426](<http://support.microsoft.com/kb/4566426>) \n[4565535](<http://support.microsoft.com/kb/4565535>) \n[4565552](<http://support.microsoft.com/kb/4565552>) \n[4571692](<http://support.microsoft.com/kb/4571692>) \n[4571694](<http://support.microsoft.com/kb/4571694>)\n\n### *Microsoft official advisories*:", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2020-07-14T00:00:00", "type": "kaspersky", "title": "KLA11865 Multiple vulnerabilities in Microsoft Windows", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1032", "CVE-2020-1036", "CVE-2020-1040", "CVE-2020-1041", "CVE-2020-1042", "CVE-2020-1043", "CVE-2020-1085", "CVE-2020-1249", "CVE-2020-1267", "CVE-2020-1330", "CVE-2020-1333", "CVE-2020-1336", "CVE-2020-1344", "CVE-2020-1346", "CVE-2020-1347", "CVE-2020-1350", "CVE-2020-1351", "CVE-2020-1352", "CVE-2020-1353", "CVE-2020-1354", "CVE-2020-1355", "CVE-2020-1356", "CVE-2020-1357", "CVE-2020-1358", "CVE-2020-1359", "CVE-2020-1360", "CVE-2020-1361", "CVE-2020-1362", "CVE-2020-1363", "CVE-2020-1364", "CVE-2020-1365", "CVE-2020-1366", "CVE-2020-1367", "CVE-2020-1368", "CVE-2020-1369", "CVE-2020-1370", "CVE-2020-1371", "CVE-2020-1372", "CVE-2020-1373", "CVE-2020-1374", "CVE-2020-1375", "CVE-2020-1381", "CVE-2020-1382", "CVE-2020-1384", "CVE-2020-1385", "CVE-2020-1386", "CVE-2020-1387", "CVE-2020-1388", "CVE-2020-1389", "CVE-2020-1390", "CVE-2020-1391", "CVE-2020-1392", "CVE-2020-1393", "CVE-2020-1394", "CVE-2020-1395", "CVE-2020-1396", "CVE-2020-1397", "CVE-2020-1398", "CVE-2020-1399", "CVE-2020-1400", "CVE-2020-1401", "CVE-2020-1402", "CVE-2020-1404", "CVE-2020-1405", "CVE-2020-1406", "CVE-2020-1407", "CVE-2020-1408", "CVE-2020-1409", "CVE-2020-1410", "CVE-2020-1411", "CVE-2020-1412", "CVE-2020-1413", "CVE-2020-1414", "CVE-2020-1415", "CVE-2020-1418", "CVE-2020-1419", "CVE-2020-1420", "CVE-2020-1421", "CVE-2020-1422", "CVE-2020-1423", "CVE-2020-1424", "CVE-2020-1426", "CVE-2020-1427", "CVE-2020-1428", "CVE-2020-1429", "CVE-2020-1430", "CVE-2020-1431", "CVE-2020-1434", "CVE-2020-1435", "CVE-2020-1436", "CVE-2020-1437", "CVE-2020-1438", "CVE-2020-1463", "CVE-2020-1468"], "modified": "2020-09-10T00:00:00", "id": "KLA11865", "href": "https://threats.kaspersky.com/en/vulnerability/KLA11865/", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-06-06T15:24:16", "description": "### *Detect date*:\n07/14/2020\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple vulnerabilities were found in Microsoft Products (Extended Support Update). Malicious users can exploit these vulnerabilities to gain privileges, obtain sensitive information, execute arbitrary code, cause denial of service.\n\n### *Exploitation*:\nMalware exists for this vulnerability. Usually such malware is classified as Exploit. [More details](<https://threats.kaspersky.com/en/class/Exploit/>).\n\n### *Affected products*:\nWindows 10 Version 2004 for ARM64-based Systems \nWindows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) \nWindows 10 Version 1903 for 32-bit Systems \nWindows Server 2019 (Server Core installation) \nWindows 10 Version 1809 for x64-based Systems \nWindows 10 Version 1607 for x64-based Systems \nWindows Server 2012 R2 \nWindows Server 2012 \nWindows Server 2008 for x64-based Systems Service Pack 2 \nWindows 10 Version 1909 for 32-bit Systems \nWindows Server, version 2004 (Server Core installation) \nWindows 10 for x64-based Systems \nWindows Server 2016 (Server Core installation) \nWindows 8.1 for x64-based systems \nWindows Server 2012 (Server Core installation) \nWindows 10 Version 1709 for x64-based Systems \nWindows 7 for 32-bit Systems Service Pack 1 \nWindows 10 Version 1709 for ARM64-based Systems \nWindows 8.1 for 32-bit systems \nWindows 10 Version 1607 for 32-bit Systems \nWindows Server 2016 \nWindows 10 Version 1903 for ARM64-based Systems \nWindows 10 Version 1803 for 32-bit Systems \nWindows 7 for x64-based Systems Service Pack 1 \nWindows 10 Version 1909 for x64-based Systems \nWindows 10 Version 1903 for x64-based Systems \nInternet Explorer 11 \nWindows 10 Version 1909 for ARM64-based Systems \nWindows Server 2008 for 32-bit Systems Service Pack 2 \nWindows 10 Version 2004 for 32-bit Systems \nWindows 10 Version 1809 for 32-bit Systems \nWindows Server, version 1903 (Server Core installation) \nWindows 10 Version 1803 for x64-based Systems \nMicrosoft Office 2019 for Mac \nWindows RT 8.1 \nWindows 10 Version 2004 for x64-based Systems \nWindows Server 2008 R2 for x64-based Systems Service Pack 1 \nMicrosoft Office 2016 for Mac \nWindows Server 2019 \nInternet Explorer 9 \nWindows 10 Version 1803 for ARM64-based Systems \nWindows Server, version 1909 (Server Core installation) \nWindows 10 Version 1809 for ARM64-based Systems \nWindows Server 2012 R2 (Server Core installation) \nWindows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) \nWindows 10 for 32-bit Systems \nWindows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) \nWindows 10 Version 1709 for 32-bit Systems\n\n### *Solution*:\nInstall necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)\n\n### *Original advisories*:\n[CVE-2020-1333](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1333>) \n[CVE-2020-1384](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1384>) \n[CVE-2020-1346](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1346>) \n[CVE-2020-1389](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1389>) \n[CVE-2020-1032](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1032>) \n[CVE-2020-1036](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1036>) \n[CVE-2020-1360](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1360>) \n[CVE-2020-1267](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1267>) \n[CVE-2020-1365](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1365>) \n[CVE-2020-1354](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1354>) \n[CVE-2020-1419](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1419>) \n[CVE-2020-1438](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1438>) \n[CVE-2020-1435](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1435>) \n[CVE-2020-1412](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1412>) \n[CVE-2020-1437](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1437>) \n[CVE-2020-1436](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1436>) \n[CVE-2020-1430](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1430>) \n[CVE-2020-1428](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1428>) \n[CVE-2020-1396](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1396>) \n[CVE-2020-1397](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1397>) \n[CVE-2020-1390](<https://nvd.nist.gov/vuln/detail/CVE-2020-1390>) \n[CVE-2020-1359](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1359>) \n[CVE-2020-1371](<https://nvd.nist.gov/vuln/detail/CVE-2020-1371>) \n[CVE-2020-1350](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1350>) \n[CVE-2020-1351](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1351>) \n[CVE-2020-1040](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1040>) \n[CVE-2020-1041](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1041>) \n[CVE-2020-1042](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1042>) \n[CVE-2020-1043](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1043>) \n[CVE-2020-1373](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1373>) \n[CVE-2020-1410](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1410>) \n[CVE-2020-1374](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1374>) \n[CVE-2020-1085](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1085>) \n[CVE-2020-1407](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1407>) \n[CVE-2020-1400](<https://nvd.nist.gov/vuln/detail/CVE-2020-1400>) \n[CVE-2020-1401](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1401>) \n[CVE-2020-1402](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1402>) \n[CVE-2020-1403](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1403>) \n[CVE-2020-1427](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1427>) \n[CVE-2020-1468](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1468>) \n[CVE-2020-1408](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1408>) \n[CVE-2020-1409](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1409>) \n[CVE-2020-1421](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1421>) \n[ADV200008](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/ADV200008>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Microsoft Internet Explorer](<https://threats.kaspersky.com/en/product/Microsoft-Internet-Explorer/>)\n\n### *CVE-IDS*:\n[CVE-2020-1403](<https://vulners.com/cve/CVE-2020-1403>)7.6Critical \n[CVE-2020-1333](<https://vulners.com/cve/CVE-2020-1333>)3.7Warning \n[CVE-2020-1384](<https://vulners.com/cve/CVE-2020-1384>)4.6Warning \n[CVE-2020-1346](<https://vulners.com/cve/CVE-2020-1346>)4.6Warning \n[CVE-2020-1389](<https://vulners.com/cve/CVE-2020-1389>)2.1Warning \n[CVE-2020-1032](<https://vulners.com/cve/CVE-2020-1032>)7.7Critical \n[CVE-2020-1036](<https://vulners.com/cve/CVE-2020-1036>)7.7Critical \n[CVE-2020-1360](<https://vulners.com/cve/CVE-2020-1360>)4.6Warning \n[CVE-2020-1267](<https://vulners.com/cve/CVE-2020-1267>)4.0Warning \n[CVE-2020-1365](<https://vulners.com/cve/CVE-2020-1365>)4.6Warning \n[CVE-2020-1354](<https://vulners.com/cve/CVE-2020-1354>)4.6Warning \n[CVE-2020-1419](<https://vulners.com/cve/CVE-2020-1419>)2.1Warning \n[CVE-2020-1438](<https://vulners.com/cve/CVE-2020-1438>)4.6Warning \n[CVE-2020-1435](<https://vulners.com/cve/CVE-2020-1435>)9.3Critical \n[CVE-2020-1412](<https://vulners.com/cve/CVE-2020-1412>)9.3Critical \n[CVE-2020-1437](<https://vulners.com/cve/CVE-2020-1437>)4.6Warning \n[CVE-2020-1436](<https://vulners.com/cve/CVE-2020-1436>)6.8High \n[CVE-2020-1430](<https://vulners.com/cve/CVE-2020-1430>)4.6Warning \n[CVE-2020-1428](<https://vulners.com/cve/CVE-2020-1428>)4.6Warning \n[CVE-2020-1396](<https://vulners.com/cve/CVE-2020-1396>)4.6Warning \n[CVE-2020-1397](<https://vulners.com/cve/CVE-2020-1397>)4.3Warning \n[CVE-2020-1390](<https://vulners.com/cve/CVE-2020-1390>)4.6Warning \n[CVE-2020-1359](<https://vulners.com/cve/CVE-2020-1359>)4.6Warning \n[CVE-2020-1371](<https://vulners.com/cve/CVE-2020-1371>)4.6Warning \n[CVE-2020-1351](<https://vulners.com/cve/CVE-2020-1351>)2.1Warning \n[CVE-2020-1040](<https://vulners.com/cve/CVE-2020-1040>)7.7Critical \n[CVE-2020-1041](<https://vulners.com/cve/CVE-2020-1041>)7.7Critical \n[CVE-2020-1042](<https://vulners.com/cve/CVE-2020-1042>)7.7Critical \n[CVE-2020-1043](<https://vulners.com/cve/CVE-2020-1043>)7.7Critical \n[CVE-2020-1373](<https://vulners.com/cve/CVE-2020-1373>)4.6Warning \n[CVE-2020-1410](<https://vulners.com/cve/CVE-2020-1410>)9.3Critical \n[CVE-2020-1374](<https://vulners.com/cve/CVE-2020-1374>)5.1High \n[CVE-2020-1085](<https://vulners.com/cve/CVE-2020-1085>)4.6Warning \n[CVE-2020-1407](<https://vulners.com/cve/CVE-2020-1407>)9.3Critical \n[CVE-2020-1400](<https://vulners.com/cve/CVE-2020-1400>)9.3Critical \n[CVE-2020-1401](<https://vulners.com/cve/CVE-2020-1401>)9.3Critical \n[CVE-2020-1402](<https://vulners.com/cve/CVE-2020-1402>)7.2High \n[CVE-2020-1427](<https://vulners.com/cve/CVE-2020-1427>)4.6Warning \n[CVE-2020-1468](<https://vulners.com/cve/CVE-2020-1468>)4.3Warning \n[CVE-2020-1408](<https://vulners.com/cve/CVE-2020-1408>)9.3Critical \n[CVE-2020-1409](<https://vulners.com/cve/CVE-2020-1409>)9.3Critical \n[CVE-2020-1421](<https://vulners.com/cve/CVE-2020-1421>)9.3Critical\n\n### *KB list*:\n[4565524](<http://support.microsoft.com/kb/4565524>) \n[4565479](<http://support.microsoft.com/kb/4565479>) \n[4565529](<http://support.microsoft.com/kb/4565529>) \n[4565539](<http://support.microsoft.com/kb/4565539>) \n[4565353](<http://support.microsoft.com/kb/4565353>) \n[4565354](<http://support.microsoft.com/kb/4565354>) \n[4565536](<http://support.microsoft.com/kb/4565536>)\n\n### *Microsoft official advisories*:", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2020-07-14T00:00:00", "type": "kaspersky", "title": "KLA11863 Multiple vulnerabilities in Microsoft Products (ESU)", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1032", "CVE-2020-1036", "CVE-2020-1040", "CVE-2020-1041", "CVE-2020-1042", "CVE-2020-1043", "CVE-2020-1085", "CVE-2020-1267", "CVE-2020-1333", "CVE-2020-1346", "CVE-2020-1350", "CVE-2020-1351", "CVE-2020-1354", "CVE-2020-1359", "CVE-2020-1360", "CVE-2020-1365", "CVE-2020-1371", "CVE-2020-1373", "CVE-2020-1374", "CVE-2020-1384", "CVE-2020-1389", "CVE-2020-1390", "CVE-2020-1396", "CVE-2020-1397", "CVE-2020-1400", "CVE-2020-1401", "CVE-2020-1402", "CVE-2020-1403", "CVE-2020-1407", "CVE-2020-1408", "CVE-2020-1409", "CVE-2020-1410", "CVE-2020-1412", "CVE-2020-1419", "CVE-2020-1421", "CVE-2020-1427", "CVE-2020-1428", "CVE-2020-1430", "CVE-2020-1435", "CVE-2020-1436", "CVE-2020-1437", "CVE-2020-1438", "CVE-2020-1468"], "modified": "2020-07-22T00:00:00", "id": "KLA11863", "href": "https://threats.kaspersky.com/en/vulnerability/KLA11863/", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-06-06T15:24:19", "description": "### *Detect date*:\n07/14/2020\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple vulnerabilities were found in Microsoft Browser. Malicious users can exploit these vulnerabilities to obtain sensitive information, execute arbitrary code.\n\n### *Exploitation*:\nMalware exists for this vulnerability. Usually such malware is classified as Exploit. [More details](<https://threats.kaspersky.com/en/class/Exploit/>).\n\n### *Affected products*:\nInternet Explorer 9 \nInternet Explorer 11 \nMicrosoft Edge (EdgeHTML-based)\n\n### *Solution*:\nInstall necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)\n\n### *Original advisories*:\n[CVE-2020-1462](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1462>) \n[CVE-2020-1432](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1432>) \n[CVE-2020-1433](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1433>) \n[CVE-2020-1403](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1403>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Microsoft Internet Explorer](<https://threats.kaspersky.com/en/product/Microsoft-Internet-Explorer/>)\n\n### *CVE-IDS*:\n[CVE-2020-1462](<https://vulners.com/cve/CVE-2020-1462>)4.3Warning \n[CVE-2020-1432](<https://vulners.com/cve/CVE-2020-1432>)4.3Warning \n[CVE-2020-1433](<https://vulners.com/cve/CVE-2020-1433>)4.3Warning \n[CVE-2020-1403](<https://vulners.com/cve/CVE-2020-1403>)7.6Critical\n\n### *KB list*:\n[4565541](<http://support.microsoft.com/kb/4565541>) \n[4565524](<http://support.microsoft.com/kb/4565524>) \n[4558998](<http://support.microsoft.com/kb/4558998>) \n[4565489](<http://support.microsoft.com/kb/4565489>) \n[4565479](<http://support.microsoft.com/kb/4565479>) \n[4565483](<http://support.microsoft.com/kb/4565483>) \n[4565508](<http://support.microsoft.com/kb/4565508>) \n[4565511](<http://support.microsoft.com/kb/4565511>) \n[4565513](<http://support.microsoft.com/kb/4565513>) \n[4565537](<http://support.microsoft.com/kb/4565537>) \n[4565503](<http://support.microsoft.com/kb/4565503>)\n\n### *Microsoft official advisories*:", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-07-14T00:00:00", "type": "kaspersky", "title": "KLA11858 Multiple vulnerabilities in Microsoft Browser", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1403", "CVE-2020-1432", "CVE-2020-1433", "CVE-2020-1462"], "modified": "2020-07-22T00:00:00", "id": "KLA11858", "href": "https://threats.kaspersky.com/en/vulnerability/KLA11858/", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}], "avleonov": [{"lastseen": "2020-12-20T04:20:58", "description": "I am doing this episode about July vulnerabilities already in August. There are 2 reasons for this. First of all, July Microsoft Patch Tuesday was published in the middle of the month, as late as possible. Secondly, in the second half of July I spent my free time mostly on coding. And I would like to talk more about this.\n\n![Microsoft Patch Tuesday July 2020: my new open source project Vulristics, DNS SIGRed, RDP Client and SharePoint](https://avleonov.com/wp-content/uploads/2020/08/Microsoft-Patch-Tuesday-July-2020.png)\n\n## Vulristics\n\nI decided to release my Microsoft Patch Tuesday reporting tool as part of a larger open source project ([github](<https://github.com/leonov-av/vulristics>)). I named it _Vulristics _(from \u201cVulnerability\u201d and \u201cHeuristics\u201d). I want this to be an extensible framework for analyzing publicly available information about vulnerabilities.\n\nLet's say we have a vulnerability ID (CVE ID) and we need to decide whether it is really critical or not. We will probably go to some vulnerability databases ([NVD](<https://nvd.nist.gov/vuln/detail/CVE-2020-1350>), [CVE page on the Microsoft website](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1350>), [Vulners.com](<https://vulners.com/cve/CVE-2020-1350>), etc.) and somehow analyze the descriptions and parameters. Right? Such analysis can be quite complex and not so obvious. My idea is to formalize it and make it shareable. It may not be the most efficient way to process data, but it should reflect real human experience, the things that real vulnerability analysts do. This is the main goal.\n\nCurrently, there are the following scripts available:\n\n 1. [report_ms_patch_tuesday.py](<https://github.com/leonov-av/vulristics/blob/master/report_ms_patch_tuesday.py>) - analyze and group Microsoft Patch Tuesday CVEs.\n 2. [report_cve.py](<https://github.com/leonov-av/vulristics/blob/master/report_cve.py>) - collect and preprocess CVE ID-related data from NVD, Microsoft.com and Vulners.\n 3. [report_ms_patch_tuesday_exploits.py](<https://github.com/leonov-av/vulristics/blob/master/report_ms_patch_tuesday_exploits.py>) - get Microsoft Patch Tuesday CVEs and filter vulnerabilities with public exploits (based on Vulners.com).\n\nOf course, we can do much more than that. I have plans to add:\n\n * analysis of the vulnerability description based on keywords and phrases (it's good that such descriptions usually have a fairly regular structure)\n * analysis of references\n * danger and relevance metrics counting ([vulnerability quadrants](<https://avleonov.com/2017/05/10/vulnerability-quadrants/>)) \nand so on.\n\nIf you have good ideas please [share them in the chat](<https://t.me/avleonovchat>). The help in coding will be also pretty much appreciated. ![\ud83d\ude09](https://s.w.org/images/core/emoji/13.0.1/72x72/1f609.png)\n\nFinally, some obvious warnings:\n\n * This tool is NOT an interface to any particular database.\n * The tool makes requests to third-party sources.\n\nSo keep in mind that if you actively use it for bulk operations, you may have problems with the owners of these third-party sources, for example, your IP address will simply be banned. So be careful and reasonable!