Microsoft Windows Multiple Vulnerabilities (KB4565511)

2020-07-15T00:00:00

Description

This host is missing a critical security update according to Microsoft KB4565511

{"id": "OPENVAS:1361412562310817226", "vendorId": null, "type": "openvas", "bulletinFamily": "scanner", "title": "Microsoft Windows Multiple Vulnerabilities (KB4565511)", "description": "This host is missing a critical security\n update according to Microsoft KB4565511", "published": "2020-07-15T00:00:00", "modified": "2020-07-20T00:00:00", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {}, "cvss3": {}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310817226", "reporter": "Copyright (C) 2020 Greenbone Networks GmbH", "references": ["https://support.microsoft.com/en-us/help/4565511"], "cvelist": ["CVE-2020-1373", "CVE-2020-1354", "CVE-2020-1438", "CVE-2020-1404", "CVE-2020-1432", "CVE-2020-1401", "CVE-2020-1403", "CVE-2020-1420", "CVE-2020-1413", "CVE-2020-1344", "CVE-2020-1433", "CVE-2020-1353", "CVE-2020-1436", "CVE-2020-1085", "CVE-2020-1390", "CVE-2020-1358", "CVE-2020-1402", "CVE-2020-1406", "CVE-2020-1371", "CVE-2020-1352", "CVE-2020-1350", "CVE-2020-1411", "CVE-2020-1393", "CVE-2020-1468", "CVE-2020-1370", "CVE-2020-1360", "CVE-2020-1419", "CVE-2020-1333", "CVE-2020-1356", "CVE-2020-1336", "CVE-2020-1389", "CVE-2020-1385", "CVE-2020-1396", "CVE-2020-1362", "CVE-2020-1388", "CVE-2020-1397", "CVE-2020-1407", "CVE-2020-1384", "CVE-2020-1463", "CVE-2020-1427", "CVE-2020-1395", "CVE-2020-1267", "CVE-2020-1399", "CVE-2020-1368", "CVE-2020-1249", "CVE-2020-1430", "CVE-2020-1357", "CVE-2020-1412", "CVE-2020-1409", "CVE-2020-1147", "CVE-2020-1462", "CVE-2020-1374", "CVE-2020-1421", "CVE-2020-1365", "CVE-2020-1435", "CVE-2020-1369", "CVE-2020-1408", "CVE-2020-1437", "CVE-2020-1434", "CVE-2020-1361", "CVE-2020-1400", "CVE-2020-1398", "CVE-2020-1359", "CVE-2020-1428", "CVE-2020-1351", "CVE-2020-1429", "CVE-2020-1364", "CVE-2020-1410"], "immutableFields": [], "lastseen": "2020-07-21T19:51:39", "viewCount": 40, "enchantments": {"dependencies": {"references": [{"type": "attackerkb", "idList": ["AKB:1DE0ADEC-8107-491A-BC8F-DCC3BF6EB3AB", "AKB:9772927E-D7AA-4C42-B8B0-1B598D66E84D"]}, {"type": "avleonov", "idList": ["AVLEONOV:13BED8E5AD26449401A37E1273217B9A", "AVLEONOV:1ABE5F69187E5F9F8625DA462772F80C", "AVLEONOV:7DAB33D28205885E8979C4C664958CDC"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2020-0570", "CPAI-2020-0572", "CPAI-2020-0574", "CPAI-2020-0658", "CPAI-2020-0660", "CPAI-2020-0663"]}, {"type": "cisa", "idList": ["CISA:0A6DEB06CFB7BDA5A3D72E0F236C5665", "CISA:72803FA1C7CD81E274A0417B0A34353E"]}, {"type": "cisa_kev", "idList": ["CISA-KEV-CVE-2020-1147", "CISA-KEV-CVE-2020-1350"]}, {"type": "cnvd", "idList": ["CNVD-2021-63329", "CNVD-2021-63330", "CNVD-2021-63331", "CNVD-2021-65603", "CNVD-2021-65604", "CNVD-2021-65605", "CNVD-2021-67488", "CNVD-2021-67489", "CNVD-2021-67490", "CNVD-2021-67491", "CNVD-2021-67492", "CNVD-2021-90801"]}, {"type": "cve", "idList": ["CVE-2020-1085", "CVE-2020-1147", "CVE-2020-1249", "CVE-2020-1267", "CVE-2020-1333", "CVE-2020-1336", "CVE-2020-1344", "CVE-2020-1350", "CVE-2020-1351", "CVE-2020-1352", "CVE-2020-1353", "CVE-2020-1354", "CVE-2020-1356", "CVE-2020-1357", "CVE-2020-1358", "CVE-2020-1359", "CVE-2020-1360", "CVE-2020-1361", "CVE-2020-1362", "CVE-2020-1364", "CVE-2020-1365", "CVE-2020-1367", "CVE-2020-1368", "CVE-2020-1369", "CVE-2020-1370", "CVE-2020-1371", "CVE-2020-1373", "CVE-2020-1374", "CVE-2020-1384", "CVE-2020-1385", "CVE-2020-1388", "CVE-2020-1389", "CVE-2020-1390", "CVE-2020-1392", "CVE-2020-1393", "CVE-2020-1394", "CVE-2020-1395", "CVE-2020-1396", "CVE-2020-1397", "CVE-2020-13977", "CVE-2020-1398", "CVE-2020-1399", "CVE-2020-1400", "CVE-2020-1401", "CVE-2020-1402", "CVE-2020-1403", "CVE-2020-1404", "CVE-2020-1406", "CVE-2020-1407", "CVE-2020-1408", "CVE-2020-1409", "CVE-2020-1410", "CVE-2020-1411", "CVE-2020-1412", "CVE-2020-1413", "CVE-2020-1414", "CVE-2020-1415", "CVE-2020-1418", "CVE-2020-1419", "CVE-2020-1420", "CVE-2020-1421", "CVE-2020-1422", "CVE-2020-1426", "CVE-2020-1427", "CVE-2020-1428", "CVE-2020-1429", "CVE-2020-1430", "CVE-2020-1432", "CVE-2020-1433", "CVE-2020-1434", "CVE-2020-1435", "CVE-2020-1436", "CVE-2020-1437", "CVE-2020-1438", "CVE-2020-1462", "CVE-2020-1463", "CVE-2020-1468"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2020-13977"]}, {"type": "exploitdb", "idList": ["EDB-ID:48747", "EDB-ID:50151"]}, {"type": "fireeye", "idList": ["FIREEYE:378138E74601CDF1A714585138CDFF3C"]}, {"type": "github", "idList": ["GHSA-G5VF-38CP-4PX9"]}, {"type": "githubexploit", "idList": ["0AF42B8A-DF0D-58F8-AB60-9E7C63ED9EEB", "2A7F5F31-A737-556D-A869-05B87FD1F625", "37D3D343-97C5-5C12-8595-042E337E31C0", "479FD3C0-1269-5BC3-BD67-CDEE0485485A", "5D864A74-9452-5F59-B783-A6A773AE8213", "5F6BE6F7-C220-5BDD-BE92-A5156F21A1B2", "730EEC4F-BE81-5690-BA8D-B89482C5C3D0", "93EEDE73-1DB4-5905-BCAB-CDC6F98831CD", "9DE76D04-93D7-5923-9AE3-457D591197D6", "A37C8010-D2C6-52F5-9079-96E8A538B6CA", "C96C8DD1-344C-5476-85AC-6D2865A5C00F", "CB69BCC3-2317-5740-8B01-4F6F0D320AC3", "DD3676BD-E792-5189-86EE-4765FF68EFCB", "F14BCE6F-3415-59C7-AC9D-A5D7ABE1BB8E", "F3CF4A79-402B-56C0-8689-1AF5EBFECF3F", "FA6C0B5A-E89D-54A7-B603-4D8095BF66DD", "FB0D7C2A-01EB-5929-A539-96230C17B90F", "FFF6ABA4-7461-5653-836A-79F11037A7FF"]}, {"type": "huawei", "idList": ["HUAWEI-SA-20200716-01-DNS"]}, {"type": "ics", "idList": ["AA20-275A"]}, {"type": "impervablog", "idList": ["IMPERVABLOG:020B268DFC760B88704D35A6F4CF30D7"]}, {"type": "kaspersky", "idList": ["KLA11858", "KLA11859", "KLA11863", "KLA11864", "KLA11865"]}, {"type": "krebs", "idList": ["KREBS:1A886B22AAF8ADC53874F0E126C5A96D"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:D8FE6720785E2D0A74968E661F817C57"]}, {"type": "mscve", "idList": ["MS:CVE-2020-1085", "MS:CVE-2020-1147", "MS:CVE-2020-1249", "MS:CVE-2020-1267", "MS:CVE-2020-1333", "MS:CVE-2020-1336", "MS:CVE-2020-1344", "MS:CVE-2020-1350", "MS:CVE-2020-1351", "MS:CVE-2020-1352", "MS:CVE-2020-1353", "MS:CVE-2020-1354", "MS:CVE-2020-1356", "MS:CVE-2020-1357", "MS:CVE-2020-1358", "MS:CVE-2020-1359", "MS:CVE-2020-1360", "MS:CVE-2020-1361", "MS:CVE-2020-1362", "MS:CVE-2020-1364", "MS:CVE-2020-1365", "MS:CVE-2020-1368", "MS:CVE-2020-1369", "MS:CVE-2020-1370", "MS:CVE-2020-1371", "MS:CVE-2020-1373", "MS:CVE-2020-1374", "MS:CVE-2020-1384", "MS:CVE-2020-1385", "MS:CVE-2020-1388", "MS:CVE-2020-1389", "MS:CVE-2020-1390", "MS:CVE-2020-1393", "MS:CVE-2020-1395", "MS:CVE-2020-1396", "MS:CVE-2020-1397", "MS:CVE-2020-1398", "MS:CVE-2020-1399", "MS:CVE-2020-1400", "MS:CVE-2020-1401", "MS:CVE-2020-1402", "MS:CVE-2020-1403", "MS:CVE-2020-1404", "MS:CVE-2020-1406", "MS:CVE-2020-1407", "MS:CVE-2020-1408", "MS:CVE-2020-1409", "MS:CVE-2020-1410", "MS:CVE-2020-1411", "MS:CVE-2020-1412", "MS:CVE-2020-1413", "MS:CVE-2020-1419", "MS:CVE-2020-1420", "MS:CVE-2020-1421", "MS:CVE-2020-1427", "MS:CVE-2020-1428", "MS:CVE-2020-1429", "MS:CVE-2020-1430", "MS:CVE-2020-1432", "MS:CVE-2020-1433", "MS:CVE-2020-1434", "MS:CVE-2020-1435", "MS:CVE-2020-1436", "MS:CVE-2020-1437", "MS:CVE-2020-1438", "MS:CVE-2020-1462", "MS:CVE-2020-1463", "MS:CVE-2020-1468"]}, {"type": "mskb", "idList": ["KB4484436", "KB4484443", "KB4484453", "KB4484460", "KB4558998", "KB4565479", "KB4565483", "KB4565489", "KB4565503", "KB4565508", "KB4565511", "KB4565513", "KB4565524", "KB4565529", "KB4565535", "KB4565536", "KB4565537", "KB4565539", "KB4565540", "KB4565541", "KB4565627", "KB4565628", "KB4565629", "KB4565630", "KB4565631", "KB4565633", "KB4566466", "KB4566467", "KB4566468", "KB4566469", "KB4566516", "KB4566517", "KB4566518", "KB4566519", "KB4566520", "KB4567703"]}, {"type": "msrc", "idList": ["MSRC:0299F0ADFFEC3249877020E014342A78", "MSRC:0BBBB55B6F489CA387A82715A7CF6E11", "MSRC:79080D1EA83C3BB4689C763E5FACBDB5"]}, {"type": "nessus", "idList": ["CENTOS8_RHSA-2020-2938.NASL", "CENTOS8_RHSA-2020-2954.NASL", "FEDORA_2021-5689072A7E.NASL", "FEDORA_2021-B5E897A2E5.NASL", "MACOS_MS20_JUL_OFFICE.NASL", "MS_DNS_CVE-2020-1350.NASL", "ORACLELINUX_ELSA-2020-2938.NASL", "ORACLELINUX_ELSA-2020-2954.NASL", "REDHAT-RHSA-2020-2937.NASL", "REDHAT-RHSA-2020-2938.NASL", "REDHAT-RHSA-2020-2939.NASL", "REDHAT-RHSA-2020-2954.NASL", "REDHAT-RHSA-2020-2988.NASL", "REDHAT-RHSA-2020-2989.NASL", "SMB_NT_MS20_JUL_4558998.NASL", "SMB_NT_MS20_JUL_4565483.NASL", "SMB_NT_MS20_JUL_4565489.NASL", "SMB_NT_MS20_JUL_4565503.NASL", "SMB_NT_MS20_JUL_4565508.NASL", "SMB_NT_MS20_JUL_4565511.NASL", "SMB_NT_MS20_JUL_4565513.NASL", "SMB_NT_MS20_JUL_4565524.NASL", "SMB_NT_MS20_JUL_4565536.NASL", "SMB_NT_MS20_JUL_4565537.NASL", "SMB_NT_MS20_JUL_4565541.NASL", "SMB_NT_MS20_JUL_DNS_CHECK.NASL", "SMB_NT_MS20_JUL_DOTNET.NASL", "SMB_NT_MS20_JUL_DOTNET_CORE.NASL", "SMB_NT_MS20_JUL_DOTNET_CORE_SDK.NASL", "SMB_NT_MS20_JUL_INTERNET_EXPLORER.NASL", "SMB_NT_MS20_JUL_OFFICE_SHAREPOINT.NASL", "SMB_NT_MS20_JUL_VISUAL_STUDIO.NASL", "WEB_APPLICATION_SCANNING_112590", "WEB_APPLICATION_SCANNING_112591", "WEB_APPLICATION_SCANNING_112592", "WEB_APPLICATION_SCANNING_112593"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310144107", "OPENVAS:1361412562310817086", "OPENVAS:1361412562310817087", "OPENVAS:1361412562310817088", "OPENVAS:1361412562310817223", "OPENVAS:1361412562310817224", "OPENVAS:1361412562310817227", "OPENVAS:1361412562310817228", "OPENVAS:1361412562310817229", "OPENVAS:1361412562310817230", "OPENVAS:1361412562310817231", "OPENVAS:1361412562310817232", "OPENVAS:1361412562310817301", "OPENVAS:1361412562310817305", "OPENVAS:1361412562310817306", "OPENVAS:1361412562310817308"]}, {"type": "oraclelinux", "idList": ["ELSA-2020-2938", "ELSA-2020-2954"]}, {"type": "osv", "idList": ["OSV:GHSA-G5VF-38CP-4PX9"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:158694", "PACKETSTORM:158876", "PACKETSTORM:163644"]}, {"type": "pentestpartners", "idList": ["PENTESTPARTNERS:8FD1C9A0D76A3084445136A0275847C0"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:0082A77BD8EFFF48B406D107FEFD0DD3", "QUALYSBLOG:8028F138635C78F91B08AB2CF72FA154", "QUALYSBLOG:A0F20902D80081B44813D92C6DCCDAAF", "QUALYSBLOG:BC22CE22A3E70823D5F0E944CBD5CE4A", "QUALYSBLOG:DE1FEC2B9B661D42DAA0BA398DBFD24E", "QUALYSBLOG:F343178EEC11B54CFAFBD0B4D505010B"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:E36C557104ECB6E144C21C3C499B0492"]}, {"type": "redhat", "idList": ["RHSA-2020:2937", "RHSA-2020:2938", "RHSA-2020:2939", "RHSA-2020:2954", "RHSA-2020:2988", "RHSA-2020:2989"]}, {"type": "redhatcve", "idList": ["RH:CVE-2020-1147"]}, {"type": "thn", "idList": ["THN:DBFCCEBE2752BA05D9181D55D3477666"]}, {"type": "threatpost", "idList": ["THREATPOST:363C332F7046A481C24C7172C55CF758", "THREATPOST:547711F4B3BD7FF6F94D605387B3DD50", "THREATPOST:7E6D2DBA11B2CCCE264B0982306FBEB1", "THREATPOST:96E775E045D4DF55CC1B9A3AA0C28F70"]}, {"type": "trellix", "idList": ["TRELLIX:1C43DDFF23D74094DC43986305E2F780"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2020-13977"]}, {"type": "veracode", "idList": ["VERACODE:25890", "VERACODE:25896"]}, {"type": "zdi", "idList": ["ZDI-20-877", "ZDI-20-923", "ZDI-20-924"]}, {"type": "zdt", "idList": ["1337DAY-ID-34772", "1337DAY-ID-34840", "1337DAY-ID-36588"]}]}, "score": {"value": 0.1, "vector": "NONE"}, "backreferences": {"references": [{"type": "attackerkb", "idList": ["AKB:1DE0ADEC-8107-491A-BC8F-DCC3BF6EB3AB", "AKB:9772927E-D7AA-4C42-B8B0-1B598D66E84D"]}, {"type": "avleonov", "idList": ["AVLEONOV:1ABE5F69187E5F9F8625DA462772F80C", "AVLEONOV:7DAB33D28205885E8979C4C664958CDC"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2020-0570", "CPAI-2020-0572", "CPAI-2020-0574", "CPAI-2020-0658", "CPAI-2020-0660", "CPAI-2020-0663"]}, {"type": "cisa", "idList": ["CISA:0A6DEB06CFB7BDA5A3D72E0F236C5665", "CISA:72803FA1C7CD81E274A0417B0A34353E"]}, {"type": "cve", "idList": ["CVE-2020-1085", "CVE-2020-1147", "CVE-2020-1249", "CVE-2020-1267", "CVE-2020-1333", "CVE-2020-1336", "CVE-2020-1344", "CVE-2020-1350", "CVE-2020-1351", "CVE-2020-1352", "CVE-2020-1353", "CVE-2020-1354", "CVE-2020-1356", "CVE-2020-1357", "CVE-2020-1358", "CVE-2020-1359", "CVE-2020-1360", "CVE-2020-1361", "CVE-2020-1362", "CVE-2020-1364", "CVE-2020-1365", "CVE-2020-1368", "CVE-2020-1369", "CVE-2020-1370", "CVE-2020-1371", "CVE-2020-1373", "CVE-2020-1374", "CVE-2020-1384", "CVE-2020-1385", "CVE-2020-1388", "CVE-2020-1389", "CVE-2020-1390", "CVE-2020-1393", "CVE-2020-1395", "CVE-2020-1396", "CVE-2020-1397", "CVE-2020-1398", "CVE-2020-1399", "CVE-2020-1400", "CVE-2020-1401", "CVE-2020-1402", "CVE-2020-1403", "CVE-2020-1404", "CVE-2020-1406", "CVE-2020-1407", "CVE-2020-1408", "CVE-2020-1409", "CVE-2020-1410", "CVE-2020-1411", "CVE-2020-1412", "CVE-2020-1413", "CVE-2020-1419", "CVE-2020-1420", "CVE-2020-1421", "CVE-2020-1427", "CVE-2020-1428", "CVE-2020-1429", "CVE-2020-1430", "CVE-2020-1432", "CVE-2020-1433", "CVE-2020-1434", "CVE-2020-1435", "CVE-2020-1436", "CVE-2020-1437", "CVE-2020-1438", "CVE-2020-1462", "CVE-2020-1463", "CVE-2020-1468"]}, {"type": "exploitdb", "idList": ["EDB-ID:48747"]}, {"type": "githubexploit", "idList": ["0AF42B8A-DF0D-58F8-AB60-9E7C63ED9EEB", "2A7F5F31-A737-556D-A869-05B87FD1F625", "37D3D343-97C5-5C12-8595-042E337E31C0", "479FD3C0-1269-5BC3-BD67-CDEE0485485A", "5D864A74-9452-5F59-B783-A6A773AE8213", "5F6BE6F7-C220-5BDD-BE92-A5156F21A1B2", "93EEDE73-1DB4-5905-BCAB-CDC6F98831CD", "9DE76D04-93D7-5923-9AE3-457D591197D6", "A37C8010-D2C6-52F5-9079-96E8A538B6CA", "C96C8DD1-344C-5476-85AC-6D2865A5C00F", "CB69BCC3-2317-5740-8B01-4F6F0D320AC3", "DD3676BD-E792-5189-86EE-4765FF68EFCB", "F14BCE6F-3415-59C7-AC9D-A5D7ABE1BB8E", "F3CF4A79-402B-56C0-8689-1AF5EBFECF3F", "FA6C0B5A-E89D-54A7-B603-4D8095BF66DD", "FB0D7C2A-01EB-5929-A539-96230C17B90F", "FFF6ABA4-7461-5653-836A-79F11037A7FF"]}, {"type": "huawei", "idList": ["HUAWEI-SA-20200716-01-DNS"]}, {"type": "impervablog", "idList": ["IMPERVABLOG:020B268DFC760B88704D35A6F4CF30D7"]}, {"type": "kaspersky", "idList": ["KLA11858", "KLA11859", "KLA11863", "KLA11864", "KLA11865"]}, {"type": "krebs", "idList": ["KREBS:1A886B22AAF8ADC53874F0E126C5A96D"]}, {"type": "metasploit", "idList": ["MSF:EXPLOIT/WINDOWS/HTTP/SHAREPOINT_DATA_DESERIALIZATION"]}, {"type": "mscve", "idList": ["MS:CVE-2020-1085", "MS:CVE-2020-1147", "MS:CVE-2020-1249", "MS:CVE-2020-1267", "MS:CVE-2020-1333", "MS:CVE-2020-1336", "MS:CVE-2020-1344", "MS:CVE-2020-1350", "MS:CVE-2020-1351", "MS:CVE-2020-1352", "MS:CVE-2020-1353", "MS:CVE-2020-1354", "MS:CVE-2020-1356", "MS:CVE-2020-1357", "MS:CVE-2020-1358", "MS:CVE-2020-1359", "MS:CVE-2020-1360", "MS:CVE-2020-1361", "MS:CVE-2020-1362", "MS:CVE-2020-1364", "MS:CVE-2020-1365", "MS:CVE-2020-1368", "MS:CVE-2020-1369", "MS:CVE-2020-1370", "MS:CVE-2020-1371", "MS:CVE-2020-1373", "MS:CVE-2020-1374", "MS:CVE-2020-1384", "MS:CVE-2020-1385", "MS:CVE-2020-1388", "MS:CVE-2020-1389", "MS:CVE-2020-1390", "MS:CVE-2020-1393", "MS:CVE-2020-1395", "MS:CVE-2020-1396", "MS:CVE-2020-1397", "MS:CVE-2020-1398", "MS:CVE-2020-1399", "MS:CVE-2020-1400", "MS:CVE-2020-1401", "MS:CVE-2020-1402", "MS:CVE-2020-1403", "MS:CVE-2020-1404", "MS:CVE-2020-1406", "MS:CVE-2020-1407", "MS:CVE-2020-1408", "MS:CVE-2020-1409", "MS:CVE-2020-1410", "MS:CVE-2020-1411", "MS:CVE-2020-1412", "MS:CVE-2020-1413", "MS:CVE-2020-1419", "MS:CVE-2020-1420", "MS:CVE-2020-1421", "MS:CVE-2020-1427", "MS:CVE-2020-1428", "MS:CVE-2020-1429", "MS:CVE-2020-1430", "MS:CVE-2020-1432", "MS:CVE-2020-1433", "MS:CVE-2020-1434", "MS:CVE-2020-1435", "MS:CVE-2020-1436", "MS:CVE-2020-1437", "MS:CVE-2020-1438", "MS:CVE-2020-1462", "MS:CVE-2020-1463", "MS:CVE-2020-1468"]}, {"type": "mskb", "idList": ["KB4558998", "KB4565536", "KB4565539", "KB4565541"]}, {"type": "msrc", "idList": ["MSRC:79080D1EA83C3BB4689C763E5FACBDB5"]}, {"type": "nessus", "idList": ["MACOS_MS20_JUL_OFFICE.NASL", "ORACLELINUX_ELSA-2020-2938.NASL", "ORACLELINUX_ELSA-2020-2954.NASL", "REDHAT-RHSA-2020-2937.NASL", "REDHAT-RHSA-2020-2938.NASL", "REDHAT-RHSA-2020-2939.NASL", "REDHAT-RHSA-2020-2954.NASL", "REDHAT-RHSA-2020-2989.NASL", "SMB_NT_MS20_JUL_DOTNET.NASL", "SMB_NT_MS20_JUL_DOTNET_CORE.NASL", "SMB_NT_MS20_JUL_DOTNET_CORE_SDK.NASL", "SMB_NT_MS20_JUL_OFFICE_SHAREPOINT.NASL", "SMB_NT_MS20_JUL_VISUAL_STUDIO.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310144107", "OPENVAS:1361412562310817086", "OPENVAS:1361412562310817087", "OPENVAS:1361412562310817088", "OPENVAS:1361412562310817223", "OPENVAS:1361412562310817224", "OPENVAS:1361412562310817227", "OPENVAS:1361412562310817228", "OPENVAS:1361412562310817229", "OPENVAS:1361412562310817230", "OPENVAS:1361412562310817231", "OPENVAS:1361412562310817232", "OPENVAS:1361412562310817301", "OPENVAS:1361412562310817305", "OPENVAS:1361412562310817306", "OPENVAS:1361412562310817308"]}, {"type": "oraclelinux", "idList": ["ELSA-2020-2938", "ELSA-2020-2954"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:158694"]}, {"type": "pentestpartners", "idList": ["PENTESTPARTNERS:8FD1C9A0D76A3084445136A0275847C0"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:8028F138635C78F91B08AB2CF72FA154", "QUALYSBLOG:F343178EEC11B54CFAFBD0B4D505010B"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:E36C557104ECB6E144C21C3C499B0492"]}, {"type": "redhat", "idList": ["RHSA-2020:2938"]}, {"type": "thn", "idList": ["THN:DBFCCEBE2752BA05D9181D55D3477666"]}, {"type": "threatpost", "idList": ["THREATPOST:363C332F7046A481C24C7172C55CF758", "THREATPOST:7E6D2DBA11B2CCCE264B0982306FBEB1", "THREATPOST:96E775E045D4DF55CC1B9A3AA0C28F70"]}, {"type": "zdi", "idList": ["ZDI-20-877"]}, {"type": "zdt", "idList": ["1337DAY-ID-34772"]}]}, "exploitation": null, "epss": [{"cve": "CVE-2020-1373", "epss": "0.000430000", "percentile": "0.073850000", "modified": "2023-03-16"}, {"cve": "CVE-2020-1354", "epss": "0.000470000", "percentile": "0.141430000", "modified": "2023-03-16"}, {"cve": "CVE-2020-1438", "epss": "0.000430000", "percentile": "0.073850000", "modified": "2023-03-16"}, {"cve": "CVE-2020-1404", "epss": "0.000430000", "percentile": "0.073850000", "modified": "2023-03-16"}, {"cve": "CVE-2020-1432", "epss": "0.002150000", "percentile": "0.577520000", "modified": "2023-03-16"}, {"cve": "CVE-2020-1401", "epss": "0.054630000", "percentile": "0.919750000", "modified": "2023-03-16"}, {"cve": "CVE-2020-1403", "epss": "0.011830000", "percentile": "0.828870000", "modified": "2023-03-16"}, {"cve": "CVE-2020-1420", "epss": "0.000470000", "percentile": "0.141430000", "modified": "2023-03-16"}, {"cve": "CVE-2020-1413", "epss": "0.000430000", "percentile": "0.073850000", "modified": "2023-03-16"}, {"cve": "CVE-2020-1344", "epss": "0.000430000", "percentile": "0.073850000", "modified": "2023-03-16"}, {"cve": "CVE-2020-1433", "epss": "0.016050000", "percentile": "0.854250000", "modified": "2023-03-16"}, {"cve": "CVE-2020-1353", "epss": "0.000430000", "percentile": "0.073850000", "modified": "2023-03-16"}, {"cve": "CVE-2020-1436", "epss": "0.039780000", "percentile": "0.906480000", "modified": "2023-03-16"}, {"cve": "CVE-2020-1085", "epss": "0.000430000", "percentile": "0.073850000", "modified": "2023-03-16"}, {"cve": "CVE-2020-1390", "epss": "0.000430000", "percentile": "0.073850000", "modified": "2023-03-16"}, {"cve": "CVE-2020-1358", "epss": "0.000470000", "percentile": "0.141430000", "modified": "2023-03-16"}, {"cve": "CVE-2020-1402", "epss": "0.000470000", "percentile": "0.141430000", "modified": "2023-03-16"}, {"cve": "CVE-2020-1406", "epss": "0.000430000", "percentile": "0.073850000", "modified": "2023-03-16"}, {"cve": "CVE-2020-1371", "epss": "0.000470000", "percentile": "0.141430000", "modified": "2023-03-16"}, {"cve": "CVE-2020-1352", "epss": "0.000470000", "percentile": "0.141430000", "modified": "2023-03-16"}, {"cve": "CVE-2020-1350", "epss": "0.928020000", "percentile": "0.984330000", "modified": "2023-03-16"}, {"cve": "CVE-2020-1411", "epss": "0.000430000", "percentile": "0.073850000", "modified": "2023-03-16"}, {"cve": "CVE-2020-1393", "epss": "0.000430000", "percentile": "0.073850000", "modified": "2023-03-16"}, {"cve": "CVE-2020-1468", "epss": "0.016050000", "percentile": "0.854250000", "modified": "2023-03-16"}, {"cve": "CVE-2020-1370", "epss": "0.000430000", "percentile": "0.073850000", "modified": "2023-03-16"}, {"cve": "CVE-2020-1360", "epss": "0.000430000", "percentile": "0.073850000", "modified": "2023-03-16"}, {"cve": "CVE-2020-1419", "epss": "0.000430000", "percentile": "0.073850000", "modified": "2023-03-16"}, {"cve": "CVE-2020-1333", "epss": "0.000470000", "percentile": "0.143180000", "modified": "2023-03-16"}, {"cve": "CVE-2020-1356", "epss": "0.000430000", "percentile": "0.073850000", "modified": "2023-03-16"}, {"cve": "CVE-2020-1336", "epss": "0.000430000", "percentile": "0.073850000", "modified": "2023-03-16"}, {"cve": "CVE-2020-1389", "epss": "0.000430000", "percentile": "0.073850000", "modified": "2023-03-16"}, {"cve": "CVE-2020-1385", "epss": "0.000430000", "percentile": "0.073850000", "modified": "2023-03-16"}, {"cve": "CVE-2020-1396", "epss": "0.000430000", "percentile": "0.073850000", "modified": "2023-03-16"}, {"cve": "CVE-2020-1362", "epss": "0.000430000", "percentile": "0.073850000", "modified": "2023-03-16"}, {"cve": "CVE-2020-1388", "epss": "0.000430000", "percentile": "0.073850000", "modified": "2023-03-16"}, {"cve": "CVE-2020-1397", "epss": "0.016050000", "percentile": "0.854250000", "modified": "2023-03-16"}, {"cve": "CVE-2020-1407", "epss": "0.054630000", "percentile": "0.919750000", "modified": "2023-03-16"}, {"cve": "CVE-2020-1384", "epss": "0.000430000", "percentile": "0.073850000", "modified": "2023-03-16"}, {"cve": "CVE-2020-1463", "epss": "0.000430000", "percentile": "0.073850000", "modified": "2023-03-16"}, {"cve": "CVE-2020-1427", "epss": "0.000430000", "percentile": "0.073850000", "modified": "2023-03-16"}, {"cve": "CVE-2020-1395", "epss": "0.000430000", "percentile": "0.073850000", "modified": "2023-03-16"}, {"cve": "CVE-2020-1267", "epss": "0.001470000", "percentile": "0.490240000", "modified": "2023-03-16"}, {"cve": "CVE-2020-1399", "epss": "0.000430000", "percentile": "0.073850000", "modified": "2023-03-16"}, {"cve": "CVE-2020-1368", "epss": "0.000430000", "percentile": "0.073850000", "modified": "2023-03-16"}, {"cve": "CVE-2020-1249", "epss": "0.000430000", "percentile": "0.073850000", "modified": "2023-03-16"}, {"cve": "CVE-2020-1430", "epss": "0.000470000", "percentile": "0.141430000", "modified": "2023-03-16"}, {"cve": "CVE-2020-1357", "epss": "0.000430000", "percentile": "0.073850000", "modified": "2023-03-16"}, {"cve": "CVE-2020-1412", "epss": "0.019850000", "percentile": "0.869830000", "modified": "2023-03-16"}, {"cve": "CVE-2020-1409", "epss": "0.054630000", "percentile": "0.919750000", "modified": "2023-03-16"}, {"cve": "CVE-2020-1147", "epss": "0.767880000", "percentile": "0.976190000", "modified": "2023-03-16"}, {"cve": "CVE-2020-1462", "epss": "0.002150000", "percentile": "0.577520000", "modified": "2023-03-16"}, {"cve": "CVE-2020-1374", "epss": "0.011830000", "percentile": "0.828870000", "modified": "2023-03-16"}, {"cve": "CVE-2020-1421", "epss": "0.073890000", "percentile": "0.930110000", "modified": "2023-03-16"}, {"cve": "CVE-2020-1365", "epss": "0.000470000", "percentile": "0.141430000", "modified": "2023-03-16"}, {"cve": "CVE-2020-1435", "epss": "0.052520000", "percentile": "0.918110000", "modified": "2023-03-16"}, {"cve": "CVE-2020-1369", "epss": "0.000430000", "percentile": "0.073850000", "modified": "2023-03-16"}, {"cve": "CVE-2020-1408", "epss": "0.032910000", "percentile": "0.897760000", "modified": "2023-03-16"}, {"cve": "CVE-2020-1437", "epss": "0.000430000", "percentile": "0.073850000", "modified": "2023-03-16"}, {"cve": "CVE-2020-1434", "epss": "0.000430000", "percentile": "0.073850000", "modified": "2023-03-16"}, {"cve": "CVE-2020-1361", "epss": "0.000470000", "percentile": "0.141430000", "modified": "2023-03-16"}, {"cve": "CVE-2020-1400", "epss": "0.014470000", "percentile": "0.846020000", "modified": "2023-03-16"}, {"cve": "CVE-2020-1398", "epss": "0.000520000", "percentile": "0.180820000", "modified": "2023-03-16"}, {"cve": "CVE-2020-1359", "epss": "0.000430000", "percentile": "0.073850000", "modified": "2023-03-16"}, {"cve": "CVE-2020-1428", "epss": "0.000430000", "percentile": "0.073850000", "modified": "2023-03-16"}, {"cve": "CVE-2020-1351", "epss": "0.000430000", "percentile": "0.073850000", "modified": "2023-03-16"}, {"cve": "CVE-2020-1429", "epss": "0.000430000", "percentile": "0.073850000", "modified": "2023-03-16"}, {"cve": "CVE-2020-1364", "epss": "0.000430000", "percentile": "0.073850000", "modified": "2023-03-16"}, {"cve": "CVE-2020-1410", "epss": "0.054630000", "percentile": "0.919750000", "modified": "2023-03-16"}], "vulnersScore": 0.1}, "_state": {"dependencies": 1678960192, "score": 1684001907, "epss": 1678993763}, "_internal": {"score_hash": "3ddf09d81ca0914086e3db5a1dd91d9f"}, "pluginID": "1361412562310817226", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.817226\");\n script_version(\"2020-07-20T05:00:04+0000\");\n script_cve_id(\"CVE-2020-1085\", \"CVE-2020-1147\", \"CVE-2020-1249\", \"CVE-2020-1267\",\n \"CVE-2020-1333\", \"CVE-2020-1336\", \"CVE-2020-1344\", \"CVE-2020-1350\",\n \"CVE-2020-1351\", \"CVE-2020-1352\", \"CVE-2020-1353\", \"CVE-2020-1354\",\n \"CVE-2020-1356\", \"CVE-2020-1357\", \"CVE-2020-1358\", \"CVE-2020-1359\",\n \"CVE-2020-1360\", \"CVE-2020-1361\", \"CVE-2020-1362\", \"CVE-2020-1364\",\n \"CVE-2020-1365\", \"CVE-2020-1368\", \"CVE-2020-1369\", \"CVE-2020-1370\",\n \"CVE-2020-1371\", \"CVE-2020-1373\", \"CVE-2020-1374\", \"CVE-2020-1384\",\n \"CVE-2020-1385\", \"CVE-2020-1388\", \"CVE-2020-1389\", \"CVE-2020-1390\",\n \"CVE-2020-1393\", \"CVE-2020-1395\", \"CVE-2020-1396\", \"CVE-2020-1397\",\n \"CVE-2020-1398\", \"CVE-2020-1399\", \"CVE-2020-1400\", \"CVE-2020-1401\",\n \"CVE-2020-1402\", \"CVE-2020-1403\", \"CVE-2020-1404\", \"CVE-2020-1406\",\n \"CVE-2020-1407\", \"CVE-2020-1408\", \"CVE-2020-1409\", \"CVE-2020-1410\",\n \"CVE-2020-1411\", \"CVE-2020-1412\", \"CVE-2020-1413\", \"CVE-2020-1419\",\n \"CVE-2020-1420\", \"CVE-2020-1421\", \"CVE-2020-1427\", \"CVE-2020-1428\",\n \"CVE-2020-1429\", \"CVE-2020-1430\", \"CVE-2020-1432\", \"CVE-2020-1433\",\n \"CVE-2020-1434\", \"CVE-2020-1435\", \"CVE-2020-1436\", \"CVE-2020-1437\",\n \"CVE-2020-1438\", \"CVE-2020-1462\", \"CVE-2020-1463\", \"CVE-2020-1468\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-07-20 05:00:04 +0000 (Mon, 20 Jul 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-07-15 15:23:26 +0530 (Wed, 15 Jul 2020)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4565511)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4565511\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\n on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to,\n\n - Windows Domain Name System servers fail to properly handle requests (SIGRed, CVE-2020-1350).\n\n - Windows System Events Broker fails to properly handle file operations.\n\n - Windows WalletService fails to properly handle objects in memory.\n\n - Windows Runtime fails to properly handle objects in memory.\n\n - Windows Jet Database Engine fails to properly handle objects in memory.\n\n - Windows Network Connections Service fails to properly handle\n objects in memory.\n\n - SharedStream Library fails to handle objects in memory.\n\n Please see the references for more information about the vulnerabilities.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n to execute arbitrary code, elevate privilges, disclose sensitive information\n and denial of service attacks.\");\n\n script_tag(name:\"affected\", value:\"- Microsoft Windows 10 Version 1607 for 32-bit Systems\n\n - Microsoft Windows 10 Version 1607 for x64-based Systems\n\n - Microsoft Windows Server 2016\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see\n the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4565511\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win10:1, win10x64:1, win2016:1) <= 0)\n exit(0);\n\ndllPath = smb_get_system32root();\nif(!dllPath)\n exit(0);\n\nfileVer = fetch_file_version(sysPath:dllPath, file_name:\"Gdiplus.dll\");\nif(!fileVer)\n exit(0);\n\nif(version_in_range(version:fileVer, test_version:\"10.0.14393.0\", test_version2:\"10.0.14393.3807\")) {\n report = report_fixed_ver(file_checked:dllPath + \"\\Gdiplus.dll\",\n file_version:fileVer, vulnerable_range:\"10.0.14393.0 - 10.0.14393.3807\");\n security_message(data:report);\n exit(0);\n}\n\nexit(99);\n", "naslFamily": "Windows : Microsoft Bulletins"}

{"openvas": [{"lastseen": "2020-07-21T19:50:56", "description": "This host is missing a critical security\n update according to Microsoft KB4565513", "cvss3": {}, "published": "2020-07-15T00:00:00", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4565513)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-1373", "CVE-2020-1354", "CVE-2020-1438", "CVE-2020-1404", "CVE-2020-1432", "CVE-2020-1401", "CVE-2020-1403", "CVE-2020-1420", "CVE-2020-1413", "CVE-2020-1344", "CVE-2020-1433", "CVE-2020-1353", "CVE-2020-1436", "CVE-2020-1085", "CVE-2020-1390", "CVE-2020-1358", "CVE-2020-1402", "CVE-2020-1406", "CVE-2020-1371", "CVE-2020-1352", "CVE-2020-1411", "CVE-2020-1393", "CVE-2020-1468", "CVE-2020-1370", "CVE-2020-1360", "CVE-2020-1419", "CVE-2020-1333", "CVE-2020-1389", "CVE-2020-1385", "CVE-2020-1396", "CVE-2020-1362", "CVE-2020-1397", "CVE-2020-1407", "CVE-2020-1384", "CVE-2020-1427", "CVE-2020-1267", "CVE-2020-1399", "CVE-2020-1368", "CVE-2020-1249", "CVE-2020-1430", "CVE-2020-1412", "CVE-2020-1409", "CVE-2020-1147", "CVE-2020-1374", "CVE-2020-1421", "CVE-2020-1365", "CVE-2020-1435", "CVE-2020-1369", "CVE-2020-1408", "CVE-2020-1437", "CVE-2020-1434", "CVE-2020-1361", "CVE-2020-1400", "CVE-2020-1398", "CVE-2020-1359", "CVE-2020-1428", "CVE-2020-1351", "CVE-2020-1429", "CVE-2020-1364", "CVE-2020-1410"], "modified": "2020-07-17T00:00:00", "id": "OPENVAS:1361412562310817229", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310817229", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.817229\");\n script_version(\"2020-07-17T05:57:41+0000\");\n script_cve_id(\"CVE-2020-1085\", \"CVE-2020-1147\", \"CVE-2020-1249\", \"CVE-2020-1267\",\n \"CVE-2020-1333\", \"CVE-2020-1344\", \"CVE-2020-1351\", \"CVE-2020-1352\",\n \"CVE-2020-1353\", \"CVE-2020-1354\", \"CVE-2020-1358\", \"CVE-2020-1359\",\n \"CVE-2020-1360\", \"CVE-2020-1361\", \"CVE-2020-1362\", \"CVE-2020-1364\",\n \"CVE-2020-1365\", \"CVE-2020-1368\", \"CVE-2020-1369\", \"CVE-2020-1370\",\n \"CVE-2020-1371\", \"CVE-2020-1373\", \"CVE-2020-1374\", \"CVE-2020-1384\",\n \"CVE-2020-1385\", \"CVE-2020-1389\", \"CVE-2020-1390\", \"CVE-2020-1393\",\n \"CVE-2020-1396\", \"CVE-2020-1397\", \"CVE-2020-1398\", \"CVE-2020-1399\",\n \"CVE-2020-1400\", \"CVE-2020-1401\", \"CVE-2020-1402\", \"CVE-2020-1403\",\n \"CVE-2020-1404\", \"CVE-2020-1406\", \"CVE-2020-1407\", \"CVE-2020-1408\",\n \"CVE-2020-1409\", \"CVE-2020-1410\", \"CVE-2020-1411\", \"CVE-2020-1412\",\n \"CVE-2020-1413\", \"CVE-2020-1419\", \"CVE-2020-1420\", \"CVE-2020-1421\",\n \"CVE-2020-1427\", \"CVE-2020-1428\", \"CVE-2020-1429\", \"CVE-2020-1430\",\n \"CVE-2020-1432\", \"CVE-2020-1433\", \"CVE-2020-1434\", \"CVE-2020-1435\",\n \"CVE-2020-1436\", \"CVE-2020-1437\", \"CVE-2020-1438\", \"CVE-2020-1468\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-07-17 05:57:41 +0000 (Fri, 17 Jul 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-07-15 17:56:41 +0530 (Wed, 15 Jul 2020)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4565513)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4565513\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\n on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to,\n\n - Windows Event Logging Service fails to properly handle memory.\n\n - Windows WalletService fails to properly handle objects in memory.\n\n - Windows Network Connections Service fails to properly handle objects in memory.\n\n - Windows Jet Database Engine fails to properly handle objects in memory.\n\n - Windows Network Connections Service fails to properly handle\n objects in memory.\n\n - Windows Error Reporting fails to properly handle file operations.\n\n Please see the references for more information about the vulnerabilities.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n to execute arbitrary code, elevate privilges, disclose sensitive information\n and denial of service attacks.\");\n\n script_tag(name:\"affected\", value:\"- Microsoft Windows 10 for 32-bit Systems\n\n - Microsoft Windows 10 for x64-based Systems\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see\n the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4565513\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win10:1, win10x64:1) <= 0){\n exit(0);\n}\n\ndllPath = smb_get_system32root();\nif(!dllPath)\n exit(0);\n\nfileVer = fetch_file_version(sysPath:dllPath, file_name:\"User32.dll\");\nif(!fileVer)\n exit(0);\n\nif(version_is_less(version:fileVer, test_version:\"10.0.10240.18638\")) {\n report = report_fixed_ver(file_checked:dllPath + \"\\User32.dll\",\n file_version:fileVer, vulnerable_range:\"Less than 10.0.10240.18638\");\n security_message(data:report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-21T19:51:37", "description": "This host is missing a critical security\n update according to Microsoft KB4565524", "cvss3": {}, "published": "2020-07-15T00:00:00", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4565524)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-1373", "CVE-2020-1354", "CVE-2020-1438", "CVE-2020-1432", "CVE-2020-1401", "CVE-2020-1403", "CVE-2020-1436", "CVE-2020-1085", "CVE-2020-1390", "CVE-2020-1402", "CVE-2020-1371", "CVE-2020-1350", "CVE-2020-1468", "CVE-2020-1360", "CVE-2020-1419", "CVE-2020-1333", "CVE-2020-1389", "CVE-2020-1396", "CVE-2020-1397", "CVE-2020-1407", "CVE-2020-1384", "CVE-2020-1427", "CVE-2020-1267", "CVE-2020-1430", "CVE-2020-1412", "CVE-2020-1409", "CVE-2020-1374", "CVE-2020-1421", "CVE-2020-1365", "CVE-2020-1435", "CVE-2020-1408", "CVE-2020-1437", "CVE-2020-1400", "CVE-2020-1359", "CVE-2020-1428", "CVE-2020-1351", "CVE-2020-1410"], "modified": "2020-07-20T00:00:00", "id": "OPENVAS:1361412562310817230", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310817230", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.817230\");\n script_version(\"2020-07-20T05:00:04+0000\");\n script_cve_id(\"CVE-2020-1085\", \"CVE-2020-1267\", \"CVE-2020-1333\", \"CVE-2020-1350\",\n \"CVE-2020-1351\", \"CVE-2020-1354\", \"CVE-2020-1359\", \"CVE-2020-1360\",\n \"CVE-2020-1365\", \"CVE-2020-1371\", \"CVE-2020-1373\", \"CVE-2020-1374\",\n \"CVE-2020-1384\", \"CVE-2020-1389\", \"CVE-2020-1390\", \"CVE-2020-1396\",\n \"CVE-2020-1397\", \"CVE-2020-1400\", \"CVE-2020-1401\", \"CVE-2020-1402\",\n \"CVE-2020-1403\", \"CVE-2020-1407\", \"CVE-2020-1408\", \"CVE-2020-1409\",\n \"CVE-2020-1410\", \"CVE-2020-1412\", \"CVE-2020-1419\", \"CVE-2020-1421\",\n \"CVE-2020-1427\", \"CVE-2020-1428\", \"CVE-2020-1430\", \"CVE-2020-1432\",\n \"CVE-2020-1435\", \"CVE-2020-1436\", \"CVE-2020-1437\", \"CVE-2020-1438\",\n \"CVE-2020-1468\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-07-20 05:00:04 +0000 (Mon, 20 Jul 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-07-15 18:26:24 +0530 (Wed, 15 Jul 2020)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4565524)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4565524\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\n on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to,\n\n - Windows Domain Name System servers fail to properly handle requests (SIGRed, CVE-2020-1350).\n\n - Windows Event Logging Service fails to properly handle memory.\n\n - Windows Network Location Awareness Service fails to properly\n handle objects in memory.\n\n - Windows Jet Database Engine fails to properly handle objects in memory.\n\n - Windows Network Connections Service fails to properly handle\n objects in memory.\n\n - Windows Cryptography Next Generation (CNG) Key Isolation service\n fails to properly handle memory.\n\n Please see the references for more information about the vulnerabilities.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n to execute arbitrary code, elevate privilges, disclose sensitive information\n and denial of service attacks.\");\n\n script_tag(name:\"affected\", value:\"- Microsoft Windows Server 2008 R2 for x64-based Systems Service Pack 1\n\n - Microsoft Windows Server 2012\n\n - Microsoft Windows 7 for x64-based Systems Service Pack 1\n\n - Microsoft Windows 7 for 32-bit Systems Service Pack 1\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see\n the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4565524\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win2008r2:2, win2012:1, win7x64:2, win7:2) <= 0){\n exit(0);\n}\n\ndllPath = smb_get_system32root();\nif(!dllPath)\n exit(0);\n\nfileVer = fetch_file_version(sysPath:dllPath, file_name:\"Gdiplus.dll\");\nif(!fileVer)\n exit(0);\n\nif(version_is_less(version:fileVer, test_version:\"5.2.7601.24557\")) {\n report = report_fixed_ver(file_checked:dllPath + \"\\Gdiplus.dll\",\n file_version:fileVer, vulnerable_range:\"Less than 5.2.7601.24557\");\n security_message(data:report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-21T19:51:31", "description": "This host is missing a critical security\n update according to Microsoft KB4565541", "cvss3": {}, "published": "2020-07-15T00:00:00", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4565541)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-1373", "CVE-2020-1354", "CVE-2020-1438", "CVE-2020-1432", "CVE-2020-1401", "CVE-2020-1403", "CVE-2020-1436", "CVE-2020-1085", "CVE-2020-1390", "CVE-2020-1402", "CVE-2020-1406", "CVE-2020-1371", "CVE-2020-1350", "CVE-2020-1468", "CVE-2020-1360", "CVE-2020-1419", "CVE-2020-1333", "CVE-2020-1356", "CVE-2020-1389", "CVE-2020-1385", "CVE-2020-1396", "CVE-2020-1397", "CVE-2020-1407", "CVE-2020-1384", "CVE-2020-1427", "CVE-2020-1267", "CVE-2020-1399", "CVE-2020-1368", "CVE-2020-1249", "CVE-2020-1430", "CVE-2020-1412", "CVE-2020-1409", "CVE-2020-1374", "CVE-2020-1421", "CVE-2020-1365", "CVE-2020-1435", "CVE-2020-1408", "CVE-2020-1437", "CVE-2020-1400", "CVE-2020-1359", "CVE-2020-1428", "CVE-2020-1351", "CVE-2020-1410"], "modified": "2020-07-20T00:00:00", "id": "OPENVAS:1361412562310817231", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310817231", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.817231\");\n script_version(\"2020-07-20T05:00:04+0000\");\n script_cve_id(\"CVE-2020-1085\", \"CVE-2020-1249\", \"CVE-2020-1267\", \"CVE-2020-1333\",\n \"CVE-2020-1350\", \"CVE-2020-1351\", \"CVE-2020-1354\", \"CVE-2020-1356\",\n \"CVE-2020-1359\", \"CVE-2020-1360\", \"CVE-2020-1365\", \"CVE-2020-1368\",\n \"CVE-2020-1371\", \"CVE-2020-1373\", \"CVE-2020-1374\", \"CVE-2020-1384\",\n \"CVE-2020-1385\", \"CVE-2020-1389\", \"CVE-2020-1390\", \"CVE-2020-1396\",\n \"CVE-2020-1397\", \"CVE-2020-1399\", \"CVE-2020-1400\", \"CVE-2020-1401\",\n \"CVE-2020-1402\", \"CVE-2020-1403\", \"CVE-2020-1406\", \"CVE-2020-1407\",\n \"CVE-2020-1408\", \"CVE-2020-1409\", \"CVE-2020-1410\", \"CVE-2020-1412\",\n \"CVE-2020-1419\", \"CVE-2020-1421\", \"CVE-2020-1427\", \"CVE-2020-1428\",\n \"CVE-2020-1430\", \"CVE-2020-1432\", \"CVE-2020-1435\", \"CVE-2020-1436\",\n \"CVE-2020-1437\", \"CVE-2020-1438\", \"CVE-2020-1468\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-07-20 05:00:04 +0000 (Mon, 20 Jul 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-07-15 19:22:27 +0530 (Wed, 15 Jul 2020)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4565541)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4565541\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\n on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to,\n\n - Windows Domain Name System servers fail to properly handle requests (SIGRed, CVE-2020-1350).\n\n - DirectWrite fails to properly handle objects in memory.\n\n - Windows Address Book (WAB) fails to properly processes vcard files.\n\n - Windows Graphics Device Interface (GDI) fails to properly handle\n objects in the memory.\n\n - Windows Network Connections Service fails to handle objects in memory.\n Please see the references for more information about the vulnerabilities.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n to execute arbitrary code, elevate privilges, disclose sensitive information\n and denial of service attacks.\");\n\n script_tag(name:\"affected\", value:\"- Microsoft Windows 8.1 32-bit Systems\n\n - Microsoft Windows 8.1 for x64-based Systems\n\n - Microsoft Windows Server 2012 R2\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see\n the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4565541\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win8_1:1, win8_1x64:1, win2012R2:1) <= 0)\n exit(0);\n\ndllPath = smb_get_system32root();\nif(!dllPath)\n exit(0);\n\nfileVer = fetch_file_version(sysPath:dllPath, file_name:\"Gdiplus.dll\");\nif(!fileVer)\n exit(0);\n\nif(version_is_less(version:fileVer, test_version:\"6.3.9600.19756\")) {\n report = report_fixed_ver(file_checked:dllPath + \"\\Gdiplus.dll\",\n file_version:fileVer, vulnerable_range:\"Less than 6.3.9600.19756\");\n security_message(data:report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-21T19:50:57", "description": "This host is missing a critical security\n update according to Microsoft KB4565536", "cvss3": {}, "published": "2020-07-15T00:00:00", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4565536)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-1373", "CVE-2020-1354", "CVE-2020-1438", "CVE-2020-1401", "CVE-2020-1403", "CVE-2020-1436", "CVE-2020-1085", "CVE-2020-1390", "CVE-2020-1371", "CVE-2020-1350", "CVE-2020-1468", "CVE-2020-1360", "CVE-2020-1419", "CVE-2020-1333", "CVE-2020-1389", "CVE-2020-1396", "CVE-2020-1397", "CVE-2020-1407", "CVE-2020-1384", "CVE-2020-1427", "CVE-2020-1267", "CVE-2020-1430", "CVE-2020-1412", "CVE-2020-1409", "CVE-2020-1421", "CVE-2020-1365", "CVE-2020-1435", "CVE-2020-1408", "CVE-2020-1437", "CVE-2020-1400", "CVE-2020-1359", "CVE-2020-1428", "CVE-2020-1410"], "modified": "2020-07-20T00:00:00", "id": "OPENVAS:1361412562310817232", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310817232", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.817232\");\n script_version(\"2020-07-20T05:00:04+0000\");\n script_cve_id(\"CVE-2020-1085\", \"CVE-2020-1267\", \"CVE-2020-1333\", \"CVE-2020-1350\",\n \"CVE-2020-1354\", \"CVE-2020-1359\", \"CVE-2020-1360\", \"CVE-2020-1365\",\n \"CVE-2020-1371\", \"CVE-2020-1373\", \"CVE-2020-1384\", \"CVE-2020-1389\",\n \"CVE-2020-1390\", \"CVE-2020-1396\", \"CVE-2020-1397\", \"CVE-2020-1400\",\n \"CVE-2020-1401\", \"CVE-2020-1403\", \"CVE-2020-1407\", \"CVE-2020-1408\",\n \"CVE-2020-1409\", \"CVE-2020-1410\", \"CVE-2020-1412\", \"CVE-2020-1419\",\n \"CVE-2020-1421\", \"CVE-2020-1427\", \"CVE-2020-1428\", \"CVE-2020-1430\",\n \"CVE-2020-1435\", \"CVE-2020-1436\", \"CVE-2020-1437\", \"CVE-2020-1438\",\n \"CVE-2020-1468\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-07-20 05:00:04 +0000 (Mon, 20 Jul 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-07-15 20:23:57 +0530 (Wed, 15 Jul 2020)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4565536)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4565536\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\n on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to,\n\n - Windows Domain Name System servers fail to properly handle requests (SIGRed, CVE-2020-1350).\n\n - DirectWrite fails to properly handle objects in memory.\n\n - Windows Address Book (WAB) fails to properly processes vcard files.\n\n - Windows Graphics Device Interface (GDI) fails to properly handle\n objects in the memory.\n\n - Windows Network Connections Service fails to handle objects in memory.\n\n Please see the references for more information about the vulnerabilities.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n to execute arbitrary code, elevate privilges, disclose sensitive information\n and denial of service attacks.\");\n\n script_tag(name:\"affected\", value:\"- Microsoft Windows Server 2008 for 32-bit Systems Service Pack 2\n\n - Microsoft Windows Server 2008 for x64-based Systems Service Pack 2\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see\n the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4565536\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win2008:3, win2008x64:3) <= 0){\n exit(0);\n}\n\ndllPath = smb_get_system32root();\nif(!dllPath)\n exit(0);\n\nfileVer = fetch_file_version(sysPath:dllPath, file_name:\"Gdiplus.dll\");\nif(!fileVer)\n exit(0);\n\nif(version_is_less(version:fileVer, test_version:\"5.2.6003.20883\")) {\n report = report_fixed_ver(file_checked:dllPath + \"\\Gdiplus.dll\",\n file_version:fileVer, vulnerable_range:\"Less than 5.2.6003.20883\");\n security_message(data:report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-21T19:51:33", "description": "This host is missing a important security\n update according to Microsoft KB4565508", "cvss3": {}, "published": "2020-07-15T00:00:00", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4565508)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-1373", "CVE-2020-1354", "CVE-2020-1438", "CVE-2020-1404", "CVE-2020-1432", "CVE-2020-1401", "CVE-2020-1372", "CVE-2020-1403", "CVE-2020-1420", "CVE-2020-1413", "CVE-2020-1392", "CVE-2020-1344", "CVE-2020-1433", "CVE-2020-1353", "CVE-2020-1436", "CVE-2020-1375", "CVE-2020-1085", "CVE-2020-1390", "CVE-2020-1358", "CVE-2020-1402", "CVE-2020-1406", "CVE-2020-1371", "CVE-2020-1352", "CVE-2020-1411", "CVE-2020-1393", "CVE-2020-1386", "CVE-2020-1468", "CVE-2020-1370", "CVE-2020-1347", "CVE-2020-1360", "CVE-2020-1419", "CVE-2020-1333", "CVE-2020-1336", "CVE-2020-1389", "CVE-2020-1418", "CVE-2020-1385", "CVE-2020-1396", "CVE-2020-1362", "CVE-2020-1388", "CVE-2020-1397", "CVE-2020-1407", "CVE-2020-1384", "CVE-2020-1463", "CVE-2020-1427", "CVE-2020-1363", "CVE-2020-1395", "CVE-2020-1267", "CVE-2020-1399", "CVE-2020-1368", "CVE-2020-1249", "CVE-2020-1430", "CVE-2020-1357", "CVE-2020-1412", "CVE-2020-1409", "CVE-2020-1147", "CVE-2020-1462", "CVE-2020-1374", "CVE-2020-1421", "CVE-2020-1365", "CVE-2020-1435", "CVE-2020-1369", "CVE-2020-1408", "CVE-2020-1394", "CVE-2020-1437", "CVE-2020-1434", "CVE-2020-1366", "CVE-2020-1361", "CVE-2020-1400", "CVE-2020-1398", "CVE-2020-1359", "CVE-2020-1428", "CVE-2020-1351", "CVE-2020-1429", "CVE-2020-1364", "CVE-2020-1387", "CVE-2020-1410"], "modified": "2020-07-17T00:00:00", "id": "OPENVAS:1361412562310817223", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310817223", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.817223\");\n script_version(\"2020-07-17T05:57:41+0000\");\n script_cve_id(\"CVE-2020-1085\", \"CVE-2020-1147\", \"CVE-2020-1249\", \"CVE-2020-1267\",\n \"CVE-2020-1333\", \"CVE-2020-1336\", \"CVE-2020-1344\", \"CVE-2020-1347\",\n \"CVE-2020-1351\", \"CVE-2020-1352\", \"CVE-2020-1353\", \"CVE-2020-1354\",\n \"CVE-2020-1357\", \"CVE-2020-1358\", \"CVE-2020-1359\", \"CVE-2020-1360\",\n \"CVE-2020-1361\", \"CVE-2020-1362\", \"CVE-2020-1363\", \"CVE-2020-1364\",\n \"CVE-2020-1365\", \"CVE-2020-1366\", \"CVE-2020-1368\", \"CVE-2020-1369\",\n \"CVE-2020-1370\", \"CVE-2020-1371\", \"CVE-2020-1372\", \"CVE-2020-1373\",\n \"CVE-2020-1374\", \"CVE-2020-1375\", \"CVE-2020-1384\", \"CVE-2020-1385\",\n \"CVE-2020-1386\", \"CVE-2020-1387\", \"CVE-2020-1388\", \"CVE-2020-1389\",\n \"CVE-2020-1390\", \"CVE-2020-1392\", \"CVE-2020-1393\", \"CVE-2020-1394\",\n \"CVE-2020-1395\", \"CVE-2020-1396\", \"CVE-2020-1397\", \"CVE-2020-1398\",\n \"CVE-2020-1399\", \"CVE-2020-1400\", \"CVE-2020-1401\", \"CVE-2020-1402\",\n \"CVE-2020-1403\", \"CVE-2020-1404\", \"CVE-2020-1406\", \"CVE-2020-1407\",\n \"CVE-2020-1408\", \"CVE-2020-1409\", \"CVE-2020-1410\", \"CVE-2020-1411\",\n \"CVE-2020-1412\", \"CVE-2020-1413\", \"CVE-2020-1418\", \"CVE-2020-1419\",\n \"CVE-2020-1420\", \"CVE-2020-1421\", \"CVE-2020-1427\", \"CVE-2020-1428\",\n \"CVE-2020-1429\", \"CVE-2020-1430\", \"CVE-2020-1432\", \"CVE-2020-1433\",\n \"CVE-2020-1434\", \"CVE-2020-1435\", \"CVE-2020-1436\", \"CVE-2020-1437\",\n \"CVE-2020-1438\", \"CVE-2020-1462\", \"CVE-2020-1463\", \"CVE-2020-1468\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-07-17 05:57:41 +0000 (Fri, 17 Jul 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-07-15 09:51:05 +0530 (Wed, 15 Jul 2020)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4565508)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a important security\n update according to Microsoft KB4565508\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\n on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to,\n\n - Windows System Events Broker fails to properly handle file operations.\n\n - Windows WalletService fails to properly handle objects in memory.\n\n - Windows Mobile Device Management (MDM) Diagnostics fails to\n properly handle objects in memory.\n\n - Windows Jet Database Engine fails to properly handle objects in memory.\n\n - Windows Network Connections Service fails to properly handle\n objects in memory.\n\n - SharedStream Library fails to handle objects in memory.\n Please see the references for more information about the vulnerabilities.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n to execute arbitrary code, elevate privilges, disclose sensitive information\n and denial of service attacks.\");\n\n script_tag(name:\"affected\", value:\"- Microsoft Windows 10 Version 1709 for 32-bit Systems\n\n - Microsoft Windows 10 Version 1709 for x64-based Systems\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see\n the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4565508\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win10:1, win10x64:1) <= 0){\n exit(0);\n}\n\ndllPath = smb_get_system32root();\nif(!dllPath)\n exit(0);\n\nfileVer = fetch_file_version(sysPath:dllPath, file_name:\"User32.dll\");\nif(!fileVer)\n exit(0);\n\nif(version_in_range(version:fileVer, test_version:\"10.0.16299.0\", test_version2:\"10.0.16299.1991\")) {\n report = report_fixed_ver(file_checked:dllPath + \"\\User32.dll\",\n file_version:fileVer, vulnerable_range:\"10.0.16299.0 - 10.0.16299.1991\");\n security_message(data:report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-21T19:50:55", "description": "This host is missing a critical security\n update according to Microsoft KB4565489", "cvss3": {}, "published": "2020-07-15T00:00:00", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4565489)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-1373", "CVE-2020-1354", "CVE-2020-1438", "CVE-2020-1404", "CVE-2020-1432", "CVE-2020-1401", "CVE-2020-1372", "CVE-2020-1403", "CVE-2020-1420", "CVE-2020-1413", "CVE-2020-1392", "CVE-2020-1344", "CVE-2020-1414", "CVE-2020-1433", "CVE-2020-1353", "CVE-2020-1415", "CVE-2020-1436", "CVE-2020-1375", "CVE-2020-1085", "CVE-2020-1390", "CVE-2020-1358", "CVE-2020-1402", "CVE-2020-1406", "CVE-2020-1371", "CVE-2020-1352", "CVE-2020-1411", "CVE-2020-1393", "CVE-2020-1386", "CVE-2020-1468", "CVE-2020-1422", "CVE-2020-1370", "CVE-2020-1347", "CVE-2020-1360", "CVE-2020-1419", "CVE-2020-1333", "CVE-2020-1336", "CVE-2020-1389", "CVE-2020-1418", "CVE-2020-1385", "CVE-2020-1396", "CVE-2020-1362", "CVE-2020-1431", "CVE-2020-1388", "CVE-2020-1426", "CVE-2020-1397", "CVE-2020-1407", "CVE-2020-1384", "CVE-2020-1463", "CVE-2020-1427", "CVE-2020-1363", "CVE-2020-1395", "CVE-2020-1267", "CVE-2020-1399", "CVE-2020-1368", "CVE-2020-1249", "CVE-2020-1430", "CVE-2020-1357", "CVE-2020-1412", "CVE-2020-1409", "CVE-2020-1147", "CVE-2020-1462", "CVE-2020-1374", "CVE-2020-1421", "CVE-2020-1365", "CVE-2020-1435", "CVE-2020-1369", "CVE-2020-1408", "CVE-2020-1394", "CVE-2020-1437", "CVE-2020-1434", "CVE-2020-1366", "CVE-2020-1361", "CVE-2020-1400", "CVE-2020-1398", "CVE-2020-1359", "CVE-2020-1424", "CVE-2020-1428", "CVE-2020-1351", "CVE-2020-1429", "CVE-2020-1364", "CVE-2020-1387", "CVE-2020-1410"], "modified": "2020-07-17T00:00:00", "id": "OPENVAS:1361412562310817227", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310817227", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.817227\");\n script_version(\"2020-07-17T05:57:41+0000\");\n script_cve_id(\"CVE-2020-1085\", \"CVE-2020-1147\", \"CVE-2020-1249\", \"CVE-2020-1267\",\n \"CVE-2020-1333\", \"CVE-2020-1336\", \"CVE-2020-1344\", \"CVE-2020-1347\",\n \"CVE-2020-1351\", \"CVE-2020-1352\", \"CVE-2020-1353\", \"CVE-2020-1354\",\n \"CVE-2020-1357\", \"CVE-2020-1358\", \"CVE-2020-1359\", \"CVE-2020-1360\",\n \"CVE-2020-1361\", \"CVE-2020-1362\", \"CVE-2020-1363\", \"CVE-2020-1364\",\n \"CVE-2020-1365\", \"CVE-2020-1366\", \"CVE-2020-1368\", \"CVE-2020-1369\",\n \"CVE-2020-1370\", \"CVE-2020-1371\", \"CVE-2020-1372\", \"CVE-2020-1373\",\n \"CVE-2020-1374\", \"CVE-2020-1375\", \"CVE-2020-1384\", \"CVE-2020-1385\",\n \"CVE-2020-1386\", \"CVE-2020-1387\", \"CVE-2020-1388\", \"CVE-2020-1389\",\n \"CVE-2020-1390\", \"CVE-2020-1392\", \"CVE-2020-1393\", \"CVE-2020-1394\",\n \"CVE-2020-1395\", \"CVE-2020-1396\", \"CVE-2020-1397\", \"CVE-2020-1398\",\n \"CVE-2020-1399\", \"CVE-2020-1400\", \"CVE-2020-1401\", \"CVE-2020-1402\",\n \"CVE-2020-1403\", \"CVE-2020-1404\", \"CVE-2020-1406\", \"CVE-2020-1407\",\n \"CVE-2020-1408\", \"CVE-2020-1409\", \"CVE-2020-1410\", \"CVE-2020-1411\",\n \"CVE-2020-1412\", \"CVE-2020-1413\", \"CVE-2020-1414\", \"CVE-2020-1415\",\n \"CVE-2020-1418\", \"CVE-2020-1419\", \"CVE-2020-1420\", \"CVE-2020-1421\",\n \"CVE-2020-1422\", \"CVE-2020-1424\", \"CVE-2020-1426\", \"CVE-2020-1427\",\n \"CVE-2020-1428\", \"CVE-2020-1429\", \"CVE-2020-1430\", \"CVE-2020-1431\",\n \"CVE-2020-1432\", \"CVE-2020-1433\", \"CVE-2020-1434\", \"CVE-2020-1435\",\n \"CVE-2020-1436\", \"CVE-2020-1437\", \"CVE-2020-1438\", \"CVE-2020-1462\",\n \"CVE-2020-1463\", \"CVE-2020-1468\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-07-17 05:57:41 +0000 (Fri, 17 Jul 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-07-15 15:54:53 +0530 (Wed, 15 Jul 2020)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4565489)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4565489\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\n on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to,\n\n - Windows System Events Broker fails to properly handle file operations.