\n\n## July MS Patch Tuesday Report\n\nBut enough about my tool, let's talk about the results for July MS Patch Tuesday. There were 123 vulnerabilities in July. 18 are critical and 105 are important. As for the public exploits, I checked the vulnerabilities with a report_ms_patch_tuesday_exploits.py and found nothing.\n\nThere are no exploits for these vulnerabilities on Vulners. Microsoft also believes that there are no _Exploitation detected_ vulnerabilities this time.\n\n### Exploitation more likely\n\nBut we see 8 _Exploitation of more likely_ vulnerabilities:\n\n#### ![]( http://www.avleonov.com/vulnicons/rce.png)Remote Code Execution\n\n * .NET Framework, SharePoint Server, and Visual Studio ([CVE-2020-1147](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1147>))\n * Remote Desktop Client ([CVE-2020-1374](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1374>))\n * VBScript ([CVE-2020-1403](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1403>))\n * Windows DNS Server ([CVE-2020-1350](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1350>))\n\n#### ![]( http://www.avleonov.com/vulnicons/eop.png)Elevation of Privilege\n\n * Windows Graphics Component ([CVE-2020-1381](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1381>), [CVE-2020-1382](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1382>))\n * Windows Runtime ([CVE-2020-1399](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1399>))\n\n#### ![]( http://www.avleonov.com/vulnicons/infdis.png)Information Disclosure\n\n * Windows Kernel ([CVE-2020-1426](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1426>))\n\nWindows DNS Server RCE ([CVE-2020-1350](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1350>)), called SIGRed, is the star of this Patch Tuesday. It's extremely critical and has existed for 17 years, affecting Windows Server versions from 2003 to 2019. Getting RCE with only a DNS request is really impressive. Checkpoint guys made a [great article about this vulnerability](<https://research.checkpoint.com/2020/resolving-your-way-into-domain-admin-exploiting-a-17-year-old-bug-in-windows-dns-servers/>) with [video of PoC](<https://www.youtube.com/watch?v=PUlMmhD5it8>) . When this vulnerability was released, there was a feeling that there would be a public RCE exploit soon. But still there are only several [Rickroll jokes](<https://github.com/ZephrFish/CVE-2020-1350>) and DoS exploit by [maxpl0it](<https://github.com/maxpl0it/CVE-2020-1350-DoS/commits?author=maxpl0it>), which looks workable, but for some reason is not present in the exploit databases, for example in [exploit-db](<https://www.exploit-db.com/>).Therefore, [Vulners does not see it](<https://vulners.com/cve/CVE-2020-1350>), as I mentioned above. Indeed, searching for exploits and exploit validation are important tasks!\n\nIn second place, of course, RDP Client RCE ([CVE-2020-1374](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1374>)). When a client connects to an infected server it become susceptible to an RCE attack. All versions from Windows 7 (and possibly earlier!) to the latest version of Windows 10 (2004) are vulnerable. Of course, the exploitation of this vulnerability requires social engineering or Man-in-the-Middle attack.\n\nNET Framework, SharePoint Server, and Visual Studio RCE ([CVE-2020-1147](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1147>)) involves the deserialization of XML content. To exploit this vulnerability, an attacker could upload a specially crafted document to a server utilizing an affected product to process content.\n\nVBScript RCE ([CVE-2020-1403](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1403>)). An attacker would have to convince a user to execute malicious code through phishing or to visit a malicious website, where the user would download and execute a crafted file. In fact, we see tons of these vulnerabilities every Patch Tuesday, but still no exploits.\n\nWindows Graphics Component Elevation of Privilege vulnerabilities ([CVE-2020-1381](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1381>), [CVE-2020-1382](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1382>)). An attacker logs onto a vulnerable system and executes a specially crafted application to run processes in an elevated context.\n\n### Other Product based (14)\n\nLooking at other vulnerabilities, the products with the most vulnerabilities are Hyper-V RemoteFX vGPU (RCEs) and Windows Runtime (EoPs). \n\n#### Hyper-V RemoteFX vGPU\n\n * ![]( http://www.avleonov.com/vulnicons/rce.png)Remote Code Execution ([CVE-2020-1032](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1032>), [CVE-2020-1036](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1036>), [CVE-2020-1040](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1040>), [CVE-2020-1041](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1041>), [CVE-2020-1042](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1042>), [CVE-2020-1043](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1043>))\n\n#### Windows Runtime\n\n * ![]( http://www.avleonov.com/vulnicons/eop.png)Elevation of Privilege ([CVE-2020-1249](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1249>), [CVE-2020-1353](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1353>), [CVE-2020-1370](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1370>), [CVE-2020-1404](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1404>), [CVE-2020-1413](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1413>), [CVE-2020-1414](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1414>), [CVE-2020-1415](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1415>), [CVE-2020-1422](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1422>))\n\nRCEs in Hyper-V RemoteFX vGPU ([CVE-2020-1032](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1032>), [CVE-2020-1036](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1036>), [CVE-2020-1040](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1040>), [CVE-2020-1041](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1041>), [CVE-2020-1042](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1042>), [CVE-2020-1043](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1043>)). Microsoft patch simply disables RemoteFX functionality. According to Microsoft: \u201cRemoteFX vGPU has been deprecated in Windows Server 2019 and customers are advised to use Discrete Device Assignment (DDA) instead of RemoteFX vGPU. DDA was introduced in Windows Server 2016.\u201d\n\n### Other Vulnerability Type based (101)\n\n#### ![]( http://www.avleonov.com/vulnicons/rce.png)Remote Code Execution\n\n * DirectWrite ([CVE-2020-1409](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1409>))\n * GDI+ ([CVE-2020-1435](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1435>))\n * Jet Database Engine ([CVE-2020-1400](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1400>), [CVE-2020-1401](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1401>), [CVE-2020-1407](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1407>))\n * LNK ([CVE-2020-1421](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1421>))\n * Microsoft Excel ([CVE-2020-1240](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1240>))\n * Microsoft Graphics ([CVE-2020-1408](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1408>))\n * Microsoft Graphics Components ([CVE-2020-1412](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1412>))\n * Microsoft Office ([CVE-2020-1458](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1458>))\n * Microsoft Outlook ([CVE-2020-1349](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1349>))\n * Microsoft Project ([CVE-2020-1449](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1449>))\n * Microsoft SharePoint ([CVE-2020-1444](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1444>))\n * Microsoft Word ([CVE-2020-1446](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1446>), [CVE-2020-1447](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1447>), [CVE-2020-1448](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1448>))\n * PerformancePoint Services ([CVE-2020-1439](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1439>))\n * Visual Studio Code ESLint Extention ([CVE-2020-1481](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1481>))\n * Windows Address Book ([CVE-2020-1410](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1410>))\n * Windows Font Driver Host ([CVE-2020-1355](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1355>))\n * Windows Font Library ([CVE-2020-1436](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1436>))\n\n#### ![]( http://www.avleonov.com/vulnicons/dos.png)Denial of Service\n\n * Bond ([CVE-2020-1469](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1469>))\n * Local Security Authority Subsystem Service ([CVE-2020-1267](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1267>))\n * Windows WalletService ([CVE-2020-1364](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1364>))\n\n#### ![]( http://www.avleonov.com/vulnicons/eop.png)Elevation of Privilege\n\n * Group Policy Services Policy Processing ([CVE-2020-1333](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1333>))\n * Microsoft Defender ([CVE-2020-1461](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1461>))\n * Microsoft Office ([CVE-2020-1025](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1025>))\n * Microsoft OneDrive ([CVE-2020-1465](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1465>))\n * Visual Studio and Visual Studio Code ([CVE-2020-1416](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1416>))\n * Windows ([CVE-2020-1388](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1388>), [CVE-2020-1392](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1392>), [CVE-2020-1394](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1394>), [CVE-2020-1395](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1395>))\n * Windows ALPC ([CVE-2020-1396](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1396>))\n * Windows ActiveX Installer Service ([CVE-2020-1402](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1402>))\n * Windows AppX Deployment Extensions ([CVE-2020-1431](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1431>))\n * Windows CNG Key Isolation Service ([CVE-2020-1359](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1359>), [CVE-2020-1384](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1384>))\n * Windows COM Server ([CVE-2020-1375](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1375>))\n * Windows Credential Enrollment Manager Service ([CVE-2020-1368](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1368>))\n * Windows Credential Picker ([CVE-2020-1385](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1385>))\n * Windows Diagnostics Hub ([CVE-2020-1393](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1393>), [CVE-2020-1418](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1418>))\n * Windows Error Reporting Manager ([CVE-2020-1429](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1429>))\n * Windows Event Logging Service ([CVE-2020-1365](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1365>), [CVE-2020-1371](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1371>))\n * Windows Function Discovery Service ([CVE-2020-1085](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1085>))\n * Windows Kernel ([CVE-2020-1336](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1336>), [CVE-2020-1411](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1411>))\n * Windows Lockscreen ([CVE-2020-1398](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1398>))\n * Windows Mobile Device Management Diagnostics ([CVE-2020-1372](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1372>), [CVE-2020-1405](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1405>))\n * Windows Modules Installer ([CVE-2020-1346](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1346>))\n * Windows Network Connections Service ([CVE-2020-1373](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1373>), [CVE-2020-1390](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1390>), [CVE-2020-1427](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1427>), [CVE-2020-1428](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1428>), [CVE-2020-1438](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1438>))\n * Windows Network List Service ([CVE-2020-1406](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1406>))\n * Windows Network Location Awareness Service ([CVE-2020-1437](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1437>))\n * Windows Picker Platform ([CVE-2020-1363](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1363>))\n * Windows Print Workflow Service ([CVE-2020-1366](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1366>))\n * Windows Profile Service ([CVE-2020-1360](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1360>))\n * Windows Push Notification Service ([CVE-2020-1387](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1387>))\n * Windows SharedStream Library ([CVE-2020-1463](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1463>))\n * Windows Storage Services ([CVE-2020-1347](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1347>))\n * Windows Subsystem for Linux ([CVE-2020-1423](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1423>))\n * Windows Sync Host Service ([CVE-2020-1434](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1434>))\n * Windows System Events Broker ([CVE-2020-1357](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1357>))\n * Windows UPnP Device Host ([CVE-2020-1354](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1354>), [CVE-2020-1430](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1430>))\n * Windows USO Core Worker ([CVE-2020-1352](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1352>))\n * Windows Update Stack ([CVE-2020-1424](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1424>))\n * Windows WalletService ([CVE-2020-1344](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1344>), [CVE-2020-1362](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1362>), [CVE-2020-1369](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1369>))\n * Windows iSCSI Target Service ([CVE-2020-1356](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1356>))\n\n#### ![]( http://www.avleonov.com/vulnicons/infdis.png)Information Disclosure\n\n * Connected User Experiences and Telemetry Service ([CVE-2020-1386](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1386>))\n * Microsoft Edge PDF ([CVE-2020-1433](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1433>))\n * Microsoft Graphics Component ([CVE-2020-1351](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1351>))\n * Microsoft Office ([CVE-2020-1342](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1342>), [CVE-2020-1445](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1445>))\n * Skype for Business via Internet Explorer ([CVE-2020-1432](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1432>))\n * Skype for Business via Microsoft Edge (EdgeHTML-based) ([CVE-2020-1462](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1462>))\n * Windows Agent Activation Runtime ([CVE-2020-1391](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1391>))\n * Windows Error Reporting ([CVE-2020-1420](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1420>))\n * Windows GDI ([CVE-2020-1468](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1468>))\n * Windows Imaging Component ([CVE-2020-1397](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1397>))\n * Windows Kernel ([CVE-2020-1367](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1367>), [CVE-2020-1389](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1389>), [CVE-2020-1419](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1419>))\n * Windows Mobile Device Management Diagnostics ([CVE-2020-1330](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1330>))\n * Windows Resource Policy ([CVE-2020-1358](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1358>))\n * Windows WalletService ([CVE-2020-1361](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1361>))\n\n#### ![]( http://www.avleonov.com/vulnicons/xss.png)Cross Site Scripting\n\n * Azure DevOps Server ([CVE-2020-1326](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1326>))\n * Microsoft SharePoint ([CVE-2020-1450](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1450>), [CVE-2020-1451](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1451>), [CVE-2020-1456](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1456>))\n * Microsoft SharePoint Reflective ([CVE-2020-1454](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1454>))\n * Office Web Apps ([CVE-2020-1442](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1442>))\n\n#### ![]( http://www.avleonov.com/vulnicons/spoofing.png)Spoofing\n\n * Microsoft SharePoint ([CVE-2020-1443](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1443>))\n\nAmong other vulnerabilities, vulnerability management vendors highlight\n\nRCE in PerformancePoint Services ([CVE-2020-1439](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1439>)). PerformancePoint is a SharePoint component and the vulnerability is similar to the _Exploitation more likely_ SharePoint vulnerability ([CVE-2020-1147](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1147>)) we discussed above.\n\nMicrosoft Word RCEs ([CVE-2020-1446](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1446>), [CVE-2020-1447](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1447>), [CVE-2020-1448](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1448>)). Exploitation of this vulnerability requires an attacker to send a specially crafted file to a victim, or to convince a user to visit a crafted website hosting a malicious file which the user must open with a vulnerable version of Microsoft Word. Obviously, this is good for phishing.\n\nJet Database Engine RCEs ([CVE-2020-1400](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1400>), [CVE-2020-1401](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1401>), [CVE-2020-1407](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1407>)). To exploit this vulnerability, an attacker must convince a victim to open a specially crafted file or visit a malicious website.\n\nVisual Studio Code ESLint Extention RCE ([CVE-2020-1481](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1481>)). To exploit this vulnerability, an attacker would need to convince a user to clone a repository and open it in Visual Studio Code. Attacker-specified code would execute in the context of the current user, with the same rights and permissions.\n\nWindows Modules Installer Elevation of Privilege ([CVE-2020-1346](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1346>)) was mentioned by rapid7: "In this particular case, the Servicing Stack Updates released this month should been installed prior to installing the cumulative update/monthly rollup or security update patch. While it was not explicitly outlined, following these directions from Microsoft for CVE-2020-1346 may have a direct impact on the order of operations when resolving other issues such as CVE-2020-1350."\n\n![](http://feeds.feedburner.com/~r/avleonov/~4/BltzY4Fi__s)", "edition": 2, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 10.0, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 6.0}, "published": "2020-08-02T04:05:22", "type": "avleonov", "title": "Microsoft Patch Tuesday July 2020: my new open source project Vulristics, DNS SIGRed, RDP Client and SharePoint", "bulletinFamily": "blog", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1025", "CVE-2020-1032", "CVE-2020-1036", "CVE-2020-1040", "CVE-2020-1041", "CVE-2020-1042", "CVE-2020-1043", "CVE-2020-1085", "CVE-2020-1147", "CVE-2020-1240", "CVE-2020-1249", "CVE-2020-1267", "CVE-2020-1326", "CVE-2020-1330", "CVE-2020-1333", "CVE-2020-1336", "CVE-2020-1342", "CVE-2020-1344", "CVE-2020-1346", "CVE-2020-1347", "CVE-2020-1349", "CVE-2020-1350", "CVE-2020-1351", "CVE-2020-1352", "CVE-2020-1353", "CVE-2020-1354", "CVE-2020-1355", "CVE-2020-1356", "CVE-2020-1357", "CVE-2020-1358", "CVE-2020-1359", "CVE-2020-1360", "CVE-2020-1361", "CVE-2020-1362", "CVE-2020-1363", "CVE-2020-1364", "CVE-2020-1365", "CVE-2020-1366", "CVE-2020-1367", "CVE-2020-1368", "CVE-2020-1369", "CVE-2020-1370", "CVE-2020-1371", "CVE-2020-1372", "CVE-2020-1373", "CVE-2020-1374", "CVE-2020-1375", "CVE-2020-1381", "CVE-2020-1382", "CVE-2020-1384", "CVE-2020-1385", "CVE-2020-1386", "CVE-2020-1387", "CVE-2020-1388", "CVE-2020-1389", "CVE-2020-1390", "CVE-2020-1391", "CVE-2020-1392", "CVE-2020-1393", "CVE-2020-1394", "CVE-2020-1395", "CVE-2020-1396", "CVE-2020-1397", "CVE-2020-1398", "CVE-2020-1399", "CVE-2020-1400", "CVE-2020-1401", "CVE-2020-1402", "CVE-2020-1403", "CVE-2020-1404", "CVE-2020-1405", "CVE-2020-1406", "CVE-2020-1407", "CVE-2020-1408", "CVE-2020-1409", "CVE-2020-1410", "CVE-2020-1411", "CVE-2020-1412", "CVE-2020-1413", "CVE-2020-1414", "CVE-2020-1415", "CVE-2020-1416", "CVE-2020-1418", "CVE-2020-1419", "CVE-2020-1420", "CVE-2020-1421", "CVE-2020-1422", "CVE-2020-1423", "CVE-2020-1424", "CVE-2020-1426", "CVE-2020-1427", "CVE-2020-1428", "CVE-2020-1429", "CVE-2020-1430", "CVE-2020-1431", "CVE-2020-1432", "CVE-2020-1433", "CVE-2020-1434", "CVE-2020-1435", "CVE-2020-1436", "CVE-2020-1437", "CVE-2020-1438", "CVE-2020-1439", "CVE-2020-1442", "CVE-2020-1443", "CVE-2020-1444", "CVE-2020-1445", "CVE-2020-1446", "CVE-2020-1447", "CVE-2020-1448", "CVE-2020-1449", "CVE-2020-1450", "CVE-2020-1451", "CVE-2020-1454", "CVE-2020-1456", "CVE-2020-1458", "CVE-2020-1461", "CVE-2020-1462", "CVE-2020-1463", "CVE-2020-1465", "CVE-2020-1468", "CVE-2020-1469", "CVE-2020-1481"], "modified": "2020-08-02T04:05:22", "id": "AVLEONOV:7DAB33D28205885E8979C4C664958CDC", "href": "http://feedproxy.google.com/~r/avleonov/~3/BltzY4Fi__s/", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "cve": [{"lastseen": "2023-06-06T14:23:08", "description": "An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka 'Windows Runtime Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1249, CVE-2020-1353, CVE-2020-1370, CVE-2020-1404, CVE-2020-1413, CVE-2020-1414, CVE-2020-1415, CVE-2020-1422.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-07-14T23:15:00", "type": "cve", "title": "CVE-2020-1399", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1249", "CVE-2020-1353", "CVE-2020-1370", "CVE-2020-1399", "CVE-2020-1404", "CVE-2020-1413", "CVE-2020-1414", "CVE-2020-1415", "CVE-2020-1422"], "modified": "2021-07-21T11:39:00", "cpe": ["cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_server_2016:1909", "cpe:/o:microsoft:windows_10:1709", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_10:1903", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_server_2016:1903", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:1909"], "id": "CVE-2020-1399", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1399", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:itanium:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*"]}, {"lastseen": "2023-06-06T14:19:12", "description": "An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka 'Windows Runtime Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1353, CVE-2020-1370, CVE-2020-1399, CVE-2020-1404, CVE-2020-1413, CVE-2020-1414, CVE-2020-1415, CVE-2020-1422.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-07-14T23:15:00", "type": "cve", "title": "CVE-2020-1249", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1249", "CVE-2020-1353", "CVE-2020-1370", "CVE-2020-1399", "CVE-2020-1404", "CVE-2020-1413", "CVE-2020-1414", "CVE-2020-1415", "CVE-2020-1422"], "modified": "2021-07-21T11:39:00", "cpe": ["cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_server_2016:1909", "cpe:/o:microsoft:windows_10:1709", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_server_2016:1903", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_10:1903", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_10:1607"], "id": "CVE-2020-1249", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1249", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*"]}, {"lastseen": "2023-06-06T14:23:39", "description": "An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka 'Windows Runtime Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1249, CVE-2020-1353, CVE-2020-1370, CVE-2020-1399, CVE-2020-1404, CVE-2020-1413, CVE-2020-1414, CVE-2020-1415.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-07-14T23:15:00", "type": "cve", "title": "CVE-2020-1422", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1249", "CVE-2020-1353", "CVE-2020-1370", "CVE-2020-1399", "CVE-2020-1404", "CVE-2020-1413", "CVE-2020-1414", "CVE-2020-1415", "CVE-2020-1422"], "modified": "2021-07-21T11:39:00", "cpe": ["cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_server_2016:1909", "cpe:/o:microsoft:windows_server_2016:1903", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_10:1903", "cpe:/o:microsoft:windows_10:1809"], "id": "CVE-2020-1422", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1422", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*"]}, {"lastseen": "2023-06-06T14:23:30", "description": "An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka 'Windows Runtime Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1249, CVE-2020-1353, CVE-2020-1370, CVE-2020-1399, CVE-2020-1404, CVE-2020-1413, CVE-2020-1414, CVE-2020-1422.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-07-14T23:15:00", "type": "cve", "title": "CVE-2020-1415", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1249", "CVE-2020-1353", "CVE-2020-1370", "CVE-2020-1399", "CVE-2020-1404", "CVE-2020-1413", "CVE-2020-1414", "CVE-2020-1415", "CVE-2020-1422"], "modified": "2021-07-21T11:39:00", "cpe": ["cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_server_2016:1909", "cpe:/o:microsoft:windows_server_2016:1903", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_10:1903", "cpe:/o:microsoft:windows_10:1809"], "id": "CVE-2020-1415", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1415", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*"]}, {"lastseen": "2023-06-06T14:21:53", "description": "An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka 'Windows Runtime Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1249, CVE-2020-1370, CVE-2020-1399, CVE-2020-1404, CVE-2020-1413, CVE-2020-1414, CVE-2020-1415, CVE-2020-1422.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-07-14T23:15:00", "type": "cve", "title": "CVE-2020-1353", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1249", "CVE-2020-1353", "CVE-2020-1370", "CVE-2020-1399", "CVE-2020-1404", "CVE-2020-1413", "CVE-2020-1414", "CVE-2020-1415", "CVE-2020-1422"], "modified": "2021-07-21T11:39:00", "cpe": ["cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_server_2016:1909", "cpe:/o:microsoft:windows_10:1709", "cpe:/o:microsoft:windows_server_2016:1903", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_10:1903", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_server_2016:-"], "id": "CVE-2020-1353", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1353", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*"]}, {"lastseen": "2023-06-06T14:22:20", "description": "An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka 'Windows Runtime Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1249, CVE-2020-1353, CVE-2020-1399, CVE-2020-1404, CVE-2020-1413, CVE-2020-1414, CVE-2020-1415, CVE-2020-1422.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-07-14T23:15:00", "type": "cve", "title": "CVE-2020-1370", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1249", "CVE-2020-1353", "CVE-2020-1370", "CVE-2020-1399", "CVE-2020-1404", "CVE-2020-1413", "CVE-2020-1414", "CVE-2020-1415", "CVE-2020-1422"], "modified": "2021-07-21T11:39:00", "cpe": ["cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_server_2016:1909", "cpe:/o:microsoft:windows_10:1709", "cpe:/o:microsoft:windows_server_2016:1903", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_10:1903", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_server_2016:-"], "id": "CVE-2020-1370", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1370", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*"]}, {"lastseen": "2023-06-06T14:23:15", "description": "An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka 'Windows Runtime Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1249, CVE-2020-1353, CVE-2020-1370, CVE-2020-1399, CVE-2020-1413, CVE-2020-1414, CVE-2020-1415, CVE-2020-1422.