\n\n - Windows WalletService fails to properly handle objects in memory.\n\n - Windows Mobile Device Management (MDM) Diagnostics fails to\n properly handle objects in memory.\n\n - Windows Jet Database Engine fails to properly handle objects in memory.\n\n - Windows Network Connections Service fails to properly handle\n objects in memory.\n\n - SharedStream Library fails to handle objects in memory.\n\n Please see the references for more information about the vulnerabilities.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n to execute arbitrary code, elevate privilges, disclose sensitive information\n and denial of service attacks.\");\n\n script_tag(name:\"affected\", value:\"- Microsoft Windows 10 Version 1803 for 32-bit Systems\n\n - Microsoft Windows 10 Version 1803 for x64-based Systems\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see\n the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4565489\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win10:1, win10x64:1) <= 0){\n exit(0);\n}\n\ndllPath = smb_get_system32root();\nif(!dllPath)\n exit(0);\n\nfileVer = fetch_file_version(sysPath:dllPath, file_name:\"User32.dll\");\nif(!fileVer)\n exit(0);\n\nif(version_in_range(version:fileVer, test_version:\"10.0.17134.0\", test_version2:\"10.0.17134.1609\")) {\n report = report_fixed_ver(file_checked:dllPath + \"\\User32.dll\",\n file_version:fileVer, vulnerable_range:\"10.0.17134.0 - 10.0.17134.1609\");\n security_message(data:report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-21T19:51:36", "description": "This host is missing a critical security\n update according to Microsoft KB4558998", "cvss3": {}, "published": "2020-07-15T00:00:00", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4558998)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-1373", "CVE-2020-1367", "CVE-2020-1330", "CVE-2020-1354", "CVE-2020-1438", "CVE-2020-1404", "CVE-2020-1432", "CVE-2020-1401", "CVE-2020-1372", "CVE-2020-1403", "CVE-2020-1420", "CVE-2020-1413", "CVE-2020-1392", "CVE-2020-1405", "CVE-2020-1344", "CVE-2020-1414", "CVE-2020-1433", "CVE-2020-1353", "CVE-2020-1415", "CVE-2020-1436", "CVE-2020-1375", "CVE-2020-1085", "CVE-2020-1390", "CVE-2020-1358", "CVE-2020-1402", "CVE-2020-1406", "CVE-2020-1371", "CVE-2020-1352", "CVE-2020-1350", "CVE-2020-1411", "CVE-2020-1393", "CVE-2020-1386", "CVE-2020-1468", "CVE-2020-1422", "CVE-2020-1370", "CVE-2020-1347", "CVE-2020-1360", "CVE-2020-1419", "CVE-2020-1333", "CVE-2020-1356", "CVE-2020-1336", "CVE-2020-1389", "CVE-2020-1418", "CVE-2020-1385", "CVE-2020-1396", "CVE-2020-1362", "CVE-2020-1431", "CVE-2020-1388", "CVE-2020-1426", "CVE-2020-1397", "CVE-2020-1407", "CVE-2020-1384", "CVE-2020-1463", "CVE-2020-1427", "CVE-2020-1363", "CVE-2020-1395", "CVE-2020-1267", "CVE-2020-1399", "CVE-2020-1368", "CVE-2020-1249", "CVE-2020-1430", "CVE-2020-1357", "CVE-2020-1412", "CVE-2020-1409", "CVE-2020-1462", "CVE-2020-1374", "CVE-2020-1421", "CVE-2020-1365", "CVE-2020-1435", "CVE-2020-1369", "CVE-2020-1408", "CVE-2020-1394", "CVE-2020-1437", "CVE-2020-1434", "CVE-2020-1366", "CVE-2020-1361", "CVE-2020-1400", "CVE-2020-1398", "CVE-2020-1359", "CVE-2020-1424", "CVE-2020-1428", "CVE-2020-1351", "CVE-2020-1429", "CVE-2020-1364", "CVE-2020-1387", "CVE-2020-1410"], "modified": "2020-07-20T00:00:00", "id": "OPENVAS:1361412562310817228", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310817228", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.817228\");\n script_version(\"2020-07-20T05:00:04+0000\");\n script_cve_id(\"CVE-2020-1085\", \"CVE-2020-1249\", \"CVE-2020-1267\", \"CVE-2020-1330\",\n \"CVE-2020-1333\", \"CVE-2020-1336\", \"CVE-2020-1344\", \"CVE-2020-1347\",\n \"CVE-2020-1350\", \"CVE-2020-1351\", \"CVE-2020-1352\", \"CVE-2020-1353\",\n \"CVE-2020-1354\", \"CVE-2020-1356\", \"CVE-2020-1357\", \"CVE-2020-1358\",\n \"CVE-2020-1359\", \"CVE-2020-1360\", \"CVE-2020-1361\", \"CVE-2020-1362\",\n \"CVE-2020-1363\", \"CVE-2020-1364\", \"CVE-2020-1365\", \"CVE-2020-1366\",\n \"CVE-2020-1367\", \"CVE-2020-1368\", \"CVE-2020-1369\", \"CVE-2020-1370\",\n \"CVE-2020-1371\", \"CVE-2020-1372\", \"CVE-2020-1373\", \"CVE-2020-1374\",\n \"CVE-2020-1375\", \"CVE-2020-1384\", \"CVE-2020-1385\", \"CVE-2020-1386\",\n \"CVE-2020-1387\", \"CVE-2020-1388\", \"CVE-2020-1389\", \"CVE-2020-1390\",\n \"CVE-2020-1392\", \"CVE-2020-1393\", \"CVE-2020-1394\", \"CVE-2020-1395\",\n \"CVE-2020-1396\", \"CVE-2020-1397\", \"CVE-2020-1398\", \"CVE-2020-1399\",\n \"CVE-2020-1400\", \"CVE-2020-1401\", \"CVE-2020-1402\", \"CVE-2020-1403\",\n \"CVE-2020-1404\", \"CVE-2020-1405\", \"CVE-2020-1406\", \"CVE-2020-1407\",\n \"CVE-2020-1408\", \"CVE-2020-1409\", \"CVE-2020-1410\", \"CVE-2020-1411\",\n \"CVE-2020-1412\", \"CVE-2020-1413\", \"CVE-2020-1414\", \"CVE-2020-1415\",\n \"CVE-2020-1418\", \"CVE-2020-1419\", \"CVE-2020-1420\", \"CVE-2020-1421\",\n \"CVE-2020-1422\", \"CVE-2020-1424\", \"CVE-2020-1426\", \"CVE-2020-1427\",\n \"CVE-2020-1428\", \"CVE-2020-1429\", \"CVE-2020-1430\", \"CVE-2020-1431\",\n \"CVE-2020-1432\", \"CVE-2020-1433\", \"CVE-2020-1434\", \"CVE-2020-1435\",\n \"CVE-2020-1436\", \"CVE-2020-1437\", \"CVE-2020-1438\", \"CVE-2020-1462\",\n \"CVE-2020-1463\", \"CVE-2020-1468\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-07-20 05:00:04 +0000 (Mon, 20 Jul 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-07-15 17:15:21 +0530 (Wed, 15 Jul 2020)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4558998)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4558998\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\n on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to,\n\n - Windows Domain Name System servers fail to properly handle requests (SIGRed, CVE-2020-1350).\n\n - Windows System Events Broker fails to properly handle file operations.\n\n - Windows WalletService fails to properly handle objects in memory.\n\n - Windows Mobile Device Management (MDM) Diagnostics fails to\n properly handle objects in memory.\n\n - Windows Jet Database Engine fails to properly handle objects in memory.\n\n - Windows Network Connections Service fails to properly handle\n objects in memory.\n\n - SharedStream Library fails to handle objects in memory.\n\n Please see the references for more information about the vulnerabilities.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n to execute arbitrary code, elevate privilges, disclose sensitive information\n and denial of service attacks.\");\n\n script_tag(name:\"affected\", value:\"- Microsoft Windows 10 Version 1809 for 32-bit Systems\n\n - Microsoft Windows 10 Version 1809 for x64-based Systems\n\n - Microsoft Windows Server 2019\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see\n the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4558998\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win10:1, win10x64:1, win2019:1) <= 0){\n exit(0);\n}\n\ndllPath = smb_get_system32root();\nif(!dllPath)\n exit(0);\n\nfileVer = fetch_file_version(sysPath:dllPath, file_name:\"Gdiplus.dll\");\nif(!fileVer)\n exit(0);\n\nif(version_in_range(version:fileVer, test_version:\"10.0.17763.0\", test_version2:\"10.0.17763.1338\")) {\n report = report_fixed_ver(file_checked:dllPath + \"\\Gdiplus.dll\",\n file_version:fileVer, vulnerable_range:\"10.0.17763.0 - 10.0.17763.1338\");\n security_message(data:report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-21T19:50:57", "description": "This host is missing a critical security\n update according to Microsoft KB4565483", "cvss3": {}, "published": "2020-07-15T00:00:00", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4565483)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-1373", "CVE-2020-1382", "CVE-2020-1367", "CVE-2020-1330", "CVE-2020-1354", "CVE-2020-1438", "CVE-2020-1404", "CVE-2020-1432", "CVE-2020-1401", "CVE-2020-1372", "CVE-2020-1403", "CVE-2020-1420", "CVE-2020-1413", "CVE-2020-1392", "CVE-2020-1405", "CVE-2020-1344", "CVE-2020-1414", "CVE-2020-1433", "CVE-2020-1353", "CVE-2020-1355", "CVE-2020-1415", "CVE-2020-1436", "CVE-2020-1375", "CVE-2020-1085", "CVE-2020-1390", "CVE-2020-1358", "CVE-2020-1402", "CVE-2020-1406", "CVE-2020-1371", "CVE-2020-1352", "CVE-2020-1350", "CVE-2020-1391", "CVE-2020-1411", "CVE-2020-1393", "CVE-2020-1386", "CVE-2020-1468", "CVE-2020-1422", "CVE-2020-1370", "CVE-2020-1347", "CVE-2020-1360", "CVE-2020-1419", "CVE-2020-1333", "CVE-2020-1356", "CVE-2020-1336", "CVE-2020-1389", "CVE-2020-1418", "CVE-2020-1385", "CVE-2020-1396", "CVE-2020-1362", "CVE-2020-1431", "CVE-2020-1388", "CVE-2020-1426", "CVE-2020-1397", "CVE-2020-1407", "CVE-2020-1384", "CVE-2020-1463", "CVE-2020-1427", "CVE-2020-1363", "CVE-2020-1381", "CVE-2020-1395", "CVE-2020-1267", "CVE-2020-1399", "CVE-2020-1368", "CVE-2020-1249", "CVE-2020-1430", "CVE-2020-1357", "CVE-2020-1412", "CVE-2020-1409", "CVE-2020-1462", "CVE-2020-1374", "CVE-2020-1421", "CVE-2020-1365", "CVE-2020-1435", "CVE-2020-1369", "CVE-2020-1408", "CVE-2020-1394", "CVE-2020-1437", "CVE-2020-1434", "CVE-2020-1366", "CVE-2020-1361", "CVE-2020-1400", "CVE-2020-1398", "CVE-2020-1359", "CVE-2020-1424", "CVE-2020-1428", "CVE-2020-1351", "CVE-2020-1429", "CVE-2020-1364", "CVE-2020-1387", "CVE-2020-1410"], "modified": "2020-07-20T00:00:00", "id": "OPENVAS:1361412562310817088", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310817088", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.817088\");\n script_version(\"2020-07-20T05:00:04+0000\");\n script_cve_id(\"CVE-2020-1085\", \"CVE-2020-1249\", \"CVE-2020-1267\", \"CVE-2020-1330\",\n \"CVE-2020-1333\", \"CVE-2020-1336\", \"CVE-2020-1344\", \"CVE-2020-1347\",\n \"CVE-2020-1350\", \"CVE-2020-1351\", \"CVE-2020-1352\", \"CVE-2020-1353\",\n \"CVE-2020-1354\", \"CVE-2020-1355\", \"CVE-2020-1356\", \"CVE-2020-1357\",\n \"CVE-2020-1358\", \"CVE-2020-1359\", \"CVE-2020-1360\", \"CVE-2020-1361\",\n \"CVE-2020-1362\", \"CVE-2020-1363\", \"CVE-2020-1364\", \"CVE-2020-1365\",\n \"CVE-2020-1366\", \"CVE-2020-1367\", \"CVE-2020-1368\", \"CVE-2020-1369\",\n \"CVE-2020-1370\", \"CVE-2020-1371\", \"CVE-2020-1372\", \"CVE-2020-1373\",\n \"CVE-2020-1374\", \"CVE-2020-1375\", \"CVE-2020-1381\", \"CVE-2020-1382\",\n \"CVE-2020-1384\", \"CVE-2020-1385\", \"CVE-2020-1386\", \"CVE-2020-1387\",\n \"CVE-2020-1388\", \"CVE-2020-1389\", \"CVE-2020-1390\", \"CVE-2020-1391\",\n \"CVE-2020-1392\", \"CVE-2020-1393\", \"CVE-2020-1394\", \"CVE-2020-1395\",\n \"CVE-2020-1396\", \"CVE-2020-1397\", \"CVE-2020-1398\", \"CVE-2020-1399\",\n \"CVE-2020-1400\", \"CVE-2020-1401\", \"CVE-2020-1402\", \"CVE-2020-1403\",\n \"CVE-2020-1404\", \"CVE-2020-1405\", \"CVE-2020-1406\", \"CVE-2020-1407\",\n \"CVE-2020-1408\", \"CVE-2020-1409\", \"CVE-2020-1410\", \"CVE-2020-1411\",\n \"CVE-2020-1412\", \"CVE-2020-1413\", \"CVE-2020-1414\", \"CVE-2020-1415\",\n \"CVE-2020-1418\", \"CVE-2020-1419\", \"CVE-2020-1420\", \"CVE-2020-1421\",\n \"CVE-2020-1422\", \"CVE-2020-1424\", \"CVE-2020-1426\", \"CVE-2020-1427\",\n \"CVE-2020-1428\", \"CVE-2020-1429\", \"CVE-2020-1430\", \"CVE-2020-1431\",\n \"CVE-2020-1432\", \"CVE-2020-1433\", \"CVE-2020-1434\", \"CVE-2020-1435\",\n \"CVE-2020-1436\", \"CVE-2020-1437\", \"CVE-2020-1438\", \"CVE-2020-1462\",\n \"CVE-2020-1463\", \"CVE-2020-1468\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-07-20 05:00:04 +0000 (Mon, 20 Jul 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-07-15 14:47:24 +0530 (Wed, 15 Jul 2020)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4565483)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4565483\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\n on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to,\n\n - Windows Domain Name System servers fail to properly handle requests (SIGRed, CVE-2020-1350).\n\n - Windows System Events Broker fails to properly handle file operations.\n\n - Windows WalletService fails to properly handle objects in memory.\n\n - Windows Mobile Device Management (MDM) Diagnostics fails to\n properly handle objects in memory.\n\n - Windows Jet Database Engine fails to properly handle objects in memory.\n\n - Windows Network Connections Service fails to properly handle\n objects in memory.\n\n - SharedStream Library fails to handle objects in memory.\n\n Please see the references for more information about the vulnerabilities.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n to execute arbitrary code, elevate privilges, disclose sensitive information\n and denial of service attacks.\");\n\n script_tag(name:\"affected\", value:\"- Microsoft Windows 10 Version 1903 for 32-bit Systems\n\n - Microsoft Windows 10 Version 1909 for 32-bit Systems\n\n - Microsoft Windows 10 Version 1903 for x64-based Systems\n\n - Microsoft Windows 10 Version 1909 for x64-based Systems\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see\n the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4565483\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win10:1, win10x64:1) <= 0)\n exit(0);\n\ndllPath = smb_get_system32root();\nif(!dllPath)\n exit(0);\n\nfileVer = fetch_file_version(sysPath:dllPath, file_name:\"Gdiplus.dll\");\nif(!fileVer)\n exit(0);\n\nif(version_in_range(version:fileVer, test_version:\"10.0.18362.0\", test_version2:\"10.0.18362.959\")) {\n report = report_fixed_ver(file_checked:dllPath + \"\\Gdiplus.dll\",\n file_version:fileVer, vulnerable_range:\"10.0.18362.0 - 10.0.18362.959\");\n security_message(data:report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-21T19:51:32", "description": "This host is missing a critical security\n update according to Microsoft KB4565503", "cvss3": {}, "published": "2020-07-15T00:00:00", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4565503)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-1373", "CVE-2020-1382", "CVE-2020-1367", "CVE-2020-1330", "CVE-2019-1469", "CVE-2020-1354", "CVE-2020-1438", "CVE-2020-1404", "CVE-2020-1432", "CVE-2020-1401", "CVE-2020-1372", "CVE-2020-1403", "CVE-2020-1420", "CVE-2020-1413", "CVE-2020-1392", "CVE-2020-1405", "CVE-2020-1344", "CVE-2020-1414", "CVE-2020-1433", "CVE-2020-1353", "CVE-2020-1355", "CVE-2020-1415", "CVE-2020-1436", "CVE-2020-1375", "CVE-2020-1085", "CVE-2020-1390", "CVE-2020-1358", "CVE-2020-1402", "CVE-2020-1406", "CVE-2020-1371", "CVE-2020-1352", "CVE-2020-1350", "CVE-2020-1391", "CVE-2020-1411", "CVE-2020-1393", "CVE-2020-1386", "CVE-2020-1468", "CVE-2020-1422", "CVE-2020-1370", "CVE-2020-1347", "CVE-2020-1360", "CVE-2020-1419", "CVE-2020-1333", "CVE-2020-1356", "CVE-2020-1336", "CVE-2020-1389", "CVE-2020-1418", "CVE-2020-1385", "CVE-2020-1396", "CVE-2020-1362", "CVE-2020-1431", "CVE-2020-1388", "CVE-2020-1423", "CVE-2020-1426", "CVE-2020-1397", "CVE-2020-1407", "CVE-2020-1384", "CVE-2020-1463", "CVE-2020-1427", "CVE-2020-1363", "CVE-2020-1381", "CVE-2020-1395", "CVE-2020-1267", "CVE-2020-1399", "CVE-2020-1368", "CVE-2020-1249", "CVE-2020-1430", "CVE-2020-1357", "CVE-2020-1412", "CVE-2020-1409", "CVE-2020-1462", "CVE-2020-1374", "CVE-2020-1421", "CVE-2020-1365", "CVE-2020-1435", "CVE-2020-1369", "CVE-2020-1408", "CVE-2020-1394", "CVE-2020-1437", "CVE-2020-1434", "CVE-2020-1366", "CVE-2020-1361", "CVE-2020-1400", "CVE-2020-1398", "CVE-2020-1359", "CVE-2020-1424", "CVE-2020-1428", "CVE-2020-1351", "CVE-2020-1429", "CVE-2020-1364", "CVE-2020-1387", "CVE-2020-1410"], "modified": "2020-07-20T00:00:00", "id": "OPENVAS:1361412562310817224", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310817224", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.817224\");\n script_version(\"2020-07-20T05:00:04+0000\");\n script_cve_id(\"CVE-2019-1469\", \"CVE-2020-1085\", \"CVE-2020-1249\", \"CVE-2020-1267\",\n \"CVE-2020-1330\", \"CVE-2020-1333\", \"CVE-2020-1336\", \"CVE-2020-1344\",\n \"CVE-2020-1347\", \"CVE-2020-1350\", \"CVE-2020-1351\", \"CVE-2020-1352\",\n \"CVE-2020-1353\", \"CVE-2020-1354\", \"CVE-2020-1355\", \"CVE-2020-1356\",\n \"CVE-2020-1357\", \"CVE-2020-1358\", \"CVE-2020-1359\", \"CVE-2020-1360\",\n \"CVE-2020-1361\", \"CVE-2020-1362\", \"CVE-2020-1363\", \"CVE-2020-1364\",\n \"CVE-2020-1365\", \"CVE-2020-1366\", \"CVE-2020-1367\", \"CVE-2020-1368\",\n \"CVE-2020-1369\", \"CVE-2020-1370\", \"CVE-2020-1371\", \"CVE-2020-1372\",\n \"CVE-2020-1373\", \"CVE-2020-1374\", \"CVE-2020-1375\", \"CVE-2020-1381\",\n \"CVE-2020-1382\", \"CVE-2020-1384\", \"CVE-2020-1385\", \"CVE-2020-1386\",\n \"CVE-2020-1387\", \"CVE-2020-1388\", \"CVE-2020-1389\", \"CVE-2020-1390\",\n \"CVE-2020-1391\", \"CVE-2020-1392\", \"CVE-2020-1393\", \"CVE-2020-1394\",\n \"CVE-2020-1395\", \"CVE-2020-1396\", \"CVE-2020-1397\", \"CVE-2020-1398\",\n \"CVE-2020-1399\", \"CVE-2020-1400\", \"CVE-2020-1401\", \"CVE-2020-1402\",\n \"CVE-2020-1403\", \"CVE-2020-1404\", \"CVE-2020-1405\", \"CVE-2020-1406\",\n \"CVE-2020-1407\", \"CVE-2020-1408\", \"CVE-2020-1409\", \"CVE-2020-1410\",\n \"CVE-2020-1411\", \"CVE-2020-1412\", \"CVE-2020-1413\", \"CVE-2020-1414\",\n \"CVE-2020-1415\", \"CVE-2020-1418\", \"CVE-2020-1419\", \"CVE-2020-1420\",\n \"CVE-2020-1421\", \"CVE-2020-1422\", \"CVE-2020-1423\", \"CVE-2020-1424\",\n \"CVE-2020-1426\", \"CVE-2020-1427\", \"CVE-2020-1428\", \"CVE-2020-1429\",\n \"CVE-2020-1430\", \"CVE-2020-1431\", \"CVE-2020-1432\", \"CVE-2020-1433\",\n \"CVE-2020-1434\", \"CVE-2020-1435\", \"CVE-2020-1436\", \"CVE-2020-1437\",\n \"CVE-2020-1438\", \"CVE-2020-1462\", \"CVE-2020-1463\", \"CVE-2020-1468\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-07-20 05:00:04 +0000 (Mon, 20 Jul 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-07-15 12:33:34 +0530 (Wed, 15 Jul 2020)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4565503)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4565503\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\n on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to,\n\n - Windows Domain Name System servers fail to properly handle requests (SIGRed, CVE-2020-1350).\n\n - Windows System Events Broker fails to properly handle file operations.\n\n - Windows WalletService fails to properly handle objects in memory.\n\n - Windows Mobile Device Management (MDM) Diagnostics fails to\n properly handle objects in memory.\n\n - Windows Jet Database Engine fails to properly handle objects in memory.\n\n - Windows Network Connections Service fails to properly handle\n objects in memory.\n\n - SharedStream Library fails to handle objects in memory.\n Please see the references for more information about the vulnerabilities.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n to execute arbitrary code, elevate privilges, disclose sensitive information\n and denial of service attacks.\");\n\n script_tag(name:\"affected\", value:\"- Microsoft Windows 10 Version 2004 for 32-bit Systems\n\n - Microsoft Windows 10 Version 2004 for x64-based Systems\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see\n the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4565503\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win10:1, win10x64:1) <= 0)\n exit(0);\n\ndllPath = smb_get_system32root();\nif(!dllPath)\n exit(0);\n\nfileVer = fetch_file_version(sysPath:dllPath, file_name:\"Gdiplus.dll\");\nif(!fileVer)\n exit(0);\n\nif(version_in_range(version:fileVer, test_version:\"10.0.19041.0\", test_version2:\"10.0.19041.387\")) {\n report = report_fixed_ver(file_checked:dllPath + \"\\Gdiplus.dll\",\n file_version:fileVer, vulnerable_range:\"10.0.19041.0 - 10.0.19041.387\");\n security_message(data:report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-24T11:52:11", "description": "This host is missing a critical security\n update according to Microsoft KB4565628", "cvss3": {}, "published": "2020-07-15T00:00:00", "type": "openvas", "title": "Microsoft .NET Framework Remote Code Execution Vulnerability (KB4565628)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-1147"], "modified": "2020-07-15T00:00:00", "id": "OPENVAS:1361412562310817305", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310817305", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.817305\");\n script_version(\"2020-07-15T19:15:26+0000\");\n script_cve_id(\"CVE-2020-1147\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-07-15 19:15:26 +0000 (Wed, 15 Jul 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-07-15 10:20:15 +0530 (Wed, 15 Jul 2020)\");\n script_name(\"Microsoft .NET Framework Remote Code Execution Vulnerability (KB4565628)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4565628\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The flaw exists due to an error in .NET\n Framework when the software fails to check the source markup of XML file input.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n to run arbitrary code in the context of the process responsible for deserialization\n of the XML content.\");\n\n script_tag(name:\"affected\", value:\"Microsoft .NET Framework 4.8 on Microsoft Windows 10 Version 1607 and Microsoft Windows Server 2016.\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"executable_version\");\n\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4565628\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\n\n\nif(hotfix_check_sp(win10:1, win10x64:1, win2016:1) <= 0){\n exit(0);\n}\nsysPath = smb_get_system32root();\nif(!sysPath ){\n exit(0);\n}\n\nedgeVer = fetch_file_version(sysPath:sysPath, file_name:\"edgehtml.dll\");\nif(!edgeVer){\n exit(0);\n}\n\nif(edgeVer =~ \"^11\\.0\\.14393\")\n{\n if(!registry_key_exists(key:\"SOFTWARE\\Microsoft\\.NETFramework\")){\n if(!registry_key_exists(key:\"SOFTWARE\\Microsoft\\ASP.NET\")){\n if(!registry_key_exists(key:\"SOFTWARE\\Microsoft\\NET Framework Setup\\NDP\\v4\\Full\\\")){\n exit(0);\n }\n }\n }\n\n\n key_list = make_list(\"SOFTWARE\\Microsoft\\.NETFramework\\\", \"SOFTWARE\\Microsoft\\ASP.NET\\\", \"SOFTWARE\\Microsoft\\NET Framework Setup\\NDP\\v4\\Full\\\");\n\n foreach key(key_list)\n {\n if(\".NETFramework\" >< key)\n {\n foreach item (registry_enum_keys(key:key))\n {\n NetPath = registry_get_sz(key:key + item, item:\"InstallRoot\");\n if(NetPath && \"\\Microsoft.NET\\Framework\" >< NetPath)\n {\n foreach item (registry_enum_keys(key:key))\n {\n dotPath = NetPath + item;\n dllVer = fetch_file_version(sysPath:dotPath, file_name:\"System.data.dll\");\n if(dllVer)\n {\n if(version_in_range(version:dllVer, test_version:\"4.8\", test_version2:\"4.8.4189\"))\n {\n vulnerable_range = \"4.8 - 4.8.4189\" ;\n break;\n }\n }\n }\n }\n }\n }\n\n if((!vulnerable_range) && \"ASP.NET\" >< key)\n {\n foreach item (registry_enum_keys(key:key))\n {\n dotPath = registry_get_sz(key:key + item, item:\"Path\");\n if(dotPath && \"\\Microsoft.NET\\Framework\" >< dotPath)\n {\n dllVer = fetch_file_version(sysPath:dotPath, file_name:\"System.data.dll\");\n if(dllVer)\n {\n if(version_in_range(version:dllVer, test_version:\"4.8\", test_version2:\"4.8.4189\"))\n {\n vulnerable_range = \"4.8 - 4.8.4189\" ;\n break;\n }\n }\n }\n }\n }\n\n if((!vulnerable_range) && \"ASP.NET\" >< key)\n {\n foreach item (registry_enum_keys(key:key))\n {\n dotPath = registry_get_sz(key:key + item, item:\"Path\");\n if(dotPath && \"\\Microsoft.NET\\Framework\" >< dotPath)\n {\n dllVer = fetch_file_version(sysPath:dotPath, file_name:\"System.data.dll\");\n if(dllVer)\n {\n if(version_in_range(version:dllVer, test_version:\"4.8\", test_version2:\"4.8.4189\"))\n {\n vulnerable_range = \"4.8 - 4.8.4189\" ;\n break;\n }\n }\n }\n }\n }\n\n if(vulnerable_range)\n {\n report = report_fixed_ver(file_checked:dotPath + \"System.data.dll\",\n file_version:dllVer, vulnerable_range:vulnerable_range);\n security_message(data:report);\n exit(0);\n }\n }\n}\nexit(99);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-07-24T11:52:14", "description": "This host is missing a critical security\n update according to Microsoft KB4566517", "cvss3": {}, "published": "2020-07-15T00:00:00", "type": "openvas", "title": "Microsoft .NET Framework Remote Code Execution Vulnerability (KB4566517)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-1147"], "modified": "2020-07-15T00:00:00", "id": "OPENVAS:1361412562310817308", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310817308", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.817308\");\n script_version(\"2020-07-15T19:15:26+0000\");\n script_cve_id(\"CVE-2020-1147\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-07-15 19:15:26 +0000 (Wed, 15 Jul 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-07-15 10:20:15 +0530 (Wed, 15 Jul 2020)\");\n script_name(\"Microsoft .NET Framework Remote Code Execution Vulnerability (KB4566517)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4566517\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The flaw exists due to an error in .NET\n Framework when the software fails to check the source markup of XML file input.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n to run arbitrary code in the context of the process responsible for deserialization\n of the XML content.\");\n\n script_tag(name:\"affected\", value:\"Microsoft .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Microsoft Windows 7 SP1 and Microsoft Windows Server 2008 R2 SP1.\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4566517\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\n\nif(hotfix_check_sp(win7:2, win7x64:2, win2008r2:2) <= 0){\n exit(0);\n}\n\nsysPath = smb_get_system32root();\nif(!sysPath ){\n exit(0);\n}\n\n\nif(!registry_key_exists(key:\"SOFTWARE\\Microsoft\\.NETFramework\")){\n if(!registry_key_exists(key:\"SOFTWARE\\Microsoft\\ASP.NET\")){\n if(!registry_key_exists(key:\"SOFTWARE\\Microsoft\\NET Framework Setup\\NDP\\v4\\Full\\\")){\n exit(0);\n }\n }\n}\n\n\nkey_list = make_list(\"SOFTWARE\\Microsoft\\.NETFramework\\\", \"SOFTWARE\\Microsoft\\ASP.NET\\\", \"SOFTWARE\\Microsoft\\NET Framework Setup\\NDP\\v4\\Full\\\");\n\nforeach key(key_list)\n{\n if(\".NETFramework\" >< key)\n {\n foreach item (registry_enum_keys(key:key))\n {\n NetPath = registry_get_sz(key:key + item, item:\"InstallRoot\");\n if(NetPath && \"\\Microsoft.NET\\Framework\" >< NetPath)\n {\n foreach item (registry_enum_keys(key:key))\n {\n dotPath = NetPath + item;\n dllVer = fetch_file_version(sysPath:dotPath, file_name:\"System.data.dll\");\n if(dllVer)\n {\n if(version_in_range(version:dllVer, test_version:\"2.0.50727\", test_version2:\"2.0.50727.8948\"))\n {\n vulnerable_range = \"2.0.50727 - 2.0.50727.8948\" ;\n break;\n }\n else if(version_in_range(version:dllVer, test_version:\"4.0\", test_version2:\"4.0.30319.36644\"))\n {\n vulnerable_range = \"4.0 - 4.0.30319.36644\" ;\n break;\n }\n else if(version_in_range(version:dllVer, test_version:\"4.6\", test_version2:\"4.7.3629\"))\n {\n vulnerable_range = \"4.6 - 4.7.3629\" ;\n break;\n }\n else if(version_in_range(version:dllVer, test_version:\"4.8\", test_version2:\"4.8.4189\"))\n {\n vulnerable_range = \"4.8 - 4.8.4189\" ;\n break;\n }\n }\n }\n }\n }\n }\n\n if((!vulnerable_range) && \"ASP.NET\" >< key)\n {\n foreach item (registry_enum_keys(key:key))\n {\n dotPath = registry_get_sz(key:key + item, item:\"Path\");\n if(dotPath && \"\\Microsoft.NET\\Framework\" >< dotPath)\n {\n dllVer = fetch_file_version(sysPath:dotPath, file_name:\"System.data.dll\");\n if(dllVer)\n {\n if(version_in_range(version:dllVer, test_version:\"2.0.50727\", test_version2:\"2.0.50727.8948\"))\n {\n vulnerable_range = \"2.0.50727 - 2.0.50727.8948\" ;\n break;\n }\n else if(version_in_range(version:dllVer, test_version:\"4.0\", test_version2:\"4.0.30319.36644\"))\n {\n vulnerable_range = \"4.0 - 4.0.30319.36644\" ;\n break;\n }\n else if(version_in_range(version:dllVer, test_version:\"4.6\", test_version2:\"4.7.3629\"))\n {\n vulnerable_range = \"4.6 - 4.7.3629\" ;\n break;\n }\n else if(version_in_range(version:dllVer, test_version:\"4.8\", test_version2:\"4.8.4189\"))\n {\n vulnerable_range = \"4.8 - 4.8.4189\" ;\n break;\n }\n }\n }\n }\n }\n\n ## For versions greater than 4.5 (https://docs.microsoft.com/en-us/dotnet/framework/migration-guide/how-to-determine-which-versions-are-installed#net_b)\n if((!vulnerable_range) && \"NET Framework Setup\" >< key)\n {\n dotPath = registry_get_sz(key:key, item:\"InstallPath\");\n if(dotPath && \"\\Microsoft.NET\\Framework\" >< dotPath)\n {\n dllVer = fetch_file_version(sysPath:dotPath, file_name:\"System.data.dll\");\n if(dllVer)\n {\n if(version_in_range(version:dllVer, test_version:\"2.0.50727\", test_version2:\"2.0.50727.8948\"))\n {\n vulnerable_range = \"2.0.50727 - 2.0.50727.8948\" ;\n break;\n }\n else if(version_in_range(version:dllVer, test_version:\"4.0\", test_version2:\"4.0.30319.36644\"))\n {\n vulnerable_range = \"4.0 - 4.0.30319.36644\" ;\n break;\n }\n else if(version_in_range(version:dllVer, test_version:\"4.6\", test_version2:\"4.7.3629\"))\n {\n vulnerable_range = \"4.6 - 4.7.3629\" ;\n break;\n }\n else if(version_in_range(version:dllVer, test_version:\"4.8\", test_version2:\"4.8.4189\"))\n {\n vulnerable_range = \"4.8 - 4.8.4189\" ;\n break;\n }\n }\n }\n }\n\n if(vulnerable_range)\n {\n report = report_fixed_ver(file_checked:dotPath + \"System.data.dll\",\n file_version:dllVer, vulnerable_range:vulnerable_range);\n security_message(data:report);\n exit(0);\n }\n}\nexit(99);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-07-24T11:51:33", "description": "This host is missing a critical security\n update according to Microsoft KB4566516", "cvss3": {}, "published": "2020-07-15T00:00:00", "type": "openvas", "title": "Microsoft .NET Framework Remote Code Execution Vulnerability (KB4566516)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-1147"], "modified": "2020-07-15T00:00:00", "id": "OPENVAS:1361412562310817087", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310817087", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.817087\");\n script_version(\"2020-07-15T19:15:26+0000\");\n script_cve_id(\"CVE-2020-1147\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-07-15 19:15:26 +0000 (Wed, 15 Jul 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-07-15 10:20:15 +0530 (Wed, 15 Jul 2020)\");\n script_name(\"Microsoft .NET Framework Remote Code Execution Vulnerability (KB4566516)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4566516\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The flaw exists due to an error in .NET\n Framework when the software fails to check the source markup of XML file input.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n to run arbitrary code in the context of the process responsible for deserialization\n of the XML content.\");\n\n script_tag(name:\"affected\", value:\"Microsoft .NET Framework 3.5, 4.7.2 and 4.8 on Microsoft Windows 10 version 1809 and Microsoft Windows Server 2019.\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4566516\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\n\nif(hotfix_check_sp(win10:1, win10x64:1, win2019:1) <= 0){\n exit(0);\n}\nsysPath = smb_get_system32root();\nif(!sysPath ){\n exit(0);\n}\n\nedgeVer = fetch_file_version(sysPath:sysPath, file_name:\"edgehtml.dll\");\nif(!edgeVer){\n exit(0);\n}\n\nif(edgeVer =~ \"^11\\.0\\.17763\")\n{\n if(!registry_key_exists(key:\"SOFTWARE\\Microsoft\\.NETFramework\")){\n if(!registry_key_exists(key:\"SOFTWARE\\Microsoft\\ASP.NET\")){\n if(!registry_key_exists(key:\"SOFTWARE\\Microsoft\\NET Framework Setup\\NDP\\v4\\Full\\\")){\n exit(0);\n }\n }\n }\n\n\n key_list = make_list(\"SOFTWARE\\Microsoft\\.NETFramework\\\", \"SOFTWARE\\Microsoft\\ASP.NET\\\", \"SOFTWARE\\Microsoft\\NET Framework Setup\\NDP\\v4\\Full\\\");\n\n foreach key(key_list)\n {\n if(\".NETFramework\" >< key)\n {\n foreach item (registry_enum_keys(key:key))\n {\n NetPath = registry_get_sz(key:key + item, item:\"InstallRoot\");\n if(NetPath && \"\\Microsoft.NET\\Framework\" >< NetPath)\n {\n foreach item (registry_enum_keys(key:key))\n {\n dotPath = NetPath + item;\n dllVer = fetch_file_version(sysPath:dotPath, file_name:\"System.data.dll\");\n if(dllVer)\n {\n ## https://support.microsoft.com/en-us/help/4565625/\n if(version_in_range(version:dllVer, test_version:\"2.0.50727\", test_version2:\"2.0.50727.9045\"))\n {\n vulnerable_range = \"2.0.50727 - 2.0.50727\" ;\n break;\n }\n ## https://support.microsoft.com/en-us/help/4565625\n ## https://support.microsoft.com/en-us/help/4565632\n else if(version_in_range(version:dllVer, test_version:\"4.7\", test_version2:\"4.7.3629\"))\n {\n vulnerable_range = \"4.7 - 4.7.3629\" ;\n break;\n }\n ## https://support.microsoft.com/en-us/help/4565632/\n else if(version_in_range(version:dllVer, test_version:\"4.8\", test_version2:\"4.8.4189\"))\n {\n vulnerable_range = \"4.8 - 4.8.4189\" ;\n break;\n }\n }\n }\n }\n }\n }\n\n if((!vulnerable_range) && \"ASP.NET\" >< key)\n {\n foreach item (registry_enum_keys(key:key))\n {\n dotPath = registry_get_sz(key:key + item, item:\"Path\");\n if(dotPath && \"\\Microsoft.NET\\Framework\" >< dotPath)\n {\n dllVer = fetch_file_version(sysPath:dotPath, file_name:\"System.data.dll\");\n if(dllVer)\n {\n ## https://support.microsoft.com/en-us/help/4565625/\n if(version_in_range(version:dllVer, test_version:\"2.0.50727\", test_version2:\"2.0.50727.9045\"))\n {\n vulnerable_range = \"2.0.50727 - 2.0.50727.9045\" ;\n break;\n }\n ## https://support.microsoft.com/en-us/help/4565625/\n ## https://support.microsoft.com/en-us/help/4565632/\n else if(version_in_range(version:dllVer, test_version:\"4.7\", test_version2:\"4.7.3629\"))\n {\n vulnerable_range = \"4.7 - 4.7.3629\" ;\n break;\n }\n ## https://support.microsoft.com/en-us/help/4565632/\n else if(version_in_range(version:dllVer, test_version:\"4.8\", test_version2:\"4.8.4189\"))\n {\n vulnerable_range = \"4.8 - 4.8.4189\" ;\n break;\n }\n }\n }\n }\n }\n\n ## For versions greater than 4.5 (https://docs.microsoft.com/en-us/dotnet/framework/migration-guide/how-to-determine-which-versions-are-installed#net_b)\n if((!vulnerable_range) && \"NET Framework Setup\" >< key)\n {\n dotPath = registry_get_sz(key:key, item:\"InstallPath\");\n if(dotPath && \"\\Microsoft.NET\\Framework\" >< dotPath)\n {\n dllVer = fetch_file_version(sysPath:dotPath, file_name:\"System.data.dll\");\n if(dllVer)\n {\n ## https://support.microsoft.com/en-us/help/4565625/\n if(version_in_range(version:dllVer, test_version:\"2.0.50727\", test_version2:\"2.0.50727.9045\"))\n {\n vulnerable_range = \"2.0.50727 - 2.0.50727.9045\" ;\n break;\n }\n ## https://support.microsoft.com/en-us/help/4565625/\n ## https://support.microsoft.com/en-us/help/4565632/\n else if(version_in_range(version:dllVer, test_version:\"4.7\", test_version2:\"4.7.3629\"))\n {\n vulnerable_range = \"4.7 - 4.7.3629\" ;\n break;\n }\n ## https://support.microsoft.com/en-us/help/4565632/\n else if(version_in_range(version:dllVer, test_version:\"4.8\", test_version2:\"4.8.4189\"))\n {\n vulnerable_range = \"4.8 - 4.8.4189\" ;\n break;\n }\n }\n }\n }\n\n if(vulnerable_range)\n {\n report = report_fixed_ver(file_checked:dotPath + \"System.data.dll\",\n file_version:dllVer, vulnerable_range:vulnerable_range);\n security_message(data:report);\n exit(0);\n }\n }\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2023-07-19T15:25:36", "description": "The remote Windows host is missing security update 4565513. It is, therefore, affected by multiple vulnerabilities :\n\n - An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1411)\n\n - An elevation of privilege vulnerability exists when the Windows Diagnostics Hub Standard Collector Service fails to properly sanitize input, leading to an unsecure library-loading behavior. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2020-1393)\n\n - A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage. The security update addresses the vulnerability by correcting how DirectWrite handles objects in memory. (CVE-2020-1409)\n\n - An elevation of privilege vulnerability exists when the Windows Profile Service improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges.\n (CVE-2020-1360)\n\n - A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2020-1403)\n\n - A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server. An attacker who successfully exploited this vulnerability could execute arbitrary code on the computer of the connecting client. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2020-1374)\n\n - A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted fonts. For all systems except Windows 10, an attacker who successfully exploited the vulnerability could execute code remotely. For systems running Windows 10, an attacker who successfully exploited the vulnerability could execute code in an AppContainer sandbox context with limited privileges and capabilities. An attacker could then install programs;\n view, change, or delete data; or create new accounts with full user rights. There are multiple ways an attacker could exploit the vulnerability:\n (CVE-2020-1436)\n\n - An elevation of privilege vulnerability exists in the way that the Credential Enrollment Manager service handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1368)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Network List Service handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1406)\n\n - An information disclosure vulnerability exists when the Windows Graphics component improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. An authenticated attacker could exploit this vulnerability by running a specially crafted application. The update addresses the vulnerability by correcting how the Windows Graphics Component handles objects in memory. (CVE-2020-1351)\n\n - An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory. (CVE-2020-1468)\n\n - An elevation of privilege vulnerability exists when the Windows Event Logging Service improperly handles memory.\n (CVE-2020-1365, CVE-2020-1371)\n\n - An elevation of privilege vulnerability exists in the way that the Windows WalletService handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1344, CVE-2020-1362, CVE-2020-1369)\n\n - An elevation of privilege vulnerability exists when the Windows ActiveX Installer Service improperly handles memory. (CVE-2020-1402)\n\n - This security update corrects a denial of service in the Local Security Authority Subsystem Service (LSASS) caused when an authenticated attacker sends a specially crafted authentication request. A remote attacker who successfully exploited this vulnerability could cause a denial of service on the target system's LSASS service, which triggers an automatic reboot of the system. The security update addresses the vulnerability by changing the way that LSASS handles specially crafted authentication requests. (CVE-2020-1267)\n\n - A remote code execution vulnerability exists when Windows Address Book (WAB) improperly processes vcard files. (CVE-2020-1410)\n\n - An elevation of privilege vulnerability exists when the Windows USO Core Worker improperly handles memory.\n (CVE-2020-1352)\n\n - An elevation of privilege vulnerability exists when the Windows UPnP Device Host improperly handles memory.\n (CVE-2020-1354, CVE-2020-1430)\n\n - An elevation of privilege vulnerability exists when Group Policy Services Policy Processing improperly handle reparse points. An attacker who successfully exploited this vulnerability could overwrite a targeted file that would normally require elevated permissions.\n (CVE-2020-1333)\n\n - A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited the vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1408)\n\n - An elevation of privilege vulnerability exists when the Windows Modules Installer improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges.\n (CVE-2020-1346)\n\n - An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC). An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2020-1396)\n\n - A denial of service vulnerability exists in the way that the WalletService handles files. An attacker who successfully exploited the vulnerability could corrupt system files. (CVE-2020-1364)\n\n - An information disclosure vulnerability exists when Skype for Business is accessed via Internet Explorer. An attacker who exploited the vulnerability could cause the user to place a call without additional consent, leading to information disclosure of the user profile. For the vulnerability to be exploited, a user must click a specially crafted URL that prompts the Skype app.\n (CVE-2020-1432)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Network Location Awareness Service handles objects in memory. An attacker who successfully exploited the vulnerability could allow an application with limited privileges on an affected system to execute code at a medium integrity level. (CVE-2020-1437)\n\n - A remote code execution vulnerability exists in .NET Framework, Microsoft SharePoint, and Visual Studio when the software fails to check the source markup of XML file input. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the process responsible for deserialization of the XML content. (CVE-2020-1147)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Network Connections Service handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1373, CVE-2020-1390, CVE-2020-1427, CVE-2020-1428, CVE-2020-1438)\n\n - An elevation of privilege vulnerability exists when the Windows Cryptography Next Generation (CNG) Key Isolation service improperly handles memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. (CVE-2020-1359, CVE-2020-1384)\n\n - An information disclosure vulnerability exists when the Windows Resource Policy component improperly handles memory. (CVE-2020-1358)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Function Discovery Service handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1085)\n\n - An information disclosure vulnerability exists when Windows Error Reporting improperly handles file operations. (CVE-2020-1420)\n\n - A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code on a target system. (CVE-2020-1412)\n\n - An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The update addresses the vulnerability by correcting the way the Windows Runtime handles objects in memory.\n (CVE-2020-1249, CVE-2020-1353, CVE-2020-1370, CVE-2020-1399, CVE-2020-1404, CVE-2020-1413)\n\n - An information disclosure vulnerability exists when Microsoft Edge PDF Reader improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2020-1433)\n\n - A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory. (CVE-2020-1400, CVE-2020-1401, CVE-2020-1407)\n\n - An elevation of privilege vulnerability exists when Windows Error Reporting manager improperly handles a process crash. An attacker who successfully exploited this vulnerability could delete a targeted file leading to an elevated status. (CVE-2020-1429)\n\n - An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2020-1389, CVE-2020-1419)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Credential Picker handles objects in memory. An attacker who successfully exploited the vulnerability could allow an application with limited privileges on an affected system to execute code at a medium integrity level. (CVE-2020-1385)\n\n - A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. (CVE-2020-1421)\n\n - An information disclosure vulnerability exists in Windows when the Windows Imaging Component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user's system.\n There are multiple ways an attacker could exploit this vulnerability: (CVE-2020-1397)\n\n - A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1435)\n\n - An information disclosure vulnerability exists in the way that the WalletService handles memory.\n (CVE-2020-1361)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Sync Host Service handles objects in memory. An attacker who successfully exploited the vulnerability could allow an application with limited privileges on an affected system to execute code at a medium integrity level. (CVE-2020-1434)\n\n - An elevation of privilege vulnerability exists when Windows Lockscreen fails to properly handle Ease of Access dialog. An attacker who successfully exploited the vulnerability could execute commands with elevated permissions. The security update addresses the vulnerability by ensuring that the Ease of Access dialog is handled properly. (CVE-2020-1398)", "cvss3": {}, "published": "2020-07-14T00:00:00", "type": "nessus", "title": "KB4565513: Windows 10 July 2020 Security Update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-1085", "CVE-2020-1147", "CVE-2020-1249", "CVE-2020-1267", "CVE-2020-1333", "CVE-2020-1344", "CVE-2020-1346", "CVE-2020-1351", "CVE-2020-1352", "CVE-2020-1353", "CVE-2020-1354", "CVE-2020-1358", "CVE-2020-1359", "CVE-2020-1360", "CVE-2020-1361", "CVE-2020-1362", "CVE-2020-1364", "CVE-2020-1365", "CVE-2020-1368", "CVE-2020-1369", "CVE-2020-1370", "CVE-2020-1371", "CVE-2020-1373", "CVE-2020-1374", "CVE-2020-1384", "CVE-2020-1385", "CVE-2020-1389", "CVE-2020-1390", "CVE-2020-1393", "CVE-2020-1396", "CVE-2020-1397", "CVE-2020-1398", "CVE-2020-1399", "CVE-2020-1400", "CVE-2020-1401", "CVE-2020-1402", "CVE-2020-1403", "CVE-2020-1404", "CVE-2020-1406", "CVE-2020-1407", "CVE-2020-1408", "CVE-2020-1409", "CVE-2020-1410", "CVE-2020-1411", "CVE-2020-1412", "CVE-2020-1413", "CVE-2020-1419", "CVE-2020-1420", "CVE-2020-1421", "CVE-2020-1427", "CVE-2020-1428", "CVE-2020-1429", "CVE-2020-1430", "CVE-2020-1432", "CVE-2020-1433", "CVE-2020-1434", "CVE-2020-1435", "CVE-2020-1436", "CVE-2020-1437", "CVE-2020-1438", "CVE-2020-1468"], "modified": "2023-01-24T00:00:00", "cpe": ["cpe:/o:microsoft:windows", "cpe:/a:microsoft:edge"], "id": "SMB_NT_MS20_JUL_4565513.NASL", "href": "https://www.tenable.com/plugins/nessus/138459", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(138459);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/24\");\n\n script_cve_id(\n \"CVE-2020-1085\",\n \"CVE-2020-1147\",\n \"CVE-2020-1249\",\n \"CVE-2020-1267\",\n \"CVE-2020-1333\",\n \"CVE-2020-1344\",\n \"CVE-2020-1346\",\n \"CVE-2020-1351\",\n \"CVE-2020-1352\",\n \"CVE-2020-1353\",\n \"CVE-2020-1354\",\n \"CVE-2020-1358\",\n \"CVE-2020-1359\",\n \"CVE-2020-1360\",\n \"CVE-2020-1361\",\n \"CVE-2020-1362\",\n \"CVE-2020-1364\",\n \"CVE-2020-1365\",\n \"CVE-2020-1368\",\n \"CVE-2020-1369\",\n \"CVE-2020-1370\",\n \"CVE-2020-1371\",\n \"CVE-2020-1373\",\n \"CVE-2020-1374\",\n \"CVE-2020-1384\",\n \"CVE-2020-1385\",\n \"CVE-2020-1389\",\n \"CVE-2020-1390\",\n \"CVE-2020-1393\",\n \"CVE-2020-1396\",\n \"CVE-2020-1397\",\n \"CVE-2020-1398\",\n \"CVE-2020-1399\",\n \"CVE-2020-1400\",\n \"CVE-2020-1401\",\n \"CVE-2020-1402\",\n \"CVE-2020-1403\",\n \"CVE-2020-1404\",\n \"CVE-2020-1406\",\n \"CVE-2020-1407\",\n \"CVE-2020-1408\",\n \"CVE-2020-1409\",\n \"CVE-2020-1410\",\n \"CVE-2020-1411\",\n \"CVE-2020-1412\",\n \"CVE-2020-1413\",\n \"CVE-2020-1419\",\n \"CVE-2020-1420\",\n \"CVE-2020-1421\",\n \"CVE-2020-1427\",\n \"CVE-2020-1428\",\n \"CVE-2020-1429\",\n \"CVE-2020-1430\",\n \"CVE-2020-1432\",\n \"CVE-2020-1433\",\n \"CVE-2020-1434\",\n \"CVE-2020-1435\",\n \"CVE-2020-1436\",\n \"CVE-2020-1437\",\n \"CVE-2020-1438\",\n \"CVE-2020-1468\"\n );\n script_xref(name:\"MSKB\", value:\"4565513\");\n script_xref(name:\"MSFT\", value:\"MS20-4565513\");\n script_xref(name:\"IAVA\", value:\"2020-A-0300-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0302-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0313-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/03\");\n\n script_name(english:\"KB4565513: Windows 10 July 2020 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4565513. It is, \ntherefore, affected by multiple vulnerabilities :\n\n - An elevation of privilege vulnerability exists when the\n Windows kernel fails to properly handle objects in\n memory. An attacker who successfully exploited this\n vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change,\n or delete data; or create new accounts with full user\n rights. (CVE-2020-1411)\n\n - An elevation of privilege vulnerability exists when the\n Windows Diagnostics Hub Standard Collector Service fails\n to properly sanitize input, leading to an unsecure\n library-loading behavior. An attacker who successfully\n exploited this vulnerability could run arbitrary code\n with elevated system privileges. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2020-1393)\n\n - A remote code execution vulnerability exists in the way\n that DirectWrite handles objects in memory. An attacker\n who successfully exploited this vulnerability could take\n control of the affected system. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights. There are\n multiple ways an attacker could exploit the\n vulnerability, such as by convincing a user to open a\n specially crafted document, or by convincing a user to\n visit an untrusted webpage. The security update\n addresses the vulnerability by correcting how\n DirectWrite handles objects in memory. (CVE-2020-1409)\n\n - An elevation of privilege vulnerability exists when the\n Windows Profile Service improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could gain elevated privileges.\n (CVE-2020-1360)\n\n - A remote code execution vulnerability exists in the way\n that the VBScript engine handles objects in memory. The\n vulnerability could corrupt memory in such a way that an\n attacker could execute arbitrary code in the context of\n the current user. An attacker who successfully exploited\n the vulnerability could gain the same user rights as the\n current user. (CVE-2020-1403)\n\n - A remote code execution vulnerability exists in the\n Windows Remote Desktop Client when a user connects to a\n malicious server. An attacker who successfully exploited\n this vulnerability could execute arbitrary code on the\n computer of the connecting client. An attacker could\n then install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2020-1374)\n\n - A remote code execution vulnerability exists when the\n Windows font library improperly handles specially\n crafted fonts. For all systems except Windows 10, an\n attacker who successfully exploited the vulnerability\n could execute code remotely. For systems running Windows\n 10, an attacker who successfully exploited the\n vulnerability could execute code in an AppContainer\n sandbox context with limited privileges and\n capabilities. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. There are multiple ways an\n attacker could exploit the vulnerability:\n (CVE-2020-1436)\n\n - An elevation of privilege vulnerability exists in the\n way that the Credential Enrollment Manager service\n handles objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2020-1368)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Network List Service handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2020-1406)\n\n - An information disclosure vulnerability exists when the\n Windows Graphics component improperly handles objects in\n memory. An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. An authenticated attacker\n could exploit this vulnerability by running a specially\n crafted application. The update addresses the\n vulnerability by correcting how the Windows Graphics\n Component handles objects in memory. (CVE-2020-1351)\n\n - An information disclosure vulnerability exists when the\n Windows GDI component improperly discloses the contents\n of its memory. An attacker who successfully exploited\n the vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document,\n or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by\n correcting how the Windows GDI component handles objects\n in memory. (CVE-2020-1468)\n\n - An elevation of privilege vulnerability exists when the\n Windows Event Logging Service improperly handles memory.\n (CVE-2020-1365, CVE-2020-1371)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows WalletService handles objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute code with elevated\n permissions. (CVE-2020-1344, CVE-2020-1362,\n CVE-2020-1369)\n\n - An elevation of privilege vulnerability exists when the\n Windows ActiveX Installer Service improperly handles\n memory. (CVE-2020-1402)\n\n - This security update corrects a denial of service in the\n Local Security Authority Subsystem Service (LSASS)\n caused when an authenticated attacker sends a specially\n crafted authentication request. A remote attacker who\n successfully exploited this vulnerability could cause a\n denial of service on the target system's LSASS service,\n which triggers an automatic reboot of the system. The\n security update addresses the vulnerability by changing\n the way that LSASS handles specially crafted\n authentication requests. (CVE-2020-1267)\n\n - A remote code execution vulnerability exists when\n Windows Address Book (WAB) improperly processes vcard\n files. (CVE-2020-1410)\n\n - An elevation of privilege vulnerability exists when the\n Windows USO Core Worker improperly handles memory.\n (CVE-2020-1352)\n\n - An elevation of privilege vulnerability exists when the\n Windows UPnP Device Host improperly handles memory.\n (CVE-2020-1354, CVE-2020-1430)\n\n - An elevation of privilege vulnerability exists when\n Group Policy Services Policy Processing improperly\n handle reparse points. An attacker who successfully\n exploited this vulnerability could overwrite a targeted\n file that would normally require elevated permissions.\n (CVE-2020-1333)\n\n - A remote code execution vulnerability exists when the\n Windows font library improperly handles specially\n crafted embedded fonts. An attacker who successfully\n exploited the vulnerability could take control of the\n affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. (CVE-2020-1408)\n\n - An elevation of privilege vulnerability exists when the\n Windows Modules Installer improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could gain elevated privileges.\n (CVE-2020-1346)\n\n - An elevation of privilege vulnerability exists when\n Windows improperly handles calls to Advanced Local\n Procedure Call (ALPC). An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n the security context of the local system. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n (CVE-2020-1396)\n\n - A denial of service vulnerability exists in the way that\n the WalletService handles files. An attacker who\n successfully exploited the vulnerability could corrupt\n system files. (CVE-2020-1364)\n\n - An information disclosure vulnerability exists when\n Skype for Business is accessed via Internet Explorer. An\n attacker who exploited the vulnerability could cause the\n user to place a call without additional consent, leading\n to information disclosure of the user profile. For the\n vulnerability to be exploited, a user must click a\n specially crafted URL that prompts the Skype app.\n (CVE-2020-1432)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Network Location Awareness Service\n handles objects in memory. An attacker who successfully\n exploited the vulnerability could allow an application\n with limited privileges on an affected system to execute\n code at a medium integrity level. (CVE-2020-1437)\n\n - A remote code execution vulnerability exists in .NET\n Framework, Microsoft SharePoint, and Visual Studio when\n the software fails to check the source markup of XML\n file input. An attacker who successfully exploited the\n vulnerability could run arbitrary code in the context of\n the process responsible for deserialization of the XML\n content. (CVE-2020-1147)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Network Connections Service handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2020-1373, CVE-2020-1390,\n CVE-2020-1427, CVE-2020-1428, CVE-2020-1438)\n\n - An elevation of privilege vulnerability exists when the\n Windows Cryptography Next Generation (CNG) Key Isolation\n service improperly handles memory. An attacker who\n successfully exploited this vulnerability could run\n processes in an elevated context. (CVE-2020-1359,\n CVE-2020-1384)\n\n - An information disclosure vulnerability exists when the\n Windows Resource Policy component improperly handles\n memory. (CVE-2020-1358)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Function Discovery Service handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2020-1085)\n\n - An information disclosure vulnerability exists when\n Windows Error Reporting improperly handles file\n operations. (CVE-2020-1420)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft Graphics Components handle objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute arbitrary code on a target\n system. (CVE-2020-1412)\n\n - An elevation of privilege vulnerability exists when the\n Windows Runtime improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could run arbitrary code in an elevated context. An\n attacker could exploit this vulnerability by running a\n specially crafted application on the victim system. The\n update addresses the vulnerability by correcting the way\n the Windows Runtime handles objects in memory.\n (CVE-2020-1249, CVE-2020-1353, CVE-2020-1370,\n CVE-2020-1399, CVE-2020-1404, CVE-2020-1413)\n\n - An information disclosure vulnerability exists when\n Microsoft Edge PDF Reader improperly handles objects in\n memory. An attacker who successfully exploited the\n vulnerability could obtain information to further\n compromise the users system. (CVE-2020-1433)\n\n - A remote code execution vulnerability exists when the\n Windows Jet Database Engine improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on a victim\n system. An attacker could exploit this vulnerability by\n enticing a victim to open a specially crafted file. The\n update addresses the vulnerability by correcting the way\n the Windows Jet Database Engine handles objects in\n memory. (CVE-2020-1400, CVE-2020-1401, CVE-2020-1407)\n\n - An elevation of privilege vulnerability exists when\n Windows Error Reporting manager improperly handles a\n process crash. An attacker who successfully exploited\n this vulnerability could delete a targeted file leading\n to an elevated status. (CVE-2020-1429)\n\n - An information disclosure vulnerability exists when the\n Windows kernel fails to properly initialize a memory\n address. An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. (CVE-2020-1389,\n CVE-2020-1419)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Credential Picker handles objects\n in memory. An attacker who successfully exploited the\n vulnerability could allow an application with limited\n privileges on an affected system to execute code at a\n medium integrity level. (CVE-2020-1385)\n\n - A remote code execution vulnerability exists in\n Microsoft Windows that could allow remote code execution\n if a .LNK file is processed. An attacker who\n successfully exploited this vulnerability could gain the\n same user rights as the local user. (CVE-2020-1421)\n\n - An information disclosure vulnerability exists in\n Windows when the Windows Imaging Component fails to\n properly handle objects in memory. An attacker who\n successfully exploited this vulnerability could obtain\n information to further compromise the user's system.\n There are multiple ways an attacker could exploit this\n vulnerability: (CVE-2020-1397)\n\n - A remote code execution vulnerability exists in the way\n that the Windows Graphics Device Interface (GDI) handles\n objects in the memory. An attacker who successfully\n exploited this vulnerability could take control of the\n affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. (CVE-2020-1435)\n\n - An information disclosure vulnerability exists in the\n way that the WalletService handles memory.\n (CVE-2020-1361)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Sync Host Service handles objects\n in memory. An attacker who successfully exploited the\n vulnerability could allow an application with limited\n privileges on an affected system to execute code at a\n medium integrity level. (CVE-2020-1434)\n\n - An elevation of privilege vulnerability exists when\n Windows Lockscreen fails to properly handle Ease of\n Access dialog. An attacker who successfully exploited\n the vulnerability could execute commands with elevated\n permissions. The security update addresses the\n vulnerability by ensuring that the Ease of Access dialog\n is handled properly. (CVE-2020-1398)\");\n # https://support.microsoft.com/en-us/help/4565513/windows-10-update-kb4565513\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d0366a03\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update KB4565513.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-1435\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-1436\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'SharePoint DataSet / DataTable Deserialization');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/07/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/07/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('smb_func.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_reg_query.inc');\ninclude('install_func.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = 'MS20-07';\nkbs = make_list(\n '4565513'\n);\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:'10',\n sp:0,\n os_build:'10240',\n rollup_date:'07_2020',\n bulletin:bulletin,\n rollup_kb_list:[4565513])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n\n\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-19T15:24:04", "description": "The remote Windows host is missing security update 4565511. It is, therefore, affected by multiple vulnerabilities :\n\n - An elevation of privilege vulnerability exists when the Windows System Events Broker improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges.\n (CVE-2020-1357)\n\n - An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1411)\n\n - An elevation of privilege vulnerability exists when the Windows USO Core Worker improperly handles memory.\n (CVE-2020-1352)\n\n - An elevation of privilege vulnerability exists when the Windows Diagnostics Hub Standard Collector Service fails to properly sanitize input, leading to an unsecure library-loading behavior. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2020-1393)\n\n - A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage. The security update addresses the vulnerability by correcting how DirectWrite handles objects in memory. (CVE-2020-1409)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Credential Picker handles objects in memory. An attacker who successfully exploited the vulnerability could allow an application with limited privileges on an affected system to execute code at a medium integrity level. (CVE-2020-1385)\n\n - An elevation of privilege vulnerability exists when the Windows Profile Service improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges.\n (CVE-2020-1360)\n\n - A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2020-1403)\n\n - A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server. An attacker who successfully exploited this vulnerability could execute arbitrary code on the computer of the connecting client. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2020-1374)\n\n - A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted fonts. For all systems except Windows 10, an attacker who successfully exploited the vulnerability could execute code remotely. For systems running Windows 10, an attacker who successfully exploited the vulnerability could execute code in an AppContainer sandbox context with limited privileges and capabilities. An attacker could then install programs;\n view, change, or delete data; or create new accounts with full user rights. There are multiple ways an attacker could exploit the vulnerability:\n (CVE-2020-1436)\n\n - An elevation of privilege vulnerability exists in the way that the Credential Enrollment Manager service handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1368)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Network List Service handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1406)\n\n - An information disclosure vulnerability exists when the Windows Graphics component improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. An authenticated attacker could exploit this vulnerability by running a specially crafted application. The update addresses the vulnerability by correcting how the Windows Graphics Component handles objects in memory. (CVE-2020-1351)\n\n - An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory. (CVE-2020-1468)\n\n - An elevation of privilege vulnerability exists when the Windows Event Logging Service improperly handles memory.\n (CVE-2020-1365, CVE-2020-1371)\n\n - An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2020-1389, CVE-2020-1419)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Speech Brokered API handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1395)\n\n - An elevation of privilege vulnerability exists in the way that the Windows WalletService handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1344, CVE-2020-1362, CVE-2020-1369)\n\n - An elevation of privilege vulnerability exists when the Windows ActiveX Installer Service improperly handles memory. (CVE-2020-1402)\n\n - This security update corrects a denial of service in the Local Security Authority Subsystem Service (LSASS) caused when an authenticated attacker sends a specially crafted authentication request. A remote attacker who successfully exploited this vulnerability could cause a denial of service on the target system's LSASS service, which triggers an automatic reboot of the system. The security update addresses the vulnerability by changing the way that LSASS handles specially crafted authentication requests. (CVE-2020-1267)\n\n - A remote code execution vulnerability exists when Windows Address Book (WAB) improperly processes vcard files. (CVE-2020-1410)\n\n - An elevation of privilege vulnerability exists when the Windows Modules Installer improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges.\n (CVE-2020-1346)\n\n - An elevation of privilege vulnerability exists when the Windows UPnP Device Host improperly handles memory.\n (CVE-2020-1354, CVE-2020-1430)\n\n - An elevation of privilege vulnerability exists in the way that the SharedStream Library handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1463)\n\n - An elevation of privilege vulnerability exists when Group Policy Services Policy Processing improperly handle reparse points. An attacker who successfully exploited this vulnerability could overwrite a targeted file that would normally require elevated permissions.\n (CVE-2020-1333)\n\n - An information disclosure vulnerability exists when Skype for Business is accessed via Microsoft Edge (EdgeHTML-based). An attacker who exploited the vulnerability could cause the user to place a call without additional consent, leading to information disclosure of the user profile. For the vulnerability to be exploited, a user must click a specially crafted URL that prompts the Skype app. (CVE-2020-1462)\n\n - A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited the vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1408)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory.\n An attacker who successfully exploited the vulnerability could execute code with elevated permissions.\n (CVE-2020-1336)\n\n - An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC). An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2020-1396)\n\n - A denial of service vulnerability exists in the way that the WalletService handles files. An attacker who successfully exploited the vulnerability could corrupt system files. (CVE-2020-1364)\n\n - An information disclosure vulnerability exists when Skype for Business is accessed via Internet Explorer. An attacker who exploited the vulnerability could cause the user to place a call without additional consent, leading to information disclosure of the user profile. For the vulnerability to be exploited, a user must click a specially crafted URL that prompts the Skype app.\n (CVE-2020-1432)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Network Location Awareness Service handles objects in memory. An attacker who successfully exploited the vulnerability could allow an application with limited privileges on an affected system to execute code at a medium integrity level. (CVE-2020-1437)\n\n - A remote code execution vulnerability exists in .NET Framework, Microsoft SharePoint, and Visual Studio when the software fails to check the source markup of XML file input. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the process responsible for deserialization of the XML content. (CVE-2020-1147)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Network Connections Service handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1373, CVE-2020-1390, CVE-2020-1427, CVE-2020-1428, CVE-2020-1438)\n\n - An elevation of privilege vulnerability exists when the Windows Cryptography Next Generation (CNG) Key Isolation service improperly handles memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. (CVE-2020-1359, CVE-2020-1384)\n\n - An information disclosure vulnerability exists when the Windows Resource Policy component improperly handles memory. (CVE-2020-1358)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Function Discovery Service handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1085)\n\n - An information disclosure vulnerability exists when Windows Error Reporting improperly handles file operations. (CVE-2020-1420)\n\n - A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code on a target system. (CVE-2020-1412)\n\n - An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The update addresses the vulnerability by correcting the way the Windows Runtime handles objects in memory.\n (CVE-2020-1249, CVE-2020-1353, CVE-2020-1370, CVE-2020-1399, CVE-2020-1404, CVE-2020-1413)\n\n - An information disclosure vulnerability exists when Microsoft Edge PDF Reader improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2020-1433)\n\n - A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory. (CVE-2020-1400, CVE-2020-1401, CVE-2020-1407)\n\n - An elevation of privilege vulnerability exists when Windows Error Reporting manager improperly handles a process crash. An attacker who successfully exploited this vulnerability could delete a targeted file leading to an elevated status. (CVE-2020-1429)\n\n - An elevation of privilege vulnerability exists in the way that the psmsrv.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.\n (CVE-2020-1388)\n\n - An elevation of privilege vulnerability exists when the Windows iSCSI Target Service improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges.\n (CVE-2020-1356)\n\n - A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. (CVE-2020-1421)\n\n - An information disclosure vulnerability exists in Windows when the Windows Imaging Component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user's system.\n There are multiple ways an attacker could exploit this vulnerability: (CVE-2020-1397)\n\n - A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1435)\n\n - An information disclosure vulnerability exists in the way that the WalletService handles memory.\n (CVE-2020-1361)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Sync Host Service handles objects in memory. An attacker who successfully exploited the vulnerability could allow an application with limited privileges on an affected system to execute code at a medium integrity level. (CVE-2020-1434)\n\n - An elevation of privilege vulnerability exists when Windows Lockscreen fails to properly handle Ease of Access dialog. An attacker who successfully exploited the vulnerability could execute commands with elevated permissions. The security update addresses the vulnerability by ensuring that the Ease of Access dialog is handled properly. (CVE-2020-1398)", "cvss3": {}, "published": "2020-07-14T00:00:00", "type": "nessus", "title": "KB4565511: Windows 10 Version 1607 and Windows Server 2016 July 2020 Security Update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-1085", "CVE-2020-1147", "CVE-2020-1249", "CVE-2020-1267", "CVE-2020-1333", "CVE-2020-1336", "CVE-2020-1344", "CVE-2020-1346", "CVE-2020-1351", "CVE-2020-1352", "CVE-2020-1353", "CVE-2020-1354", "CVE-2020-1356", "CVE-2020-1357", "CVE-2020-1358", "CVE-2020-1359", "CVE-2020-1360", "CVE-2020-1361", "CVE-2020-1362", "CVE-2020-1364", "CVE-2020-1365", "CVE-2020-1368", "CVE-2020-1369", "CVE-2020-1370", "CVE-2020-1371", "CVE-2020-1373", "CVE-2020-1374", "CVE-2020-1384", "CVE-2020-1385", "CVE-2020-1388", "CVE-2020-1389", "CVE-2020-1390", "CVE-2020-1393", "CVE-2020-1395", "CVE-2020-1396", "CVE-2020-1397", "CVE-2020-1398", "CVE-2020-1399", "CVE-2020-1400", "CVE-2020-1401", "CVE-2020-1402", "CVE-2020-1403", "CVE-2020-1404", "CVE-2020-1406", "CVE-2020-1407", "CVE-2020-1408", "CVE-2020-1409", "CVE-2020-1410", "CVE-2020-1411", "CVE-2020-1412", "CVE-2020-1413", "CVE-2020-1419", "CVE-2020-1420", "CVE-2020-1421", "CVE-2020-1427", "CVE-2020-1428", "CVE-2020-1429", "CVE-2020-1430", "CVE-2020-1432", "CVE-2020-1433", "CVE-2020-1434", "CVE-2020-1435", "CVE-2020-1436", "CVE-2020-1437", "CVE-2020-1438", "CVE-2020-1462", "CVE-2020-1463", "CVE-2020-1468"], "modified": "2023-04-25T00:00:00", "cpe": ["cpe:/o:microsoft:windows", "cpe:/a:microsoft:edge"], "id": "SMB_NT_MS20_JUL_4565511.NASL", "href": "https://www.tenable.com/plugins/nessus/138458", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(138458);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/04/25\");\n\n script_cve_id(\n \"CVE-2020-1085\",\n \"CVE-2020-1147\",\n \"CVE-2020-1249\",\n \"CVE-2020-1267\",\n \"CVE-2020-1333\",\n \"CVE-2020-1336\",\n \"CVE-2020-1344\",\n \"CVE-2020-1346\",\n \"CVE-2020-1351\",\n \"CVE-2020-1352\",\n \"CVE-2020-1353\",\n \"CVE-2020-1354\",\n \"CVE-2020-1356\",\n \"CVE-2020-1357\",\n \"CVE-2020-1358\",\n \"CVE-2020-1359\",\n \"CVE-2020-1360\",\n \"CVE-2020-1361\",\n \"CVE-2020-1362\",\n \"CVE-2020-1364\",\n \"CVE-2020-1365\",\n \"CVE-2020-1368\",\n \"CVE-2020-1369\",\n \"CVE-2020-1370\",\n \"CVE-2020-1371\",\n \"CVE-2020-1373\",\n \"CVE-2020-1374\",\n \"CVE-2020-1384\",\n \"CVE-2020-1385\",\n \"CVE-2020-1388\",\n \"CVE-2020-1389\",\n \"CVE-2020-1390\",\n \"CVE-2020-1393\",\n \"CVE-2020-1395\",\n \"CVE-2020-1396\",\n \"CVE-2020-1397\",\n \"CVE-2020-1398\",\n \"CVE-2020-1399\",\n \"CVE-2020-1400\",\n \"CVE-2020-1401\",\n \"CVE-2020-1402\",\n \"CVE-2020-1403\",\n \"CVE-2020-1404\",\n \"CVE-2020-1406\",\n \"CVE-2020-1407\",\n \"CVE-2020-1408\",\n \"CVE-2020-1409\",\n \"CVE-2020-1410\",\n \"CVE-2020-1411\",\n \"CVE-2020-1412\",\n \"CVE-2020-1413\",\n \"CVE-2020-1419\",\n \"CVE-2020-1420\",\n \"CVE-2020-1421\",\n \"CVE-2020-1427\",\n \"CVE-2020-1428\",\n \"CVE-2020-1429\",\n \"CVE-2020-1430\",\n \"CVE-2020-1432\",\n \"CVE-2020-1433\",\n \"CVE-2020-1434\",\n \"CVE-2020-1435\",\n \"CVE-2020-1436\",\n \"CVE-2020-1437\",\n \"CVE-2020-1438\",\n \"CVE-2020-1462\",\n \"CVE-2020-1463\",\n \"CVE-2020-1468\"\n );\n script_xref(name:\"MSKB\", value:\"4565511\");\n script_xref(name:\"MSFT\", value:\"MS20-4565511\");\n script_xref(name:\"IAVA\", value:\"2020-A-0300-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0302-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0306-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0313-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/03\");\n\n script_name(english:\"KB4565511: Windows 10 Version 1607 and Windows Server 2016 July 2020 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4565511. It is, \ntherefore, affected by multiple vulnerabilities :\n\n - An elevation of privilege vulnerability exists when the\n Windows System Events Broker improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could gain elevated privileges.\n (CVE-2020-1357)\n\n - An elevation of privilege vulnerability exists when the\n Windows kernel fails to properly handle objects in\n memory. An attacker who successfully exploited this\n vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change,\n or delete data; or create new accounts with full user\n rights. (CVE-2020-1411)\n\n - An elevation of privilege vulnerability exists when the\n Windows USO Core Worker improperly handles memory.\n (CVE-2020-1352)\n\n - An elevation of privilege vulnerability exists when the\n Windows Diagnostics Hub Standard Collector Service fails\n to properly sanitize input, leading to an unsecure\n library-loading behavior. An attacker who successfully\n exploited this vulnerability could run arbitrary code\n with elevated system privileges. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2020-1393)\n\n - A remote code execution vulnerability exists in the way\n that DirectWrite handles objects in memory. An attacker\n who successfully exploited this vulnerability could take\n control of the affected system. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights. There are\n multiple ways an attacker could exploit the\n vulnerability, such as by convincing a user to open a\n specially crafted document, or by convincing a user to\n visit an untrusted webpage. The security update\n addresses the vulnerability by correcting how\n DirectWrite handles objects in memory. (CVE-2020-1409)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Credential Picker handles objects\n in memory. An attacker who successfully exploited the\n vulnerability could allow an application with limited\n privileges on an affected system to execute code at a\n medium integrity level. (CVE-2020-1385)\n\n - An elevation of privilege vulnerability exists when the\n Windows Profile Service improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could gain elevated privileges.\n (CVE-2020-1360)\n\n - A remote code execution vulnerability exists in the way\n that the VBScript engine handles objects in memory. The\n vulnerability could corrupt memory in such a way that an\n attacker could execute arbitrary code in the context of\n the current user. An attacker who successfully exploited\n the vulnerability could gain the same user rights as the\n current user. (CVE-2020-1403)\n\n - A remote code execution vulnerability exists in the\n Windows Remote Desktop Client when a user connects to a\n malicious server. An attacker who successfully exploited\n this vulnerability could execute arbitrary code on the\n computer of the connecting client. An attacker could\n then install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2020-1374)\n\n - A remote code execution vulnerability exists when the\n Windows font library improperly handles specially\n crafted fonts. For all systems except Windows 10, an\n attacker who successfully exploited the vulnerability\n could execute code remotely. For systems running Windows\n 10, an attacker who successfully exploited the\n vulnerability could execute code in an AppContainer\n sandbox context with limited privileges and\n capabilities. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. There are multiple ways an\n attacker could exploit the vulnerability:\n (CVE-2020-1436)\n\n - An elevation of privilege vulnerability exists in the\n way that the Credential Enrollment Manager service\n handles objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2020-1368)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Network List Service handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2020-1406)\n\n - An information disclosure vulnerability exists when the\n Windows Graphics component improperly handles objects in\n memory. An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. An authenticated attacker\n could exploit this vulnerability by running a specially\n crafted application. The update addresses the\n vulnerability by correcting how the Windows Graphics\n Component handles objects in memory. (CVE-2020-1351)\n\n - An information disclosure vulnerability exists when the\n Windows GDI component improperly discloses the contents\n of its memory. An attacker who successfully exploited\n the vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document,\n or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by\n correcting how the Windows GDI component handles objects\n in memory. (CVE-2020-1468)\n\n - An elevation of privilege vulnerability exists when the\n Windows Event Logging Service improperly handles memory.\n (CVE-2020-1365, CVE-2020-1371)\n\n - An information disclosure vulnerability exists when the\n Windows kernel fails to properly initialize a memory\n address. An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. (CVE-2020-1389,\n CVE-2020-1419)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Speech Brokered API handles objects\n in memory. An attacker who successfully exploited the\n vulnerability could execute code with elevated\n permissions. (CVE-2020-1395)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows WalletService handles objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute code with elevated\n permissions. (CVE-2020-1344, CVE-2020-1362,\n CVE-2020-1369)\n\n - An elevation of privilege vulnerability exists when the\n Windows ActiveX Installer Service improperly handles\n memory. (CVE-2020-1402)\n\n - This security update corrects a denial of service in the\n Local Security Authority Subsystem Service (LSASS)\n caused when an authenticated attacker sends a specially\n crafted authentication request. A remote attacker who\n successfully exploited this vulnerability could cause a\n denial of service on the target system's LSASS service,\n which triggers an automatic reboot of the system. The\n security update addresses the vulnerability by changing\n the way that LSASS handles specially crafted\n authentication requests. (CVE-2020-1267)\n\n - A remote code execution vulnerability exists when\n Windows Address Book (WAB) improperly processes vcard\n files. (CVE-2020-1410)\n\n - An elevation of privilege vulnerability exists when the\n Windows Modules Installer improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could gain elevated privileges.\n (CVE-2020-1346)\n\n - An elevation of privilege vulnerability exists when the\n Windows UPnP Device Host improperly handles memory.\n (CVE-2020-1354, CVE-2020-1430)\n\n - An elevation of privilege vulnerability exists in the\n way that the SharedStream Library handles objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute code with elevated\n permissions. (CVE-2020-1463)\n\n - An elevation of privilege vulnerability exists when\n Group Policy Services Policy Processing improperly\n handle reparse points. An attacker who successfully\n exploited this vulnerability could overwrite a targeted\n file that would normally require elevated permissions.\n (CVE-2020-1333)\n\n - An information disclosure vulnerability exists when\n Skype for Business is accessed via Microsoft Edge\n (EdgeHTML-based). An attacker who exploited the\n vulnerability could cause the user to place a call\n without additional consent, leading to information\n disclosure of the user profile. For the vulnerability to\n be exploited, a user must click a specially crafted URL\n that prompts the Skype app. (CVE-2020-1462)\n\n - A remote code execution vulnerability exists when the\n Windows font library improperly handles specially\n crafted embedded fonts. An attacker who successfully\n exploited the vulnerability could take control of the\n affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. (CVE-2020-1408)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Kernel handles objects in memory.\n An attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2020-1336)\n\n - An elevation of privilege vulnerability exists when\n Windows improperly handles calls to Advanced Local\n Procedure Call (ALPC). An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n the security context of the local system. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n (CVE-2020-1396)\n\n - A denial of service vulnerability exists in the way that\n the WalletService handles files. An attacker who\n successfully exploited the vulnerability could corrupt\n system files. (CVE-2020-1364)\n\n - An information disclosure vulnerability exists when\n Skype for Business is accessed via Internet Explorer. An\n attacker who exploited the vulnerability could cause the\n user to place a call without additional consent, leading\n to information disclosure of the user profile. For the\n vulnerability to be exploited, a user must click a\n specially crafted URL that prompts the Skype app.\n (CVE-2020-1432)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Network Location Awareness Service\n handles objects in memory. An attacker who successfully\n exploited the vulnerability could allow an application\n with limited privileges on an affected system to execute\n code at a medium integrity level. (CVE-2020-1437)\n\n - A remote code execution vulnerability exists in .NET\n Framework, Microsoft SharePoint, and Visual Studio when\n the software fails to check the source markup of XML\n file input. An attacker who successfully exploited the\n vulnerability could run arbitrary code in the context of\n the process responsible for deserialization of the XML\n content. (CVE-2020-1147)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Network Connections Service handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2020-1373, CVE-2020-1390,\n CVE-2020-1427, CVE-2020-1428, CVE-2020-1438)\n\n - An elevation of privilege vulnerability exists when the\n Windows Cryptography Next Generation (CNG) Key Isolation\n service improperly handles memory. An attacker who\n successfully exploited this vulnerability could run\n processes in an elevated context. (CVE-2020-1359,\n CVE-2020-1384)\n\n - An information disclosure vulnerability exists when the\n Windows Resource Policy component improperly handles\n memory. (CVE-2020-1358)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Function Discovery Service handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2020-1085)\n\n - An information disclosure vulnerability exists when\n Windows Error Reporting improperly handles file\n operations. (CVE-2020-1420)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft Graphics Components handle objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute arbitrary code on a target\n system. (CVE-2020-1412)\n\n - An elevation of privilege vulnerability exists when the\n Windows Runtime improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could run arbitrary code in an elevated context. An\n attacker could exploit this vulnerability by running a\n specially crafted application on the victim system. The\n update addresses the vulnerability by correcting the way\n the Windows Runtime handles objects in memory.\n (CVE-2020-1249, CVE-2020-1353, CVE-2020-1370,\n CVE-2020-1399, CVE-2020-1404, CVE-2020-1413)\n\n - An information disclosure vulnerability exists when\n Microsoft Edge PDF Reader improperly handles objects in\n memory. An attacker who successfully exploited the\n vulnerability could obtain information to further\n compromise the users system. (CVE-2020-1433)\n\n - A remote code execution vulnerability exists when the\n Windows Jet Database Engine improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on a victim\n system. An attacker could exploit this vulnerability by\n enticing a victim to open a specially crafted file. The\n update addresses the vulnerability by correcting the way\n the Windows Jet Database Engine handles objects in\n memory. (CVE-2020-1400, CVE-2020-1401, CVE-2020-1407)\n\n - An elevation of privilege vulnerability exists when\n Windows Error Reporting manager improperly handles a\n process crash. An attacker who successfully exploited\n this vulnerability could delete a targeted file leading\n to an elevated status. (CVE-2020-1429)\n\n - An elevation of privilege vulnerability exists in the\n way that the psmsrv.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2020-1388)\n\n - An elevation of privilege vulnerability exists when the\n Windows iSCSI Target Service improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could gain elevated privileges.\n (CVE-2020-1356)\n\n - A remote code execution vulnerability exists in\n Microsoft Windows that could allow remote code execution\n if a .LNK file is processed. An attacker who\n successfully exploited this vulnerability could gain the\n same user rights as the local user. (CVE-2020-1421)\n\n - An information disclosure vulnerability exists in\n Windows when the Windows Imaging Component fails to\n properly handle objects in memory. An attacker who\n successfully exploited this vulnerability could obtain\n information to further compromise the user's system.\n There are multiple ways an attacker could exploit this\n vulnerability: (CVE-2020-1397)\n\n - A remote code execution vulnerability exists in the way\n that the Windows Graphics Device Interface (GDI) handles\n objects in the memory. An attacker who successfully\n exploited this vulnerability could take control of the\n affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. (CVE-2020-1435)\n\n - An information disclosure vulnerability exists in the\n way that the WalletService handles memory.\n (CVE-2020-1361)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Sync Host Service handles objects\n in memory. An attacker who successfully exploited the\n vulnerability could allow an application with limited\n privileges on an affected system to execute code at a\n medium integrity level. (CVE-2020-1434)\n\n - An elevation of privilege vulnerability exists when\n Windows Lockscreen fails to properly handle Ease of\n Access dialog. An attacker who successfully exploited\n the vulnerability could execute commands with elevated\n permissions. The security update addresses the\n vulnerability by ensuring that the Ease of Access dialog\n is handled properly. (CVE-2020-1398)\");\n # https://support.microsoft.com/en-us/help/4565511/windows-10-update-kb4565511\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?777905a0\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update KB4565511.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-1435\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-1436\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'SharePoint DataSet / DataTable Deserialization');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/07/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/07/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('smb_func.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_reg_query.inc');\ninclude('install_func.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = 'MS20-07';\nkbs = make_list(\n '4565511'\n);\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:'10',\n sp:0,\n os_build:'14393',\n rollup_date:'07_2020',\n bulletin:bulletin,\n rollup_kb_list:[4565511])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n\n\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:04:05", "description": "The remote Windows host is missing security update 4565540 or cumulative update 4565541. It is, therefore, affected by multiple vulnerabilities :\n\n - A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage. The security update addresses the vulnerability by correcting how DirectWrite handles objects in memory. (CVE-2020-1409)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Credential Picker handles objects in memory. An attacker who successfully exploited the vulnerability could allow an application with limited privileges on an affected system to execute code at a medium integrity level. (CVE-2020-1385)\n\n - An elevation of privilege vulnerability exists when the Windows Profile Service improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges.\n (CVE-2020-1360)\n\n - A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2020-1403)\n\n - A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server. An attacker who successfully exploited this vulnerability could execute arbitrary code on the computer of the connecting client. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2020-1374)\n\n - A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted fonts. For all systems except Windows 10, an attacker who successfully exploited the vulnerability could execute code remotely. For systems running Windows 10, an attacker who successfully exploited the vulnerability could execute code in an AppContainer sandbox context with limited privileges and capabilities. An attacker could then install programs;\n view, change, or delete data; or create new accounts with full user rights. There are multiple ways an attacker could exploit the vulnerability:\n (CVE-2020-1436)\n\n - An elevation of privilege vulnerability exists in the way that the Credential Enrollment Manager service handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1368)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Network List Service handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1406)\n\n - An elevation of privilege vulnerability exists when the Windows UPnP Device Host improperly handles memory.\n (CVE-2020-1354, CVE-2020-1430)\n\n - An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory. (CVE-2020-1468)\n\n - An elevation of privilege vulnerability exists when the Windows Event Logging Service improperly handles memory.\n (CVE-2020-1365, CVE-2020-1371)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Network Location Awareness Service handles objects in memory. An attacker who successfully exploited the vulnerability could allow an application with limited privileges on an affected system to execute code at a medium integrity level. (CVE-2020-1437)\n\n - An information disclosure vulnerability exists in Windows when the Windows Imaging Component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user's system.\n There are multiple ways an attacker could exploit this vulnerability: (CVE-2020-1397)\n\n - A remote code execution vulnerability exists when Windows Address Book (WAB) improperly processes vcard files. (CVE-2020-1410)\n\n - An information disclosure vulnerability exists when the Windows Graphics component improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. An authenticated attacker could exploit this vulnerability by running a specially crafted application. The update addresses the vulnerability by correcting how the Windows Graphics Component handles objects in memory. (CVE-2020-1351)\n\n - An elevation of privilege vulnerability exists when Group Policy Services Policy Processing improperly handle reparse points. An attacker who successfully exploited this vulnerability could overwrite a targeted file that would normally require elevated permissions.\n (CVE-2020-1333)\n\n - A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited the vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1408)\n\n - An elevation of privilege vulnerability exists when the Windows Modules Installer improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges.\n (CVE-2020-1346)\n\n - An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC). An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2020-1396)\n\n - An information disclosure vulnerability exists when Skype for Business is accessed via Internet Explorer. An attacker who exploited the vulnerability could cause the user to place a call without additional consent, leading to information disclosure of the user profile. For the vulnerability to be exploited, a user must click a specially crafted URL that prompts the Skype app.\n (CVE-2020-1432)\n\n - An elevation of privilege vulnerability exists when the Windows ActiveX Installer Service improperly handles memory. (CVE-2020-1402)\n\n - A remote code execution vulnerability exists in .NET Framework, Microsoft SharePoint, and Visual Studio when the software fails to check the source markup of XML file input. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the process responsible for deserialization of the XML content. (CVE-2020-1147)\n\n - An elevation of privilege vulnerability exists when the Windows Cryptography Next Generation (CNG) Key Isolation service improperly handles memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. (CVE-2020-1359, CVE-2020-1384)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Network Connections Service handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1373, CVE-2020-1390, CVE-2020-1427, CVE-2020-1428, CVE-2020-1438)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Function Discovery Service handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1085)\n\n - A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code on a target system. (CVE-2020-1412)\n\n - A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory. (CVE-2020-1400, CVE-2020-1401, CVE-2020-1407)\n\n - An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2020-1389, CVE-2020-1419)\n\n - An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The update addresses the vulnerability by correcting the way the Windows Runtime handles objects in memory.\n (CVE-2020-1249, CVE-2020-1399)\n\n - An elevation of privilege vulnerability exists when the Windows iSCSI Target Service improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges.\n (CVE-2020-1356)\n\n - This security update corrects a denial of service in the Local Security Authority Subsystem Service (LSASS) caused when an authenticated attacker sends a specially crafted authentication request. A remote attacker who successfully exploited this vulnerability could cause a denial of service on the target system's LSASS service, which triggers an automatic reboot of the system. The security update addresses the vulnerability by changing the way that LSASS handles specially crafted authentication requests. (CVE-2020-1267)\n\n - A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1435)\n\n - A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. (CVE-2020-1421)", "cvss3": {}, "published": "2020-07-14T00:00:00", "type": "nessus", "title": "KB4565540: Windows 8.1 and Windows Server 2012 R2 July 2020 Security Update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-1085", "CVE-2020-1147", "CVE-2020-1249", "CVE-2020-1267", "CVE-2020-1333", "CVE-2020-1346", "CVE-2020-1351", "CVE-2020-1354", "CVE-2020-1356", "CVE-2020-1359", "CVE-2020-1360", "CVE-2020-1365", "CVE-2020-1368", "CVE-2020-1371", "CVE-2020-1373", "CVE-2020-1374", "CVE-2020-1384", "CVE-2020-1385", "CVE-2020-1389", "CVE-2020-1390", "CVE-2020-1396", "CVE-2020-1397", "CVE-2020-1399", "CVE-2020-1400", "CVE-2020-1401", "CVE-2020-1402", "CVE-2020-1403", "CVE-2020-1406", "CVE-2020-1407", "CVE-2020-1408", "CVE-2020-1409", "CVE-2020-1410", "CVE-2020-1412", "CVE-2020-1419", "CVE-2020-1421", "CVE-2020-1427", "CVE-2020-1428", "CVE-2020-1430", "CVE-2020-1432", "CVE-2020-1435", "CVE-2020-1436", "CVE-2020-1437", "CVE-2020-1438", "CVE-2020-1468"], "modified": "2023-04-25T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS20_JUL_4565541.NASL", "href": "https://www.tenable.com/plugins/nessus/138463", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(138463);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/04/25\");\n\n script_cve_id(\n \"CVE-2020-1085\",\n \"CVE-2020-1147\",\n \"CVE-2020-1249\",\n \"CVE-2020-1267\",\n \"CVE-2020-1333\",\n \"CVE-2020-1346\",\n \"CVE-2020-1351\",\n \"CVE-2020-1354\",\n \"CVE-2020-1356\",\n \"CVE-2020-1359\",\n \"CVE-2020-1360\",\n \"CVE-2020-1365\",\n \"CVE-2020-1368\",\n \"CVE-2020-1371\",\n \"CVE-2020-1373\",\n \"CVE-2020-1374\",\n \"CVE-2020-1384\",\n \"CVE-2020-1385\",\n \"CVE-2020-1389\",\n \"CVE-2020-1390\",\n \"CVE-2020-1396\",\n \"CVE-2020-1397\",\n \"CVE-2020-1399\",\n \"CVE-2020-1400\",\n \"CVE-2020-1401\",\n \"CVE-2020-1402\",\n \"CVE-2020-1403\",\n \"CVE-2020-1406\",\n \"CVE-2020-1407\",\n \"CVE-2020-1408\",\n \"CVE-2020-1409\",\n \"CVE-2020-1410\",\n \"CVE-2020-1412\",\n \"CVE-2020-1419\",\n \"CVE-2020-1421\",\n \"CVE-2020-1427\",\n \"CVE-2020-1428\",\n \"CVE-2020-1430\",\n \"CVE-2020-1432\",\n \"CVE-2020-1435\",\n \"CVE-2020-1436\",\n \"CVE-2020-1437\",\n \"CVE-2020-1438\",\n \"CVE-2020-1468\"\n );\n script_xref(name:\"MSKB\", value:\"4565540\");\n script_xref(name:\"MSKB\", value:\"4565541\");\n script_xref(name:\"MSFT\", value:\"MS20-4565540\");\n script_xref(name:\"MSFT\", value:\"MS20-4565541\");\n script_xref(name:\"IAVA\", value:\"2020-A-0306-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0313-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/03\");\n\n script_name(english:\"KB4565540: Windows 8.1 and Windows Server 2012 R2 July 2020 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4565540\nor cumulative update 4565541. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - A remote code execution vulnerability exists in the way\n that DirectWrite handles objects in memory. An attacker\n who successfully exploited this vulnerability could take\n control of the affected system. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights. There are\n multiple ways an attacker could exploit the\n vulnerability, such as by convincing a user to open a\n specially crafted document, or by convincing a user to\n visit an untrusted webpage. The security update\n addresses the vulnerability by correcting how\n DirectWrite handles objects in memory. (CVE-2020-1409)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Credential Picker handles objects\n in memory. An attacker who successfully exploited the\n vulnerability could allow an application with limited\n privileges on an affected system to execute code at a\n medium integrity level. (CVE-2020-1385)\n\n - An elevation of privilege vulnerability exists when the\n Windows Profile Service improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could gain elevated privileges.\n (CVE-2020-1360)\n\n - A remote code execution vulnerability exists in the way\n that the VBScript engine handles objects in memory. The\n vulnerability could corrupt memory in such a way that an\n attacker could execute arbitrary code in the context of\n the current user. An attacker who successfully exploited\n the vulnerability could gain the same user rights as the\n current user. (CVE-2020-1403)\n\n - A remote code execution vulnerability exists in the\n Windows Remote Desktop Client when a user connects to a\n malicious server. An attacker who successfully exploited\n this vulnerability could execute arbitrary code on the\n computer of the connecting client. An attacker could\n then install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2020-1374)\n\n - A remote code execution vulnerability exists when the\n Windows font library improperly handles specially\n crafted fonts. For all systems except Windows 10, an\n attacker who successfully exploited the vulnerability\n could execute code remotely. For systems running Windows\n 10, an attacker who successfully exploited the\n vulnerability could execute code in an AppContainer\n sandbox context with limited privileges and\n capabilities. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. There are multiple ways an\n attacker could exploit the vulnerability:\n (CVE-2020-1436)\n\n - An elevation of privilege vulnerability exists in the\n way that the Credential Enrollment Manager service\n handles objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2020-1368)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Network List Service handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2020-1406)\n\n - An elevation of privilege vulnerability exists when the\n Windows UPnP Device Host improperly handles memory.\n (CVE-2020-1354, CVE-2020-1430)\n\n - An information disclosure vulnerability exists when the\n Windows GDI component improperly discloses the contents\n of its memory. An attacker who successfully exploited\n the vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document,\n or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by\n correcting how the Windows GDI component handles objects\n in memory. (CVE-2020-1468)\n\n - An elevation of privilege vulnerability exists when the\n Windows Event Logging Service improperly handles memory.\n (CVE-2020-1365, CVE-2020-1371)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Network Location Awareness Service\n handles objects in memory. An attacker who successfully\n exploited the vulnerability could allow an application\n with limited privileges on an affected system to execute\n code at a medium integrity level. (CVE-2020-1437)\n\n - An information disclosure vulnerability exists in\n Windows when the Windows Imaging Component fails to\n properly handle objects in memory. An attacker who\n successfully exploited this vulnerability could obtain\n information to further compromise the user's system.\n There are multiple ways an attacker could exploit this\n vulnerability: (CVE-2020-1397)\n\n - A remote code execution vulnerability exists when\n Windows Address Book (WAB) improperly processes vcard\n files. (CVE-2020-1410)\n\n - An information disclosure vulnerability exists when the\n Windows Graphics component improperly handles objects in\n memory. An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. An authenticated attacker\n could exploit this vulnerability by running a specially\n crafted application. The update addresses the\n vulnerability by correcting how the Windows Graphics\n Component handles objects in memory. (CVE-2020-1351)\n\n - An elevation of privilege vulnerability exists when\n Group Policy Services Policy Processing improperly\n handle reparse points. An attacker who successfully\n exploited this vulnerability could overwrite a targeted\n file that would normally require elevated permissions.\n (CVE-2020-1333)\n\n - A remote code execution vulnerability exists when the\n Windows font library improperly handles specially\n crafted embedded fonts. An attacker who successfully\n exploited the vulnerability could take control of the\n affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. (CVE-2020-1408)\n\n - An elevation of privilege vulnerability exists when the\n Windows Modules Installer improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could gain elevated privileges.\n (CVE-2020-1346)\n\n - An elevation of privilege vulnerability exists when\n Windows improperly handles calls to Advanced Local\n Procedure Call (ALPC). An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n the security context of the local system. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n (CVE-2020-1396)\n\n - An information disclosure vulnerability exists when\n Skype for Business is accessed via Internet Explorer. An\n attacker who exploited the vulnerability could cause the\n user to place a call without additional consent, leading\n to information disclosure of the user profile. For the\n vulnerability to be exploited, a user must click a\n specially crafted URL that prompts the Skype app.\n (CVE-2020-1432)\n\n - An elevation of privilege vulnerability exists when the\n Windows ActiveX Installer Service improperly handles\n memory. (CVE-2020-1402)\n\n - A remote code execution vulnerability exists in .NET\n Framework, Microsoft SharePoint, and Visual Studio when\n the software fails to check the source markup of XML\n file input. An attacker who successfully exploited the\n vulnerability could run arbitrary code in the context of\n the process responsible for deserialization of the XML\n content. (CVE-2020-1147)\n\n - An elevation of privilege vulnerability exists when the\n Windows Cryptography Next Generation (CNG) Key Isolation\n service improperly handles memory. An attacker who\n successfully exploited this vulnerability could run\n processes in an elevated context. (CVE-2020-1359,\n CVE-2020-1384)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Network Connections Service handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2020-1373, CVE-2020-1390,\n CVE-2020-1427, CVE-2020-1428, CVE-2020-1438)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Function Discovery Service handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2020-1085)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft Graphics Components handle objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute arbitrary code on a target\n system. (CVE-2020-1412)\n\n - A remote code execution vulnerability exists when the\n Windows Jet Database Engine improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on a victim\n system. An attacker could exploit this vulnerability by\n enticing a victim to open a specially crafted file. The\n update addresses the vulnerability by correcting the way\n the Windows Jet Database Engine handles objects in\n memory. (CVE-2020-1400, CVE-2020-1401, CVE-2020-1407)\n\n - An information disclosure vulnerability exists when the\n Windows kernel fails to properly initialize a memory\n address. An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. (CVE-2020-1389,\n CVE-2020-1419)\n\n - An elevation of privilege vulnerability exists when the\n Windows Runtime improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could run arbitrary code in an elevated context. An\n attacker could exploit this vulnerability by running a\n specially crafted application on the victim system. The\n update addresses the vulnerability by correcting the way\n the Windows Runtime handles objects in memory.