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-07-14T23:15:00", "type": "cve", "title": "CVE-2020-1404", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1249", "CVE-2020-1353", "CVE-2020-1370", "CVE-2020-1399", "CVE-2020-1404", "CVE-2020-1413", "CVE-2020-1414", "CVE-2020-1415", "CVE-2020-1422"], "modified": "2021-07-21T11:39:00", "cpe": ["cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_server_2016:1909", "cpe:/o:microsoft:windows_10:1709", "cpe:/o:microsoft:windows_server_2016:1903", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_10:1903", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_server_2016:-"], "id": "CVE-2020-1404", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1404", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*"]}, {"lastseen": "2023-06-06T14:23:30", "description": "An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka 'Windows Runtime Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1249, CVE-2020-1353, CVE-2020-1370, CVE-2020-1399, CVE-2020-1404, CVE-2020-1413, CVE-2020-1415, CVE-2020-1422.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-07-14T23:15:00", "type": "cve", "title": "CVE-2020-1414", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1249", "CVE-2020-1353", "CVE-2020-1370", "CVE-2020-1399", "CVE-2020-1404", "CVE-2020-1413", "CVE-2020-1414", "CVE-2020-1415", "CVE-2020-1422"], "modified": "2021-07-21T11:39:00", "cpe": ["cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_server_2016:1909", "cpe:/o:microsoft:windows_server_2016:1903", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_10:1903", "cpe:/o:microsoft:windows_10:1809"], "id": "CVE-2020-1414", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1414", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*"]}, {"lastseen": "2023-06-06T14:23:27", "description": "An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka 'Windows Runtime Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1249, CVE-2020-1353, CVE-2020-1370, CVE-2020-1399, CVE-2020-1404, CVE-2020-1414, CVE-2020-1415, CVE-2020-1422.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-07-14T23:15:00", "type": "cve", "title": "CVE-2020-1413", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1249", "CVE-2020-1353", "CVE-2020-1370", "CVE-2020-1399", "CVE-2020-1404", "CVE-2020-1413", "CVE-2020-1414", "CVE-2020-1415", "CVE-2020-1422"], "modified": "2021-07-21T11:39:00", "cpe": ["cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_server_2016:1909", "cpe:/o:microsoft:windows_10:1709", "cpe:/o:microsoft:windows_server_2016:1903", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_10:1903", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_server_2016:-"], "id": "CVE-2020-1413", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1413", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*"]}, {"lastseen": "2023-06-06T14:24:02", "description": "An elevation of privilege vulnerability exists in the way that the Windows Network Connections Service handles objects in memory, aka 'Windows Network Connections Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1373, CVE-2020-1390, CVE-2020-1427, CVE-2020-1428.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-07-14T23:15:00", "type": "cve", "title": "CVE-2020-1438", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1373", "CVE-2020-1390", "CVE-2020-1427", "CVE-2020-1428", "CVE-2020-1438"], "modified": "2021-07-21T11:39:00", "cpe": ["cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_server_2016:1909", "cpe:/o:microsoft:windows_10:1709", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_10:1903", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_server_2016:1903", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:1909"], "id": "CVE-2020-1438", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1438", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:itanium:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*"]}, {"lastseen": "2023-06-06T14:22:51", "description": "An elevation of privilege vulnerability exists in the way that the Windows Network Connections Service handles objects in memory, aka 'Windows Network Connections Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1373, CVE-2020-1427, CVE-2020-1428, CVE-2020-1438.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-07-14T23:15:00", "type": "cve", "title": "CVE-2020-1390", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1373", "CVE-2020-1390", "CVE-2020-1427", "CVE-2020-1428", "CVE-2020-1438"], "modified": "2021-07-21T11:39:00", "cpe": ["cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_server_2016:1909", "cpe:/o:microsoft:windows_10:1709", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_10:1903", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_server_2016:1903", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:1909"], "id": "CVE-2020-1390", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1390", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:itanium:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*"]}, {"lastseen": "2023-06-06T14:23:44", "description": "An elevation of privilege vulnerability exists in the way that the Windows Network Connections Service handles objects in memory, aka 'Windows Network Connections Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1373, CVE-2020-1390, CVE-2020-1428, CVE-2020-1438.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-07-14T23:15:00", "type": "cve", "title": "CVE-2020-1427", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1373", "CVE-2020-1390", "CVE-2020-1427", "CVE-2020-1428", "CVE-2020-1438"], "modified": "2021-07-21T11:39:00", "cpe": ["cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_server_2016:1909", "cpe:/o:microsoft:windows_10:1709", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_10:1903", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_server_2016:1903", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:1909"], "id": "CVE-2020-1427", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1427", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:itanium:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*"]}, {"lastseen": "2023-06-06T14:23:47", "description": "An elevation of privilege vulnerability exists in the way that the Windows Network Connections Service handles objects in memory, aka 'Windows Network Connections Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1373, CVE-2020-1390, CVE-2020-1427, CVE-2020-1438.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-07-14T23:15:00", "type": "cve", "title": "CVE-2020-1428", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1373", "CVE-2020-1390", "CVE-2020-1427", "CVE-2020-1428", "CVE-2020-1438"], "modified": "2021-07-21T11:39:00", "cpe": ["cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_server_2016:1909", "cpe:/o:microsoft:windows_10:1709", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_10:1903", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_server_2016:1903", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:1909"], "id": "CVE-2020-1428", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1428", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:itanium:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*"]}, {"lastseen": "2023-06-06T14:22:23", "description": "An elevation of privilege vulnerability exists in the way that the Windows Network Connections Service handles objects in memory, aka 'Windows Network Connections Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1390, CVE-2020-1427, CVE-2020-1428, CVE-2020-1438.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-07-14T23:15:00", "type": "cve", "title": "CVE-2020-1373", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1373", "CVE-2020-1390", "CVE-2020-1427", "CVE-2020-1428", "CVE-2020-1438"], "modified": "2021-07-21T11:39:00", "cpe": ["cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_server_2016:1909", "cpe:/o:microsoft:windows_10:1709", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_10:1903", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_server_2016:1903", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:1909"], "id": "CVE-2020-1373", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1373", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:itanium:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*"]}, {"lastseen": "2023-06-06T14:22:19", "description": "An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-1389, CVE-2020-1419, CVE-2020-1426.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-07-14T23:15:00", "type": "cve", "title": "CVE-2020-1367", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1367", "CVE-2020-1389", "CVE-2020-1419", "CVE-2020-1426"], "modified": "2021-07-21T11:39:00", "cpe": ["cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_server_2016:1909", "cpe:/o:microsoft:windows_server_2016:1903", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_10:1903", "cpe:/o:microsoft:windows_10:1809"], "id": "CVE-2020-1367", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1367", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*"]}, {"lastseen": "2023-06-06T14:22:47", "description": "An elevation of privilege vulnerability exists in the way that the psmsrv.dll handles objects in memory, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1392, CVE-2020-1394, CVE-2020-1395.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-07-14T23:15:00", "type": "cve", "title": "CVE-2020-1388", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1388", "CVE-2020-1392", "CVE-2020-1394", "CVE-2020-1395"], "modified": "2021-07-21T11:39:00", "cpe": ["cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_server_2016:1909", "cpe:/o:microsoft:windows_10:1709", "cpe:/o:microsoft:windows_server_2016:1903", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_10:1903", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_server_2016:-"], "id": "CVE-2020-1388", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1388", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*"]}, {"lastseen": "2023-06-06T14:22:57", "description": "An elevation of privilege vulnerability exists in the way that the Windows Geolocation Framework handles objects in memory, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1388, CVE-2020-1392, CVE-2020-1395.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-07-14T23:15:00", "type": "cve", "title": "CVE-2020-1394", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1388", "CVE-2020-1392", "CVE-2020-1394", "CVE-2020-1395"], "modified": "2021-07-21T11:39:00", "cpe": ["cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_server_2016:1909", "cpe:/o:microsoft:windows_server_2016:1903", "cpe:/o:microsoft:windows_10:1709", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_10:1903"], "id": "CVE-2020-1394", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1394", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*"]}, {"lastseen": "2023-06-06T14:22:49", "description": "An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-1367, CVE-2020-1419, CVE-2020-1426.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-07-14T23:15:00", "type": "cve", "title": "CVE-2020-1389", "cwe": ["CWE-665"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1367", "CVE-2020-1389", "CVE-2020-1419", "CVE-2020-1426"], "modified": "2021-07-21T11:39:00", "cpe": ["cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_server_2016:1909", "cpe:/o:microsoft:windows_10:1709", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_10:1903", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_server_2016:1903", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:1909"], "id": "CVE-2020-1389", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1389", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*"]}, {"lastseen": "2023-06-06T14:23:43", "description": "An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-1367, CVE-2020-1389, CVE-2020-1419.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-07-14T23:15:00", "type": "cve", "title": "CVE-2020-1426", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1367", "CVE-2020-1389", "CVE-2020-1419", "CVE-2020-1426"], "modified": "2021-07-21T11:39:00", "cpe": ["cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_server_2016:1909", "cpe:/o:microsoft:windows_server_2016:1903", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_10:1903", "cpe:/o:microsoft:windows_10:1809"], "id": "CVE-2020-1426", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1426", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*"]}, {"lastseen": "2023-06-06T14:22:54", "description": "An elevation of privilege vulnerability exists when the Windows Delivery Optimization service improperly handles objects in memory, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1388, CVE-2020-1394, CVE-2020-1395.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-07-14T23:15:00", "type": "cve", "title": "CVE-2020-1392", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1388", "CVE-2020-1392", "CVE-2020-1394", "CVE-2020-1395"], "modified": "2021-07-21T11:39:00", "cpe": ["cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_server_2016:1909", "cpe:/o:microsoft:windows_10:1709", "cpe:/o:microsoft:windows_server_2016:1903", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_10:1903", "cpe:/o:microsoft:windows_10:-"], "id": "CVE-2020-1392", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1392", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*"]}, {"lastseen": "2023-06-06T14:23:01", "description": "An elevation of privilege vulnerability exists in the way that the Windows Speech Brokered API handles objects in memory, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1388, CVE-2020-1392, CVE-2020-1394.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-07-14T23:15:00", "type": "cve", "title": "CVE-2020-1395", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1388", "CVE-2020-1392", "CVE-2020-1394", "CVE-2020-1395"], "modified": "2021-07-21T11:39:00", "cpe": ["cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_server_2016:1909", "cpe:/o:microsoft:windows_10:1709", "cpe:/o:microsoft:windows_server_2016:1903", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_10:1903", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_server_2016:-"], "id": "CVE-2020-1395", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1395", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*"]}, {"lastseen": "2023-06-06T14:23:36", "description": "An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-1367, CVE-2020-1389, CVE-2020-1426.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-07-14T23:15:00", "type": "cve", "title": "CVE-2020-1419", "cwe": ["CWE-909"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1367", "CVE-2020-1389", "CVE-2020-1419", "CVE-2020-1426"], "modified": "2021-07-21T11:39:00", "cpe": ["cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_server_2016:1909", "cpe:/o:microsoft:windows_10:1709", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_10:1903", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_server_2016:1903", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_10:1909"], "id": "CVE-2020-1419", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1419", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:x86:*"]}, {"lastseen": "2023-06-06T14:23:11", "description": "A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1400, CVE-2020-1407.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-07-14T23:15:00", "type": "cve", "title": "CVE-2020-1401", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1400", "CVE-2020-1401", "CVE-2020-1407"], "modified": "2021-07-21T11:39:00", "cpe": ["cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_server_2016:1909", "cpe:/o:microsoft:windows_10:1709", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_10:1903", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_server_2016:1903", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:1909"], "id": "CVE-2020-1401", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1401", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*"]}, {"lastseen": "2023-06-06T14:23:18", "description": "A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1400, CVE-2020-1401.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-07-14T23:15:00", "type": "cve", "title": "CVE-2020-1407", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1400", "CVE-2020-1401", "CVE-2020-1407"], "modified": "2021-07-21T11:39:00", "cpe": ["cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_server_2016:1909", "cpe:/o:microsoft:windows_10:1709", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_10:1903", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_server_2016:1903", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:1909"], "id": "CVE-2020-1407", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1407", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*"]}, {"lastseen": "2023-06-06T14:23:09", "description": "A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1401, CVE-2020-1407.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-07-14T23:15:00", "type": "cve", "title": "CVE-2020-1400", "cwe": ["CWE-191"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1400", "CVE-2020-1401", "CVE-2020-1407"], "modified": "2022-04-27T15:35:00", "cpe": ["cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_server_2016:1909", "cpe:/o:microsoft:windows_10:1709", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_10:1903", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_server_2016:1903", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:1909"], "id": "CVE-2020-1400", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1400", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*"]}, {"lastseen": "2023-06-06T14:22:09", "description": "An elevation of privilege vulnerability exists in the way that the Windows WalletService handles objects in memory, aka 'Windows WalletService Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1344, CVE-2020-1369.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-07-14T23:15:00", "type": "cve", "title": "CVE-2020-1362", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1344", "CVE-2020-1362", "CVE-2020-1369"], "modified": "2021-07-21T11:39:00", "cpe": ["cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_server_2016:1909", "cpe:/o:microsoft:windows_10:1709", "cpe:/o:microsoft:windows_server_2016:1903", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_10:1903", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_server_2016:-"], "id": "CVE-2020-1362", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1362", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*"]}, {"lastseen": "2023-06-06T14:21:42", "description": "An elevation of privilege vulnerability exists in the way that the Windows WalletService handles objects in memory, aka 'Windows WalletService Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1362, CVE-2020-1369.