\n (CVE-2020-1249, CVE-2020-1399)\n\n - An elevation of privilege vulnerability exists when the\n Windows iSCSI Target Service improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could gain elevated privileges.\n (CVE-2020-1356)\n\n - This security update corrects a denial of service in the\n Local Security Authority Subsystem Service (LSASS)\n caused when an authenticated attacker sends a specially\n crafted authentication request. A remote attacker who\n successfully exploited this vulnerability could cause a\n denial of service on the target system's LSASS service,\n which triggers an automatic reboot of the system. The\n security update addresses the vulnerability by changing\n the way that LSASS handles specially crafted\n authentication requests. (CVE-2020-1267)\n\n - A remote code execution vulnerability exists in the way\n that the Windows Graphics Device Interface (GDI) handles\n objects in the memory. An attacker who successfully\n exploited this vulnerability could take control of the\n affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. (CVE-2020-1435)\n\n - A remote code execution vulnerability exists in\n Microsoft Windows that could allow remote code execution\n if a .LNK file is processed. An attacker who\n successfully exploited this vulnerability could gain the\n same user rights as the local user. (CVE-2020-1421)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/help/4565540/windows-8-1-kb4565540\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/help/4565541/windows-8-1-kb4565541\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Security Only update KB4565540 or Cumulative Update KB4565541.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-1435\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-1436\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'SharePoint DataSet / DataTable Deserialization');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/07/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/07/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('smb_func.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_reg_query.inc');\ninclude('install_func.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = 'MS20-07';\nkbs = make_list(\n '4565541',\n '4565540'\n);\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(win81:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\n# Windows 8 EOL\nproductname = get_kb_item_or_exit(\"SMB/ProductName\", exit_code:1);\nif (\"Windows 8\" >< productname && \"8.1\" >!< productname)\n audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:'6.3', \n sp:0,\n rollup_date:'07_2020',\n bulletin:bulletin,\n rollup_kb_list:[4565541, 4565540])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n\n\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:04:05", "description": "The remote Windows host is missing security update 4565529 or cumulative update 4565536. It is, therefore, affected by multiple vulnerabilities :\n\n - A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage. The security update addresses the vulnerability by correcting how DirectWrite handles objects in memory. (CVE-2020-1409)\n\n - An elevation of privilege vulnerability exists when the Windows Profile Service improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges.\n (CVE-2020-1360)\n\n - A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2020-1403)\n\n - An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory. (CVE-2020-1468)\n\n - A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted fonts. For all systems except Windows 10, an attacker who successfully exploited the vulnerability could execute code remotely. For systems running Windows 10, an attacker who successfully exploited the vulnerability could execute code in an AppContainer sandbox context with limited privileges and capabilities. An attacker could then install programs;\n view, change, or delete data; or create new accounts with full user rights. There are multiple ways an attacker could exploit the vulnerability:\n (CVE-2020-1436)\n\n - An elevation of privilege vulnerability exists when the Windows UPnP Device Host improperly handles memory.\n (CVE-2020-1354, CVE-2020-1430)\n\n - An elevation of privilege vulnerability exists when the Windows Modules Installer improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges.\n (CVE-2020-1346)\n\n - An information disclosure vulnerability exists in Windows when the Windows Imaging Component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user's system.\n There are multiple ways an attacker could exploit this vulnerability: (CVE-2020-1397)\n\n - A remote code execution vulnerability exists when Windows Address Book (WAB) improperly processes vcard files. (CVE-2020-1410)\n\n - An elevation of privilege vulnerability exists when Group Policy Services Policy Processing improperly handle reparse points. An attacker who successfully exploited this vulnerability could overwrite a targeted file that would normally require elevated permissions.\n (CVE-2020-1333)\n\n - A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited the vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1408)\n\n - An elevation of privilege vulnerability exists when the Windows Event Logging Service improperly handles memory.\n (CVE-2020-1365, CVE-2020-1371)\n\n - An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC). An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2020-1396)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Network Location Awareness Service handles objects in memory. An attacker who successfully exploited the vulnerability could allow an application with limited privileges on an affected system to execute code at a medium integrity level. (CVE-2020-1437)\n\n - A remote code execution vulnerability exists in .NET Framework, Microsoft SharePoint, and Visual Studio when the software fails to check the source markup of XML file input. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the process responsible for deserialization of the XML content. (CVE-2020-1147)\n\n - An elevation of privilege vulnerability exists when the Windows Cryptography Next Generation (CNG) Key Isolation service improperly handles memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. (CVE-2020-1359, CVE-2020-1384)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Network Connections Service handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1373, CVE-2020-1390, CVE-2020-1427, CVE-2020-1428, CVE-2020-1438)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Function Discovery Service handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1085)\n\n - A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code on a target system. (CVE-2020-1412)\n\n - A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory. (CVE-2020-1400, CVE-2020-1401, CVE-2020-1407)\n\n - An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2020-1389, CVE-2020-1419)\n\n - This security update corrects a denial of service in the Local Security Authority Subsystem Service (LSASS) caused when an authenticated attacker sends a specially crafted authentication request. A remote attacker who successfully exploited this vulnerability could cause a denial of service on the target system's LSASS service, which triggers an automatic reboot of the system. The security update addresses the vulnerability by changing the way that LSASS handles specially crafted authentication requests. (CVE-2020-1267)\n\n - A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1435)\n\n - A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. (CVE-2020-1421)", "cvss3": {}, "published": "2020-07-14T00:00:00", "type": "nessus", "title": "KB4565529: Windows Server 2008 July 2020 Security Update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-1085", "CVE-2020-1147", "CVE-2020-1267", "CVE-2020-1333", "CVE-2020-1346", "CVE-2020-1354", "CVE-2020-1359", "CVE-2020-1360", "CVE-2020-1365", "CVE-2020-1371", "CVE-2020-1373", "CVE-2020-1384", "CVE-2020-1389", "CVE-2020-1390", "CVE-2020-1396", "CVE-2020-1397", "CVE-2020-1400", "CVE-2020-1401", "CVE-2020-1403", "CVE-2020-1407", "CVE-2020-1408", "CVE-2020-1409", "CVE-2020-1410", "CVE-2020-1412", "CVE-2020-1419", "CVE-2020-1421", "CVE-2020-1427", "CVE-2020-1428", "CVE-2020-1430", "CVE-2020-1435", "CVE-2020-1436", "CVE-2020-1437", "CVE-2020-1438", "CVE-2020-1468"], "modified": "2023-04-25T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS20_JUL_4565536.NASL", "href": "https://www.tenable.com/plugins/nessus/138461", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(138461);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/04/25\");\n\n script_cve_id(\n \"CVE-2020-1085\",\n \"CVE-2020-1147\",\n \"CVE-2020-1267\",\n \"CVE-2020-1333\",\n \"CVE-2020-1346\",\n \"CVE-2020-1354\",\n \"CVE-2020-1359\",\n \"CVE-2020-1360\",\n \"CVE-2020-1365\",\n \"CVE-2020-1371\",\n \"CVE-2020-1373\",\n \"CVE-2020-1384\",\n \"CVE-2020-1389\",\n \"CVE-2020-1390\",\n \"CVE-2020-1396\",\n \"CVE-2020-1397\",\n \"CVE-2020-1400\",\n \"CVE-2020-1401\",\n \"CVE-2020-1403\",\n \"CVE-2020-1407\",\n \"CVE-2020-1408\",\n \"CVE-2020-1409\",\n \"CVE-2020-1410\",\n \"CVE-2020-1412\",\n \"CVE-2020-1419\",\n \"CVE-2020-1421\",\n \"CVE-2020-1427\",\n \"CVE-2020-1428\",\n \"CVE-2020-1430\",\n \"CVE-2020-1435\",\n \"CVE-2020-1436\",\n \"CVE-2020-1437\",\n \"CVE-2020-1438\",\n \"CVE-2020-1468\"\n );\n script_xref(name:\"MSKB\", value:\"4565536\");\n script_xref(name:\"MSKB\", value:\"4565529\");\n script_xref(name:\"MSFT\", value:\"MS20-4565536\");\n script_xref(name:\"MSFT\", value:\"MS20-4565529\");\n script_xref(name:\"IAVA\", value:\"2020-A-0306-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0313-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/03\");\n\n script_name(english:\"KB4565529: Windows Server 2008 July 2020 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4565529\nor cumulative update 4565536. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - A remote code execution vulnerability exists in the way\n that DirectWrite handles objects in memory. An attacker\n who successfully exploited this vulnerability could take\n control of the affected system. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights. There are\n multiple ways an attacker could exploit the\n vulnerability, such as by convincing a user to open a\n specially crafted document, or by convincing a user to\n visit an untrusted webpage. The security update\n addresses the vulnerability by correcting how\n DirectWrite handles objects in memory. (CVE-2020-1409)\n\n - An elevation of privilege vulnerability exists when the\n Windows Profile Service improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could gain elevated privileges.\n (CVE-2020-1360)\n\n - A remote code execution vulnerability exists in the way\n that the VBScript engine handles objects in memory. The\n vulnerability could corrupt memory in such a way that an\n attacker could execute arbitrary code in the context of\n the current user. An attacker who successfully exploited\n the vulnerability could gain the same user rights as the\n current user. (CVE-2020-1403)\n\n - An information disclosure vulnerability exists when the\n Windows GDI component improperly discloses the contents\n of its memory. An attacker who successfully exploited\n the vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document,\n or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by\n correcting how the Windows GDI component handles objects\n in memory. (CVE-2020-1468)\n\n - A remote code execution vulnerability exists when the\n Windows font library improperly handles specially\n crafted fonts. For all systems except Windows 10, an\n attacker who successfully exploited the vulnerability\n could execute code remotely. For systems running Windows\n 10, an attacker who successfully exploited the\n vulnerability could execute code in an AppContainer\n sandbox context with limited privileges and\n capabilities. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. There are multiple ways an\n attacker could exploit the vulnerability:\n (CVE-2020-1436)\n\n - An elevation of privilege vulnerability exists when the\n Windows UPnP Device Host improperly handles memory.\n (CVE-2020-1354, CVE-2020-1430)\n\n - An elevation of privilege vulnerability exists when the\n Windows Modules Installer improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could gain elevated privileges.\n (CVE-2020-1346)\n\n - An information disclosure vulnerability exists in\n Windows when the Windows Imaging Component fails to\n properly handle objects in memory. An attacker who\n successfully exploited this vulnerability could obtain\n information to further compromise the user's system.\n There are multiple ways an attacker could exploit this\n vulnerability: (CVE-2020-1397)\n\n - A remote code execution vulnerability exists when\n Windows Address Book (WAB) improperly processes vcard\n files. (CVE-2020-1410)\n\n - An elevation of privilege vulnerability exists when\n Group Policy Services Policy Processing improperly\n handle reparse points. An attacker who successfully\n exploited this vulnerability could overwrite a targeted\n file that would normally require elevated permissions.\n (CVE-2020-1333)\n\n - A remote code execution vulnerability exists when the\n Windows font library improperly handles specially\n crafted embedded fonts. An attacker who successfully\n exploited the vulnerability could take control of the\n affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. (CVE-2020-1408)\n\n - An elevation of privilege vulnerability exists when the\n Windows Event Logging Service improperly handles memory.\n (CVE-2020-1365, CVE-2020-1371)\n\n - An elevation of privilege vulnerability exists when\n Windows improperly handles calls to Advanced Local\n Procedure Call (ALPC). An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n the security context of the local system. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n (CVE-2020-1396)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Network Location Awareness Service\n handles objects in memory. An attacker who successfully\n exploited the vulnerability could allow an application\n with limited privileges on an affected system to execute\n code at a medium integrity level. (CVE-2020-1437)\n\n - A remote code execution vulnerability exists in .NET\n Framework, Microsoft SharePoint, and Visual Studio when\n the software fails to check the source markup of XML\n file input. An attacker who successfully exploited the\n vulnerability could run arbitrary code in the context of\n the process responsible for deserialization of the XML\n content. (CVE-2020-1147)\n\n - An elevation of privilege vulnerability exists when the\n Windows Cryptography Next Generation (CNG) Key Isolation\n service improperly handles memory. An attacker who\n successfully exploited this vulnerability could run\n processes in an elevated context. (CVE-2020-1359,\n CVE-2020-1384)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Network Connections Service handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2020-1373, CVE-2020-1390,\n CVE-2020-1427, CVE-2020-1428, CVE-2020-1438)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Function Discovery Service handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2020-1085)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft Graphics Components handle objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute arbitrary code on a target\n system. (CVE-2020-1412)\n\n - A remote code execution vulnerability exists when the\n Windows Jet Database Engine improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on a victim\n system. An attacker could exploit this vulnerability by\n enticing a victim to open a specially crafted file. The\n update addresses the vulnerability by correcting the way\n the Windows Jet Database Engine handles objects in\n memory. (CVE-2020-1400, CVE-2020-1401, CVE-2020-1407)\n\n - An information disclosure vulnerability exists when the\n Windows kernel fails to properly initialize a memory\n address. An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. (CVE-2020-1389,\n CVE-2020-1419)\n\n - This security update corrects a denial of service in the\n Local Security Authority Subsystem Service (LSASS)\n caused when an authenticated attacker sends a specially\n crafted authentication request. A remote attacker who\n successfully exploited this vulnerability could cause a\n denial of service on the target system's LSASS service,\n which triggers an automatic reboot of the system. The\n security update addresses the vulnerability by changing\n the way that LSASS handles specially crafted\n authentication requests. (CVE-2020-1267)\n\n - A remote code execution vulnerability exists in the way\n that the Windows Graphics Device Interface (GDI) handles\n objects in the memory. An attacker who successfully\n exploited this vulnerability could take control of the\n affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. (CVE-2020-1435)\n\n - A remote code execution vulnerability exists in\n Microsoft Windows that could allow remote code execution\n if a .LNK file is processed. An attacker who\n successfully exploited this vulnerability could gain the\n same user rights as the local user. (CVE-2020-1421)\");\n # https://support.microsoft.com/en-us/help/4565536/windows-server-2008-update-kb4565536\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?9e9e22c7\");\n # https://support.microsoft.com/en-us/help/4565529/windows-server-2008-update-kb4565529\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?4c89c5a1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Security Only update KB4565529 or Cumulative Update KB4565536.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-1435\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-1436\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'SharePoint DataSet / DataTable Deserialization');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/07/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/07/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('smb_func.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_reg_query.inc');\ninclude('install_func.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = 'MS20-07';\nkbs = make_list(\n '4565536',\n '4565529'\n);\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(vista:'2') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:'6.0', \n sp:2,\n rollup_date:'07_2020',\n bulletin:bulletin,\n rollup_kb_list:[4565536, 4565529])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:05:02", "description": "The remote Windows host is missing security update 4565535 or cumulative update 4565537. It is, therefore, affected by multiple vulnerabilities :\n\n - A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage. The security update addresses the vulnerability by correcting how DirectWrite handles objects in memory. (CVE-2020-1409)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Credential Picker handles objects in memory. An attacker who successfully exploited the vulnerability could allow an application with limited privileges on an affected system to execute code at a medium integrity level. (CVE-2020-1385)\n\n - An elevation of privilege vulnerability exists when the Windows Profile Service improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges.\n (CVE-2020-1360)\n\n - A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2020-1403)\n\n - A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server. An attacker who successfully exploited this vulnerability could execute arbitrary code on the computer of the connecting client. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2020-1374)\n\n - A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted fonts. For all systems except Windows 10, an attacker who successfully exploited the vulnerability could execute code remotely. For systems running Windows 10, an attacker who successfully exploited the vulnerability could execute code in an AppContainer sandbox context with limited privileges and capabilities. An attacker could then install programs;\n view, change, or delete data; or create new accounts with full user rights. There are multiple ways an attacker could exploit the vulnerability:\n (CVE-2020-1436)\n\n - An elevation of privilege vulnerability exists in the way that the Credential Enrollment Manager service handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1368)\n\n - An elevation of privilege vulnerability exists when the Windows UPnP Device Host improperly handles memory.\n (CVE-2020-1354, CVE-2020-1430)\n\n - An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory. (CVE-2020-1468)\n\n - An elevation of privilege vulnerability exists when the Windows Event Logging Service improperly handles memory.\n (CVE-2020-1365, CVE-2020-1371)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Network Location Awareness Service handles objects in memory. An attacker who successfully exploited the vulnerability could allow an application with limited privileges on an affected system to execute code at a medium integrity level. (CVE-2020-1437)\n\n - An information disclosure vulnerability exists in Windows when the Windows Imaging Component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user's system.\n There are multiple ways an attacker could exploit this vulnerability: (CVE-2020-1397)\n\n - A remote code execution vulnerability exists when Windows Address Book (WAB) improperly processes vcard files. (CVE-2020-1410)\n\n - An information disclosure vulnerability exists when the Windows Graphics component improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. An authenticated attacker could exploit this vulnerability by running a specially crafted application. The update addresses the vulnerability by correcting how the Windows Graphics Component handles objects in memory. (CVE-2020-1351)\n\n - An elevation of privilege vulnerability exists when Group Policy Services Policy Processing improperly handle reparse points. An attacker who successfully exploited this vulnerability could overwrite a targeted file that would normally require elevated permissions.\n (CVE-2020-1333)\n\n - A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited the vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1408)\n\n - An elevation of privilege vulnerability exists when the Windows Modules Installer improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges.\n (CVE-2020-1346)\n\n - An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC). An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2020-1396)\n\n - An information disclosure vulnerability exists when Skype for Business is accessed via Internet Explorer. An attacker who exploited the vulnerability could cause the user to place a call without additional consent, leading to information disclosure of the user profile. For the vulnerability to be exploited, a user must click a specially crafted URL that prompts the Skype app.\n (CVE-2020-1432)\n\n - An elevation of privilege vulnerability exists when the Windows ActiveX Installer Service improperly handles memory. (CVE-2020-1402)\n\n - A remote code execution vulnerability exists in .NET Framework, Microsoft SharePoint, and Visual Studio when the software fails to check the source markup of XML file input. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the process responsible for deserialization of the XML content. (CVE-2020-1147)\n\n - An elevation of privilege vulnerability exists when the Windows Cryptography Next Generation (CNG) Key Isolation service improperly handles memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. (CVE-2020-1359, CVE-2020-1384)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Network Connections Service handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1373, CVE-2020-1390, CVE-2020-1427, CVE-2020-1428, CVE-2020-1438)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Function Discovery Service handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1085)\n\n - A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code on a target system. (CVE-2020-1412)\n\n - A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory. (CVE-2020-1400, CVE-2020-1401, CVE-2020-1407)\n\n - An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2020-1389, CVE-2020-1419)\n\n - An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The update addresses the vulnerability by correcting the way the Windows Runtime handles objects in memory.\n (CVE-2020-1249, CVE-2020-1399)\n\n - An elevation of privilege vulnerability exists when the Windows iSCSI Target Service improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges.\n (CVE-2020-1356)\n\n - This security update corrects a denial of service in the Local Security Authority Subsystem Service (LSASS) caused when an authenticated attacker sends a specially crafted authentication request. A remote attacker who successfully exploited this vulnerability could cause a denial of service on the target system's LSASS service, which triggers an automatic reboot of the system. The security update addresses the vulnerability by changing the way that LSASS handles specially crafted authentication requests. (CVE-2020-1267)\n\n - A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1435)\n\n - A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. (CVE-2020-1421)", "cvss3": {}, "published": "2020-07-14T00:00:00", "type": "nessus", "title": "KB4565535: Windows Server 2012 July 2020 Security Update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-1085", "CVE-2020-1147", "CVE-2020-1249", "CVE-2020-1267", "CVE-2020-1333", "CVE-2020-1346", "CVE-2020-1351", "CVE-2020-1354", "CVE-2020-1356", "CVE-2020-1359", "CVE-2020-1360", "CVE-2020-1365", "CVE-2020-1368", "CVE-2020-1371", "CVE-2020-1373", "CVE-2020-1374", "CVE-2020-1384", "CVE-2020-1385", "CVE-2020-1389", "CVE-2020-1390", "CVE-2020-1396", "CVE-2020-1397", "CVE-2020-1399", "CVE-2020-1400", "CVE-2020-1401", "CVE-2020-1402", "CVE-2020-1403", "CVE-2020-1407", "CVE-2020-1408", "CVE-2020-1409", "CVE-2020-1410", "CVE-2020-1412", "CVE-2020-1419", "CVE-2020-1421", "CVE-2020-1427", "CVE-2020-1428", "CVE-2020-1430", "CVE-2020-1432", "CVE-2020-1435", "CVE-2020-1436", "CVE-2020-1437", "CVE-2020-1438", "CVE-2020-1468"], "modified": "2023-04-25T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS20_JUL_4565537.NASL", "href": "https://www.tenable.com/plugins/nessus/138462", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(138462);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/04/25\");\n\n script_cve_id(\n \"CVE-2020-1085\",\n \"CVE-2020-1147\",\n \"CVE-2020-1249\",\n \"CVE-2020-1267\",\n \"CVE-2020-1333\",\n \"CVE-2020-1346\",\n \"CVE-2020-1351\",\n \"CVE-2020-1354\",\n \"CVE-2020-1356\",\n \"CVE-2020-1359\",\n \"CVE-2020-1360\",\n \"CVE-2020-1365\",\n \"CVE-2020-1368\",\n \"CVE-2020-1371\",\n \"CVE-2020-1373\",\n \"CVE-2020-1374\",\n \"CVE-2020-1384\",\n \"CVE-2020-1385\",\n \"CVE-2020-1389\",\n \"CVE-2020-1390\",\n \"CVE-2020-1396\",\n \"CVE-2020-1397\",\n \"CVE-2020-1399\",\n \"CVE-2020-1400\",\n \"CVE-2020-1401\",\n \"CVE-2020-1402\",\n \"CVE-2020-1403\",\n \"CVE-2020-1407\",\n \"CVE-2020-1408\",\n \"CVE-2020-1409\",\n \"CVE-2020-1410\",\n \"CVE-2020-1412\",\n \"CVE-2020-1419\",\n \"CVE-2020-1421\",\n \"CVE-2020-1427\",\n \"CVE-2020-1428\",\n \"CVE-2020-1430\",\n \"CVE-2020-1432\",\n \"CVE-2020-1435\",\n \"CVE-2020-1436\",\n \"CVE-2020-1437\",\n \"CVE-2020-1438\",\n \"CVE-2020-1468\"\n );\n script_xref(name:\"MSKB\", value:\"4565535\");\n script_xref(name:\"MSKB\", value:\"4565537\");\n script_xref(name:\"MSFT\", value:\"MS20-4565535\");\n script_xref(name:\"MSFT\", value:\"MS20-4565537\");\n script_xref(name:\"IAVA\", value:\"2020-A-0306-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0313-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/03\");\n\n script_name(english:\"KB4565535: Windows Server 2012 July 2020 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4565535\nor cumulative update 4565537. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - A remote code execution vulnerability exists in the way\n that DirectWrite handles objects in memory. An attacker\n who successfully exploited this vulnerability could take\n control of the affected system. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights. There are\n multiple ways an attacker could exploit the\n vulnerability, such as by convincing a user to open a\n specially crafted document, or by convincing a user to\n visit an untrusted webpage. The security update\n addresses the vulnerability by correcting how\n DirectWrite handles objects in memory. (CVE-2020-1409)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Credential Picker handles objects\n in memory. An attacker who successfully exploited the\n vulnerability could allow an application with limited\n privileges on an affected system to execute code at a\n medium integrity level. (CVE-2020-1385)\n\n - An elevation of privilege vulnerability exists when the\n Windows Profile Service improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could gain elevated privileges.\n (CVE-2020-1360)\n\n - A remote code execution vulnerability exists in the way\n that the VBScript engine handles objects in memory. The\n vulnerability could corrupt memory in such a way that an\n attacker could execute arbitrary code in the context of\n the current user. An attacker who successfully exploited\n the vulnerability could gain the same user rights as the\n current user. (CVE-2020-1403)\n\n - A remote code execution vulnerability exists in the\n Windows Remote Desktop Client when a user connects to a\n malicious server. An attacker who successfully exploited\n this vulnerability could execute arbitrary code on the\n computer of the connecting client. An attacker could\n then install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2020-1374)\n\n - A remote code execution vulnerability exists when the\n Windows font library improperly handles specially\n crafted fonts. For all systems except Windows 10, an\n attacker who successfully exploited the vulnerability\n could execute code remotely. For systems running Windows\n 10, an attacker who successfully exploited the\n vulnerability could execute code in an AppContainer\n sandbox context with limited privileges and\n capabilities. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. There are multiple ways an\n attacker could exploit the vulnerability:\n (CVE-2020-1436)\n\n - An elevation of privilege vulnerability exists in the\n way that the Credential Enrollment Manager service\n handles objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2020-1368)\n\n - An elevation of privilege vulnerability exists when the\n Windows UPnP Device Host improperly handles memory.\n (CVE-2020-1354, CVE-2020-1430)\n\n - An information disclosure vulnerability exists when the\n Windows GDI component improperly discloses the contents\n of its memory. An attacker who successfully exploited\n the vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document,\n or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by\n correcting how the Windows GDI component handles objects\n in memory. (CVE-2020-1468)\n\n - An elevation of privilege vulnerability exists when the\n Windows Event Logging Service improperly handles memory.\n (CVE-2020-1365, CVE-2020-1371)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Network Location Awareness Service\n handles objects in memory. An attacker who successfully\n exploited the vulnerability could allow an application\n with limited privileges on an affected system to execute\n code at a medium integrity level. (CVE-2020-1437)\n\n - An information disclosure vulnerability exists in\n Windows when the Windows Imaging Component fails to\n properly handle objects in memory. An attacker who\n successfully exploited this vulnerability could obtain\n information to further compromise the user's system.\n There are multiple ways an attacker could exploit this\n vulnerability: (CVE-2020-1397)\n\n - A remote code execution vulnerability exists when\n Windows Address Book (WAB) improperly processes vcard\n files. (CVE-2020-1410)\n\n - An information disclosure vulnerability exists when the\n Windows Graphics component improperly handles objects in\n memory. An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. An authenticated attacker\n could exploit this vulnerability by running a specially\n crafted application. The update addresses the\n vulnerability by correcting how the Windows Graphics\n Component handles objects in memory. (CVE-2020-1351)\n\n - An elevation of privilege vulnerability exists when\n Group Policy Services Policy Processing improperly\n handle reparse points. An attacker who successfully\n exploited this vulnerability could overwrite a targeted\n file that would normally require elevated permissions.\n (CVE-2020-1333)\n\n - A remote code execution vulnerability exists when the\n Windows font library improperly handles specially\n crafted embedded fonts. An attacker who successfully\n exploited the vulnerability could take control of the\n affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. (CVE-2020-1408)\n\n - An elevation of privilege vulnerability exists when the\n Windows Modules Installer improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could gain elevated privileges.\n (CVE-2020-1346)\n\n - An elevation of privilege vulnerability exists when\n Windows improperly handles calls to Advanced Local\n Procedure Call (ALPC). An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n the security context of the local system. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n (CVE-2020-1396)\n\n - An information disclosure vulnerability exists when\n Skype for Business is accessed via Internet Explorer. An\n attacker who exploited the vulnerability could cause the\n user to place a call without additional consent, leading\n to information disclosure of the user profile. For the\n vulnerability to be exploited, a user must click a\n specially crafted URL that prompts the Skype app.\n (CVE-2020-1432)\n\n - An elevation of privilege vulnerability exists when the\n Windows ActiveX Installer Service improperly handles\n memory. (CVE-2020-1402)\n\n - A remote code execution vulnerability exists in .NET\n Framework, Microsoft SharePoint, and Visual Studio when\n the software fails to check the source markup of XML\n file input. An attacker who successfully exploited the\n vulnerability could run arbitrary code in the context of\n the process responsible for deserialization of the XML\n content. (CVE-2020-1147)\n\n - An elevation of privilege vulnerability exists when the\n Windows Cryptography Next Generation (CNG) Key Isolation\n service improperly handles memory. An attacker who\n successfully exploited this vulnerability could run\n processes in an elevated context. (CVE-2020-1359,\n CVE-2020-1384)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Network Connections Service handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2020-1373, CVE-2020-1390,\n CVE-2020-1427, CVE-2020-1428, CVE-2020-1438)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Function Discovery Service handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2020-1085)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft Graphics Components handle objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute arbitrary code on a target\n system. (CVE-2020-1412)\n\n - A remote code execution vulnerability exists when the\n Windows Jet Database Engine improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on a victim\n system. An attacker could exploit this vulnerability by\n enticing a victim to open a specially crafted file. The\n update addresses the vulnerability by correcting the way\n the Windows Jet Database Engine handles objects in\n memory. (CVE-2020-1400, CVE-2020-1401, CVE-2020-1407)\n\n - An information disclosure vulnerability exists when the\n Windows kernel fails to properly initialize a memory\n address. An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. (CVE-2020-1389,\n CVE-2020-1419)\n\n - An elevation of privilege vulnerability exists when the\n Windows Runtime improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could run arbitrary code in an elevated context. An\n attacker could exploit this vulnerability by running a\n specially crafted application on the victim system. The\n update addresses the vulnerability by correcting the way\n the Windows Runtime handles objects in memory.\n (CVE-2020-1249, CVE-2020-1399)\n\n - An elevation of privilege vulnerability exists when the\n Windows iSCSI Target Service improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could gain elevated privileges.\n (CVE-2020-1356)\n\n - This security update corrects a denial of service in the\n Local Security Authority Subsystem Service (LSASS)\n caused when an authenticated attacker sends a specially\n crafted authentication request. A remote attacker who\n successfully exploited this vulnerability could cause a\n denial of service on the target system's LSASS service,\n which triggers an automatic reboot of the system. The\n security update addresses the vulnerability by changing\n the way that LSASS handles specially crafted\n authentication requests. (CVE-2020-1267)\n\n - A remote code execution vulnerability exists in the way\n that the Windows Graphics Device Interface (GDI) handles\n objects in the memory. An attacker who successfully\n exploited this vulnerability could take control of the\n affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. (CVE-2020-1435)\n\n - A remote code execution vulnerability exists in\n Microsoft Windows that could allow remote code execution\n if a .LNK file is processed. An attacker who\n successfully exploited this vulnerability could gain the\n same user rights as the local user. (CVE-2020-1421)\");\n # https://support.microsoft.com/en-us/help/4565535/windows-server-2012-update-kb4565535\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?33ff1388\");\n # https://support.microsoft.com/en-us/help/4565537/windows-server-2012-update-kb4565537\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?81575436\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Security Only update KB4565535 or Cumulative Update KB4565537.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-1435\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-1436\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'SharePoint DataSet / DataTable Deserialization');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/07/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/07/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('smb_func.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_reg_query.inc');\ninclude('install_func.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = 'MS20-07';\nkbs = make_list(\n '4565537',\n '4565535'\n);\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(win8:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\n# Windows 8 EOL\nproductname = get_kb_item_or_exit(\"SMB/ProductName\", exit_code:1);\nif (\"Windows 8\" >< productname) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:'6.2', \n sp:0,\n rollup_date:'07_2020',\n bulletin:bulletin,\n rollup_kb_list:[4565537, 4565535])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n\n\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:04:33", "description": "The remote Windows host is missing security update 4565539 or cumulative update 4565524. It is, therefore, affected by multiple vulnerabilities :\n\n - A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage. The security update addresses the vulnerability by correcting how DirectWrite handles objects in memory. (CVE-2020-1409)\n\n - An elevation of privilege vulnerability exists when the Windows Profile Service improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges.\n (CVE-2020-1360)\n\n - A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2020-1403)\n\n - A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server. An attacker who successfully exploited this vulnerability could execute arbitrary code on the computer of the connecting client. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2020-1374)\n\n - A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted fonts. For all systems except Windows 10, an attacker who successfully exploited the vulnerability could execute code remotely. For systems running Windows 10, an attacker who successfully exploited the vulnerability could execute code in an AppContainer sandbox context with limited privileges and capabilities. An attacker could then install programs;\n view, change, or delete data; or create new accounts with full user rights. There are multiple ways an attacker could exploit the vulnerability:\n (CVE-2020-1436)\n\n - An elevation of privilege vulnerability exists when the Windows UPnP Device Host improperly handles memory.\n (CVE-2020-1354, CVE-2020-1430)\n\n - An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory. (CVE-2020-1468)\n\n - An elevation of privilege vulnerability exists when the Windows Event Logging Service improperly handles memory.\n (CVE-2020-1365, CVE-2020-1371)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Network Location Awareness Service handles objects in memory. An attacker who successfully exploited the vulnerability could allow an application with limited privileges on an affected system to execute code at a medium integrity level. (CVE-2020-1437)\n\n - An information disclosure vulnerability exists in Windows when the Windows Imaging Component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user's system.\n There are multiple ways an attacker could exploit this vulnerability: (CVE-2020-1397)\n\n - A remote code execution vulnerability exists when Windows Address Book (WAB) improperly processes vcard files. (CVE-2020-1410)\n\n - An information disclosure vulnerability exists when the Windows Graphics component improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. An authenticated attacker could exploit this vulnerability by running a specially crafted application. The update addresses the vulnerability by correcting how the Windows Graphics Component handles objects in memory. (CVE-2020-1351)\n\n - An elevation of privilege vulnerability exists when Group Policy Services Policy Processing improperly handle reparse points. An attacker who successfully exploited this vulnerability could overwrite a targeted file that would normally require elevated permissions.\n (CVE-2020-1333)\n\n - A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited the vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1408)\n\n - An elevation of privilege vulnerability exists when the Windows Modules Installer improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges.\n (CVE-2020-1346)\n\n - An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC). An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2020-1396)\n\n - An information disclosure vulnerability exists when Skype for Business is accessed via Internet Explorer. An attacker who exploited the vulnerability could cause the user to place a call without additional consent, leading to information disclosure of the user profile. For the vulnerability to be exploited, a user must click a specially crafted URL that prompts the Skype app.\n (CVE-2020-1432)\n\n - An elevation of privilege vulnerability exists when the Windows ActiveX Installer Service improperly handles memory. (CVE-2020-1402)\n\n - A remote code execution vulnerability exists in .NET Framework, Microsoft SharePoint, and Visual Studio when the software fails to check the source markup of XML file input. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the process responsible for deserialization of the XML content. (CVE-2020-1147)\n\n - An elevation of privilege vulnerability exists when the Windows Cryptography Next Generation (CNG) Key Isolation service improperly handles memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. (CVE-2020-1359, CVE-2020-1384)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Network Connections Service handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1373, CVE-2020-1390, CVE-2020-1427, CVE-2020-1428, CVE-2020-1438)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Function Discovery Service handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1085)\n\n - A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code on a target system. (CVE-2020-1412)\n\n - A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory. (CVE-2020-1400, CVE-2020-1401, CVE-2020-1407)\n\n - An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2020-1389, CVE-2020-1419)\n\n - This security update corrects a denial of service in the Local Security Authority Subsystem Service (LSASS) caused when an authenticated attacker sends a specially crafted authentication request. A remote attacker who successfully exploited this vulnerability could cause a denial of service on the target system's LSASS service, which triggers an automatic reboot of the system. The security update addresses the vulnerability by changing the way that LSASS handles specially crafted authentication requests. (CVE-2020-1267)\n\n - A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1435)\n\n - A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. (CVE-2020-1421)", "cvss3": {}, "published": "2020-07-14T00:00:00", "type": "nessus", "title": "KB4565539: Windows 7 and Windows Server 2008 R2 July 2020 Security Update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-1085", "CVE-2020-1147", "CVE-2020-1267", "CVE-2020-1333", "CVE-2020-1346", "CVE-2020-1351", "CVE-2020-1354", "CVE-2020-1359", "CVE-2020-1360", "CVE-2020-1365", "CVE-2020-1371", "CVE-2020-1373", "CVE-2020-1374", "CVE-2020-1384", "CVE-2020-1389", "CVE-2020-1390", "CVE-2020-1396", "CVE-2020-1397", "CVE-2020-1400", "CVE-2020-1401", "CVE-2020-1402", "CVE-2020-1403", "CVE-2020-1407", "CVE-2020-1408", "CVE-2020-1409", "CVE-2020-1410", "CVE-2020-1412", "CVE-2020-1419", "CVE-2020-1421", "CVE-2020-1427", "CVE-2020-1428", "CVE-2020-1430", "CVE-2020-1432", "CVE-2020-1435", "CVE-2020-1436", "CVE-2020-1437", "CVE-2020-1438", "CVE-2020-1468"], "modified": "2023-04-25T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS20_JUL_4565524.NASL", "href": "https://www.tenable.com/plugins/nessus/138460", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(138460);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/04/25\");\n\n script_cve_id(\n \"CVE-2020-1085\",\n \"CVE-2020-1147\",\n \"CVE-2020-1267\",\n \"CVE-2020-1333\",\n \"CVE-2020-1346\",\n \"CVE-2020-1351\",\n \"CVE-2020-1354\",\n \"CVE-2020-1359\",\n \"CVE-2020-1360\",\n \"CVE-2020-1365\",\n \"CVE-2020-1371\",\n \"CVE-2020-1373\",\n \"CVE-2020-1374\",\n \"CVE-2020-1384\",\n \"CVE-2020-1389\",\n \"CVE-2020-1390\",\n \"CVE-2020-1396\",\n \"CVE-2020-1397\",\n \"CVE-2020-1400\",\n \"CVE-2020-1401\",\n \"CVE-2020-1402\",\n \"CVE-2020-1403\",\n \"CVE-2020-1407\",\n \"CVE-2020-1408\",\n \"CVE-2020-1409\",\n \"CVE-2020-1410\",\n \"CVE-2020-1412\",\n \"CVE-2020-1419\",\n \"CVE-2020-1421\",\n \"CVE-2020-1427\",\n \"CVE-2020-1428\",\n \"CVE-2020-1430\",\n \"CVE-2020-1432\",\n \"CVE-2020-1435\",\n \"CVE-2020-1436\",\n \"CVE-2020-1437\",\n \"CVE-2020-1438\",\n \"CVE-2020-1468\"\n );\n script_xref(name:\"MSKB\", value:\"4565539\");\n script_xref(name:\"MSKB\", value:\"4565524\");\n script_xref(name:\"MSFT\", value:\"MS20-4565539\");\n script_xref(name:\"MSFT\", value:\"MS20-4565524\");\n script_xref(name:\"IAVA\", value:\"2020-A-0306-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0313-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/03\");\n\n script_name(english:\"KB4565539: Windows 7 and Windows Server 2008 R2 July 2020 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4565539\nor cumulative update 4565524. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - A remote code execution vulnerability exists in the way\n that DirectWrite handles objects in memory. An attacker\n who successfully exploited this vulnerability could take\n control of the affected system. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights. There are\n multiple ways an attacker could exploit the\n vulnerability, such as by convincing a user to open a\n specially crafted document, or by convincing a user to\n visit an untrusted webpage. The security update\n addresses the vulnerability by correcting how\n DirectWrite handles objects in memory. (CVE-2020-1409)\n\n - An elevation of privilege vulnerability exists when the\n Windows Profile Service improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could gain elevated privileges.\n (CVE-2020-1360)\n\n - A remote code execution vulnerability exists in the way\n that the VBScript engine handles objects in memory. The\n vulnerability could corrupt memory in such a way that an\n attacker could execute arbitrary code in the context of\n the current user. An attacker who successfully exploited\n the vulnerability could gain the same user rights as the\n current user. (CVE-2020-1403)\n\n - A remote code execution vulnerability exists in the\n Windows Remote Desktop Client when a user connects to a\n malicious server. An attacker who successfully exploited\n this vulnerability could execute arbitrary code on the\n computer of the connecting client. An attacker could\n then install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2020-1374)\n\n - A remote code execution vulnerability exists when the\n Windows font library improperly handles specially\n crafted fonts. For all systems except Windows 10, an\n attacker who successfully exploited the vulnerability\n could execute code remotely. For systems running Windows\n 10, an attacker who successfully exploited the\n vulnerability could execute code in an AppContainer\n sandbox context with limited privileges and\n capabilities. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. There are multiple ways an\n attacker could exploit the vulnerability:\n (CVE-2020-1436)\n\n - An elevation of privilege vulnerability exists when the\n Windows UPnP Device Host improperly handles memory.\n (CVE-2020-1354, CVE-2020-1430)\n\n - An information disclosure vulnerability exists when the\n Windows GDI component improperly discloses the contents\n of its memory. An attacker who successfully exploited\n the vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document,\n or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by\n correcting how the Windows GDI component handles objects\n in memory. (CVE-2020-1468)\n\n - An elevation of privilege vulnerability exists when the\n Windows Event Logging Service improperly handles memory.\n (CVE-2020-1365, CVE-2020-1371)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Network Location Awareness Service\n handles objects in memory. An attacker who successfully\n exploited the vulnerability could allow an application\n with limited privileges on an affected system to execute\n code at a medium integrity level. (CVE-2020-1437)\n\n - An information disclosure vulnerability exists in\n Windows when the Windows Imaging Component fails to\n properly handle objects in memory. An attacker who\n successfully exploited this vulnerability could obtain\n information to further compromise the user's system.\n There are multiple ways an attacker could exploit this\n vulnerability: (CVE-2020-1397)\n\n - A remote code execution vulnerability exists when\n Windows Address Book (WAB) improperly processes vcard\n files. (CVE-2020-1410)\n\n - An information disclosure vulnerability exists when the\n Windows Graphics component improperly handles objects in\n memory. An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. An authenticated attacker\n could exploit this vulnerability by running a specially\n crafted application. The update addresses the\n vulnerability by correcting how the Windows Graphics\n Component handles objects in memory. (CVE-2020-1351)\n\n - An elevation of privilege vulnerability exists when\n Group Policy Services Policy Processing improperly\n handle reparse points. An attacker who successfully\n exploited this vulnerability could overwrite a targeted\n file that would normally require elevated permissions.\n (CVE-2020-1333)\n\n - A remote code execution vulnerability exists when the\n Windows font library improperly handles specially\n crafted embedded fonts. An attacker who successfully\n exploited the vulnerability could take control of the\n affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. (CVE-2020-1408)\n\n - An elevation of privilege vulnerability exists when the\n Windows Modules Installer improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could gain elevated privileges.\n (CVE-2020-1346)\n\n - An elevation of privilege vulnerability exists when\n Windows improperly handles calls to Advanced Local\n Procedure Call (ALPC). An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n the security context of the local system. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n (CVE-2020-1396)\n\n - An information disclosure vulnerability exists when\n Skype for Business is accessed via Internet Explorer. An\n attacker who exploited the vulnerability could cause the\n user to place a call without additional consent, leading\n to information disclosure of the user profile. For the\n vulnerability to be exploited, a user must click a\n specially crafted URL that prompts the Skype app.\n (CVE-2020-1432)\n\n - An elevation of privilege vulnerability exists when the\n Windows ActiveX Installer Service improperly handles\n memory. (CVE-2020-1402)\n\n - A remote code execution vulnerability exists in .NET\n Framework, Microsoft SharePoint, and Visual Studio when\n the software fails to check the source markup of XML\n file input. An attacker who successfully exploited the\n vulnerability could run arbitrary code in the context of\n the process responsible for deserialization of the XML\n content. (CVE-2020-1147)\n\n - An elevation of privilege vulnerability exists when the\n Windows Cryptography Next Generation (CNG) Key Isolation\n service improperly handles memory. An attacker who\n successfully exploited this vulnerability could run\n processes in an elevated context. (CVE-2020-1359,\n CVE-2020-1384)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Network Connections Service handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2020-1373, CVE-2020-1390,\n CVE-2020-1427, CVE-2020-1428, CVE-2020-1438)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Function Discovery Service handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2020-1085)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft Graphics Components handle objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute arbitrary code on a target\n system. (CVE-2020-1412)\n\n - A remote code execution vulnerability exists when the\n Windows Jet Database Engine improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on a victim\n system. An attacker could exploit this vulnerability by\n enticing a victim to open a specially crafted file. The\n update addresses the vulnerability by correcting the way\n the Windows Jet Database Engine handles objects in\n memory. (CVE-2020-1400, CVE-2020-1401, CVE-2020-1407)\n\n - An information disclosure vulnerability exists when the\n Windows kernel fails to properly initialize a memory\n address. An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. (CVE-2020-1389,\n CVE-2020-1419)\n\n - This security update corrects a denial of service in the\n Local Security Authority Subsystem Service (LSASS)\n caused when an authenticated attacker sends a specially\n crafted authentication request. A remote attacker who\n successfully exploited this vulnerability could cause a\n denial of service on the target system's LSASS service,\n which triggers an automatic reboot of the system. The\n security update addresses the vulnerability by changing\n the way that LSASS handles specially crafted\n authentication requests. (CVE-2020-1267)\n\n - A remote code execution vulnerability exists in the way\n that the Windows Graphics Device Interface (GDI) handles\n objects in the memory. An attacker who successfully\n exploited this vulnerability could take control of the\n affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. (CVE-2020-1435)\n\n - A remote code execution vulnerability exists in\n Microsoft Windows that could allow remote code execution\n if a .LNK file is processed. An attacker who\n successfully exploited this vulnerability could gain the\n same user rights as the local user. (CVE-2020-1421)\");\n # https://support.microsoft.com/en-us/help/4565539/windows-7-update-kb4565539\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?f84b756f\");\n # https://support.microsoft.com/en-us/help/4565524/windows-7-update-kb4565524\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d3552b4f\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Security Only update KB4565539 or Cumulative Update KB4565524.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-1435\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-1436\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'SharePoint DataSet / DataTable Deserialization');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/07/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/07/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('smb_func.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_reg_query.inc');\ninclude('install_func.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = 'MS20-07';\nkbs = make_list(\n '4565524',\n '4565539'\n);\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(win7:'1') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:'6.1', \n sp:1,\n rollup_date:'07_2020',\n bulletin:bulletin,\n rollup_kb_list:[4565524, 4565539])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n\n\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-19T15:25:06", "description": "The remote Windows host is missing security update 4565508. It is, therefore, affected by multiple vulnerabilities :\n\n - An elevation of privilege vulnerability exists when the Windows System Events Broker improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges.\n (CVE-2020-1357)\n\n - An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1411)\n\n - An elevation of privilege vulnerability exists when the Windows Diagnostics Execution Service fails to properly sanitize input, leading to an unsecure library-loading behavior. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1418)\n\n - An elevation of privilege vulnerability exists when the Windows USO Core Worker improperly handles memory.\n (CVE-2020-1352)\n\n - An elevation of privilege vulnerability exists when Windows improperly handles COM object creation. An attacker who successfully exploited the vulnerability could run arbitrary code with elevated privileges.\n (CVE-2020-1375)\n\n - A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage. The security update addresses the vulnerability by correcting how DirectWrite handles objects in memory. (CVE-2020-1409)\n\n - An elevation of privilege vulnerability exists when the Windows Profile Service improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges.\n (CVE-2020-1360)\n\n - An elevation of privilege vulnerability exists when Windows Mobile Device Management (MDM) Diagnostics improperly handles objects in memory. An attacker who successfully exploited this vulnerability could bypass access restrictions to delete files. (CVE-2020-1372)\n\n - An elevation of privilege vulnerability exists when the Windows Picker Platform improperly handles memory.\n (CVE-2020-1363)\n\n - An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC). An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2020-1396)\n\n - A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2020-1403)\n\n - A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server. An attacker who successfully exploited this vulnerability could execute arbitrary code on the computer of the connecting client. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2020-1374)\n\n - A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted fonts. For all systems except Windows 10, an attacker who successfully exploited the vulnerability could execute code remotely. For systems running Windows 10, an attacker who successfully exploited the vulnerability could execute code in an AppContainer sandbox context with limited privileges and capabilities. An attacker could then install programs;\n view, change, or delete data; or create new accounts with full user rights. There are multiple ways an attacker could exploit the vulnerability:\n (CVE-2020-1436)\n\n - An elevation of privilege vulnerability exists in the way that the Credential Enrollment Manager service handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1368)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Network List Service handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1406)\n\n - An information disclosure vulnerability exists when the Windows Graphics component improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. An authenticated attacker could exploit this vulnerability by running a specially crafted application. The update addresses the vulnerability by correcting how the Windows Graphics Component handles objects in memory. (CVE-2020-1351)\n\n - An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory. (CVE-2020-1468)\n\n - An elevation of privilege vulnerability exists when the Windows Event Logging Service improperly handles memory.\n (CVE-2020-1365, CVE-2020-1371)\n\n - An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2020-1389, CVE-2020-1419)\n\n - An elevation of privilege vulnerability exists when the Windows Print Workflow Service improperly handles objects in memory. An attacker who successfully exploited this vulnerability could gain elevated privileges and break out of the AppContainer sandbox.\n (CVE-2020-1366)\n\n - An elevation of privilege vulnerability exists in the way that the Windows WalletService handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1344, CVE-2020-1362, CVE-2020-1369)\n\n - An elevation of privilege vulnerability exists when the Windows ActiveX Installer Service improperly handles memory. (CVE-2020-1402)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Geolocation Framework handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1394)\n\n - An information vulnerability exists when Windows Connected User Experiences and Telemetry Service improperly discloses file information. Successful exploitation of the vulnerability could allow the attacker to read any file on the file system.\n (CVE-2020-1386)\n\n - This security update corrects a denial of service in the Local Security Authority Subsystem Service (LSASS) caused when an authenticated attacker sends a specially crafted authentication request. A remote attacker who successfully exploited this vulnerability could cause a denial of service on the target system's LSASS service, which triggers an automatic reboot of the system. The security update addresses the vulnerability by changing the way that LSASS handles specially crafted authentication requests. (CVE-2020-1267)\n\n - An elevation of privilege vulnerability exists when the Windows Delivery Optimization service improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2020-1392)\n\n - A remote code execution vulnerability exists when Windows Address Book (WAB) improperly processes vcard files. (CVE-2020-1410)\n\n - An elevation of privilege vulnerability exists when the Windows Modules Installer improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges.\n (CVE-2020-1346)\n\n - An elevation of privilege vulnerability exists when the Windows UPnP Device Host improperly handles memory.\n (CVE-2020-1354, CVE-2020-1430)\n\n - An elevation of privilege vulnerability exists in the way that the SharedStream Library handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1463)\n\n - An elevation of privilege vulnerability exists when Group Policy Services Policy Processing improperly handle reparse points. An attacker who successfully exploited this vulnerability could overwrite a targeted file that would normally require elevated permissions.\n (CVE-2020-1333)\n\n - An elevation of privilege vulnerability exists in the way the Windows Push Notification Service handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could then install programs; view, change or delete data. (CVE-2020-1387)\n\n - A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited the vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1408)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory.\n An attacker who successfully exploited the vulnerability could execute code with elevated permissions.\n (CVE-2020-1336)\n\n - An elevation of privilege vulnerability exists when the Windows Storage Services improperly handle file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges.\n (CVE-2020-1347)\n\n - A denial of service vulnerability exists in the way that the WalletService handles files. An attacker who successfully exploited the vulnerability could corrupt system files. (CVE-2020-1364)\n\n - An information disclosure vulnerability exists when Skype for Business is accessed via Internet Explorer. An attacker who exploited the vulnerability could cause the user to place a call without additional consent, leading to information disclosure of the user profile. For the vulnerability to be exploited, a user must click a specially crafted URL that prompts the Skype app.\n (CVE-2020-1432)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Network Location Awareness Service handles objects in memory. An attacker who successfully exploited the vulnerability could allow an application with limited privileges on an affected system to execute code at a medium integrity level. (CVE-2020-1437)\n\n - An elevation of privilege vulnerability exists when the Windows Diagnostics Hub Standard Collector Service fails to properly sanitize input, leading to an unsecure library-loading behavior. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2020-1393)\n\n - A remote code execution vulnerability exists in .NET Framework, Microsoft SharePoint, and Visual Studio when the software fails to check the source markup of XML file input. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the process responsible for deserialization of the XML content. (CVE-2020-1147)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Network Connections Service handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1373, CVE-2020-1390, CVE-2020-1427, CVE-2020-1428, CVE-2020-1438)\n\n - An elevation of privilege vulnerability exists when the Windows Cryptography Next Generation (CNG) Key Isolation service improperly handles memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. (CVE-2020-1359, CVE-2020-1384)\n\n - An information disclosure vulnerability exists when the Windows Resource Policy component improperly handles memory. (CVE-2020-1358)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Speech Brokered API handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1395)\n\n - An information disclosure vulnerability exists when Windows Error Reporting improperly handles file operations. (CVE-2020-1420)\n\n - A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code on a target system. (CVE-2020-1412)\n\n - An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The update addresses the vulnerability by correcting the way the Windows Runtime handles objects in memory.\n (CVE-2020-1249, CVE-2020-1353, CVE-2020-1370, CVE-2020-1399, CVE-2020-1404, CVE-2020-1413)\n\n - An information disclosure vulnerability exists when Microsoft Edge PDF Reader improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2020-1433)\n\n - A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory. (CVE-2020-1400, CVE-2020-1401, CVE-2020-1407)\n\n - An elevation of privilege vulnerability exists when Windows Error Reporting manager improperly handles a process crash. An attacker who successfully exploited this vulnerability could delete a targeted file leading to an elevated status. (CVE-2020-1429)\n\n - An elevation of privilege vulnerability exists in the way that the psmsrv.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.\n (CVE-2020-1388)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Credential Picker handles objects in memory. An attacker who successfully exploited the vulnerability could allow an application with limited privileges on an affected system to execute code at a medium integrity level. (CVE-2020-1385)\n\n - A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. (CVE-2020-1421)\n\n - An information disclosure vulnerability exists in Windows when the Windows Imaging Component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user's system.\n There are multiple ways an attacker could exploit this vulnerability: (CVE-2020-1397)\n\n - A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1435)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Function Discovery Service handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1085)\n\n - An information disclosure vulnerability exists in the way that the WalletService handles memory.\n (CVE-2020-1361)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Sync Host Service handles objects in memory. An attacker who successfully exploited the vulnerability could allow an application with limited privileges on an affected system to execute code at a medium integrity level. (CVE-2020-1434)\n\n - An information disclosure vulnerability exists when Skype for Business is accessed via Microsoft Edge (EdgeHTML-based). An attacker who exploited the vulnerability could cause the user to place a call without additional consent, leading to information disclosure of the user profile. For the vulnerability to be exploited, a user must click a specially crafted URL that prompts the Skype app. (CVE-2020-1462)\n\n - An elevation of privilege vulnerability exists when Windows Lockscreen fails to properly handle Ease of Access dialog. An attacker who successfully exploited the vulnerability could execute commands with elevated permissions. The security update addresses the vulnerability by ensuring that the Ease of Access dialog is handled properly. (CVE-2020-1398)", "cvss3": {}, "published": "2020-07-14T00:00:00", "type": "nessus", "title": "KB4565508: Windows 10 Version 1709 July 2020 Security Update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-1085", "CVE-2020-1147", "CVE-2020-1249", "CVE-2020-1267", "CVE-2020-1333", "CVE-2020-1336", "CVE-2020-1344", "CVE-2020-1346", "CVE-2020-1347", "CVE-2020-1351", "CVE-2020-1352", "CVE-2020-1353", "CVE-2020-1354", "CVE-2020-1357", "CVE-2020-1358", "CVE-2020-1359", "CVE-2020-1360", "CVE-2020-1361", "CVE-2020-1362", "CVE-2020-1363", "CVE-2020-1364", "CVE-2020-1365", "CVE-2020-1366", "CVE-2020-1368", "CVE-2020-1369", "CVE-2020-1370", "CVE-2020-1371", "CVE-2020-1372", "CVE-2020-1373", "CVE-2020-1374", "CVE-2020-1375", "CVE-2020-1384", "CVE-2020-1385", "CVE-2020-1386", "CVE-2020-1387", "CVE-2020-1388", "CVE-2020-1389", "CVE-2020-1390", "CVE-2020-1392", "CVE-2020-1393", "CVE-2020-1394", "CVE-2020-1395", "CVE-2020-1396", "CVE-2020-1397", "CVE-2020-1398", "CVE-2020-1399", "CVE-2020-1400", "CVE-2020-1401", "CVE-2020-1402", "CVE-2020-1403", "CVE-2020-1404", "CVE-2020-1406", "CVE-2020-1407", "CVE-2020-1408", "CVE-2020-1409", "CVE-2020-1410", "CVE-2020-1411", "CVE-2020-1412", "CVE-2020-1413", "CVE-2020-1418", "CVE-2020-1419", "CVE-2020-1420", "CVE-2020-1421", "CVE-2020-1427", "CVE-2020-1428", "CVE-2020-1429", "CVE-2020-1430", "CVE-2020-1432", "CVE-2020-1433", "CVE-2020-1434", "CVE-2020-1435", "CVE-2020-1436", "CVE-2020-1437", "CVE-2020-1438", "CVE-2020-1462", "CVE-2020-1463", "CVE-2020-1468"], "modified": "2023-01-24T00:00:00", "cpe": ["cpe:/o:microsoft:windows", "cpe:/a:microsoft:edge"], "id": "SMB_NT_MS20_JUL_4565508.NASL", "href": "https://www.tenable.com/plugins/nessus/138457", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(138457);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/24\");\n\n script_cve_id(\n \"CVE-2020-1085\",\n \"CVE-2020-1147\",\n \"CVE-2020-1249\",\n \"CVE-2020-1267\",\n \"CVE-2020-1333\",\n \"CVE-2020-1336\",\n \"CVE-2020-1344\",\n \"CVE-2020-1346\",\n \"CVE-2020-1347\",\n \"CVE-2020-1351\",\n \"CVE-2020-1352\",\n \"CVE-2020-1353\",\n \"CVE-2020-1354\",\n \"CVE-2020-1357\",\n \"CVE-2020-1358\",\n \"CVE-2020-1359\",\n \"CVE-2020-1360\",\n \"CVE-2020-1361\",\n \"CVE-2020-1362\",\n \"CVE-2020-1363\",\n \"CVE-2020-1364\",\n \"CVE-2020-1365\",\n \"CVE-2020-1366\",\n \"CVE-2020-1368\",\n \"CVE-2020-1369\",\n \"CVE-2020-1370\",\n \"CVE-2020-1371\",\n \"CVE-2020-1372\",\n \"CVE-2020-1373\",\n \"CVE-2020-1374\",\n \"CVE-2020-1375\",\n \"CVE-2020-1384\",\n \"CVE-2020-1385\",\n \"CVE-2020-1386\",\n \"CVE-2020-1387\",\n \"CVE-2020-1388\",\n \"CVE-2020-1389\",\n \"CVE-2020-1390\",\n \"CVE-2020-1392\",\n \"CVE-2020-1393\",\n \"CVE-2020-1394\",\n \"CVE-2020-1395\",\n \"CVE-2020-1396\",\n \"CVE-2020-1397\",\n \"CVE-2020-1398\",\n \"CVE-2020-1399\",\n \"CVE-2020-1400\",\n \"CVE-2020-1401\",\n \"CVE-2020-1402\",\n \"CVE-2020-1403\",\n \"CVE-2020-1404\",\n \"CVE-2020-1406\",\n \"CVE-2020-1407\",\n \"CVE-2020-1408\",\n \"CVE-2020-1409\",\n \"CVE-2020-1410\",\n \"CVE-2020-1411\",\n \"CVE-2020-1412\",\n \"CVE-2020-1413\",\n \"CVE-2020-1418\",\n \"CVE-2020-1419\",\n \"CVE-2020-1420\",\n \"CVE-2020-1421\",\n \"CVE-2020-1427\",\n \"CVE-2020-1428\",\n \"CVE-2020-1429\",\n \"CVE-2020-1430\",\n \"CVE-2020-1432\",\n \"CVE-2020-1433\",\n \"CVE-2020-1434\",\n \"CVE-2020-1435\",\n \"CVE-2020-1436\",\n \"CVE-2020-1437\",\n \"CVE-2020-1438\",\n \"CVE-2020-1462\",\n \"CVE-2020-1463\",\n \"CVE-2020-1468\"\n );\n script_xref(name:\"MSKB\", value:\"4565508\");\n script_xref(name:\"MSFT\", value:\"MS20-4565508\");\n script_xref(name:\"IAVA\", value:\"2020-A-0300-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0302-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0313-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/03\");\n\n script_name(english:\"KB4565508: Windows 10 Version 1709 July 2020 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4565508. It is, \ntherefore, affected by multiple vulnerabilities :\n\n - An elevation of privilege vulnerability exists when the\n Windows System Events Broker improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could gain elevated privileges.\n (CVE-2020-1357)\n\n - An elevation of privilege vulnerability exists when the\n Windows kernel fails to properly handle objects in\n memory. An attacker who successfully exploited this\n vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change,\n or delete data; or create new accounts with full user\n rights. (CVE-2020-1411)\n\n - An elevation of privilege vulnerability exists when the\n Windows Diagnostics Execution Service fails to properly\n sanitize input, leading to an unsecure library-loading\n behavior. An attacker who successfully exploited this\n vulnerability could run arbitrary code with elevated\n system privileges. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. (CVE-2020-1418)\n\n - An elevation of privilege vulnerability exists when the\n Windows USO Core Worker improperly handles memory.\n (CVE-2020-1352)\n\n - An elevation of privilege vulnerability exists when\n Windows improperly handles COM object creation. An\n attacker who successfully exploited the vulnerability\n could run arbitrary code with elevated privileges.\n (CVE-2020-1375)\n\n - A remote code execution vulnerability exists in the way\n that DirectWrite handles objects in memory. An attacker\n who successfully exploited this vulnerability could take\n control of the affected system. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights. There are\n multiple ways an attacker could exploit the\n vulnerability, such as by convincing a user to open a\n specially crafted document, or by convincing a user to\n visit an untrusted webpage. The security update\n addresses the vulnerability by correcting how\n DirectWrite handles objects in memory. (CVE-2020-1409)\n\n - An elevation of privilege vulnerability exists when the\n Windows Profile Service improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could gain elevated privileges.\n (CVE-2020-1360)\n\n - An elevation of privilege vulnerability exists when\n Windows Mobile Device Management (MDM) Diagnostics\n improperly handles objects in memory. An attacker who\n successfully exploited this vulnerability could bypass\n access restrictions to delete files. (CVE-2020-1372)\n\n - An elevation of privilege vulnerability exists when the\n Windows Picker Platform improperly handles memory.\n (CVE-2020-1363)\n\n - An elevation of privilege vulnerability exists when\n Windows improperly handles calls to Advanced Local\n Procedure Call (ALPC). An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n the security context of the local system. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n (CVE-2020-1396)\n\n - A remote code execution vulnerability exists in the way\n that the VBScript engine handles objects in memory. The\n vulnerability could corrupt memory in such a way that an\n attacker could execute arbitrary code in the context of\n the current user. An attacker who successfully exploited\n the vulnerability could gain the same user rights as the\n current user. (CVE-2020-1403)\n\n - A remote code execution vulnerability exists in the\n Windows Remote Desktop Client when a user connects to a\n malicious server. An attacker who successfully exploited\n this vulnerability could execute arbitrary code on the\n computer of the connecting client. An attacker could\n then install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2020-1374)\n\n - A remote code execution vulnerability exists when the\n Windows font library improperly handles specially\n crafted fonts. For all systems except Windows 10, an\n attacker who successfully exploited the vulnerability\n could execute code remotely. For systems running Windows\n 10, an attacker who successfully exploited the\n vulnerability could execute code in an AppContainer\n sandbox context with limited privileges and\n capabilities. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. There are multiple ways an\n attacker could exploit the vulnerability:\n (CVE-2020-1436)\n\n - An elevation of privilege vulnerability exists in the\n way that the Credential Enrollment Manager service\n handles objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2020-1368)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Network List Service handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2020-1406)\n\n - An information disclosure vulnerability exists when the\n Windows Graphics component improperly handles objects in\n memory. An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. An authenticated attacker\n could exploit this vulnerability by running a specially\n crafted application. The update addresses the\n vulnerability by correcting how the Windows Graphics\n Component handles objects in memory. (CVE-2020-1351)\n\n - An information disclosure vulnerability exists when the\n Windows GDI component improperly discloses the contents\n of its memory. An attacker who successfully exploited\n the vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document,\n or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by\n correcting how the Windows GDI component handles objects\n in memory. (CVE-2020-1468)\n\n - An elevation of privilege vulnerability exists when the\n Windows Event Logging Service improperly handles memory.\n (CVE-2020-1365, CVE-2020-1371)\n\n - An information disclosure vulnerability exists when the\n Windows kernel fails to properly initialize a memory\n address. An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. (CVE-2020-1389,\n CVE-2020-1419)\n\n - An elevation of privilege vulnerability exists when the\n Windows Print Workflow Service improperly handles\n objects in memory. An attacker who successfully\n exploited this vulnerability could gain elevated\n privileges and break out of the AppContainer sandbox.\n (CVE-2020-1366)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows WalletService handles objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute code with elevated\n permissions. (CVE-2020-1344, CVE-2020-1362,\n CVE-2020-1369)\n\n - An elevation of privilege vulnerability exists when the\n Windows ActiveX Installer Service improperly handles\n memory. (CVE-2020-1402)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Geolocation Framework handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2020-1394)\n\n - An information vulnerability exists when Windows\n Connected User Experiences and Telemetry Service\n improperly discloses file information. Successful\n exploitation of the vulnerability could allow the\n attacker to read any file on the file system.\n (CVE-2020-1386)\n\n - This security update corrects a denial of service in the\n Local Security Authority Subsystem Service (LSASS)\n caused when an authenticated attacker sends a specially\n crafted authentication request. A remote attacker who\n successfully exploited this vulnerability could cause a\n denial of service on the target system's LSASS service,\n which triggers an automatic reboot of the system. The\n security update addresses the vulnerability by changing\n the way that LSASS handles specially crafted\n authentication requests. (CVE-2020-1267)\n\n - An elevation of privilege vulnerability exists when the\n Windows Delivery Optimization service improperly handles\n objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code\n with elevated system privileges. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2020-1392)\n\n - A remote code execution vulnerability exists when\n Windows Address Book (WAB) improperly processes vcard\n files. (CVE-2020-1410)\n\n - An elevation of privilege vulnerability exists when the\n Windows Modules Installer improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could gain elevated privileges.\n (CVE-2020-1346)\n\n - An elevation of privilege vulnerability exists when the\n Windows UPnP Device Host improperly handles memory.\n (CVE-2020-1354, CVE-2020-1430)\n\n - An elevation of privilege vulnerability exists in the\n way that the SharedStream Library handles objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute code with elevated\n permissions. (CVE-2020-1463)\n\n - An elevation of privilege vulnerability exists when\n Group Policy Services Policy Processing improperly\n handle reparse points. An attacker who successfully\n exploited this vulnerability could overwrite a targeted\n file that would normally require elevated permissions.\n (CVE-2020-1333)\n\n - An elevation of privilege vulnerability exists in the\n way the Windows Push Notification Service handles\n objects in memory. An attacker who successfully\n exploited this vulnerability could run processes in an\n elevated context. An attacker could then install\n programs; view, change or delete data. (CVE-2020-1387)\n\n - A remote code execution vulnerability exists when the\n Windows font library improperly handles specially\n crafted embedded fonts. An attacker who successfully\n exploited the vulnerability could take control of the\n affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. (CVE-2020-1408)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Kernel handles objects in memory.\n An attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2020-1336)\n\n - An elevation of privilege vulnerability exists when the\n Windows Storage Services improperly handle file\n operations. An attacker who successfully exploited this\n vulnerability could gain elevated privileges.\n (CVE-2020-1347)\n\n - A denial of service vulnerability exists in the way that\n the WalletService handles files. An attacker who\n successfully exploited the vulnerability could corrupt\n system files. (CVE-2020-1364)\n\n - An information disclosure vulnerability exists when\n Skype for Business is accessed via Internet Explorer. An\n attacker who exploited the vulnerability could cause the\n user to place a call without additional consent, leading\n to information disclosure of the user profile. For the\n vulnerability to be exploited, a user must click a\n specially crafted URL that prompts the Skype app.\n (CVE-2020-1432)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Network Location Awareness Service\n handles objects in memory. An attacker who successfully\n exploited the vulnerability could allow an application\n with limited privileges on an affected system to execute\n code at a medium integrity level. (CVE-2020-1437)\n\n - An elevation of privilege vulnerability exists when the\n Windows Diagnostics Hub Standard Collector Service fails\n to properly sanitize input, leading to an unsecure\n library-loading behavior. An attacker who successfully\n exploited this vulnerability could run arbitrary code\n with elevated system privileges. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2020-1393)\n\n - A remote code execution vulnerability exists in .NET\n Framework, Microsoft SharePoint, and Visual Studio when\n the software fails to check the source markup of XML\n file input. An attacker who successfully exploited the\n vulnerability could run arbitrary code in the context of\n the process responsible for deserialization of the XML\n content. (CVE-2020-1147)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Network Connections Service handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2020-1373, CVE-2020-1390,\n CVE-2020-1427, CVE-2020-1428, CVE-2020-1438)\n\n - An elevation of privilege vulnerability exists when the\n Windows Cryptography Next Generation (CNG) Key Isolation\n service improperly handles memory. An attacker who\n successfully exploited this vulnerability could run\n processes in an elevated context. (CVE-2020-1359,\n CVE-2020-1384)\n\n - An information disclosure vulnerability exists when the\n Windows Resource Policy component improperly handles\n memory. (CVE-2020-1358)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Speech Brokered API handles objects\n in memory. An attacker who successfully exploited the\n vulnerability could execute code with elevated\n permissions. (CVE-2020-1395)\n\n - An information disclosure vulnerability exists when\n Windows Error Reporting improperly handles file\n operations. (CVE-2020-1420)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft Graphics Components handle objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute arbitrary code on a target\n system. (CVE-2020-1412)\n\n - An elevation of privilege vulnerability exists when the\n Windows Runtime improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could run arbitrary code in an elevated context. An\n attacker could exploit this vulnerability by running a\n specially crafted application on the victim system. The\n update addresses the vulnerability by correcting the way\n the Windows Runtime handles objects in memory.\n (CVE-2020-1249, CVE-2020-1353, CVE-2020-1370,\n CVE-2020-1399, CVE-2020-1404, CVE-2020-1413)\n\n - An information disclosure vulnerability exists when\n Microsoft Edge PDF Reader improperly handles objects in\n memory. An attacker who successfully exploited the\n vulnerability could obtain information to further\n compromise the users system. (CVE-2020-1433)\n\n - A remote code execution vulnerability exists when the\n Windows Jet Database Engine improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on a victim\n system. An attacker could exploit this vulnerability by\n enticing a victim to open a specially crafted file. The\n update addresses the vulnerability by correcting the way\n the Windows Jet Database Engine handles objects in\n memory. (CVE-2020-1400, CVE-2020-1401, CVE-2020-1407)\n\n - An elevation of privilege vulnerability exists when\n Windows Error Reporting manager improperly handles a\n process crash. An attacker who successfully exploited\n this vulnerability could delete a targeted file leading\n to an elevated status. (CVE-2020-1429)\n\n - An elevation of privilege vulnerability exists in the\n way that the psmsrv.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2020-1388)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Credential Picker handles objects\n in memory. An attacker who successfully exploited the\n vulnerability could allow an application with limited\n privileges on an affected system to execute code at a\n medium integrity level. (CVE-2020-1385)\n\n - A remote code execution vulnerability exists in\n Microsoft Windows that could allow remote code execution\n if a .LNK file is processed. An attacker who\n successfully exploited this vulnerability could gain the\n same user rights as the local user. (CVE-2020-1421)\n\n - An information disclosure vulnerability exists in\n Windows when the Windows Imaging Component fails to\n properly handle objects in memory. An attacker who\n successfully exploited this vulnerability could obtain\n information to further compromise the user's system.\n There are multiple ways an attacker could exploit this\n vulnerability: (CVE-2020-1397)\n\n - A remote code execution vulnerability exists in the way\n that the Windows Graphics Device Interface (GDI) handles\n objects in the memory. An attacker who successfully\n exploited this vulnerability could take control of the\n affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. (CVE-2020-1435)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Function Discovery Service handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2020-1085)\n\n - An information disclosure vulnerability exists in the\n way that the WalletService handles memory.\n (CVE-2020-1361)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Sync Host Service handles objects\n in memory. An attacker who successfully exploited the\n vulnerability could allow an application with limited\n privileges on an affected system to execute code at a\n medium integrity level. (CVE-2020-1434)\n\n - An information disclosure vulnerability exists when\n Skype for Business is accessed via Microsoft Edge\n (EdgeHTML-based). An attacker who exploited the\n vulnerability could cause the user to place a call\n without additional consent, leading to information\n disclosure of the user profile. For the vulnerability to\n be exploited, a user must click a specially crafted URL\n that prompts the Skype app. (CVE-2020-1462)\n\n - An elevation of privilege vulnerability exists when\n Windows Lockscreen fails to properly handle Ease of\n Access dialog. An attacker who successfully exploited\n the vulnerability could execute commands with elevated\n permissions. The security update addresses the\n vulnerability by ensuring that the Ease of Access dialog\n is handled properly. (CVE-2020-1398)\");\n # https://support.microsoft.com/en-us/help/4565508/windows-10-update-kb4565508\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?b2aadf5b\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update KB4565508.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-1435\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-1436\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'SharePoint DataSet / DataTable Deserialization');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/07/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/07/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('smb_func.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_reg_query.inc');\ninclude('install_func.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = 'MS20-07';\nkbs = make_list(\n '4565508'\n);\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:'10',\n sp:0,\n os_build:'16299',\n rollup_date:'07_2020',\n bulletin:bulletin,\n rollup_kb_list:[4565508])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n\n\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-21T16:03:44", "description": "The remote Windows host is missing security update 4558998. It is, therefore, affected by multiple vulnerabilities :\n\n - An elevation of privilege vulnerability exists when the Windows System Events Broker improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges.\n (CVE-2020-1357)\n\n - An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1411)\n\n - An elevation of privilege vulnerability exists when the Windows Diagnostics Execution Service fails to properly sanitize input, leading to an unsecure library-loading behavior. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1418)\n\n - An elevation of privilege vulnerability exists when the Windows USO Core Worker improperly handles memory.\n (CVE-2020-1352)\n\n - An elevation of privilege vulnerability exists when the Windows Modules Installer improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges.\n (CVE-2020-1346)\n\n - An elevation of privilege vulnerability exists when the Windows Diagnostics Hub Standard Collector Service fails to properly sanitize input, leading to an unsecure library-loading behavior. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2020-1393)\n\n - A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage. The security update addresses the vulnerability by correcting how DirectWrite handles objects in memory. (CVE-2020-1409)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Credential Picker handles objects in memory. An attacker who successfully exploited the vulnerability could allow an application with limited privileges on an affected system to execute code at a medium integrity level. (CVE-2020-1385)\n\n - An elevation of privilege vulnerability exists when the Windows Profile Service improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges.\n (CVE-2020-1360)\n\n - An elevation of privilege vulnerability exists when Windows Mobile Device Management (MDM) Diagnostics improperly handles objects in memory. An attacker who successfully exploited this vulnerability could bypass access restrictions to delete files. (CVE-2020-1372)\n\n - An elevation of privilege vulnerability exists when the Windows Picker Platform improperly handles memory.\n (CVE-2020-1363)\n\n - An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC). An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2020-1396)\n\n - An information disclosure vulnerability exists when Windows Mobile Device Management (MDM) Diagnostics improperly handles junctions. An attacker who successfully exploited this vulnerability could bypass access restrictions to read files. (CVE-2020-1330)\n\n - A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server. An attacker who successfully exploited this vulnerability could execute arbitrary code on the computer of the connecting client. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2020-1374)\n\n - A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted fonts. For all systems except Windows 10, an attacker who successfully exploited the vulnerability could execute code remotely. For systems running Windows 10, an attacker who successfully exploited the vulnerability could execute code in an AppContainer sandbox context with limited privileges and capabilities. An attacker could then install programs;\n view, change, or delete data; or create new accounts with full user rights. There are multiple ways an attacker could exploit the vulnerability:\n (CVE-2020-1436)\n\n - An elevation of privilege vulnerability exists in the way that the Credential Enrollment Manager service handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1368)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Network List Service handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1406)\n\n - An information disclosure vulnerability exists when the Windows Graphics component improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. An authenticated attacker could exploit this vulnerability by running a specially crafted application. The update addresses the vulnerability by correcting how the Windows Graphics Component handles objects in memory. (CVE-2020-1351)\n\n - An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory. (CVE-2020-1468)\n\n - An elevation of privilege vulnerability exists when the Windows Event Logging Service improperly handles memory.\n (CVE-2020-1365, CVE-2020-1371)\n\n - An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2020-1389, CVE-2020-1419)\n\n - An elevation of privilege vulnerability exists when the Windows Print Workflow Service improperly handles objects in memory. An attacker who successfully exploited this vulnerability could gain elevated privileges and break out of the AppContainer sandbox.\n (CVE-2020-1366)\n\n - An elevation of privilege vulnerability exists in the way that the Windows WalletService handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1344, CVE-2020-1362, CVE-2020-1369)\n\n - An elevation of privilege vulnerability exists when the Windows ActiveX Installer Service improperly handles memory. (CVE-2020-1402)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Geolocation Framework handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1394)\n\n - An information vulnerability exists when Windows Connected User Experiences and Telemetry Service improperly discloses file information. Successful exploitation of the vulnerability could allow the attacker to read any file on the file system.\n (CVE-2020-1386)\n\n - This security update corrects a denial of service in the Local Security Authority Subsystem Service (LSASS) caused when an authenticated attacker sends a specially crafted authentication request. A remote attacker who successfully exploited this vulnerability could cause a denial of service on the target system's LSASS service, which triggers an automatic reboot of the system. The security update addresses the vulnerability by changing the way that LSASS handles specially crafted authentication requests. (CVE-2020-1267)\n\n - An elevation of privilege vulnerability exists when the Windows Delivery Optimization service improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2020-1392)\n\n - A remote code execution vulnerability exists when Windows Address Book (WAB) improperly processes vcard files. (CVE-2020-1410)\n\n - An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The update addresses the vulnerability by correcting the way the Windows Runtime handles objects in memory.\n (CVE-2020-1249, CVE-2020-1353, CVE-2020-1370, CVE-2020-1399, CVE-2020-1404, CVE-2020-1413, CVE-2020-1414, CVE-2020-1415, CVE-2020-1422)\n\n - A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1435)\n\n - An elevation of privilege vulnerability exists when the Windows UPnP Device Host improperly handles memory.\n (CVE-2020-1354, CVE-2020-1430)\n\n - An elevation of privilege vulnerability exists when the Windows Update Stack fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1424)\n\n - An elevation of privilege vulnerability exists in the way that the SharedStream Library handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1463)\n\n - An elevation of privilege vulnerability exists when Group Policy Services Policy Processing improperly handle reparse points. An attacker who successfully exploited this vulnerability could overwrite a targeted file that would normally require elevated permissions.\n (CVE-2020-1333)\n\n - An elevation of privilege vulnerability exists in the way the Windows Push Notification Service handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could then install programs; view, change or delete data. (CVE-2020-1387)\n\n - A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited the vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1408)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory.\n An attacker who successfully exploited the vulnerability could execute code with elevated permissions.\n (CVE-2020-1336)\n\n - An elevation of privilege vulnerability exists when the Windows Storage Services improperly handle file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges.\n (CVE-2020-1347)\n\n - A denial of service vulnerability exists in the way that the WalletService handles files. An attacker who successfully exploited the vulnerability could corrupt system files. (CVE-2020-1364)\n\n - An information disclosure vulnerability exists when Skype for Business is accessed via Internet Explorer. An attacker who exploited the vulnerability could cause the user to place a call without additional consent, leading to information disclosure of the user profile. For the vulnerability to be exploited, a user must click a specially crafted URL that prompts the Skype app.\n (CVE-2020-1432)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Network Location Awareness Service handles objects in memory. An attacker who successfully exploited the vulnerability could allow an application with limited privileges on an affected system to execute code at a medium integrity level. (CVE-2020-1437)\n\n - An elevation of privilege vulnerability exists when Windows improperly handles COM object creation. An attacker who successfully exploited the vulnerability could run arbitrary code with elevated privileges.\n (CVE-2020-1375)\n\n - A remote code execution vulnerability exists in .NET Framework, Microsoft SharePoint, and Visual Studio when the software fails to check the source markup of XML file input. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the process responsible for deserialization of the XML content. (CVE-2020-1147)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Network Connections Service handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1373, CVE-2020-1390, CVE-2020-1427, CVE-2020-1428, CVE-2020-1438)\n\n - An elevation of privilege vulnerability exists when the Windows Cryptography Next Generation (CNG) Key Isolation service improperly handles memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. (CVE-2020-1359, CVE-2020-1384)\n\n - An information disclosure vulnerability exists when the Windows Resource Policy component improperly handles memory. (CVE-2020-1358)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Speech Brokered API handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1395)\n\n - An information disclosure vulnerability exists when Windows Error Reporting improperly handles file operations. (CVE-2020-1420)\n\n - A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code on a target system. (CVE-2020-1412)\n\n - An elevation of privilege vulnerability exists when the Windows AppX Deployment Extensions improperly performs privilege management, resulting in access to system files. (CVE-2020-1431)\n\n - An information disclosure vulnerability exists when Microsoft Edge PDF Reader improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2020-1433)\n\n - A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory. (CVE-2020-1400, CVE-2020-1401, CVE-2020-1407)\n\n - An elevation of privilege vulnerability exists when Windows Error Reporting manager improperly handles a process crash. An attacker who successfully exploited this vulnerability could delete a targeted file leading to an elevated status. (CVE-2020-1429)\n\n - An elevation of privilege vulnerability exists in the way that the psmsrv.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.\n (CVE-2020-1388)\n\n - An elevation of privilege vulnerability exists when Windows Mobile Device Management (MDM) Diagnostics improperly handles junctions. An attacker who successfully exploited this vulnerability could bypass access restrictions to delete files. (CVE-2020-1405)\n\n - An elevation of privilege vulnerability exists when the Windows iSCSI Target Service improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges.\n (CVE-2020-1356)\n\n - A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. (CVE-2020-1421)\n\n - An information disclosure vulnerability exists in Windows when the Windows Imaging Component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user's system.\n There are multiple ways an attacker could exploit this vulnerability: (CVE-2020-1397)\n\n - An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. An authenticated attacker could exploit this vulnerability by running a specially crafted application. The update addresses the vulnerability by correcting how the Windows kernel handles objects in memory. (CVE-2020-1367, CVE-2020-1426)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Function Discovery Service handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1085)\n\n - An information disclosure vulnerability exists in the way that the WalletService handles memory.\n (CVE-2020-1361)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Sync Host Service handles objects in memory. An attacker who successfully exploited the vulnerability could allow an application with limited privileges on an affected system to execute code at a medium integrity level. (CVE-2020-1434)\n\n - An information disclosure vulnerability exists when Skype for Business is accessed via Microsoft Edge (EdgeHTML-based). An attacker who exploited the vulnerability could cause the user to place a call without additional consent, leading to information disclosure of the user profile. For the vulnerability to be exploited, a user must click a specially crafted URL that prompts the Skype app. (CVE-2020-1462)\n\n - An elevation of privilege vulnerability exists when Windows Lockscreen fails to properly handle Ease of Access dialog. An attacker who successfully exploited the vulnerability could execute commands with elevated permissions. The security update addresses the vulnerability by ensuring that the Ease of Access dialog is handled properly. (CVE-2020-1398)\n\n - A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2020-1403)", "cvss3": {}, "published": "2020-07-14T00:00:00", "type": "nessus", "title": "KB4558998: Windows 10 Version 1809 and Windows Server 2019 July 2020 Security Update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-1085", "CVE-2020-1147", "CVE-2020-1249", "CVE-2020-1267", "CVE-2020-1330", "CVE-2020-1333", "CVE-2020-1336", "CVE-2020-1344", "CVE-2020-1346", "CVE-2020-1347", "CVE-2020-1351", "CVE-2020-1352", "CVE-2020-1353", "CVE-2020-1354", "CVE-2020-1356", "CVE-2020-1357", "CVE-2020-1358", "CVE-2020-1359", "CVE-2020-1360", "CVE-2020-1361", "CVE-2020-1362", "CVE-2020-1363", "CVE-2020-1364", "CVE-2020-1365", "CVE-2020-1366", "CVE-2020-1367", "CVE-2020-1368", "CVE-2020-1369", "CVE-2020-1370", "CVE-2020-1371", "CVE-2020-1372", "CVE-2020-1373", "CVE-2020-1374", "CVE-2020-1375", "CVE-2020-1384", "CVE-2020-1385", "CVE-2020-1386", "CVE-2020-1387", "CVE-2020-1388", "CVE-2020-1389", "CVE-2020-1390", "CVE-2020-1392", "CVE-2020-1393", "CVE-2020-1394", "CVE-2020-1395", "CVE-2020-1396", "CVE-2020-1397", "CVE-2020-1398", "CVE-2020-1399", "CVE-2020-1400", "CVE-2020-1401", "CVE-2020-1402", "CVE-2020-1403", "CVE-2020-1404", "CVE-2020-1405", "CVE-2020-1406", "CVE-2020-1407", "CVE-2020-1408", "CVE-2020-1409", "CVE-2020-1410", "CVE-2020-1411", "CVE-2020-1412", "CVE-2020-1413", "CVE-2020-1414", "CVE-2020-1415", "CVE-2020-1418", "CVE-2020-1419", "CVE-2020-1420", "CVE-2020-1421", "CVE-2020-1422", "CVE-2020-1424", "CVE-2020-1426", "CVE-2020-1427", "CVE-2020-1428", "CVE-2020-1429", "CVE-2020-1430", "CVE-2020-1431", "CVE-2020-1432", "CVE-2020-1433", "CVE-2020-1434", "CVE-2020-1435", "CVE-2020-1436", "CVE-2020-1437", "CVE-2020-1438", "CVE-2020-1462", "CVE-2020-1463", "CVE-2020-1468"], "modified": "2023-04-25T00:00:00", "cpe": ["cpe:/o:microsoft:windows", "cpe:/a:microsoft:edge"], "id": "SMB_NT_MS20_JUL_4558998.NASL", "href": "https://www.tenable.com/plugins/nessus/138453", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(138453);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/04/25\");\n\n script_cve_id(\n \"CVE-2020-1085\",\n \"CVE-2020-1147\",\n \"CVE-2020-1249\",\n \"CVE-2020-1267\",\n \"CVE-2020-1330\",\n \"CVE-2020-1333\",\n \"CVE-2020-1336\",\n \"CVE-2020-1344\",\n \"CVE-2020-1346\",\n \"CVE-2020-1347\",\n \"CVE-2020-1351\",\n \"CVE-2020-1352\",\n \"CVE-2020-1353\",\n \"CVE-2020-1354\",\n \"CVE-2020-1356\",\n \"CVE-2020-1357\",\n \"CVE-2020-1358\",\n \"CVE-2020-1359\",\n \"CVE-2020-1360\",\n \"CVE-2020-1361\",\n \"CVE-2020-1362\",\n \"CVE-2020-1363\",\n \"CVE-2020-1364\",\n \"CVE-2020-1365\",\n \"CVE-2020-1366\",\n \"CVE-2020-1367\",\n \"CVE-2020-1368\",\n \"CVE-2020-1369\",\n \"CVE-2020-1370\",\n \"CVE-2020-1371\",\n \"CVE-2020-1372\",\n \"CVE-2020-1373\",\n \"CVE-2020-1374\",\n \"CVE-2020-1375\",\n \"CVE-2020-1384\",\n \"CVE-2020-1385\",\n \"CVE-2020-1386\",\n \"CVE-2020-1387\",\n \"CVE-2020-1388\",\n \"CVE-2020-1389\",\n \"CVE-2020-1390\",\n \"CVE-2020-1392\",\n \"CVE-2020-1393\",\n \"CVE-2020-1394\",\n \"CVE-2020-1395\",\n \"CVE-2020-1396\",\n \"CVE-2020-1397\",\n \"CVE-2020-1398\",\n \"CVE-2020-1399\",\n \"CVE-2020-1400\",\n \"CVE-2020-1401\",\n \"CVE-2020-1402\",\n \"CVE-2020-1403\",\n \"CVE-2020-1404\",\n \"CVE-2020-1405\",\n \"CVE-2020-1406\",\n \"CVE-2020-1407\",\n \"CVE-2020-1408\",\n \"CVE-2020-1409\",\n \"CVE-2020-1410\",\n \"CVE-2020-1411\",\n \"CVE-2020-1412\",\n \"CVE-2020-1413\",\n \"CVE-2020-1414\",\n \"CVE-2020-1415\",\n \"CVE-2020-1418\",\n \"CVE-2020-1419\",\n \"CVE-2020-1420\",\n \"CVE-2020-1421\",\n \"CVE-2020-1422\",\n \"CVE-2020-1424\",\n \"CVE-2020-1426\",\n \"CVE-2020-1427\",\n \"CVE-2020-1428\",\n \"CVE-2020-1429\",\n \"CVE-2020-1430\",\n \"CVE-2020-1431\",\n \"CVE-2020-1432\",\n \"CVE-2020-1433\",\n \"CVE-2020-1434\",\n \"CVE-2020-1435\",\n \"CVE-2020-1436\",\n \"CVE-2020-1437\",\n \"CVE-2020-1438\",\n \"CVE-2020-1462\",\n \"CVE-2020-1463\",\n \"CVE-2020-1468\"\n );\n script_xref(name:\"MSKB\", value:\"4558998\");\n script_xref(name:\"MSFT\", value:\"MS20-4558998\");\n script_xref(name:\"IAVA\", value:\"2020-A-0300-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0302-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0306-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0313-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/03\");\n\n script_name(english:\"KB4558998: Windows 10 Version 1809 and Windows Server 2019 July 2020 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4558998. It is, \ntherefore, affected by multiple vulnerabilities :\n\n - An elevation of privilege vulnerability exists when the\n Windows System Events Broker improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could gain elevated privileges.\n (CVE-2020-1357)\n\n - An elevation of privilege vulnerability exists when the\n Windows kernel fails to properly handle objects in\n memory. An attacker who successfully exploited this\n vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change,\n or delete data; or create new accounts with full user\n rights. (CVE-2020-1411)\n\n - An elevation of privilege vulnerability exists when the\n Windows Diagnostics Execution Service fails to properly\n sanitize input, leading to an unsecure library-loading\n behavior. An attacker who successfully exploited this\n vulnerability could run arbitrary code with elevated\n system privileges. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. (CVE-2020-1418)\n\n - An elevation of privilege vulnerability exists when the\n Windows USO Core Worker improperly handles memory.\n (CVE-2020-1352)\n\n - An elevation of privilege vulnerability exists when the\n Windows Modules Installer improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could gain elevated privileges.\n (CVE-2020-1346)\n\n - An elevation of privilege vulnerability exists when the\n Windows Diagnostics Hub Standard Collector Service fails\n to properly sanitize input, leading to an unsecure\n library-loading behavior. An attacker who successfully\n exploited this vulnerability could run arbitrary code\n with elevated system privileges. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2020-1393)\n\n - A remote code execution vulnerability exists in the way\n that DirectWrite handles objects in memory. An attacker\n who successfully exploited this vulnerability could take\n control of the affected system. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights. There are\n multiple ways an attacker could exploit the\n vulnerability, such as by convincing a user to open a\n specially crafted document, or by convincing a user to\n visit an untrusted webpage. The security update\n addresses the vulnerability by correcting how\n DirectWrite handles objects in memory. (CVE-2020-1409)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Credential Picker handles objects\n in memory. An attacker who successfully exploited the\n vulnerability could allow an application with limited\n privileges on an affected system to execute code at a\n medium integrity level. (CVE-2020-1385)\n\n - An elevation of privilege vulnerability exists when the\n Windows Profile Service improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could gain elevated privileges.\n (CVE-2020-1360)\n\n - An elevation of privilege vulnerability exists when\n Windows Mobile Device Management (MDM) Diagnostics\n improperly handles objects in memory. An attacker who\n successfully exploited this vulnerability could bypass\n access restrictions to delete files. (CVE-2020-1372)\n\n - An elevation of privilege vulnerability exists when the\n Windows Picker Platform improperly handles memory.\n (CVE-2020-1363)\n\n - An elevation of privilege vulnerability exists when\n Windows improperly handles calls to Advanced Local\n Procedure Call (ALPC). An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n the security context of the local system. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n (CVE-2020-1396)\n\n - An information disclosure vulnerability exists when\n Windows Mobile Device Management (MDM) Diagnostics\n improperly handles junctions. An attacker who\n successfully exploited this vulnerability could bypass\n access restrictions to read files. (CVE-2020-1330)\n\n - A remote code execution vulnerability exists in the\n Windows Remote Desktop Client when a user connects to a\n malicious server. An attacker who successfully exploited\n this vulnerability could execute arbitrary code on the\n computer of the connecting client. An attacker could\n then install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2020-1374)\n\n - A remote code execution vulnerability exists when the\n Windows font library improperly handles specially\n crafted fonts. For all systems except Windows 10, an\n attacker who successfully exploited the vulnerability\n could execute code remotely. For systems running Windows\n 10, an attacker who successfully exploited the\n vulnerability could execute code in an AppContainer\n sandbox context with limited privileges and\n capabilities. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. There are multiple ways an\n attacker could exploit the vulnerability:\n (CVE-2020-1436)\n\n - An elevation of privilege vulnerability exists in the\n way that the Credential Enrollment Manager service\n handles objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2020-1368)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Network List Service handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2020-1406)\n\n - An information disclosure vulnerability exists when the\n Windows Graphics component improperly handles objects in\n memory. An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. An authenticated attacker\n could exploit this vulnerability by running a specially\n crafted application. The update addresses the\n vulnerability by correcting how the Windows Graphics\n Component handles objects in memory. (CVE-2020-1351)\n\n - An information disclosure vulnerability exists when the\n Windows GDI component improperly discloses the contents\n of its memory. An attacker who successfully exploited\n the vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document,\n or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by\n correcting how the Windows GDI component handles objects\n in memory. (CVE-2020-1468)\n\n - An elevation of privilege vulnerability exists when the\n Windows Event Logging Service improperly handles memory.\n (CVE-2020-1365, CVE-2020-1371)\n\n - An information disclosure vulnerability exists when the\n Windows kernel fails to properly initialize a memory\n address. An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. (CVE-2020-1389,\n CVE-2020-1419)\n\n - An elevation of privilege vulnerability exists when the\n Windows Print Workflow Service improperly handles\n objects in memory. An attacker who successfully\n exploited this vulnerability could gain elevated\n privileges and break out of the AppContainer sandbox.\n (CVE-2020-1366)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows WalletService handles objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute code with elevated\n permissions. (CVE-2020-1344, CVE-2020-1362,\n CVE-2020-1369)\n\n - An elevation of privilege vulnerability exists when the\n Windows ActiveX Installer Service improperly handles\n memory. (CVE-2020-1402)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Geolocation Framework handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2020-1394)\n\n - An information vulnerability exists when Windows\n Connected User Experiences and Telemetry Service\n improperly discloses file information. Successful\n exploitation of the vulnerability could allow the\n attacker to read any file on the file system.\n (CVE-2020-1386)\n\n - This security update corrects a denial of service in the\n Local Security Authority Subsystem Service (LSASS)\n caused when an authenticated attacker sends a specially\n crafted authentication request. A remote attacker who\n successfully exploited this vulnerability could cause a\n denial of service on the target system's LSASS service,\n which triggers an automatic reboot of the system. The\n security update addresses the vulnerability by changing\n the way that LSASS handles specially crafted\n authentication requests. (CVE-2020-1267)\n\n - An elevation of privilege vulnerability exists when the\n Windows Delivery Optimization service improperly handles\n objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code\n with elevated system privileges. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2020-1392)\n\n - A remote code execution vulnerability exists when\n Windows Address Book (WAB) improperly processes vcard\n files. (CVE-2020-1410)\n\n - An elevation of privilege vulnerability exists when the\n Windows Runtime improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could run arbitrary code in an elevated context. An\n attacker could exploit this vulnerability by running a\n specially crafted application on the victim system. The\n update addresses the vulnerability by correcting the way\n the Windows Runtime handles objects in memory.\n (CVE-2020-1249, CVE-2020-1353, CVE-2020-1370,\n CVE-2020-1399, CVE-2020-1404, CVE-2020-1413,\n CVE-2020-1414, CVE-2020-1415, CVE-2020-1422)\n\n - A remote code execution vulnerability exists in the way\n that the Windows Graphics Device Interface (GDI) handles\n objects in the memory. An attacker who successfully\n exploited this vulnerability could take control of the\n affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. (CVE-2020-1435)\n\n - An elevation of privilege vulnerability exists when the\n Windows UPnP Device Host improperly handles memory.\n (CVE-2020-1354, CVE-2020-1430)\n\n - An elevation of privilege vulnerability exists when the\n Windows Update Stack fails to properly handle objects in\n memory. An attacker who successfully exploited this\n vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change,\n or delete data; or create new accounts with full user\n rights. (CVE-2020-1424)\n\n - An elevation of privilege vulnerability exists in the\n way that the SharedStream Library handles objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute code with elevated\n permissions. (CVE-2020-1463)\n\n - An elevation of privilege vulnerability exists when\n Group Policy Services Policy Processing improperly\n handle reparse points. An attacker who successfully\n exploited this vulnerability could overwrite a targeted\n file that would normally require elevated permissions.\n (CVE-2020-1333)\n\n - An elevation of privilege vulnerability exists in the\n way the Windows Push Notification Service handles\n objects in memory. An attacker who successfully\n exploited this vulnerability could run processes in an\n elevated context. An attacker could then install\n programs; view, change or delete data. (CVE-2020-1387)\n\n - A remote code execution vulnerability exists when the\n Windows font library improperly handles specially\n crafted embedded fonts. An attacker who successfully\n exploited the vulnerability could take control of the\n affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. (CVE-2020-1408)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Kernel handles objects in memory.\n An attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2020-1336)\n\n - An elevation of privilege vulnerability exists when the\n Windows Storage Services improperly handle file\n operations. An attacker who successfully exploited this\n vulnerability could gain elevated privileges.\n (CVE-2020-1347)\n\n - A denial of service vulnerability exists in the way that\n the WalletService handles files. An attacker who\n successfully exploited the vulnerability could corrupt\n system files. (CVE-2020-1364)\n\n - An information disclosure vulnerability exists when\n Skype for Business is accessed via Internet Explorer. An\n attacker who exploited the vulnerability could cause the\n user to place a call without additional consent, leading\n to information disclosure of the user profile. For the\n vulnerability to be exploited, a user must click a\n specially crafted URL that prompts the Skype app.\n (CVE-2020-1432)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Network Location Awareness Service\n handles objects in memory. An attacker who successfully\n exploited the vulnerability could allow an application\n with limited privileges on an affected system to execute\n code at a medium integrity level. (CVE-2020-1437)\n\n - An elevation of privilege vulnerability exists when\n Windows improperly handles COM object creation. An\n attacker who successfully exploited the vulnerability\n could run arbitrary code with elevated privileges.\n (CVE-2020-1375)\n\n - A remote code execution vulnerability exists in .NET\n Framework, Microsoft SharePoint, and Visual Studio when\n the software fails to check the source markup of XML\n file input. An attacker who successfully exploited the\n vulnerability could run arbitrary code in the context of\n the process responsible for deserialization of the XML\n content. (CVE-2020-1147)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Network Connections Service handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2020-1373, CVE-2020-1390,\n CVE-2020-1427, CVE-2020-1428, CVE-2020-1438)\n\n - An elevation of privilege vulnerability exists when the\n Windows Cryptography Next Generation (CNG) Key Isolation\n service improperly handles memory. An attacker who\n successfully exploited this vulnerability could run\n processes in an elevated context. (CVE-2020-1359,\n CVE-2020-1384)\n\n - An information disclosure vulnerability exists when the\n Windows Resource Policy component improperly handles\n memory. (CVE-2020-1358)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Speech Brokered API handles objects\n in memory. An attacker who successfully exploited the\n vulnerability could execute code with elevated\n permissions. (CVE-2020-1395)\n\n - An information disclosure vulnerability exists when\n Windows Error Reporting improperly handles file\n operations. (CVE-2020-1420)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft Graphics Components handle objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute arbitrary code on a target\n system. (CVE-2020-1412)\n\n - An elevation of privilege vulnerability exists when the\n Windows AppX Deployment Extensions improperly performs\n privilege management, resulting in access to system\n files. (CVE-2020-1431)\n\n - An information disclosure vulnerability exists when\n Microsoft Edge PDF Reader improperly handles objects in\n memory. An attacker who successfully exploited the\n vulnerability could obtain information to further\n compromise the users system. (CVE-2020-1433)\n\n - A remote code execution vulnerability exists when the\n Windows Jet Database Engine improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on a victim\n system. An attacker could exploit this vulnerability by\n enticing a victim to open a specially crafted file. The\n update addresses the vulnerability by correcting the way\n the Windows Jet Database Engine handles objects in\n memory. (CVE-2020-1400, CVE-2020-1401, CVE-2020-1407)\n\n - An elevation of privilege vulnerability exists when\n Windows Error Reporting manager improperly handles a\n process crash. An attacker who successfully exploited\n this vulnerability could delete a targeted file leading\n to an elevated status. (CVE-2020-1429)\n\n - An elevation of privilege vulnerability exists in the\n way that the psmsrv.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2020-1388)\n\n - An elevation of privilege vulnerability exists when\n Windows Mobile Device Management (MDM) Diagnostics\n improperly handles junctions. An attacker who\n successfully exploited this vulnerability could bypass\n access restrictions to delete files. (CVE-2020-1405)\n\n - An elevation of privilege vulnerability exists when the\n Windows iSCSI Target Service improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could gain elevated privileges.\n (CVE-2020-1356)\n\n - A remote code execution vulnerability exists in\n Microsoft Windows that could allow remote code execution\n if a .LNK file is processed. An attacker who\n successfully exploited this vulnerability could gain the\n same user rights as the local user. (CVE-2020-1421)\n\n - An information disclosure vulnerability exists in\n Windows when the Windows Imaging Component fails to\n properly handle objects in memory. An attacker who\n successfully exploited this vulnerability could obtain\n information to further compromise the user's system.\n There are multiple ways an attacker could exploit this\n vulnerability: (CVE-2020-1397)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. An authenticated attacker could exploit this\n vulnerability by running a specially crafted\n application. The update addresses the vulnerability by\n correcting how the Windows kernel handles objects in\n memory. (CVE-2020-1367, CVE-2020-1426)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Function Discovery Service handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2020-1085)\n\n - An information disclosure vulnerability exists in the\n way that the WalletService handles memory.\n (CVE-2020-1361)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Sync Host Service handles objects\n in memory. An attacker who successfully exploited the\n vulnerability could allow an application with limited\n privileges on an affected system to execute code at a\n medium integrity level. (CVE-2020-1434)\n\n - An information disclosure vulnerability exists when\n Skype for Business is accessed via Microsoft Edge\n (EdgeHTML-based). An attacker who exploited the\n vulnerability could cause the user to place a call\n without additional consent, leading to information\n disclosure of the user profile. For the vulnerability to\n be exploited, a user must click a specially crafted URL\n that prompts the Skype app. (CVE-2020-1462)\n\n - An elevation of privilege vulnerability exists when\n Windows Lockscreen fails to properly handle Ease of\n Access dialog. An attacker who successfully exploited\n the vulnerability could execute commands with elevated\n permissions. The security update addresses the\n vulnerability by ensuring that the Ease of Access dialog\n is handled properly. (CVE-2020-1398)\n\n - A remote code execution vulnerability exists in the way\n that the VBScript engine handles objects in memory. The\n vulnerability could corrupt memory in such a way that an\n attacker could execute arbitrary code in the context of\n the current user. An attacker who successfully exploited\n the vulnerability could gain the same user rights as the\n current user. (CVE-2020-1403)\");\n # https://support.microsoft.com/en-us/help/4558998/windows-10-update-kb4558998\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?a508fbe1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update KB4558998.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-1435\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-1436\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'SharePoint DataSet / DataTable Deserialization');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/07/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/07/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS20-07\";\nkbs = make_list('4558998');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:\"17763\",\n rollup_date:\"07_2020\",\n bulletin:bulletin,\n rollup_kb_list:[4558998])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n\n\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-19T15:24:01", "description": "The remote Windows host is missing security update 4565489. It is, therefore, affected by multiple vulnerabilities :\n\n - An elevation of privilege vulnerability exists when the Windows System Events Broker improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges.\n (CVE-2020-1357)\n\n - An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1411)\n\n - An elevation of privilege vulnerability exists when the Windows Diagnostics Execution Service fails to properly sanitize input, leading to an unsecure library-loading behavior. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1418)\n\n - An elevation of privilege vulnerability exists when the Windows USO Core Worker improperly handles memory.\n (CVE-2020-1352)\n\n - An elevation of privilege vulnerability exists when the Windows Modules Installer improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges.\n (CVE-2020-1346)\n\n - An elevation of privilege vulnerability exists when Windows improperly handles COM object creation. An attacker who successfully exploited the vulnerability could run arbitrary code with elevated privileges.\n (CVE-2020-1375)\n\n - A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage. The security update addresses the vulnerability by correcting how DirectWrite handles objects in memory. (CVE-2020-1409)\n\n - An elevation of privilege vulnerability exists when the Windows AppX Deployment Extensions improperly performs privilege management, resulting in access to system files. (CVE-2020-1431)\n\n - An elevation of privilege vulnerability exists when the Windows Profile Service improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges.\n (CVE-2020-1360)\n\n - An elevation of privilege vulnerability exists when Windows Mobile Device Management (MDM) Diagnostics improperly handles objects in memory. An attacker who successfully exploited this vulnerability could bypass access restrictions to delete files. (CVE-2020-1372)\n\n - An elevation of privilege vulnerability exists when the Windows Picker Platform improperly handles memory.\n (CVE-2020-1363)\n\n - An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC). An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2020-1396)\n\n - A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2020-1403)\n\n - A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server. An attacker who successfully exploited this vulnerability could execute arbitrary code on the computer of the connecting client. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2020-1374)\n\n - A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted fonts. For all systems except Windows 10, an attacker who successfully exploited the vulnerability could execute code remotely. For systems running Windows 10, an attacker who successfully exploited the vulnerability could execute code in an AppContainer sandbox context with limited privileges and capabilities. An attacker could then install programs;\n view, change, or delete data; or create new accounts with full user rights. There are multiple ways an attacker could exploit the vulnerability:\n (CVE-2020-1436)\n\n - An elevation of privilege vulnerability exists in the way that the Credential Enrollment Manager service handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1368)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Network List Service handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1406)\n\n - An information disclosure vulnerability exists when the Windows Graphics component improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. An authenticated attacker could exploit this vulnerability by running a specially crafted application. The update addresses the vulnerability by correcting how the Windows Graphics Component handles objects in memory. (CVE-2020-1351)\n\n - An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory. (CVE-2020-1468)\n\n - An elevation of privilege vulnerability exists when the Windows Event Logging Service improperly handles memory.\n (CVE-2020-1365, CVE-2020-1371)\n\n - An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2020-1389, CVE-2020-1419)\n\n - An elevation of privilege vulnerability exists when the Windows Print Workflow Service improperly handles objects in memory. An attacker who successfully exploited this vulnerability could gain elevated privileges and break out of the AppContainer sandbox.\n (CVE-2020-1366)\n\n - An elevation of privilege vulnerability exists in the way that the Windows WalletService handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1344, CVE-2020-1362, CVE-2020-1369)\n\n - An elevation of privilege vulnerability exists when the Windows ActiveX Installer Service improperly handles memory. (CVE-2020-1402)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Geolocation Framework handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1394)\n\n - An information vulnerability exists when Windows Connected User Experiences and Telemetry Service improperly discloses file information. Successful exploitation of the vulnerability could allow the attacker to read any file on the file system.\n (CVE-2020-1386)\n\n - This security update corrects a denial of service in the Local Security Authority Subsystem Service (LSASS) caused when an authenticated attacker sends a specially crafted authentication request. A remote attacker who successfully exploited this vulnerability could cause a denial of service on the target system's LSASS service, which triggers an automatic reboot of the system. The security update addresses the vulnerability by changing the way that LSASS handles specially crafted authentication requests. (CVE-2020-1267)\n\n - An elevation of privilege vulnerability exists when the Windows Delivery Optimization service improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2020-1392)\n\n - A remote code execution vulnerability exists when Windows Address Book (WAB) improperly processes vcard files. (CVE-2020-1410)\n\n - An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The update addresses the vulnerability by correcting the way the Windows Runtime handles objects in memory.\n (CVE-2020-1249, CVE-2020-1353, CVE-2020-1370, CVE-2020-1399, CVE-2020-1404, CVE-2020-1413, CVE-2020-1414, CVE-2020-1415, CVE-2020-1422)\n\n - An elevation of privilege vulnerability exists when the Windows UPnP Device Host improperly handles memory.\n (CVE-2020-1354, CVE-2020-1430)\n\n - An elevation of privilege vulnerability exists when the Windows Update Stack fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1424)\n\n - An elevation of privilege vulnerability exists in the way that the SharedStream Library handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1463)\n\n - An elevation of privilege vulnerability exists when Group Policy Services Policy Processing improperly handle reparse points. An attacker who successfully exploited this vulnerability could overwrite a targeted file that would normally require elevated permissions.\n (CVE-2020-1333)\n\n - An elevation of privilege vulnerability exists in the way the Windows Push Notification Service handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could then install programs; view, change or delete data. (CVE-2020-1387)\n\n - A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited the vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1408)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory.\n An attacker who successfully exploited the vulnerability could execute code with elevated permissions.\n (CVE-2020-1336)\n\n - An elevation of privilege vulnerability exists when the Windows Storage Services improperly handle file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges.\n (CVE-2020-1347)\n\n - A denial of service vulnerability exists in the way that the WalletService handles files. An attacker who successfully exploited the vulnerability could corrupt system files. (CVE-2020-1364)\n\n - An information disclosure vulnerability exists when Skype for Business is accessed via Internet Explorer. An attacker who exploited the vulnerability could cause the user to place a call without additional consent, leading to information disclosure of the user profile. For the vulnerability to be exploited, a user must click a specially crafted URL that prompts the Skype app.\n (CVE-2020-1432)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Network Location Awareness Service handles objects in memory. An attacker who successfully exploited the vulnerability could allow an application with limited privileges on an affected system to execute code at a medium integrity level. (CVE-2020-1437)\n\n - An elevation of privilege vulnerability exists when the Windows Diagnostics Hub Standard Collector Service fails to properly sanitize input, leading to an unsecure library-loading behavior. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2020-1393)\n\n - A remote code execution vulnerability exists in .NET Framework, Microsoft SharePoint, and Visual Studio when the software fails to check the source markup of XML file input. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the process responsible for deserialization of the XML content. (CVE-2020-1147)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Network Connections Service handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1373, CVE-2020-1390, CVE-2020-1427, CVE-2020-1428, CVE-2020-1438)\n\n - An elevation of privilege vulnerability exists when the Windows Cryptography Next Generation (CNG) Key Isolation service improperly handles memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. (CVE-2020-1359, CVE-2020-1384)\n\n - An information disclosure vulnerability exists when the Windows Resource Policy component improperly handles memory. (CVE-2020-1358)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Speech Brokered API handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1395)\n\n - An information disclosure vulnerability exists when Windows Error Reporting improperly handles file operations. (CVE-2020-1420)\n\n - A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code on a target system. (CVE-2020-1412)\n\n - An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. An authenticated attacker could exploit this vulnerability by running a specially crafted application. The update addresses the vulnerability by correcting how the Windows kernel handles objects in memory. (CVE-2020-1426)\n\n - An information disclosure vulnerability exists when Microsoft Edge PDF Reader improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2020-1433)\n\n - A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory. (CVE-2020-1400, CVE-2020-1401, CVE-2020-1407)\n\n - An elevation of privilege vulnerability exists when Windows Error Reporting manager improperly handles a process crash. An attacker who successfully exploited this vulnerability could delete a targeted file leading to an elevated status. (CVE-2020-1429)\n\n - An elevation of privilege vulnerability exists in the way that the psmsrv.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.\n (CVE-2020-1388)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Credential Picker handles objects in memory. An attacker who successfully exploited the vulnerability could allow an application with limited privileges on an affected system to execute code at a medium integrity level. (CVE-2020-1385)\n\n - A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. (CVE-2020-1421)\n\n - An information disclosure vulnerability exists in Windows when the Windows Imaging Component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user's system.\n There are multiple ways an attacker could exploit this vulnerability: (CVE-2020-1397)\n\n - A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1435)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Function Discovery Service handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1085)\n\n - An information disclosure vulnerability exists in the way that the WalletService handles memory.\n (CVE-2020-1361)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Sync Host Service handles objects in memory. An attacker who successfully exploited the vulnerability could allow an application with limited privileges on an affected system to execute code at a medium integrity level. (CVE-2020-1434)\n\n - An information disclosure vulnerability exists when Skype for Business is accessed via Microsoft Edge (EdgeHTML-based). An attacker who exploited the vulnerability could cause the user to place a call without additional consent, leading to information disclosure of the user profile. For the vulnerability to be exploited, a user must click a specially crafted URL that prompts the Skype app. (CVE-2020-1462)\n\n - An elevation of privilege vulnerability exists when Windows Lockscreen fails to properly handle Ease of Access dialog. An attacker who successfully exploited the vulnerability could execute commands with elevated permissions. The security update addresses the vulnerability by ensuring that the Ease of Access dialog is handled properly. (CVE-2020-1398)", "cvss3": {}, "published": "2020-07-14T00:00:00", "type": "nessus", "title": "KB4565489: Windows 10 Version 1803 July 2020 Security Update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-1085", "CVE-2020-1147", "CVE-2020-1249", "CVE-2020-1267", "CVE-2020-1333", "CVE-2020-1336", "CVE-2020-1344", "CVE-2020-1346", "CVE-2020-1347", "CVE-2020-1351", "CVE-2020-1352", "CVE-2020-1353", "CVE-2020-1354", "CVE-2020-1357", "CVE-2020-1358", "CVE-2020-1359", "CVE-2020-1360", "CVE-2020-1361", "CVE-2020-1362", "CVE-2020-1363", "CVE-2020-1364", "CVE-2020-1365", "CVE-2020-1366", "CVE-2020-1368", "CVE-2020-1369", "CVE-2020-1370", "CVE-2020-1371", "CVE-2020-1372", "CVE-2020-1373", "CVE-2020-1374", "CVE-2020-1375", "CVE-2020-1384", "CVE-2020-1385", "CVE-2020-1386", "CVE-2020-1387", "CVE-2020-1388", "CVE-2020-1389", "CVE-2020-1390", "CVE-2020-1392", "CVE-2020-1393", "CVE-2020-1394", "CVE-2020-1395", "CVE-2020-1396", "CVE-2020-1397", "CVE-2020-1398", "CVE-2020-1399", "CVE-2020-1400", "CVE-2020-1401", "CVE-2020-1402", "CVE-2020-1403", "CVE-2020-1404", "CVE-2020-1406", "CVE-2020-1407", "CVE-2020-1408", "CVE-2020-1409", "CVE-2020-1410", "CVE-2020-1411", "CVE-2020-1412", "CVE-2020-1413", "CVE-2020-1414", "CVE-2020-1415", "CVE-2020-1418", "CVE-2020-1419", "CVE-2020-1420", "CVE-2020-1421", "CVE-2020-1422", "CVE-2020-1424", "CVE-2020-1426", "CVE-2020-1427", "CVE-2020-1428", "CVE-2020-1429", "CVE-2020-1430", "CVE-2020-1431", "CVE-2020-1432", "CVE-2020-1433", "CVE-2020-1434", "CVE-2020-1435", "CVE-2020-1436", "CVE-2020-1437", "CVE-2020-1438", "CVE-2020-1462", "CVE-2020-1463", "CVE-2020-1468"], "modified": "2023-01-24T00:00:00", "cpe": ["cpe:/o:microsoft:windows", "cpe:/a:microsoft:edge"], "id": "SMB_NT_MS20_JUL_4565489.NASL", "href": "https://www.tenable.com/plugins/nessus/138455", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(138455);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/24\");\n\n script_cve_id(\n \"CVE-2020-1085\",\n \"CVE-2020-1147\",\n \"CVE-2020-1249\",\n \"CVE-2020-1267\",\n \"CVE-2020-1333\",\n \"CVE-2020-1336\",\n \"CVE-2020-1344\",\n \"CVE-2020-1346\",\n \"CVE-2020-1347\",\n \"CVE-2020-1351\",\n \"CVE-2020-1352\",\n \"CVE-2020-1353\",\n \"CVE-2020-1354\",\n \"CVE-2020-1357\",\n \"CVE-2020-1358\",\n \"CVE-2020-1359\",\n \"CVE-2020-1360\",\n \"CVE-2020-1361\",\n \"CVE-2020-1362\",\n \"CVE-2020-1363\",\n \"CVE-2020-1364\",\n \"CVE-2020-1365\",\n \"CVE-2020-1366\",\n \"CVE-2020-1368\",\n \"CVE-2020-1369\",\n \"CVE-2020-1370\",\n \"CVE-2020-1371\",\n \"CVE-2020-1372\",\n \"CVE-2020-1373\",\n \"CVE-2020-1374\",\n \"CVE-2020-1375\",\n \"CVE-2020-1384\",\n \"CVE-2020-1385\",\n \"CVE-2020-1386\",\n \"CVE-2020-1387\",\n \"CVE-2020-1388\",\n \"CVE-2020-1389\",\n \"CVE-2020-1390\",\n \"CVE-2020-1392\",\n \"CVE-2020-1393\",\n \"CVE-2020-1394\",\n \"CVE-2020-1395\",\n \"CVE-2020-1396\",\n \"CVE-2020-1397\",\n \"CVE-2020-1398\",\n \"CVE-2020-1399\",\n \"CVE-2020-1400\",\n \"CVE-2020-1401\",\n \"CVE-2020-1402\",\n \"CVE-2020-1403\",\n \"CVE-2020-1404\",\n \"CVE-2020-1406\",\n \"CVE-2020-1407\",\n \"CVE-2020-1408\",\n \"CVE-2020-1409\",\n \"CVE-2020-1410\",\n \"CVE-2020-1411\",\n \"CVE-2020-1412\",\n \"CVE-2020-1413\",\n \"CVE-2020-1414\",\n \"CVE-2020-1415\",\n \"CVE-2020-1418\",\n \"CVE-2020-1419\",\n \"CVE-2020-1420\",\n \"CVE-2020-1421\",\n \"CVE-2020-1422\",\n \"CVE-2020-1424\",\n \"CVE-2020-1426\",\n \"CVE-2020-1427\",\n \"CVE-2020-1428\",\n \"CVE-2020-1429\",\n \"CVE-2020-1430\",\n \"CVE-2020-1431\",\n \"CVE-2020-1432\",\n \"CVE-2020-1433\",\n \"CVE-2020-1434\",\n \"CVE-2020-1435\",\n \"CVE-2020-1436\",\n \"CVE-2020-1437\",\n \"CVE-2020-1438\",\n \"CVE-2020-1462\",\n \"CVE-2020-1463\",\n \"CVE-2020-1468\"\n );\n script_xref(name:\"MSKB\", value:\"4565489\");\n script_xref(name:\"MSFT\", value:\"MS20-4565489\");\n script_xref(name:\"IAVA\", value:\"2020-A-0300-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0302-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0313-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/03\");\n\n script_name(english:\"KB4565489: Windows 10 Version 1803 July 2020 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4565489. It is, \ntherefore, affected by multiple vulnerabilities :\n\n - An elevation of privilege vulnerability exists when the\n Windows System Events Broker improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could gain elevated privileges.\n (CVE-2020-1357)\n\n - An elevation of privilege vulnerability exists when the\n Windows kernel fails to properly handle objects in\n memory. An attacker who successfully exploited this\n vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change,\n or delete data; or create new accounts with full user\n rights. (CVE-2020-1411)\n\n - An elevation of privilege vulnerability exists when the\n Windows Diagnostics Execution Service fails to properly\n sanitize input, leading to an unsecure library-loading\n behavior. An attacker who successfully exploited this\n vulnerability could run arbitrary code with elevated\n system privileges. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. (CVE-2020-1418)\n\n - An elevation of privilege vulnerability exists when the\n Windows USO Core Worker improperly handles memory.\n (CVE-2020-1352)\n\n - An elevation of privilege vulnerability exists when the\n Windows Modules Installer improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could gain elevated privileges.\n (CVE-2020-1346)\n\n - An elevation of privilege vulnerability exists when\n Windows improperly handles COM object creation. An\n attacker who successfully exploited the vulnerability\n could run arbitrary code with elevated privileges.\n (CVE-2020-1375)\n\n - A remote code execution vulnerability exists in the way\n that DirectWrite handles objects in memory. An attacker\n who successfully exploited this vulnerability could take\n control of the affected system. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights. There are\n multiple ways an attacker could exploit the\n vulnerability, such as by convincing a user to open a\n specially crafted document, or by convincing a user to\n visit an untrusted webpage. The security update\n addresses the vulnerability by correcting how\n DirectWrite handles objects in memory. (CVE-2020-1409)\n\n - An elevation of privilege vulnerability exists when the\n Windows AppX Deployment Extensions improperly performs\n privilege management, resulting in access to system\n files. (CVE-2020-1431)\n\n - An elevation of privilege vulnerability exists when the\n Windows Profile Service improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could gain elevated privileges.\n (CVE-2020-1360)\n\n - An elevation of privilege vulnerability exists when\n Windows Mobile Device Management (MDM) Diagnostics\n improperly handles objects in memory. An attacker who\n successfully exploited this vulnerability could bypass\n access restrictions to delete files. (CVE-2020-1372)\n\n - An elevation of privilege vulnerability exists when the\n Windows Picker Platform improperly handles memory.\n (CVE-2020-1363)\n\n - An elevation of privilege vulnerability exists when\n Windows improperly handles calls to Advanced Local\n Procedure Call (ALPC). An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n the security context of the local system. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n (CVE-2020-1396)\n\n - A remote code execution vulnerability exists in the way\n that the VBScript engine handles objects in memory. The\n vulnerability could corrupt memory in such a way that an\n attacker could execute arbitrary code in the context of\n the current user. An attacker who successfully exploited\n the vulnerability could gain the same user rights as the\n current user. (CVE-2020-1403)\n\n - A remote code execution vulnerability exists in the\n Windows Remote Desktop Client when a user connects to a\n malicious server. An attacker who successfully exploited\n this vulnerability could execute arbitrary code on the\n computer of the connecting client. An attacker could\n then install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2020-1374)\n\n - A remote code execution vulnerability exists when the\n Windows font library improperly handles specially\n crafted fonts. For all systems except Windows 10, an\n attacker who successfully exploited the vulnerability\n could execute code remotely. For systems running Windows\n 10, an attacker who successfully exploited the\n vulnerability could execute code in an AppContainer\n sandbox context with limited privileges and\n capabilities. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. There are multiple ways an\n attacker could exploit the vulnerability:\n (CVE-2020-1436)\n\n - An elevation of privilege vulnerability exists in the\n way that the Credential Enrollment Manager service\n handles objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2020-1368)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Network List Service handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2020-1406)\n\n - An information disclosure vulnerability exists when the\n Windows Graphics component improperly handles objects in\n memory. An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. An authenticated attacker\n could exploit this vulnerability by running a specially\n crafted application. The update addresses the\n vulnerability by correcting how the Windows Graphics\n Component handles objects in memory. (CVE-2020-1351)\n\n - An information disclosure vulnerability exists when the\n Windows GDI component improperly discloses the contents\n of its memory. An attacker who successfully exploited\n the vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document,\n or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by\n correcting how the Windows GDI component handles objects\n in memory. (CVE-2020-1468)\n\n - An elevation of privilege vulnerability exists when the\n Windows Event Logging Service improperly handles memory.\n (CVE-2020-1365, CVE-2020-1371)\n\n - An information disclosure vulnerability exists when the\n Windows kernel fails to properly initialize a memory\n address. An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. (CVE-2020-1389,\n CVE-2020-1419)\n\n - An elevation of privilege vulnerability exists when the\n Windows Print Workflow Service improperly handles\n objects in memory. An attacker who successfully\n exploited this vulnerability could gain elevated\n privileges and break out of the AppContainer sandbox.\n (CVE-2020-1366)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows WalletService handles objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute code with elevated\n permissions. (CVE-2020-1344, CVE-2020-1362,\n CVE-2020-1369)\n\n - An elevation of privilege vulnerability exists when the\n Windows ActiveX Installer Service improperly handles\n memory. (CVE-2020-1402)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Geolocation Framework handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2020-1394)\n\n - An information vulnerability exists when Windows\n Connected User Experiences and Telemetry Service\n improperly discloses file information. Successful\n exploitation of the vulnerability could allow the\n attacker to read any file on the file system.\n (CVE-2020-1386)\n\n - This security update corrects a denial of service in the\n Local Security Authority Subsystem Service (LSASS)\n caused when an authenticated attacker sends a specially\n crafted authentication request. A remote attacker who\n successfully exploited this vulnerability could cause a\n denial of service on the target system's LSASS service,\n which triggers an automatic reboot of the system. The\n security update addresses the vulnerability by changing\n the way that LSASS handles specially crafted\n authentication requests. (CVE-2020-1267)\n\n - An elevation of privilege vulnerability exists when the\n Windows Delivery Optimization service improperly handles\n objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code\n with elevated system privileges. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2020-1392)\n\n - A remote code execution vulnerability exists when\n Windows Address Book (WAB) improperly processes vcard\n files. (CVE-2020-1410)\n\n - An elevation of privilege vulnerability exists when the\n Windows Runtime improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could run arbitrary code in an elevated context. An\n attacker could exploit this vulnerability by running a\n specially crafted application on the victim system. The\n update addresses the vulnerability by correcting the way\n the Windows Runtime handles objects in memory.\n (CVE-2020-1249, CVE-2020-1353, CVE-2020-1370,\n CVE-2020-1399, CVE-2020-1404, CVE-2020-1413,\n CVE-2020-1414, CVE-2020-1415, CVE-2020-1422)\n\n - An elevation of privilege vulnerability exists when the\n Windows UPnP Device Host improperly handles memory.\n (CVE-2020-1354, CVE-2020-1430)\n\n - An elevation of privilege vulnerability exists when the\n Windows Update Stack fails to properly handle objects in\n memory. An attacker who successfully exploited this\n vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change,\n or delete data; or create new accounts with full user\n rights. (CVE-2020-1424)\n\n - An elevation of privilege vulnerability exists in the\n way that the SharedStream Library handles objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute code with elevated\n permissions. (CVE-2020-1463)\n\n - An elevation of privilege vulnerability exists when\n Group Policy Services Policy Processing improperly\n handle reparse points. An attacker who successfully\n exploited this vulnerability could overwrite a targeted\n file that would normally require elevated permissions.\n (CVE-2020-1333)\n\n - An elevation of privilege vulnerability exists in the\n way the Windows Push Notification Service handles\n objects in memory. An attacker who successfully\n exploited this vulnerability could run processes in an\n elevated context. An attacker could then install\n programs; view, change or delete data. (CVE-2020-1387)\n\n - A remote code execution vulnerability exists when the\n Windows font library improperly handles specially\n crafted embedded fonts. An attacker who successfully\n exploited the vulnerability could take control of the\n affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. (CVE-2020-1408)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Kernel handles objects in memory.\n An attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2020-1336)\n\n - An elevation of privilege vulnerability exists when the\n Windows Storage Services improperly handle file\n operations. An attacker who successfully exploited this\n vulnerability could gain elevated privileges.\n (CVE-2020-1347)\n\n - A denial of service vulnerability exists in the way that\n the WalletService handles files. An attacker who\n successfully exploited the vulnerability could corrupt\n system files. (CVE-2020-1364)\n\n - An information disclosure vulnerability exists when\n Skype for Business is accessed via Internet Explorer. An\n attacker who exploited the vulnerability could cause the\n user to place a call without additional consent, leading\n to information disclosure of the user profile. For the\n vulnerability to be exploited, a user must click a\n specially crafted URL that prompts the Skype app.\n (CVE-2020-1432)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Network Location Awareness Service\n handles objects in memory. An attacker who successfully\n exploited the vulnerability could allow an application\n with limited privileges on an affected system to execute\n code at a medium integrity level. (CVE-2020-1437)\n\n - An elevation of privilege vulnerability exists when the\n Windows Diagnostics Hub Standard Collector Service fails\n to properly sanitize input, leading to an unsecure\n library-loading behavior. An attacker who successfully\n exploited this vulnerability could run arbitrary code\n with elevated system privileges. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2020-1393)\n\n - A remote code execution vulnerability exists in .NET\n Framework, Microsoft SharePoint, and Visual Studio when\n the software fails to check the source markup of XML\n file input. An attacker who successfully exploited the\n vulnerability could run arbitrary code in the context of\n the process responsible for deserialization of the XML\n content. (CVE-2020-1147)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Network Connections Service handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2020-1373, CVE-2020-1390,\n CVE-2020-1427, CVE-2020-1428, CVE-2020-1438)\n\n - An elevation of privilege vulnerability exists when the\n Windows Cryptography Next Generation (CNG) Key Isolation\n service improperly handles memory. An attacker who\n successfully exploited this vulnerability could run\n processes in an elevated context. (CVE-2020-1359,\n CVE-2020-1384)\n\n - An information disclosure vulnerability exists when the\n Windows Resource Policy component improperly handles\n memory. (CVE-2020-1358)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Speech Brokered API handles objects\n in memory. An attacker who successfully exploited the\n vulnerability could execute code with elevated\n permissions. (CVE-2020-1395)\n\n - An information disclosure vulnerability exists when\n Windows Error Reporting improperly handles file\n operations. (CVE-2020-1420)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft Graphics Components handle objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute arbitrary code on a target\n system. (CVE-2020-1412)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. An authenticated attacker could exploit this\n vulnerability by running a specially crafted\n application. The update addresses the vulnerability by\n correcting how the Windows kernel handles objects in\n memory. (CVE-2020-1426)\n\n - An information disclosure vulnerability exists when\n Microsoft Edge PDF Reader improperly handles objects in\n memory. An attacker who successfully exploited the\n vulnerability could obtain information to further\n compromise the users system. (CVE-2020-1433)\n\n - A remote code execution vulnerability exists when the\n Windows Jet Database Engine improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on a victim\n system. An attacker could exploit this vulnerability by\n enticing a victim to open a specially crafted file. The\n update addresses the vulnerability by correcting the way\n the Windows Jet Database Engine handles objects in\n memory. (CVE-2020-1400, CVE-2020-1401, CVE-2020-1407)\n\n - An elevation of privilege vulnerability exists when\n Windows Error Reporting manager improperly handles a\n process crash. An attacker who successfully exploited\n this vulnerability could delete a targeted file leading\n to an elevated status. (CVE-2020-1429)\n\n - An elevation of privilege vulnerability exists in the\n way that the psmsrv.