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-07-14T23:15:00", "type": "cve", "title": "CVE-2020-1344", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1344", "CVE-2020-1362", "CVE-2020-1369"], "modified": "2021-07-21T11:39:00", "cpe": ["cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_server_2016:1909", "cpe:/o:microsoft:windows_10:1709", "cpe:/o:microsoft:windows_server_2016:1903", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_10:1903", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_server_2016:-"], "id": "CVE-2020-1344", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1344", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*"]}, {"lastseen": "2023-06-06T14:22:18", "description": "An elevation of privilege vulnerability exists in the way that the Windows WalletService handles objects in memory, aka 'Windows WalletService Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1344, CVE-2020-1362.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-07-14T23:15:00", "type": "cve", "title": "CVE-2020-1369", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1344", "CVE-2020-1362", "CVE-2020-1369"], "modified": "2021-07-21T11:39:00", "cpe": ["cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_server_2016:1909", "cpe:/o:microsoft:windows_10:1709", "cpe:/o:microsoft:windows_server_2016:1903", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_10:1903", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_server_2016:-"], "id": "CVE-2020-1369", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1369", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*"]}, {"lastseen": "2023-06-06T14:21:56", "description": "An elevation of privilege vulnerability exists when the Windows UPnP Device Host improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows UPnP Device Host Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1430.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-07-14T23:15:00", "type": "cve", "title": "CVE-2020-1354", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1354", "CVE-2020-1430"], "modified": "2021-07-21T11:39:00", "cpe": ["cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_10:1709", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_10:1903", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_server_2016:1903", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:1909"], "id": "CVE-2020-1354", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1354", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*"]}, {"lastseen": "2023-06-06T14:23:46", "description": "An elevation of privilege vulnerability exists when the Windows UPnP Device Host improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows UPnP Device Host Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1354.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-07-14T23:15:00", "type": "cve", "title": "CVE-2020-1430", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1354", "CVE-2020-1430"], "modified": "2021-07-21T11:39:00", "cpe": ["cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_server_2016:1909", "cpe:/o:microsoft:windows_10:1709", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_10:1903", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_server_2016:1903", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:1909"], "id": "CVE-2020-1430", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1430", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*"]}, {"lastseen": "2023-06-06T14:22:13", "description": "An elevation of privilege vulnerability exists when the Windows Event Logging Service improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Event Logging Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1371.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-07-14T23:15:00", "type": "cve", "title": "CVE-2020-1365", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1365", "CVE-2020-1371"], "modified": "2021-07-21T11:39:00", "cpe": ["cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_server_2016:1909", "cpe:/o:microsoft:windows_10:1709", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_10:1903", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_server_2016:1903", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:1909"], "id": "CVE-2020-1365", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1365", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*"]}, {"lastseen": "2023-06-06T14:22:20", "description": "An elevation of privilege vulnerability exists when the Windows Event Logging Service improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Event Logging Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1365.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-07-14T23:15:00", "type": "cve", "title": "CVE-2020-1371", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1365", "CVE-2020-1371"], "modified": "2021-07-21T11:39:00", "cpe": ["cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_server_2016:1909", "cpe:/o:microsoft:windows_10:1709", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_10:1903", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_server_2016:1903", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:1909"], "id": "CVE-2020-1371", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1371", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*"]}, {"lastseen": "2023-06-06T14:22:40", "description": "An elevation of privilege vulnerability exists when the Windows Cryptography Next Generation (CNG) Key Isolation service improperly handles memory, aka 'Windows CNG Key Isolation Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1359.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-07-14T23:15:00", "type": "cve", "title": "CVE-2020-1384", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1359", "CVE-2020-1384"], "modified": "2021-07-21T11:39:00", "cpe": ["cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_server_2016:1909", "cpe:/o:microsoft:windows_10:1709", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_10:1903", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_server_2016:1903", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:1909"], "id": "CVE-2020-1384", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1384", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*"]}, {"lastseen": "2023-06-06T14:22:04", "description": "An elevation of privilege vulnerability exists when the Windows Cryptography Next Generation (CNG) Key Isolation service improperly handles memory, aka 'Windows CNG Key Isolation Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1384.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-07-14T23:15:00", "type": "cve", "title": "CVE-2020-1359", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1359", "CVE-2020-1384"], "modified": "2021-07-21T11:39:00", "cpe": ["cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_server_2016:1909", "cpe:/o:microsoft:windows_10:1709", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_10:1903", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_server_2016:1903", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:1909"], "id": "CVE-2020-1359", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1359", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*"]}, {"lastseen": "2023-06-06T14:23:34", "description": "An elevation of privilege vulnerability exists when the Windows Diagnostics Execution Service fails to properly sanitize input, leading to an unsecure library-loading behavior, aka 'Windows Diagnostics Hub Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1393.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-07-14T23:15:00", "type": "cve", "title": "CVE-2020-1418", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1393", "CVE-2020-1418"], "modified": "2021-07-21T11:39:00", "cpe": ["cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_server_2016:1909", "cpe:/o:microsoft:windows_server_2016:1903", "cpe:/o:microsoft:windows_10:1709", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_10:1903"], "id": "CVE-2020-1418", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1418", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:x86:*"]}, {"lastseen": "2023-06-06T14:21:31", "description": "An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1411.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-07-14T23:15:00", "type": "cve", "title": "CVE-2020-1336", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1336", "CVE-2020-1411"], "modified": "2021-07-21T11:39:00", "cpe": ["cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_server_2016:1909", "cpe:/o:microsoft:windows_10:1709", "cpe:/o:microsoft:windows_server_2016:1903", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_10:1903", "cpe:/o:microsoft:windows_server_2016:-"], "id": "CVE-2020-1336", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1336", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*"]}, {"lastseen": "2023-06-06T14:22:38", "description": "An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory, aka 'Windows Graphics Component Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1381.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-07-14T23:15:00", "type": "cve", "title": "CVE-2020-1382", "cwe": ["CWE-416"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1381", "CVE-2020-1382"], "modified": "2021-07-21T11:39:00", "cpe": ["cpe:/o:microsoft:windows_server_2016:1909", "cpe:/o:microsoft:windows_server_2016:1903", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_10:2004", "cpe:/o:microso