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2020-1388)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Credential Picker handles objects\n in memory. An attacker who successfully exploited the\n vulnerability could allow an application with limited\n privileges on an affected system to execute code at a\n medium integrity level. (CVE-2020-1385)\n\n - A remote code execution vulnerability exists in\n Microsoft Windows that could allow remote code execution\n if a .LNK file is processed. An attacker who\n successfully exploited this vulnerability could gain the\n same user rights as the local user. (CVE-2020-1421)\n\n - An information disclosure vulnerability exists in\n Windows when the Windows Imaging Component fails to\n properly handle objects in memory. An attacker who\n successfully exploited this vulnerability could obtain\n information to further compromise the user's system.\n There are multiple ways an attacker could exploit this\n vulnerability: (CVE-2020-1397)\n\n - A remote code execution vulnerability exists in the way\n that the Windows Graphics Device Interface (GDI) handles\n objects in the memory. An attacker who successfully\n exploited this vulnerability could take control of the\n affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. (CVE-2020-1435)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Function Discovery Service handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2020-1085)\n\n - An information disclosure vulnerability exists in the\n way that the WalletService handles memory.\n (CVE-2020-1361)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Sync Host Service handles objects\n in memory. An attacker who successfully exploited the\n vulnerability could allow an application with limited\n privileges on an affected system to execute code at a\n medium integrity level. (CVE-2020-1434)\n\n - An information disclosure vulnerability exists when\n Skype for Business is accessed via Microsoft Edge\n (EdgeHTML-based). An attacker who exploited the\n vulnerability could cause the user to place a call\n without additional consent, leading to information\n disclosure of the user profile. For the vulnerability to\n be exploited, a user must click a specially crafted URL\n that prompts the Skype app. (CVE-2020-1462)\n\n - An elevation of privilege vulnerability exists when\n Windows Lockscreen fails to properly handle Ease of\n Access dialog. An attacker who successfully exploited\n the vulnerability could execute commands with elevated\n permissions. The security update addresses the\n vulnerability by ensuring that the Ease of Access dialog\n is handled properly. (CVE-2020-1398)\");\n # https://support.microsoft.com/en-us/help/4565489/windows-10-update-kb4565489\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?e6e77e0f\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update KB4565489.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-1435\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-1436\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'SharePoint DataSet / DataTable Deserialization');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/07/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/07/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('smb_func.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_reg_query.inc');\ninclude('install_func.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = 'MS20-07';\nkbs = make_list(\n '4565489'\n);\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:'10',\n sp:0,\n os_build:'17134',\n rollup_date:'07_2020',\n bulletin:bulletin,\n rollup_kb_list:[4565489])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n\n\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-21T16:03:44", "description": "The remote Windows host is missing security update 4565503. It is, therefore, affected by multiple vulnerabilities :\n\n - An elevation of privilege vulnerability exists when the Windows System Events Broker improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges.\n (CVE-2020-1357)\n\n - An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1411)\n\n - An elevation of privilege vulnerability exists when the Windows Diagnostics Execution Service fails to properly sanitize input, leading to an unsecure library-loading behavior. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1418)\n\n - An elevation of privilege vulnerability exists when the Windows USO Core Worker improperly handles memory.\n (CVE-2020-1352)\n\n - An elevation of privilege vulnerability exists when the Windows Modules Installer improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges.\n (CVE-2020-1346)\n\n - An elevation of privilege vulnerability exists when the Windows Diagnostics Hub Standard Collector Service fails to properly sanitize input, leading to an unsecure library-loading behavior. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2020-1393)\n\n - A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage. The security update addresses the vulnerability by correcting how DirectWrite handles objects in memory. (CVE-2020-1409)\n\n - An elevation of privilege vulnerability exists when the Windows AppX Deployment Extensions improperly performs privilege management, resulting in access to system files. (CVE-2020-1431)\n\n - An elevation of privilege vulnerability exists when the Windows Profile Service improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges.\n (CVE-2020-1360)\n\n - An elevation of privilege vulnerability exists when Windows Mobile Device Management (MDM) Diagnostics improperly handles objects in memory. An attacker who successfully exploited this vulnerability could bypass access restrictions to delete files. (CVE-2020-1372)\n\n - An elevation of privilege vulnerability exists when the Windows Picker Platform improperly handles memory.\n (CVE-2020-1363)\n\n - An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC). An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2020-1396)\n\n - An information disclosure vulnerability exists when Windows Mobile Device Management (MDM) Diagnostics improperly handles junctions. An attacker who successfully exploited this vulnerability could bypass access restrictions to read files. (CVE-2020-1330)\n\n - A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server. An attacker who successfully exploited this vulnerability could execute arbitrary code on the computer of the connecting client. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2020-1374)\n\n - A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted fonts. For all systems except Windows 10, an attacker who successfully exploited the vulnerability could execute code remotely. For systems running Windows 10, an attacker who successfully exploited the vulnerability could execute code in an AppContainer sandbox context with limited privileges and capabilities. An attacker could then install programs;\n view, change, or delete data; or create new accounts with full user rights. There are multiple ways an attacker could exploit the vulnerability:\n (CVE-2020-1436)\n\n - An elevation of privilege vulnerability exists in the way that the Credential Enrollment Manager service handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1368)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Network List Service handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1406)\n\n - An information disclosure vulnerability exists when the Windows Graphics component improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. An authenticated attacker could exploit this vulnerability by running a specially crafted application. The update addresses the vulnerability by correcting how the Windows Graphics Component handles objects in memory. (CVE-2020-1351)\n\n - An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory. (CVE-2020-1468)\n\n - An elevation of privilege vulnerability exists when the Windows Event Logging Service improperly handles memory.\n (CVE-2020-1365, CVE-2020-1371)\n\n - An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2020-1389, CVE-2020-1419)\n\n - An elevation of privilege vulnerability exists when the Windows Print Workflow Service improperly handles objects in memory. An attacker who successfully exploited this vulnerability could gain elevated privileges and break out of the AppContainer sandbox.\n (CVE-2020-1366)\n\n - An elevation of privilege vulnerability exists in the way that the Windows WalletService handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1344, CVE-2020-1362, CVE-2020-1369)\n\n - An elevation of privilege vulnerability exists when the Windows ActiveX Installer Service improperly handles memory. (CVE-2020-1402)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Geolocation Framework handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1394)\n\n - An information vulnerability exists when Windows Connected User Experiences and Telemetry Service improperly discloses file information. Successful exploitation of the vulnerability could allow the attacker to read any file on the file system.\n (CVE-2020-1386)\n\n - This security update corrects a denial of service in the Local Security Authority Subsystem Service (LSASS) caused when an authenticated attacker sends a specially crafted authentication request. A remote attacker who successfully exploited this vulnerability could cause a denial of service on the target system's LSASS service, which triggers an automatic reboot of the system. The security update addresses the vulnerability by changing the way that LSASS handles specially crafted authentication requests. (CVE-2020-1267)\n\n - An elevation of privilege vulnerability exists when the Windows Delivery Optimization service improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2020-1392)\n\n - A remote code execution vulnerability exists when Windows Address Book (WAB) improperly processes vcard files. (CVE-2020-1410)\n\n - An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The update addresses the vulnerability by correcting the way the Windows Runtime handles objects in memory.\n (CVE-2020-1249, CVE-2020-1353, CVE-2020-1370, CVE-2020-1399, CVE-2020-1404, CVE-2020-1413, CVE-2020-1414, CVE-2020-1415, CVE-2020-1422)\n\n - A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1435)\n\n - An elevation of privilege vulnerability exists when the Windows UPnP Device Host improperly handles memory.\n (CVE-2020-1354, CVE-2020-1430)\n\n - An elevation of privilege vulnerability exists when the Windows Update Stack fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1424)\n\n - An elevation of privilege vulnerability exists in the way that the SharedStream Library handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1463)\n\n - An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. (CVE-2020-1381, CVE-2020-1382)\n\n - An elevation of privilege vulnerability exists when Group Policy Services Policy Processing improperly handle reparse points. An attacker who successfully exploited this vulnerability could overwrite a targeted file that would normally require elevated permissions.\n (CVE-2020-1333)\n\n - An elevation of privilege vulnerability exists in the way the Windows Push Notification Service handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could then install programs; view, change or delete data. (CVE-2020-1387)\n\n - A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited the vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1408)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory.\n An attacker who successfully exploited the vulnerability could execute code with elevated permissions.\n (CVE-2020-1336)\n\n - A remote code execution vulnerability exists in .NET Framework, Microsoft SharePoint, and Visual Studio when the software fails to check the source markup of XML file input. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the process responsible for deserialization of the XML content. (CVE-2020-1147)\n\n - An elevation of privilege vulnerability exists when the Windows Storage Services improperly handle file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges.\n (CVE-2020-1347)\n\n - A denial of service vulnerability exists in the way that the WalletService handles files. An attacker who successfully exploited the vulnerability could corrupt system files. (CVE-2020-1364)\n\n - An information disclosure vulnerability exists when Skype for Business is accessed via Internet Explorer. An attacker who exploited the vulnerability could cause the user to place a call without additional consent, leading to information disclosure of the user profile. For the vulnerability to be exploited, a user must click a specially crafted URL that prompts the Skype app.\n (CVE-2020-1432)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Network Location Awareness Service handles objects in memory. An attacker who successfully exploited the vulnerability could allow an application with limited privileges on an affected system to execute code at a medium integrity level. (CVE-2020-1437)\n\n - An elevation of privilege vulnerability exists when Windows improperly handles COM object creation. An attacker who successfully exploited the vulnerability could run arbitrary code with elevated privileges.\n (CVE-2020-1375)\n\n - A remote code execution vulnerability exists when the Windows Font Driver Host improperly handles memory. An attacker who successfully exploited the vulnerability would gain execution on a victim system. The security update addresses the vulnerability by correcting how the Windows Font Driver Host handles memory. (CVE-2020-1355)\n\n - An information disclosure vulnerability exists when the Windows Agent Activation Runtime (AarSvc) fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.\n (CVE-2020-1391)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Subsystem for Linux handles files.\n An attacker who successfully exploited the vulnerability could execute code with elevated privileges.\n (CVE-2020-1423)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Network Connections Service handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1373, CVE-2020-1390, CVE-2020-1427, CVE-2020-1428, CVE-2020-1438)\n\n - An elevation of privilege vulnerability exists when the Windows Cryptography Next Generation (CNG) Key Isolation service improperly handles memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. (CVE-2020-1359, CVE-2020-1384)\n\n - An information disclosure vulnerability exists when the Windows Resource Policy component improperly handles memory. (CVE-2020-1358)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Speech Brokered API handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1395)\n\n - An information disclosure vulnerability exists when Windows Error Reporting improperly handles file operations. (CVE-2020-1420)\n\n - A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code on a target system. (CVE-2020-1412)\n\n - An information disclosure vulnerability exists when Microsoft Edge PDF Reader improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2020-1433)\n\n - A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory. (CVE-2020-1400, CVE-2020-1401, CVE-2020-1407)\n\n - An elevation of privilege vulnerability exists when Windows Error Reporting manager improperly handles a process crash. An attacker who successfully exploited this vulnerability could delete a targeted file leading to an elevated status. (CVE-2020-1429)\n\n - An elevation of privilege vulnerability exists in the way that the psmsrv.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.\n (CVE-2020-1388)\n\n - An elevation of privilege vulnerability exists when Windows Mobile Device Management (MDM) Diagnostics improperly handles junctions. An attacker who successfully exploited this vulnerability could bypass access restrictions to delete files. (CVE-2020-1405)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Credential Picker handles objects in memory. An attacker who successfully exploited the vulnerability could allow an application with limited privileges on an affected system to execute code at a medium integrity level. (CVE-2020-1385)\n\n - A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. (CVE-2020-1421)\n\n - An information disclosure vulnerability exists in Windows when the Windows Imaging Component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user's system.\n There are multiple ways an attacker could exploit this vulnerability: (CVE-2020-1397)\n\n - An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. An authenticated attacker could exploit this vulnerability by running a specially crafted application. The update addresses the vulnerability by correcting how the Windows kernel handles objects in memory. (CVE-2020-1367, CVE-2020-1426)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Function Discovery Service handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1085)\n\n - An information disclosure vulnerability exists in the way that the WalletService handles memory.\n (CVE-2020-1361)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Sync Host Service handles objects in memory. An attacker who successfully exploited the vulnerability could allow an application with limited privileges on an affected system to execute code at a medium integrity level. (CVE-2020-1434)\n\n - An information disclosure vulnerability exists when Skype for Business is accessed via Microsoft Edge (EdgeHTML-based). An attacker who exploited the vulnerability could cause the user to place a call without additional consent, leading to information disclosure of the user profile. For the vulnerability to be exploited, a user must click a specially crafted URL that prompts the Skype app. (CVE-2020-1462)\n\n - An elevation of privilege vulnerability exists when Windows Lockscreen fails to properly handle Ease of Access dialog. An attacker who successfully exploited the vulnerability could execute commands with elevated permissions. The security update addresses the vulnerability by ensuring that the Ease of Access dialog is handled properly. (CVE-2020-1398)\n\n - A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2020-1403)", "cvss3": {}, "published": "2020-07-14T00:00:00", "type": "nessus", "title": "KB4565503: Windows 10 Version 2004 July 2020 Security Update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-1085", "CVE-2020-1147", "CVE-2020-1249", "CVE-2020-1267", "CVE-2020-1330", "CVE-2020-1333", "CVE-2020-1336", "CVE-2020-1344", "CVE-2020-1346", "CVE-2020-1347", "CVE-2020-1351", "CVE-2020-1352", "CVE-2020-1353", "CVE-2020-1354", "CVE-2020-1355", "CVE-2020-1357", "CVE-2020-1358", "CVE-2020-1359", "CVE-2020-1360", "CVE-2020-1361", "CVE-2020-1362", "CVE-2020-1363", "CVE-2020-1364", "CVE-2020-1365", "CVE-2020-1366", "CVE-2020-1367", "CVE-2020-1368", "CVE-2020-1369", "CVE-2020-1370", "CVE-2020-1371", "CVE-2020-1372", "CVE-2020-1373", "CVE-2020-1374", "CVE-2020-1375", "CVE-2020-1381", "CVE-2020-1382", "CVE-2020-1384", "CVE-2020-1385", "CVE-2020-1386", "CVE-2020-1387", "CVE-2020-1388", "CVE-2020-1389", "CVE-2020-1390", "CVE-2020-1391", "CVE-2020-1392", "CVE-2020-1393", "CVE-2020-1394", "CVE-2020-1395", "CVE-2020-1396", "CVE-2020-1397", "CVE-2020-1398", "CVE-2020-1399", "CVE-2020-1400", "CVE-2020-1401", "CVE-2020-1402", "CVE-2020-1403", "CVE-2020-1404", "CVE-2020-1405", "CVE-2020-1406", "CVE-2020-1407", "CVE-2020-1408", "CVE-2020-1409", "CVE-2020-1410", "CVE-2020-1411", "CVE-2020-1412", "CVE-2020-1413", "CVE-2020-1414", "CVE-2020-1415", "CVE-2020-1418", "CVE-2020-1419", "CVE-2020-1420", "CVE-2020-1421", "CVE-2020-1422", "CVE-2020-1423", "CVE-2020-1424", "CVE-2020-1426", "CVE-2020-1427", "CVE-2020-1428", "CVE-2020-1429", "CVE-2020-1430", "CVE-2020-1431", "CVE-2020-1432", "CVE-2020-1433", "CVE-2020-1434", "CVE-2020-1435", "CVE-2020-1436", "CVE-2020-1437", "CVE-2020-1438", "CVE-2020-1462", "CVE-2020-1463", "CVE-2020-1468"], "modified": "2023-01-24T00:00:00", "cpe": ["cpe:/o:microsoft:windows", "cpe:/a:microsoft:edge"], "id": "SMB_NT_MS20_JUL_4565503.NASL", "href": "https://www.tenable.com/plugins/nessus/138456", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(138456);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/24\");\n\n script_cve_id(\n \"CVE-2020-1085\",\n \"CVE-2020-1147\",\n \"CVE-2020-1249\",\n \"CVE-2020-1267\",\n \"CVE-2020-1330\",\n \"CVE-2020-1333\",\n \"CVE-2020-1336\",\n \"CVE-2020-1344\",\n \"CVE-2020-1346\",\n \"CVE-2020-1347\",\n \"CVE-2020-1351\",\n \"CVE-2020-1352\",\n \"CVE-2020-1353\",\n \"CVE-2020-1354\",\n \"CVE-2020-1355\",\n \"CVE-2020-1357\",\n \"CVE-2020-1358\",\n \"CVE-2020-1359\",\n \"CVE-2020-1360\",\n \"CVE-2020-1361\",\n \"CVE-2020-1362\",\n \"CVE-2020-1363\",\n \"CVE-2020-1364\",\n \"CVE-2020-1365\",\n \"CVE-2020-1366\",\n \"CVE-2020-1367\",\n \"CVE-2020-1368\",\n \"CVE-2020-1369\",\n \"CVE-2020-1370\",\n \"CVE-2020-1371\",\n \"CVE-2020-1372\",\n \"CVE-2020-1373\",\n \"CVE-2020-1374\",\n \"CVE-2020-1375\",\n \"CVE-2020-1381\",\n \"CVE-2020-1382\",\n \"CVE-2020-1384\",\n \"CVE-2020-1385\",\n \"CVE-2020-1386\",\n \"CVE-2020-1387\",\n \"CVE-2020-1388\",\n \"CVE-2020-1389\",\n \"CVE-2020-1390\",\n \"CVE-2020-1391\",\n \"CVE-2020-1392\",\n \"CVE-2020-1393\",\n \"CVE-2020-1394\",\n \"CVE-2020-1395\",\n \"CVE-2020-1396\",\n \"CVE-2020-1397\",\n \"CVE-2020-1398\",\n \"CVE-2020-1399\",\n \"CVE-2020-1400\",\n \"CVE-2020-1401\",\n \"CVE-2020-1402\",\n \"CVE-2020-1403\",\n \"CVE-2020-1404\",\n \"CVE-2020-1405\",\n \"CVE-2020-1406\",\n \"CVE-2020-1407\",\n \"CVE-2020-1408\",\n \"CVE-2020-1409\",\n \"CVE-2020-1410\",\n \"CVE-2020-1411\",\n \"CVE-2020-1412\",\n \"CVE-2020-1413\",\n \"CVE-2020-1414\",\n \"CVE-2020-1415\",\n \"CVE-2020-1418\",\n \"CVE-2020-1419\",\n \"CVE-2020-1420\",\n \"CVE-2020-1421\",\n \"CVE-2020-1422\",\n \"CVE-2020-1423\",\n \"CVE-2020-1424\",\n \"CVE-2020-1426\",\n \"CVE-2020-1427\",\n \"CVE-2020-1428\",\n \"CVE-2020-1429\",\n \"CVE-2020-1430\",\n \"CVE-2020-1431\",\n \"CVE-2020-1432\",\n \"CVE-2020-1433\",\n \"CVE-2020-1434\",\n \"CVE-2020-1435\",\n \"CVE-2020-1436\",\n \"CVE-2020-1437\",\n \"CVE-2020-1438\",\n \"CVE-2020-1462\",\n \"CVE-2020-1463\",\n \"CVE-2020-1468\"\n );\n script_xref(name:\"MSKB\", value:\"4565503\");\n script_xref(name:\"MSFT\", value:\"MS20-4565503\");\n script_xref(name:\"IAVA\", value:\"2020-A-0300-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0302-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0313-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/03\");\n\n script_name(english:\"KB4565503: Windows 10 Version 2004 July 2020 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4565503. It is, \ntherefore, affected by multiple vulnerabilities :\n\n - An elevation of privilege vulnerability exists when the\n Windows System Events Broker improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could gain elevated privileges.\n (CVE-2020-1357)\n\n - An elevation of privilege vulnerability exists when the\n Windows kernel fails to properly handle objects in\n memory. An attacker who successfully exploited this\n vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change,\n or delete data; or create new accounts with full user\n rights. (CVE-2020-1411)\n\n - An elevation of privilege vulnerability exists when the\n Windows Diagnostics Execution Service fails to properly\n sanitize input, leading to an unsecure library-loading\n behavior. An attacker who successfully exploited this\n vulnerability could run arbitrary code with elevated\n system privileges. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. (CVE-2020-1418)\n\n - An elevation of privilege vulnerability exists when the\n Windows USO Core Worker improperly handles memory.\n (CVE-2020-1352)\n\n - An elevation of privilege vulnerability exists when the\n Windows Modules Installer improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could gain elevated privileges.\n (CVE-2020-1346)\n\n - An elevation of privilege vulnerability exists when the\n Windows Diagnostics Hub Standard Collector Service fails\n to properly sanitize input, leading to an unsecure\n library-loading behavior. An attacker who successfully\n exploited this vulnerability could run arbitrary code\n with elevated system privileges. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2020-1393)\n\n - A remote code execution vulnerability exists in the way\n that DirectWrite handles objects in memory. An attacker\n who successfully exploited this vulnerability could take\n control of the affected system. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights. There are\n multiple ways an attacker could exploit the\n vulnerability, such as by convincing a user to open a\n specially crafted document, or by convincing a user to\n visit an untrusted webpage. The security update\n addresses the vulnerability by correcting how\n DirectWrite handles objects in memory. (CVE-2020-1409)\n\n - An elevation of privilege vulnerability exists when the\n Windows AppX Deployment Extensions improperly performs\n privilege management, resulting in access to system\n files. (CVE-2020-1431)\n\n - An elevation of privilege vulnerability exists when the\n Windows Profile Service improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could gain elevated privileges.\n (CVE-2020-1360)\n\n - An elevation of privilege vulnerability exists when\n Windows Mobile Device Management (MDM) Diagnostics\n improperly handles objects in memory. An attacker who\n successfully exploited this vulnerability could bypass\n access restrictions to delete files. (CVE-2020-1372)\n\n - An elevation of privilege vulnerability exists when the\n Windows Picker Platform improperly handles memory.\n (CVE-2020-1363)\n\n - An elevation of privilege vulnerability exists when\n Windows improperly handles calls to Advanced Local\n Procedure Call (ALPC). An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n the security context of the local system. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n (CVE-2020-1396)\n\n - An information disclosure vulnerability exists when\n Windows Mobile Device Management (MDM) Diagnostics\n improperly handles junctions. An attacker who\n successfully exploited this vulnerability could bypass\n access restrictions to read files. (CVE-2020-1330)\n\n - A remote code execution vulnerability exists in the\n Windows Remote Desktop Client when a user connects to a\n malicious server. An attacker who successfully exploited\n this vulnerability could execute arbitrary code on the\n computer of the connecting client. An attacker could\n then install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2020-1374)\n\n - A remote code execution vulnerability exists when the\n Windows font library improperly handles specially\n crafted fonts. For all systems except Windows 10, an\n attacker who successfully exploited the vulnerability\n could execute code remotely. For systems running Windows\n 10, an attacker who successfully exploited the\n vulnerability could execute code in an AppContainer\n sandbox context with limited privileges and\n capabilities. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. There are multiple ways an\n attacker could exploit the vulnerability:\n (CVE-2020-1436)\n\n - An elevation of privilege vulnerability exists in the\n way that the Credential Enrollment Manager service\n handles objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2020-1368)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Network List Service handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2020-1406)\n\n - An information disclosure vulnerability exists when the\n Windows Graphics component improperly handles objects in\n memory. An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. An authenticated attacker\n could exploit this vulnerability by running a specially\n crafted application. The update addresses the\n vulnerability by correcting how the Windows Graphics\n Component handles objects in memory. (CVE-2020-1351)\n\n - An information disclosure vulnerability exists when the\n Windows GDI component improperly discloses the contents\n of its memory. An attacker who successfully exploited\n the vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document,\n or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by\n correcting how the Windows GDI component handles objects\n in memory. (CVE-2020-1468)\n\n - An elevation of privilege vulnerability exists when the\n Windows Event Logging Service improperly handles memory.\n (CVE-2020-1365, CVE-2020-1371)\n\n - An information disclosure vulnerability exists when the\n Windows kernel fails to properly initialize a memory\n address. An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. (CVE-2020-1389,\n CVE-2020-1419)\n\n - An elevation of privilege vulnerability exists when the\n Windows Print Workflow Service improperly handles\n objects in memory. An attacker who successfully\n exploited this vulnerability could gain elevated\n privileges and break out of the AppContainer sandbox.\n (CVE-2020-1366)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows WalletService handles objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute code with elevated\n permissions. (CVE-2020-1344, CVE-2020-1362,\n CVE-2020-1369)\n\n - An elevation of privilege vulnerability exists when the\n Windows ActiveX Installer Service improperly handles\n memory. (CVE-2020-1402)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Geolocation Framework handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2020-1394)\n\n - An information vulnerability exists when Windows\n Connected User Experiences and Telemetry Service\n improperly discloses file information. Successful\n exploitation of the vulnerability could allow the\n attacker to read any file on the file system.\n (CVE-2020-1386)\n\n - This security update corrects a denial of service in the\n Local Security Authority Subsystem Service (LSASS)\n caused when an authenticated attacker sends a specially\n crafted authentication request. A remote attacker who\n successfully exploited this vulnerability could cause a\n denial of service on the target system's LSASS service,\n which triggers an automatic reboot of the system. The\n security update addresses the vulnerability by changing\n the way that LSASS handles specially crafted\n authentication requests. (CVE-2020-1267)\n\n - An elevation of privilege vulnerability exists when the\n Windows Delivery Optimization service improperly handles\n objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code\n with elevated system privileges. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2020-1392)\n\n - A remote code execution vulnerability exists when\n Windows Address Book (WAB) improperly processes vcard\n files. (CVE-2020-1410)\n\n - An elevation of privilege vulnerability exists when the\n Windows Runtime improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could run arbitrary code in an elevated context. An\n attacker could exploit this vulnerability by running a\n specially crafted application on the victim system. The\n update addresses the vulnerability by correcting the way\n the Windows Runtime handles objects in memory.\n (CVE-2020-1249, CVE-2020-1353, CVE-2020-1370,\n CVE-2020-1399, CVE-2020-1404, CVE-2020-1413,\n CVE-2020-1414, CVE-2020-1415, CVE-2020-1422)\n\n - A remote code execution vulnerability exists in the way\n that the Windows Graphics Device Interface (GDI) handles\n objects in the memory. An attacker who successfully\n exploited this vulnerability could take control of the\n affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. (CVE-2020-1435)\n\n - An elevation of privilege vulnerability exists when the\n Windows UPnP Device Host improperly handles memory.\n (CVE-2020-1354, CVE-2020-1430)\n\n - An elevation of privilege vulnerability exists when the\n Windows Update Stack fails to properly handle objects in\n memory. An attacker who successfully exploited this\n vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change,\n or delete data; or create new accounts with full user\n rights. (CVE-2020-1424)\n\n - An elevation of privilege vulnerability exists in the\n way that the SharedStream Library handles objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute code with elevated\n permissions. (CVE-2020-1463)\n\n - An elevation of privilege vulnerability exists when the\n Windows Graphics Component improperly handles objects in\n memory. An attacker who successfully exploited this\n vulnerability could run processes in an elevated\n context. (CVE-2020-1381, CVE-2020-1382)\n\n - An elevation of privilege vulnerability exists when\n Group Policy Services Policy Processing improperly\n handle reparse points. An attacker who successfully\n exploited this vulnerability could overwrite a targeted\n file that would normally require elevated permissions.\n (CVE-2020-1333)\n\n - An elevation of privilege vulnerability exists in the\n way the Windows Push Notification Service handles\n objects in memory. An attacker who successfully\n exploited this vulnerability could run processes in an\n elevated context. An attacker could then install\n programs; view, change or delete data. (CVE-2020-1387)\n\n - A remote code execution vulnerability exists when the\n Windows font library improperly handles specially\n crafted embedded fonts. An attacker who successfully\n exploited the vulnerability could take control of the\n affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. (CVE-2020-1408)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Kernel handles objects in memory.\n An attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2020-1336)\n\n - A remote code execution vulnerability exists in .NET\n Framework, Microsoft SharePoint, and Visual Studio when\n the software fails to check the source markup of XML\n file input. An attacker who successfully exploited the\n vulnerability could run arbitrary code in the context of\n the process responsible for deserialization of the XML\n content. (CVE-2020-1147)\n\n - An elevation of privilege vulnerability exists when the\n Windows Storage Services improperly handle file\n operations. An attacker who successfully exploited this\n vulnerability could gain elevated privileges.\n (CVE-2020-1347)\n\n - A denial of service vulnerability exists in the way that\n the WalletService handles files. An attacker who\n successfully exploited the vulnerability could corrupt\n system files. (CVE-2020-1364)\n\n - An information disclosure vulnerability exists when\n Skype for Business is accessed via Internet Explorer. An\n attacker who exploited the vulnerability could cause the\n user to place a call without additional consent, leading\n to information disclosure of the user profile. For the\n vulnerability to be exploited, a user must click a\n specially crafted URL that prompts the Skype app.\n (CVE-2020-1432)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Network Location Awareness Service\n handles objects in memory. An attacker who successfully\n exploited the vulnerability could allow an application\n with limited privileges on an affected system to execute\n code at a medium integrity level. (CVE-2020-1437)\n\n - An elevation of privilege vulnerability exists when\n Windows improperly handles COM object creation. An\n attacker who successfully exploited the vulnerability\n could run arbitrary code with elevated privileges.\n (CVE-2020-1375)\n\n - A remote code execution vulnerability exists when the\n Windows Font Driver Host improperly handles memory. An\n attacker who successfully exploited the vulnerability\n would gain execution on a victim system. The security\n update addresses the vulnerability by correcting how the\n Windows Font Driver Host handles memory. (CVE-2020-1355)\n\n - An information disclosure vulnerability exists when the\n Windows Agent Activation Runtime (AarSvc) fails to\n properly handle objects in memory. An attacker who\n successfully exploited the vulnerability could obtain\n information to further compromise the users system.\n (CVE-2020-1391)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Subsystem for Linux handles files.\n An attacker who successfully exploited the vulnerability\n could execute code with elevated privileges.\n (CVE-2020-1423)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Network Connections Service handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2020-1373, CVE-2020-1390,\n CVE-2020-1427, CVE-2020-1428, CVE-2020-1438)\n\n - An elevation of privilege vulnerability exists when the\n Windows Cryptography Next Generation (CNG) Key Isolation\n service improperly handles memory. An attacker who\n successfully exploited this vulnerability could run\n processes in an elevated context. (CVE-2020-1359,\n CVE-2020-1384)\n\n - An information disclosure vulnerability exists when the\n Windows Resource Policy component improperly handles\n memory. (CVE-2020-1358)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Speech Brokered API handles objects\n in memory. An attacker who successfully exploited the\n vulnerability could execute code with elevated\n permissions. (CVE-2020-1395)\n\n - An information disclosure vulnerability exists when\n Windows Error Reporting improperly handles file\n operations. (CVE-2020-1420)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft Graphics Components handle objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute arbitrary code on a target\n system. (CVE-2020-1412)\n\n - An information disclosure vulnerability exists when\n Microsoft Edge PDF Reader improperly handles objects in\n memory. An attacker who successfully exploited the\n vulnerability could obtain information to further\n compromise the users system. (CVE-2020-1433)\n\n - A remote code execution vulnerability exists when the\n Windows Jet Database Engine improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on a victim\n system. An attacker could exploit this vulnerability by\n enticing a victim to open a specially crafted file. The\n update addresses the vulnerability by correcting the way\n the Windows Jet Database Engine handles objects in\n memory. (CVE-2020-1400, CVE-2020-1401, CVE-2020-1407)\n\n - An elevation of privilege vulnerability exists when\n Windows Error Reporting manager improperly handles a\n process crash. An attacker who successfully exploited\n this vulnerability could delete a targeted file leading\n to an elevated status. (CVE-2020-1429)\n\n - An elevation of privilege vulnerability exists in the\n way that the psmsrv.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2020-1388)\n\n - An elevation of privilege vulnerability exists when\n Windows Mobile Device Management (MDM) Diagnostics\n improperly handles junctions. An attacker who\n successfully exploited this vulnerability could bypass\n access restrictions to delete files. (CVE-2020-1405)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Credential Picker handles objects\n in memory. An attacker who successfully exploited the\n vulnerability could allow an application with limited\n privileges on an affected system to execute code at a\n medium integrity level. (CVE-2020-1385)\n\n - A remote code execution vulnerability exists in\n Microsoft Windows that could allow remote code execution\n if a .LNK file is processed. An attacker who\n successfully exploited this vulnerability could gain the\n same user rights as the local user. (CVE-2020-1421)\n\n - An information disclosure vulnerability exists in\n Windows when the Windows Imaging Component fails to\n properly handle objects in memory. An attacker who\n successfully exploited this vulnerability could obtain\n information to further compromise the user's system.\n There are multiple ways an attacker could exploit this\n vulnerability: (CVE-2020-1397)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. An authenticated attacker could exploit this\n vulnerability by running a specially crafted\n application. The update addresses the vulnerability by\n correcting how the Windows kernel handles objects in\n memory. (CVE-2020-1367, CVE-2020-1426)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Function Discovery Service handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2020-1085)\n\n - An information disclosure vulnerability exists in the\n way that the WalletService handles memory.\n (CVE-2020-1361)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Sync Host Service handles objects\n in memory. An attacker who successfully exploited the\n vulnerability could allow an application with limited\n privileges on an affected system to execute code at a\n medium integrity level. (CVE-2020-1434)\n\n - An information disclosure vulnerability exists when\n Skype for Business is accessed via Microsoft Edge\n (EdgeHTML-based). An attacker who exploited the\n vulnerability could cause the user to place a call\n without additional consent, leading to information\n disclosure of the user profile. For the vulnerability to\n be exploited, a user must click a specially crafted URL\n that prompts the Skype app. (CVE-2020-1462)\n\n - An elevation of privilege vulnerability exists when\n Windows Lockscreen fails to properly handle Ease of\n Access dialog. An attacker who successfully exploited\n the vulnerability could execute commands with elevated\n permissions. The security update addresses the\n vulnerability by ensuring that the Ease of Access dialog\n is handled properly. (CVE-2020-1398)\n\n - A remote code execution vulnerability exists in the way\n that the VBScript engine handles objects in memory. The\n vulnerability could corrupt memory in such a way that an\n attacker could execute arbitrary code in the context of\n the current user. An attacker who successfully exploited\n the vulnerability could gain the same user rights as the\n current user. (CVE-2020-1403)\");\n # https://support.microsoft.com/en-us/help/4565503/windows-10-update-kb4565503\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?7a974e0a\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update KB4565503.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-1435\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-1436\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'SharePoint DataSet / DataTable Deserialization');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/07/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/07/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS20-07\";\nkbs = make_list('4565503');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:\"19041\",\n rollup_date:\"07_2020\",\n bulletin:bulletin,\n rollup_kb_list:[4565503])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n\n\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-21T16:03:44", "description": "The remote Windows host is missing security update 4565483 or 4565554. It is, therefore, affected by multiple vulnerabilities :\n\n - An elevation of privilege vulnerability exists when the Windows System Events Broker improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges.\n (CVE-2020-1357)\n\n - An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1411)\n\n - An elevation of privilege vulnerability exists when the Windows Diagnostics Execution Service fails to properly sanitize input, leading to an unsecure library-loading behavior. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1418)\n\n - An elevation of privilege vulnerability exists when the Windows USO Core Worker improperly handles memory.\n (CVE-2020-1352)\n\n - An elevation of privilege vulnerability exists when the Windows Modules Installer improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges.\n (CVE-2020-1346)\n\n - An elevation of privilege vulnerability exists when the Windows Diagnostics Hub Standard Collector Service fails to properly sanitize input, leading to an unsecure library-loading behavior. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2020-1393)\n\n - A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage. The security update addresses the vulnerability by correcting how DirectWrite handles objects in memory. (CVE-2020-1409)\n\n - An elevation of privilege vulnerability exists when the Windows AppX Deployment Extensions improperly performs privilege management, resulting in access to system files. (CVE-2020-1431)\n\n - An elevation of privilege vulnerability exists when the Windows Profile Service improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges.\n (CVE-2020-1360)\n\n - An elevation of privilege vulnerability exists when Windows Mobile Device Management (MDM) Diagnostics improperly handles objects in memory. An attacker who successfully exploited this vulnerability could bypass access restrictions to delete files. (CVE-2020-1372)\n\n - An elevation of privilege vulnerability exists when the Windows Picker Platform improperly handles memory.\n (CVE-2020-1363)\n\n - An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC). An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2020-1396)\n\n - An information disclosure vulnerability exists when Windows Mobile Device Management (MDM) Diagnostics improperly handles junctions. An attacker who successfully exploited this vulnerability could bypass access restrictions to read files. (CVE-2020-1330)\n\n - A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server. An attacker who successfully exploited this vulnerability could execute arbitrary code on the computer of the connecting client. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2020-1374)\n\n - A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted fonts. For all systems except Windows 10, an attacker who successfully exploited the vulnerability could execute code remotely. For systems running Windows 10, an attacker who successfully exploited the vulnerability could execute code in an AppContainer sandbox context with limited privileges and capabilities. An attacker could then install programs;\n view, change, or delete data; or create new accounts with full user rights. There are multiple ways an attacker could exploit the vulnerability:\n (CVE-2020-1436)\n\n - An elevation of privilege vulnerability exists in the way that the Credential Enrollment Manager service handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1368)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Network List Service handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1406)\n\n - An information disclosure vulnerability exists when the Windows Graphics component improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. An authenticated attacker could exploit this vulnerability by running a specially crafted application. The update addresses the vulnerability by correcting how the Windows Graphics Component handles objects in memory. (CVE-2020-1351)\n\n - An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory. (CVE-2020-1468)\n\n - An elevation of privilege vulnerability exists when the Windows Event Logging Service improperly handles memory.\n (CVE-2020-1365, CVE-2020-1371)\n\n - An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2020-1389, CVE-2020-1419)\n\n - An elevation of privilege vulnerability exists when the Windows Print Workflow Service improperly handles objects in memory. An attacker who successfully exploited this vulnerability could gain elevated privileges and break out of the AppContainer sandbox.\n (CVE-2020-1366)\n\n - An elevation of privilege vulnerability exists in the way that the Windows WalletService handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1344, CVE-2020-1362, CVE-2020-1369)\n\n - An elevation of privilege vulnerability exists when the Windows ActiveX Installer Service improperly handles memory. (CVE-2020-1402)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Geolocation Framework handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1394)\n\n - An information vulnerability exists when Windows Connected User Experiences and Telemetry Service improperly discloses file information. Successful exploitation of the vulnerability could allow the attacker to read any file on the file system.\n (CVE-2020-1386)\n\n - This security update corrects a denial of service in the Local Security Authority Subsystem Service (LSASS) caused when an authenticated attacker sends a specially crafted authentication request. A remote attacker who successfully exploited this vulnerability could cause a denial of service on the target system's LSASS service, which triggers an automatic reboot of the system. The security update addresses the vulnerability by changing the way that LSASS handles specially crafted authentication requests. (CVE-2020-1267)\n\n - An elevation of privilege vulnerability exists when the Windows Delivery Optimization service improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2020-1392)\n\n - A remote code execution vulnerability exists when Windows Address Book (WAB) improperly processes vcard files. (CVE-2020-1410)\n\n - An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The update addresses the vulnerability by correcting the way the Windows Runtime handles objects in memory.\n (CVE-2020-1249, CVE-2020-1353, CVE-2020-1370, CVE-2020-1399, CVE-2020-1404, CVE-2020-1413, CVE-2020-1414, CVE-2020-1415, CVE-2020-1422)\n\n - A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1435)\n\n - An elevation of privilege vulnerability exists when the Windows Update Stack fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1424)\n\n - An elevation of privilege vulnerability exists in the way that the SharedStream Library handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1463)\n\n - An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. (CVE-2020-1381, CVE-2020-1382)\n\n - An elevation of privilege vulnerability exists when Group Policy Services Policy Processing improperly handle reparse points. An attacker who successfully exploited this vulnerability could overwrite a targeted file that would normally require elevated permissions.\n (CVE-2020-1333)\n\n - An elevation of privilege vulnerability exists in the way the Windows Push Notification Service handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could then install programs; view, change or delete data. (CVE-2020-1387)\n\n - A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited the vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1408)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory.\n An attacker who successfully exploited the vulnerability could execute code with elevated permissions.\n (CVE-2020-1336)\n\n - A remote code execution vulnerability exists in .NET Framework, Microsoft SharePoint, and Visual Studio when the software fails to check the source markup of XML file input. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the process responsible for deserialization of the XML content. (CVE-2020-1147)\n\n - An elevation of privilege vulnerability exists when the Windows Storage Services improperly handle file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges.\n (CVE-2020-1347)\n\n - A denial of service vulnerability exists in the way that the WalletService handles files. An attacker who successfully exploited the vulnerability could corrupt system files. (CVE-2020-1364)\n\n - An elevation of privilege vulnerability exists when the Windows UPnP Device Host improperly handles memory.\n (CVE-2020-1430)\n\n - An information disclosure vulnerability exists when Skype for Business is accessed via Internet Explorer. An attacker who exploited the vulnerability could cause the user to place a call without additional consent, leading to information disclosure of the user profile. For the vulnerability to be exploited, a user must click a specially crafted URL that prompts the Skype app.\n (CVE-2020-1432)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Network Location Awareness Service handles objects in memory. An attacker who successfully exploited the vulnerability could allow an application with limited privileges on an affected system to execute code at a medium integrity level. (CVE-2020-1437)\n\n - An elevation of privilege vulnerability exists when Windows improperly handles COM object creation. An attacker who successfully exploited the vulnerability could run arbitrary code with elevated privileges.\n (CVE-2020-1375)\n\n - A remote code execution vulnerability exists when the Windows Font Driver Host improperly handles memory. An attacker who successfully exploited the vulnerability would gain execution on a victim system. The security update addresses the vulnerability by correcting how the Windows Font Driver Host handles memory. (CVE-2020-1355)\n\n - An information disclosure vulnerability exists when the Windows Agent Activation Runtime (AarSvc) fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.\n (CVE-2020-1391)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Network Connections Service handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1373, CVE-2020-1390, CVE-2020-1427, CVE-2020-1428, CVE-2020-1438)\n\n - An elevation of privilege vulnerability exists when the Windows Cryptography Next Generation (CNG) Key Isolation service improperly handles memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. (CVE-2020-1359, CVE-2020-1384)\n\n - An information disclosure vulnerability exists when the Windows Resource Policy component improperly handles memory. (CVE-2020-1358)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Speech Brokered API handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1395)\n\n - An information disclosure vulnerability exists when Windows Error Reporting improperly handles file operations. (CVE-2020-1420)\n\n - A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code on a target system. (CVE-2020-1412)\n\n - An information disclosure vulnerability exists when Microsoft Edge PDF Reader improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2020-1433)\n\n - A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory. (CVE-2020-1400, CVE-2020-1401, CVE-2020-1407)\n\n - An elevation of privilege vulnerability exists when Windows Error Reporting manager improperly handles a process crash. An attacker who successfully exploited this vulnerability could delete a targeted file leading to an elevated status. (CVE-2020-1429)\n\n - An elevation of privilege vulnerability exists in the way that the psmsrv.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.\n (CVE-2020-1388)\n\n - An elevation of privilege vulnerability exists when Windows Mobile Device Management (MDM) Diagnostics improperly handles junctions. An attacker who successfully exploited this vulnerability could bypass access restrictions to delete files. (CVE-2020-1405)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Credential Picker handles objects in memory. An attacker who successfully exploited the vulnerability could allow an application with limited privileges on an affected system to execute code at a medium integrity level. (CVE-2020-1385)\n\n - A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. (CVE-2020-1421)\n\n - An information disclosure vulnerability exists in Windows when the Windows Imaging Component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user's system.\n There are multiple ways an attacker could exploit this vulnerability: (CVE-2020-1397)\n\n - An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. An authenticated attacker could exploit this vulnerability by running a specially crafted application. The update addresses the vulnerability by correcting how the Windows kernel handles objects in memory. (CVE-2020-1367, CVE-2020-1426)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Function Discovery Service handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1085)\n\n - An information disclosure vulnerability exists in the way that the WalletService handles memory.\n (CVE-2020-1361)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Sync Host Service handles objects in memory. An attacker who successfully exploited the vulnerability could allow an application with limited privileges on an affected system to execute code at a medium integrity level. (CVE-2020-1434)\n\n - An information disclosure vulnerability exists when Skype for Business is accessed via Microsoft Edge (EdgeHTML-based). An attacker who exploited the vulnerability could cause the user to place a call without additional consent, leading to information disclosure of the user profile. For the vulnerability to be exploited, a user must click a specially crafted URL that prompts the Skype app. (CVE-2020-1462)\n\n - An elevation of privilege vulnerability exists when Windows Lockscreen fails to properly handle Ease of Access dialog. An attacker who successfully exploited the vulnerability could execute commands with elevated permissions. The security update addresses the vulnerability by ensuring that the Ease of Access dialog is handled properly. (CVE-2020-1398)\n\n - A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2020-1403)", "cvss3": {}, "published": "2020-07-14T00:00:00", "type": "nessus", "title": "KB4565483: Windows 10 Version 1903 and Windows 10 Version 1909 July 2020 Security Update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-1085", "CVE-2020-1147", "CVE-2020-1249", "CVE-2020-1267", "CVE-2020-1330", "CVE-2020-1333", "CVE-2020-1336", "CVE-2020-1344", "CVE-2020-1346", "CVE-2020-1347", "CVE-2020-1351", "CVE-2020-1352", "CVE-2020-1353", "CVE-2020-1355", "CVE-2020-1357", "CVE-2020-1358", "CVE-2020-1359", "CVE-2020-1360", "CVE-2020-1361", "CVE-2020-1362", "CVE-2020-1363", "CVE-2020-1364", "CVE-2020-1365", "CVE-2020-1366", "CVE-2020-1367", "CVE-2020-1368", "CVE-2020-1369", "CVE-2020-1370", "CVE-2020-1371", "CVE-2020-1372", "CVE-2020-1373", "CVE-2020-1374", "CVE-2020-1375", "CVE-2020-1381", "CVE-2020-1382", "CVE-2020-1384", "CVE-2020-1385", "CVE-2020-1386", "CVE-2020-1387", "CVE-2020-1388", "CVE-2020-1389", "CVE-2020-1390", "CVE-2020-1391", "CVE-2020-1392", "CVE-2020-1393", "CVE-2020-1394", "CVE-2020-1395", "CVE-2020-1396", "CVE-2020-1397", "CVE-2020-1398", "CVE-2020-1399", "CVE-2020-1400", "CVE-2020-1401", "CVE-2020-1402", "CVE-2020-1403", "CVE-2020-1404", "CVE-2020-1405", "CVE-2020-1406", "CVE-2020-1407", "CVE-2020-1408", "CVE-2020-1409", "CVE-2020-1410", "CVE-2020-1411", "CVE-2020-1412", "CVE-2020-1413", "CVE-2020-1414", "CVE-2020-1415", "CVE-2020-1418", "CVE-2020-1419", "CVE-2020-1420", "CVE-2020-1421", "CVE-2020-1422", "CVE-2020-1424", "CVE-2020-1426", "CVE-2020-1427", "CVE-2020-1428", "CVE-2020-1429", "CVE-2020-1430", "CVE-2020-1431", "CVE-2020-1432", "CVE-2020-1433", "CVE-2020-1434", "CVE-2020-1435", "CVE-2020-1436", "CVE-2020-1437", "CVE-2020-1438", "CVE-2020-1462", "CVE-2020-1463", "CVE-2020-1468"], "modified": "2023-01-24T00:00:00", "cpe": ["cpe:/o:microsoft:windows", "cpe:/a:microsoft:edge"], "id": "SMB_NT_MS20_JUL_4565483.NASL", "href": "https://www.tenable.com/plugins/nessus/138454", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(138454);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/24\");\n\n script_cve_id(\n \"CVE-2020-1085\",\n \"CVE-2020-1147\",\n \"CVE-2020-1249\",\n \"CVE-2020-1267\",\n \"CVE-2020-1330\",\n \"CVE-2020-1333\",\n \"CVE-2020-1336\",\n \"CVE-2020-1344\",\n \"CVE-2020-1346\",\n \"CVE-2020-1347\",\n \"CVE-2020-1351\",\n \"CVE-2020-1352\",\n \"CVE-2020-1353\",\n \"CVE-2020-1355\",\n \"CVE-2020-1357\",\n \"CVE-2020-1358\",\n \"CVE-2020-1359\",\n \"CVE-2020-1360\",\n \"CVE-2020-1361\",\n \"CVE-2020-1362\",\n \"CVE-2020-1363\",\n \"CVE-2020-1364\",\n \"CVE-2020-1365\",\n \"CVE-2020-1366\",\n \"CVE-2020-1367\",\n \"CVE-2020-1368\",\n \"CVE-2020-1369\",\n \"CVE-2020-1370\",\n \"CVE-2020-1371\",\n \"CVE-2020-1372\",\n \"CVE-2020-1373\",\n \"CVE-2020-1374\",\n \"CVE-2020-1375\",\n \"CVE-2020-1381\",\n \"CVE-2020-1382\",\n \"CVE-2020-1384\",\n \"CVE-2020-1385\",\n \"CVE-2020-1386\",\n \"CVE-2020-1387\",\n \"CVE-2020-1388\",\n \"CVE-2020-1389\",\n \"CVE-2020-1390\",\n \"CVE-2020-1391\",\n \"CVE-2020-1392\",\n \"CVE-2020-1393\",\n \"CVE-2020-1394\",\n \"CVE-2020-1395\",\n \"CVE-2020-1396\",\n \"CVE-2020-1397\",\n \"CVE-2020-1398\",\n \"CVE-2020-1399\",\n \"CVE-2020-1400\",\n \"CVE-2020-1401\",\n \"CVE-2020-1402\",\n \"CVE-2020-1403\",\n \"CVE-2020-1404\",\n \"CVE-2020-1405\",\n \"CVE-2020-1406\",\n \"CVE-2020-1407\",\n \"CVE-2020-1408\",\n \"CVE-2020-1409\",\n \"CVE-2020-1410\",\n \"CVE-2020-1411\",\n \"CVE-2020-1412\",\n \"CVE-2020-1413\",\n \"CVE-2020-1414\",\n \"CVE-2020-1415\",\n \"CVE-2020-1418\",\n \"CVE-2020-1419\",\n \"CVE-2020-1420\",\n \"CVE-2020-1421\",\n \"CVE-2020-1422\",\n \"CVE-2020-1424\",\n \"CVE-2020-1426\",\n \"CVE-2020-1427\",\n \"CVE-2020-1428\",\n \"CVE-2020-1429\",\n \"CVE-2020-1430\",\n \"CVE-2020-1431\",\n \"CVE-2020-1432\",\n \"CVE-2020-1433\",\n \"CVE-2020-1434\",\n \"CVE-2020-1435\",\n \"CVE-2020-1436\",\n \"CVE-2020-1437\",\n \"CVE-2020-1438\",\n \"CVE-2020-1462\",\n \"CVE-2020-1463\",\n \"CVE-2020-1468\"\n );\n script_xref(name:\"MSKB\", value:\"4565483\");\n script_xref(name:\"MSFT\", value:\"MS20-4565483\");\n script_xref(name:\"IAVA\", value:\"2020-A-0300-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0302-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0313-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/03\");\n\n script_name(english:\"KB4565483: Windows 10 Version 1903 and Windows 10 Version 1909 July 2020 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4565483\nor 4565554. It is, therefore, affected by multiple\nvulnerabilities :\n\n - An elevation of privilege vulnerability exists when the\n Windows System Events Broker improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could gain elevated privileges.\n (CVE-2020-1357)\n\n - An elevation of privilege vulnerability exists when the\n Windows kernel fails to properly handle objects in\n memory. An attacker who successfully exploited this\n vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change,\n or delete data; or create new accounts with full user\n rights. (CVE-2020-1411)\n\n - An elevation of privilege vulnerability exists when the\n Windows Diagnostics Execution Service fails to properly\n sanitize input, leading to an unsecure library-loading\n behavior. An attacker who successfully exploited this\n vulnerability could run arbitrary code with elevated\n system privileges. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. (CVE-2020-1418)\n\n - An elevation of privilege vulnerability exists when the\n Windows USO Core Worker improperly handles memory.\n (CVE-2020-1352)\n\n - An elevation of privilege vulnerability exists when the\n Windows Modules Installer improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could gain elevated privileges.\n (CVE-2020-1346)\n\n - An elevation of privilege vulnerability exists when the\n Windows Diagnostics Hub Standard Collector Service fails\n to properly sanitize input, leading to an unsecure\n library-loading behavior. An attacker who successfully\n exploited this vulnerability could run arbitrary code\n with elevated system privileges. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2020-1393)\n\n - A remote code execution vulnerability exists in the way\n that DirectWrite handles objects in memory. An attacker\n who successfully exploited this vulnerability could take\n control of the affected system. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights. There are\n multiple ways an attacker could exploit the\n vulnerability, such as by convincing a user to open a\n specially crafted document, or by convincing a user to\n visit an untrusted webpage. The security update\n addresses the vulnerability by correcting how\n DirectWrite handles objects in memory. (CVE-2020-1409)\n\n - An elevation of privilege vulnerability exists when the\n Windows AppX Deployment Extensions improperly performs\n privilege management, resulting in access to system\n files. (CVE-2020-1431)\n\n - An elevation of privilege vulnerability exists when the\n Windows Profile Service improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could gain elevated privileges.\n (CVE-2020-1360)\n\n - An elevation of privilege vulnerability exists when\n Windows Mobile Device Management (MDM) Diagnostics\n improperly handles objects in memory. An attacker who\n successfully exploited this vulnerability could bypass\n access restrictions to delete files. (CVE-2020-1372)\n\n - An elevation of privilege vulnerability exists when the\n Windows Picker Platform improperly handles memory.\n (CVE-2020-1363)\n\n - An elevation of privilege vulnerability exists when\n Windows improperly handles calls to Advanced Local\n Procedure Call (ALPC). An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n the security context of the local system. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n (CVE-2020-1396)\n\n - An information disclosure vulnerability exists when\n Windows Mobile Device Management (MDM) Diagnostics\n improperly handles junctions. An attacker who\n successfully exploited this vulnerability could bypass\n access restrictions to read files. (CVE-2020-1330)\n\n - A remote code execution vulnerability exists in the\n Windows Remote Desktop Client when a user connects to a\n malicious server. An attacker who successfully exploited\n this vulnerability could execute arbitrary code on the\n computer of the connecting client. An attacker could\n then install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2020-1374)\n\n - A remote code execution vulnerability exists when the\n Windows font library improperly handles specially\n crafted fonts. For all systems except Windows 10, an\n attacker who successfully exploited the vulnerability\n could execute code remotely. For systems running Windows\n 10, an attacker who successfully exploited the\n vulnerability could execute code in an AppContainer\n sandbox context with limited privileges and\n capabilities. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. There are multiple ways an\n attacker could exploit the vulnerability:\n (CVE-2020-1436)\n\n - An elevation of privilege vulnerability exists in the\n way that the Credential Enrollment Manager service\n handles objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2020-1368)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Network List Service handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2020-1406)\n\n - An information disclosure vulnerability exists when the\n Windows Graphics component improperly handles objects in\n memory. An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. An authenticated attacker\n could exploit this vulnerability by running a specially\n crafted application. The update addresses the\n vulnerability by correcting how the Windows Graphics\n Component handles objects in memory. (CVE-2020-1351)\n\n - An information disclosure vulnerability exists when the\n Windows GDI component improperly discloses the contents\n of its memory. An attacker who successfully exploited\n the vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document,\n or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by\n correcting how the Windows GDI component handles objects\n in memory. (CVE-2020-1468)\n\n - An elevation of privilege vulnerability exists when the\n Windows Event Logging Service improperly handles memory.\n (CVE-2020-1365, CVE-2020-1371)\n\n - An information disclosure vulnerability exists when the\n Windows kernel fails to properly initialize a memory\n address. An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. (CVE-2020-1389,\n CVE-2020-1419)\n\n - An elevation of privilege vulnerability exists when the\n Windows Print Workflow Service improperly handles\n objects in memory. An attacker who successfully\n exploited this vulnerability could gain elevated\n privileges and break out of the AppContainer sandbox.\n (CVE-2020-1366)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows WalletService handles objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute code with elevated\n permissions. (CVE-2020-1344, CVE-2020-1362,\n CVE-2020-1369)\n\n - An elevation of privilege vulnerability exists when the\n Windows ActiveX Installer Service improperly handles\n memory. (CVE-2020-1402)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Geolocation Framework handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2020-1394)\n\n - An information vulnerability exists when Windows\n Connected User Experiences and Telemetry Service\n improperly discloses file information. Successful\n exploitation of the vulnerability could allow the\n attacker to read any file on the file system.\n (CVE-2020-1386)\n\n - This security update corrects a denial of service in the\n Local Security Authority Subsystem Service (LSASS)\n caused when an authenticated attacker sends a specially\n crafted authentication request. A remote attacker who\n successfully exploited this vulnerability could cause a\n denial of service on the target system's LSASS service,\n which triggers an automatic reboot of the system. The\n security update addresses the vulnerability by changing\n the way that LSASS handles specially crafted\n authentication requests. (CVE-2020-1267)\n\n - An elevation of privilege vulnerability exists when the\n Windows Delivery Optimization service improperly handles\n objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code\n with elevated system privileges. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2020-1392)\n\n - A remote code execution vulnerability exists when\n Windows Address Book (WAB) improperly processes vcard\n files. (CVE-2020-1410)\n\n - An elevation of privilege vulnerability exists when the\n Windows Runtime improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could run arbitrary code in an elevated context. An\n attacker could exploit this vulnerability by running a\n specially crafted application on the victim system. The\n update addresses the vulnerability by correcting the way\n the Windows Runtime handles objects in memory.\n (CVE-2020-1249, CVE-2020-1353, CVE-2020-1370,\n CVE-2020-1399, CVE-2020-1404, CVE-2020-1413,\n CVE-2020-1414, CVE-2020-1415, CVE-2020-1422)\n\n - A remote code execution vulnerability exists in the way\n that the Windows Graphics Device Interface (GDI) handles\n objects in the memory. An attacker who successfully\n exploited this vulnerability could take control of the\n affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. (CVE-2020-1435)\n\n - An elevation of privilege vulnerability exists when the\n Windows Update Stack fails to properly handle objects in\n memory. An attacker who successfully exploited this\n vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change,\n or delete data; or create new accounts with full user\n rights. (CVE-2020-1424)\n\n - An elevation of privilege vulnerability exists in the\n way that the SharedStream Library handles objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute code with elevated\n permissions. (CVE-2020-1463)\n\n - An elevation of privilege vulnerability exists when the\n Windows Graphics Component improperly handles objects in\n memory. An attacker who successfully exploited this\n vulnerability could run processes in an elevated\n context. (CVE-2020-1381, CVE-2020-1382)\n\n - An elevation of privilege vulnerability exists when\n Group Policy Services Policy Processing improperly\n handle reparse points. An attacker who successfully\n exploited this vulnerability could overwrite a targeted\n file that would normally require elevated permissions.\n (CVE-2020-1333)\n\n - An elevation of privilege vulnerability exists in the\n way the Windows Push Notification Service handles\n objects in memory. An attacker who successfully\n exploited this vulnerability could run processes in an\n elevated context. An attacker could then install\n programs; view, change or delete data. (CVE-2020-1387)\n\n - A remote code execution vulnerability exists when the\n Windows font library improperly handles specially\n crafted embedded fonts. An attacker who successfully\n exploited the vulnerability could take control of the\n affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. (CVE-2020-1408)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Kernel handles objects in memory.\n An attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2020-1336)\n\n - A remote code execution vulnerability exists in .NET\n Framework, Microsoft SharePoint, and Visual Studio when\n the software fails to check the source markup of XML\n file input. An attacker who successfully exploited the\n vulnerability could run arbitrary code in the context of\n the process responsible for deserialization of the XML\n content. (CVE-2020-1147)\n\n - An elevation of privilege vulnerability exists when the\n Windows Storage Services improperly handle file\n operations. An attacker who successfully exploited this\n vulnerability could gain elevated privileges.\n (CVE-2020-1347)\n\n - A denial of service vulnerability exists in the way that\n the WalletService handles files. An attacker who\n successfully exploited the vulnerability could corrupt\n system files. (CVE-2020-1364)\n\n - An elevation of privilege vulnerability exists when the\n Windows UPnP Device Host improperly handles memory.\n (CVE-2020-1430)\n\n - An information disclosure vulnerability exists when\n Skype for Business is accessed via Internet Explorer. An\n attacker who exploited the vulnerability could cause the\n user to place a call without additional consent, leading\n to information disclosure of the user profile. For the\n vulnerability to be exploited, a user must click a\n specially crafted URL that prompts the Skype app.\n (CVE-2020-1432)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Network Location Awareness Service\n handles objects in memory. An attacker who successfully\n exploited the vulnerability could allow an application\n with limited privileges on an affected system to execute\n code at a medium integrity level. (CVE-2020-1437)\n\n - An elevation of privilege vulnerability exists when\n Windows improperly handles COM object creation. An\n attacker who successfully exploited the vulnerability\n could run arbitrary code with elevated privileges.\n (CVE-2020-1375)\n\n - A remote code execution vulnerability exists when the\n Windows Font Driver Host improperly handles memory. An\n attacker who successfully exploited the vulnerability\n would gain execution on a victim system. The security\n update addresses the vulnerability by correcting how the\n Windows Font Driver Host handles memory. (CVE-2020-1355)\n\n - An information disclosure vulnerability exists when the\n Windows Agent Activation Runtime (AarSvc) fails to\n properly handle objects in memory. An attacker who\n successfully exploited the vulnerability could obtain\n information to further compromise the users system.\n (CVE-2020-1391)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Network Connections Service handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2020-1373, CVE-2020-1390,\n CVE-2020-1427, CVE-2020-1428, CVE-2020-1438)\n\n - An elevation of privilege vulnerability exists when the\n Windows Cryptography Next Generation (CNG) Key Isolation\n service improperly handles memory. An attacker who\n successfully exploited this vulnerability could run\n processes in an elevated context. (CVE-2020-1359,\n CVE-2020-1384)\n\n - An information disclosure vulnerability exists when the\n Windows Resource Policy component improperly handles\n memory. (CVE-2020-1358)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Speech Brokered API handles objects\n in memory. An attacker who successfully exploited the\n vulnerability could execute code with elevated\n permissions. (CVE-2020-1395)\n\n - An information disclosure vulnerability exists when\n Windows Error Reporting improperly handles file\n operations. (CVE-2020-1420)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft Graphics Components handle objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute arbitrary code on a target\n system. (CVE-2020-1412)\n\n - An information disclosure vulnerability exists when\n Microsoft Edge PDF Reader improperly handles objects in\n memory. An attacker who successfully exploited the\n vulnerability could obtain information to further\n compromise the users system. (CVE-2020-1433)\n\n - A remote code execution vulnerability exists when the\n Windows Jet Database Engine improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on a victim\n system. An attacker could exploit this vulnerability by\n enticing a victim to open a specially crafted file. The\n update addresses the vulnerability by correcting the way\n the Windows Jet Database Engine handles objects in\n memory. (CVE-2020-1400, CVE-2020-1401, CVE-2020-1407)\n\n - An elevation of privilege vulnerability exists when\n Windows Error Reporting manager improperly handles a\n process crash. An attacker who successfully exploited\n this vulnerability could delete a targeted file leading\n to an elevated status. (CVE-2020-1429)\n\n - An elevation of privilege vulnerability exists in the\n way that the psmsrv.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2020-1388)\n\n - An elevation of privilege vulnerability exists when\n Windows Mobile Device Management (MDM) Diagnostics\n improperly handles junctions. An attacker who\n successfully exploited this vulnerability could bypass\n access restrictions to delete files. (CVE-2020-1405)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Credential Picker handles objects\n in memory. An attacker who successfully exploited the\n vulnerability could allow an application with limited\n privileges on an affected system to execute code at a\n medium integrity level. (CVE-2020-1385)\n\n - A remote code execution vulnerability exists in\n Microsoft Windows that could allow remote code execution\n if a .LNK file is processed. An attacker who\n successfully exploited this vulnerability could gain the\n same user rights as the local user. (CVE-2020-1421)\n\n - An information disclosure vulnerability exists in\n Windows when the Windows Imaging Component fails to\n properly handle objects in memory. An attacker who\n successfully exploited this vulnerability could obtain\n information to further compromise the user's system.\n There are multiple ways an attacker could exploit this\n vulnerability: (CVE-2020-1397)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. An authenticated attacker could exploit this\n vulnerability by running a specially crafted\n application. The update addresses the vulnerability by\n correcting how the Windows kernel handles objects in\n memory. (CVE-2020-1367, CVE-2020-1426)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Function Discovery Service handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2020-1085)\n\n - An information disclosure vulnerability exists in the\n way that the WalletService handles memory.\n (CVE-2020-1361)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Sync Host Service handles objects\n in memory. An attacker who successfully exploited the\n vulnerability could allow an application with limited\n privileges on an affected system to execute code at a\n medium integrity level. (CVE-2020-1434)\n\n - An information disclosure vulnerability exists when\n Skype for Business is accessed via Microsoft Edge\n (EdgeHTML-based). An attacker who exploited the\n vulnerability could cause the user to place a call\n without additional consent, leading to information\n disclosure of the user profile. For the vulnerability to\n be exploited, a user must click a specially crafted URL\n that prompts the Skype app. (CVE-2020-1462)\n\n - An elevation of privilege vulnerability exists when\n Windows Lockscreen fails to properly handle Ease of\n Access dialog. An attacker who successfully exploited\n the vulnerability could execute commands with elevated\n permissions. The security update addresses the\n vulnerability by ensuring that the Ease of Access dialog\n is handled properly. (CVE-2020-1398)\n\n - A remote code execution vulnerability exists in the way\n that the VBScript engine handles objects in memory. The\n vulnerability could corrupt memory in such a way that an\n attacker could execute arbitrary code in the context of\n the current user. An attacker who successfully exploited\n the vulnerability could gain the same user rights as the\n current user. (CVE-2020-1403)\");\n # https://support.microsoft.com/en-us/help/4565483/windows-10-update-kb4565483\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?e066b7e3\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update KB4565483.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-1435\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-1436\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'SharePoint DataSet / DataTable Deserialization');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/07/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/07/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS20-07\";\nkbs = make_list('4565483');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:\"18362\",\n rollup_date:\"07_2020\",\n bulletin:bulletin,\n rollup_kb_list:[4565483])\n ||\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:\"18363\",\n rollup_date:\"07_2020\",\n bulletin:bulletin,\n rollup_kb_list:[4565483])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n\n\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:03:43", "description": "The Internet Explorer installation on the remote host is missing security updates. It is, therefore, affected by multiple vulnerabilities :\n\n - An information disclosure vulnerability exists when Skype for Business is accessed via Internet Explorer. An attacker who exploited the vulnerability could cause the user to place a call without additional consent, leading to information disclosure of the user profile. For the vulnerability to be exploited, a user must click a specially crafted URL that prompts the Skype app.\n (CVE-2020-1432)\n\n - A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2020-1403)", "cvss3": {}, "published": "2020-07-14T00:00:00", "type": "nessus", "title": "Security Updates for Internet Explorer (July 2020)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-1403", "CVE-2020-1432"], "modified": "2020-08-14T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS20_JUL_INTERNET_EXPLORER.NASL", "href": "https://www.tenable.com/plugins/nessus/138467", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(138467);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/08/14\");\n\n script_cve_id(\"CVE-2020-1403\", \"CVE-2020-1432\");\n script_xref(name:\"MSKB\", value:\"4565541\");\n script_xref(name:\"MSKB\", value:\"4565524\");\n script_xref(name:\"MSKB\", value:\"4565479\");\n script_xref(name:\"MSKB\", value:\"4565536\");\n script_xref(name:\"MSFT\", value:\"MS20-4565541\");\n script_xref(name:\"MSFT\", value:\"MS20-4565524\");\n script_xref(name:\"MSFT\", value:\"MS20-4565479\");\n script_xref(name:\"MSFT\", value:\"MS20-4565536\");\n script_xref(name:\"IAVA\", value:\"2020-A-0313-S\");\n\n script_name(english:\"Security Updates for Internet Explorer (July 2020)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The Internet Explorer installation on the remote host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The Internet Explorer installation on the remote host is\nmissing security updates. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - An information disclosure vulnerability exists when\n Skype for Business is accessed via Internet Explorer. An\n attacker who exploited the vulnerability could cause the\n user to place a call without additional consent, leading\n to information disclosure of the user profile. For the\n vulnerability to be exploited, a user must click a\n specially crafted URL that prompts the Skype app.\n (CVE-2020-1432)\n\n - A remote code execution vulnerability exists in the way\n that the VBScript engine handles objects in memory. The\n vulnerability could corrupt memory in such a way that an\n attacker could execute arbitrary code in the context of\n the current user. An attacker who successfully exploited\n the vulnerability could gain the same user rights as the\n current user. (CVE-2020-1403)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/help/4565541/windows-8-1-kb4565541\");\n # https://support.microsoft.com/en-us/help/4565524/windows-7-update-kb4565524\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d3552b4f\");\n # https://support.microsoft.com/en-us/help/4565479/cumulative-security-update-for-internet-explorer\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?542e5e22\");\n # https://support.microsoft.com/en-us/help/4565536/windows-server-2008-update-kb4565536\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?9e9e22c7\");\n script_set_attribute(attribute:\"solution\", value:\n\"Microsoft has released the following security updates to address this issue: \n -KB4565541\n -KB4565524\n -KB4565479\n -KB4565536\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-1403\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/07/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/07/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = 'MS20-07';\nkbs = make_list(\n'4565479',\n'4565537',\n'4565536',\n'4565541',\n'4565524'\n);\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nos = get_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(vista:'2', win7:'1', win8:'0', win81:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nproductname = get_kb_item_or_exit(\"SMB/ProductName\", exit_code:1);\nif (\"Windows 8\" >< productname && \"8.1\" >!< productname)\n audit(AUDIT_OS_SP_NOT_VULN);\nif (\"Vista\" >< productname) audit(AUDIT_OS_SP_NOT_VULN);\n\nif (hotfix_check_server_core() == 1) audit(AUDIT_WIN_SERVER_CORE);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n # Windows 8.1 / Windows Server 2012 R2\n # Internet Explorer 11\n hotfix_is_vulnerable(os:\"6.3\", sp:0, file:\"mshtml.dll\", version:\"11.0.9600.19750\", min_version:\"11.0.9600.16000\", dir:\"\\system32\", bulletin:bulletin, kb:\"4565479\") ||\n\n # Windows Server 2012\n# Internet Explorer 11\n hotfix_is_vulnerable(os:\"6.2\", sp:0, file:\"mshtml.dll\", version:\"11.0.9600.19750\", min_version:\"11.0.9600.16000\", dir:\"\\system32\", bulletin:bulletin, kb:\"4565479\") ||\n \n # Windows 7 / Server 2008 R2\n # Internet Explorer 11\n hotfix_is_vulnerable(os:\"6.1\", sp:1, file:\"mshtml.dll\", version:\"11.0.9600.19750\", min_version:\"11.0.9600.16000\", dir:\"\\system32\", bulletin:bulletin, kb:\"4565479\") ||\n\n # Windows Server 2008\n # Internet Explorer 9\n hotfix_is_vulnerable(os:\"6.0\", sp:2, file:\"mshtml.dll\", version:\"9.0.8112.21461\", min_version:\"9.0.8112.16000\", dir:\"\\system32\", bulletin:bulletin, kb:\"4565479\")\n)\n{\n report = '\\nNote: The fix for this issue is available in either of the following updates:\\n';\n report += ' - KB4565479 : Cumulative Security Update for Internet Explorer\\n';\n if(os == \"6.3\")\n {\n report += ' - KB4565541 : Windows 8.1 / Server 2012 R2 Monthly Rollup\\n';\n hotfix_add_report(bulletin:'MS20-07', kb:'4565541', report);\n }\n else if(os == \"6.2\")\n {\n report += ' - KB4565537 : Windows Server 2012 Monthly Rollup\\n';\n hotfix_add_report(bulletin:'MS20-07', kb:'4565537', report);\n }\n else if(os == \"6.1\")\n {\n report += ' - KB4565524 : Windows 7 / Server 2008 R2 Monthly Rollup\\n';\n hotfix_add_report(bulletin:'MS20-07', kb:'4565524', report);\n }\n else if(os == \"6.0\")\n {\n report += ' - KB4565536 : Windows Server 2008 Monthly Rollup\\n';\n hotfix_add_report(bulletin:'MS20-07', kb:'4565536', report);\n }\n set_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-26T15:19:14", "description": "The Microsoft Visual Studio Products are missing security updates. It is, therefore, affected by multiple vulnerabilities :\n\n - A remote code execution vulnerability exists in Visual Studio when the software fails to check the source markup of XML file input. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the process responsible for deserialization of the XML content. (CVE-2020-1147)\n\n - An elevation of privilege vulnerability exists when the Windows Diagnostics Hub Standard Collector Service fails to properly sanitize input, leading to an unsecure library-loading behavior. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application.\n (CVE-2020-1393)\n\n - An elevation of privilege vulnerability exists in Visual Studio and Visual Studio Code when they load software dependencies. A local attacker who successfully exploited the vulnerability could inject arbitrary code to run in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, a local attacker would need to plant malicious content on an affected computer and wait for another user to launch Visual Studio or Visual Studio Code. (CVE-2020-1416)", "cvss3": {}, "published": "2020-07-14T00:00:00", "type": "nessus", "title": "Security Updates for Microsoft Visual Studio Products (July 2020)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-1147", "CVE-2020-1393", "CVE-2020-1416"], "modified": "2023-07-25T00:00:00", "cpe": ["cpe:/a:microsoft:visual_studio"], "id": "SMB_NT_MS20_JUL_VISUAL_STUDIO.NASL", "href": "https://www.tenable.com/plugins/nessus/138473", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(138473);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/07/25\");\n\n script_cve_id(\"CVE-2020-1147\", \"CVE-2020-1393\", \"CVE-2020-1416\");\n script_xref(name:\"MSKB\", value:\"4567703\");\n script_xref(name:\"MSFT\", value:\"MS20-4567703\");\n script_xref(name:\"IAVA\", value:\"2020-A-0309-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/03\");\n\n script_name(english:\"Security Updates for Microsoft Visual Studio Products (July 2020)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The Microsoft Visual Studio Products are affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The Microsoft Visual Studio Products are missing security\nupdates. It is, therefore, affected by multiple\nvulnerabilities :\n\n - A remote code execution vulnerability exists in Visual\n Studio when the software fails to check the source\n markup of XML file input. An attacker who successfully\n exploited the vulnerability could run arbitrary code in\n the context of the process responsible for\n deserialization of the XML content. (CVE-2020-1147)\n\n - An elevation of privilege vulnerability exists when the\n Windows Diagnostics Hub Standard Collector Service fails\n to properly sanitize input, leading to an unsecure\n library-loading behavior. An attacker who successfully\n exploited this vulnerability could run arbitrary code with\n elevated system privileges. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. To exploit this\n vulnerability, an attacker would have to log on to an\n affected system and run a specially crafted application.\n (CVE-2020-1393)\n\n - An elevation of privilege vulnerability exists in Visual\n Studio and Visual Studio Code when they load software\n dependencies. A local attacker who successfully exploited\n the vulnerability could inject arbitrary code to run in the\n context of the current user. If the current user is logged\n on with administrative user rights, an attacker could take\n control of the affected system. An attacker could then\n install programs; view, change, or delete data; or create\n new accounts with full user rights. To exploit this\n vulnerability, a local attacker would need to plant malicious\n content on an affected computer and wait for another user to\n launch Visual Studio or Visual Studio Code. (CVE-2020-1416)\");\n # https://support.microsoft.com/en-us/help/4567703/description-of-the-security-update-for-microsoft-visual-studio-2015-up\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?6e09a167\");\n script_set_attribute(attribute:\"solution\", value:\n\"Microsoft has released the following security updates to address this issue:\n - KB4567703\n - Update 15.9.25 for Visual Studio 2017\n - Update 16.0.16 for Visual Studio 2019\n - Update 16.4.11 for Visual Studio 2019\n - Update 16.6.4 for Visual Studio 2019\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-1416\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'SharePoint DataSet / DataTable Deserialization');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/07/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/07/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:visual_studio\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ms_bulletin_checks_possible.nasl\", \"microsoft_visual_studio_installed.nbin\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\", \"installed_sw/Microsoft Visual Studio\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('install_func.inc');\ninclude('smb_func.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_hotfixes_fcheck.inc');\n\nget_kb_item_or_exit('installed_sw/Microsoft Visual Studio');\n\nvar port, appname, installs, report, install, version, path, prod, fix;\nvar runtime_dll_ver, runtime_dll_path;\n\nport = get_kb_item(\"SMB/transport\");\nappname = 'Microsoft Visual Studio';\ninstalls = get_installs(app_name:appname, exit_if_not_found:TRUE);\nreport = '';\n\nforeach install (installs[1])\n{\n version = install['version'];\n path = install['path'];\n prod = install['product_version'];\n runtime_dll_path = install['runtime_dll_path'];\n runtime_dll_ver = install['runtime_dll_ver'];\n fix = '';\n\n # VS 2015 Up3\n if (version =~ '^14\\\\.0\\\\.')\n {\n fix = '14.0.27542.0';\n if (runtime_dll_ver && runtime_dll_path && ver_compare(ver:runtime_dll_ver, fix:fix, strict:FALSE) < 0)\n {\n report +=\n '\\n Path : ' + runtime_dll_path +\n '\\n Installed version : ' + runtime_dll_ver +\n '\\n Fixed version : ' + fix +\n '\\n';\n }\n # patch_installed = false;\n # foreach name (get_kb_list('SMB/Registry/HKLM/SOFTWARE/Microsoft/Windows/CurrentVersion/Uninstall/*/DisplayName'))\n # if ('4567703' >< name)\n # patch_installed = true;\n\n # if (!patch_installed)\n # report +=\n # '\\nNote: The fix for this issue is available in the following update:\\n' +\n # '\\n - KB4567703 : Security update for Microsoft Visual Studio 2015 Update 3: July 14, 2020\\n' +\n # '\\n';\n }\n # VS 2017 (15.9)\n else if (prod == '2017' && version =~ '^15\\\\.[1-9]\\\\.')\n {\n fix = '15.9.28307.1216';\n\n if (ver_compare(ver: version, fix: fix, strict:FALSE) < 0)\n {\n report +=\n '\\n Path : ' + path +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fix +\n '\\n';\n }\n }\n # VS 2019 Version 16.0\n else if (prod == '2019' && version =~ '^16\\\\.0\\\\.')\n {\n fix = '16.0.28803.791';\n if (ver_compare(ver: version, fix: fix, strict:FALSE) < 0)\n {\n report +=\n '\\n Path : ' + path +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fix +\n '\\n';\n }\n }\n # VS 2019 Version 16.4\n else if (prod == '2019' && version =~ '^16\\\\.4\\\\.')\n {\n fix = '16.4.30308.118';\n if (ver_compare(ver: version, fix: fix, strict:FALSE) < 0)\n {\n report +=\n '\\n Path : ' + path +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fix +\n '\\n';\n }\n }\n # VS 2019 Version 16.6\n else if (prod == '2019' && version =~ '^16\\\\.6\\\\.')\n {\n fix = '16.6.30309.148';\n if (ver_compare(ver: version, fix: fix, strict:FALSE) < 0)\n {\n report +=\n '\\n Path : ' + path +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fix +\n '\\n';\n }\n }\n}\n\nif (empty(report))\n audit(AUDIT_INST_VER_NOT_VULN, appname);\n\nsecurity_report_v4(port:port, severity:SECURITY_HOLE, extra:report);\n\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:04:10", "description": "From Red Hat Security Advisory 2020:2938 :\n\nThe remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:2938 advisory.\n\n - dotnet: XML source markup processing remote code execution (CVE-2020-1147)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-07-20T00:00:00", "type": "nessus", "title": "Oracle Linux 8 : .NET / Core (ELSA-2020-2938)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-1147"], "modified": "2023-04-25T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:dotnet-host-fxr-2.1", "p-cpe:/a:oracle:linux:dotnet-runtime-2.1", "p-cpe:/a:oracle:linux:dotnet-sdk-2.1", "p-cpe:/a:oracle:linux:dotnet-sdk-2.1.5xx", "cpe:/o:oracle:linux:8"], "id": "ORACLELINUX_ELSA-2020-2938.NASL", "href": "https://www.tenable.com/plugins/nessus/138660", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:2938 and \n# Oracle Linux Security Advisory ELSA-2020-2938 respectively.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(138660);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/04/25\");\n\n script_cve_id(\"CVE-2020-1147\");\n script_xref(name:\"RHSA\", value:\"2020:2938\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/03\");\n\n script_name(english:\"Oracle Linux 8 : .NET / Core (ELSA-2020-2938)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"From Red Hat Security Advisory 2020:2938 :\n\nThe remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in\nthe RHSA-2020:2938 advisory.\n\n - dotnet: XML source markup processing remote code\n execution (CVE-2020-1147)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://oss.oracle.com/pipermail/el-errata/2020-July/010130.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected .net and / or core packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-1147\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'SharePoint DataSet / DataTable Deserialization');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/07/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/07/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:dotnet-host-fxr-2.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:dotnet-runtime-2.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:dotnet-sdk-2.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:dotnet-sdk-2.1.5xx\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:8\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 8\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"dotnet-host-fxr-2.1-2.1.20-1.el8_2\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"dotnet-runtime-2.1-2.1.20-1.el8_2\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"dotnet-sdk-2.1-2.1.516-1.el8_2\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"dotnet-sdk-2.1.5xx-2.1.516-1.el8_2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"dotnet-host-fxr-2.1 / dotnet-runtime-2.1 / dotnet-sdk-2.1 / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:24:15", "description": "The remote CentOS Linux 8 host has packages installed that are affected by a vulnerability as referenced in the CESA-2020:2938 advisory.\n\n - dotnet: XML source markup processing remote code execution (CVE-2020-1147)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-02-01T00:00:00", "type": "nessus", "title": "CentOS 8 : .NET Core (CESA-2020:2938)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-1147"], "modified": "2023-04-25T00:00:00", "cpe": ["cpe:/o:centos:centos:8", "p-cpe:/a:centos:centos:dotnet-host-fxr-2.1", "p-cpe:/a:centos:centos:dotnet-runtime-2.1", "p-cpe:/a:centos:centos:dotnet-sdk-2.1", "p-cpe:/a:centos:centos:dotnet-sdk-2.1.5xx"], "id": "CENTOS8_RHSA-2020-2938.NASL", "href": "https://www.tenable.com/plugins/nessus/145867", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# Red Hat Security Advisory RHSA-2020:2938. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(145867);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/04/25\");\n\n script_cve_id(\"CVE-2020-1147\");\n script_xref(name:\"RHSA\", value:\"2020:2938\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/03\");\n\n script_name(english:\"CentOS 8 : .NET Core (CESA-2020:2938)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote CentOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote CentOS Linux 8 host has packages installed that are affected by a vulnerability as referenced in the\nCESA-2020:2938 advisory.\n\n - dotnet: XML source markup processing remote code execution (CVE-2020-1147)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:2938\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-1147\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'SharePoint DataSet / DataTable Deserialization');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/07/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/07/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/02/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:dotnet-host-fxr-2.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:dotnet-runtime-2.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:dotnet-sdk-2.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:dotnet-sdk-2.1.5xx\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CentOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/CentOS/release');\nif (isnull(release) || 'CentOS' >!< release) audit(AUDIT_OS_NOT, 'CentOS');\nos_ver = pregmatch(pattern: \"CentOS(?: Stream)?(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'CentOS');\nos_ver = os_ver[1];\nif ('CentOS Stream' >< release) audit(AUDIT_OS_NOT, 'CentOS 8.x', 'CentOS Stream ' + os_ver);\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'CentOS 8.x', 'CentOS ' + os_ver);\n\nif (!get_kb_item('Host/CentOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'CentOS', cpu);\n\npkgs = [\n {'reference':'dotnet-host-fxr-2.1-2.1.20-1.el8_2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-runtime-2.1-2.1.20-1.el8_2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-sdk-2.1-2.1.516-1.el8_2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-sdk-2.1.5xx-2.1.516-1.el8_2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'CentOS-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'dotnet-host-fxr-2.1 / dotnet-runtime-2.1 / dotnet-sdk-2.1 / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:05:33", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:2938 advisory.\n\n - dotnet: XML source markup processing remote code execution (CVE-2020-1147)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-07-15T00:00:00", "type": "nessus", "title": "RHEL 8 : .NET Core (RHSA-2020:2938)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-1147"], "modified": "2023-04-25T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:8", "cpe:/o:redhat:rhel_aus:8.2", "cpe:/o:redhat:rhel_aus:8.4", "cpe:/o:redhat:rhel_aus:8.6", "cpe:/o:redhat:rhel_e4s:8.2", "cpe:/o:redhat:rhel_e4s:8.4", "cpe:/o:redhat:rhel_e4s:8.6", "cpe:/o:redhat:rhel_eus:8.2", "cpe:/o:redhat:rhel_eus:8.4", "cpe:/o:redhat:rhel_eus:8.6", "cpe:/o:redhat:rhel_tus:8.2", "cpe:/o:redhat:rhel_tus:8.4", "cpe:/o:redhat:rhel_tus:8.6", "p-cpe:/a:redhat:enterprise_linux:dotnet-host-fxr-2.1", "p-cpe:/a:redhat:enterprise_linux:dotnet-runtime-2.1", "p-cpe:/a:redhat:enterprise_linux:dotnet-sdk-2.1", "p-cpe:/a:redhat:enterprise_linux:dotnet-sdk-2.1.5xx"], "id": "REDHAT-RHSA-2020-2938.NASL", "href": "https://www.tenable.com/plugins/nessus/138500", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:2938. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(138500);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/04/25\");\n\n script_cve_id(\"CVE-2020-1147\");\n script_xref(name:\"RHSA\", value:\"2020:2938\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/03\");\n script_xref(name:\"IAVA\", value:\"2020-A-0305-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0304-S\");\n\n script_name(english:\"RHEL 8 : .NET Core (RHSA-2020:2938)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in\nthe RHSA-2020:2938 advisory.\n\n - dotnet: XML source markup processing remote code execution (CVE-2020-1147)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-1147\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:2938\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1856929\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-1147\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'SharePoint DataSet / DataTable Deserialization');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_cwe_id(502);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/07/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/07/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:dotnet-host-fxr-2.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:dotnet-runtime-2.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:dotnet-sdk-2.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:dotnet-sdk-2.1.5xx\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'Red Hat 8.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel8/8.2/x86_64/appstream/debug',\n 'content/aus/rhel8/8.2/x86_64/appstream/os',\n 'content/aus/rhel8/8.2/x86_64/appstream/source/SRPMS',\n 'content/aus/rhel8/8.2/x86_64/baseos/debug',\n 'content/aus/rhel8/8.2/x86_64/baseos/os',\n 'content/aus/rhel8/8.2/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.2/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.2/x86_64/appstream/os',\n 'content/e4s/rhel8/8.2/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.2/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.2/x86_64/baseos/os',\n 'content/e4s/rhel8/8.2/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.2/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.2/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.2/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.2/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.2/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.2/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.2/x86_64/sap/debug',\n 'content/e4s/rhel8/8.2/x86_64/sap/os',\n 'content/e4s/rhel8/8.2/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/appstream/debug',\n 'content/eus/rhel8/8.2/x86_64/appstream/os',\n 'content/eus/rhel8/8.2/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/baseos/debug',\n 'content/eus/rhel8/8.2/x86_64/baseos/os',\n 'content/eus/rhel8/8.2/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/codeready-builder/debug',\n 'content/eus/rhel8/8.2/x86_64/codeready-builder/os',\n 'content/eus/rhel8/8.2/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/highavailability/debug',\n 'content/eus/rhel8/8.2/x86_64/highavailability/os',\n 'content/eus/rhel8/8.2/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/resilientstorage/debug',\n 'content/eus/rhel8/8.2/x86_64/resilientstorage/os',\n 'content/eus/rhel8/8.2/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/sap-solutions/debug',\n 'content/eus/rhel8/8.2/x86_64/sap-solutions/os',\n 'content/eus/rhel8/8.2/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/sap/debug',\n 'content/eus/rhel8/8.2/x86_64/sap/os',\n 'content/eus/rhel8/8.2/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/supplementary/debug',\n 'content/eus/rhel8/8.2/x86_64/supplementary/os',\n 'content/eus/rhel8/8.2/x86_64/supplementary/source/SRPMS',\n 'content/tus/rhel8/8.2/x86_64/appstream/debug',\n 'content/tus/rhel8/8.2/x86_64/appstream/os',\n 'content/tus/rhel8/8.2/x86_64/appstream/source/SRPMS',\n 'content/tus/rhel8/8.2/x86_64/baseos/debug',\n 'content/tus/rhel8/8.2/x86_64/baseos/os',\n 'content/tus/rhel8/8.2/x86_64/baseos/source/SRPMS',\n 'content/tus/rhel8/8.2/x86_64/highavailability/debug',\n 'content/tus/rhel8/8.2/x86_64/highavailability/os',\n 'content/tus/rhel8/8.2/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel8/8.2/x86_64/nfv/debug',\n 'content/tus/rhel8/8.2/x86_64/nfv/os',\n 'content/tus/rhel8/8.2/x86_64/nfv/source/SRPMS',\n 'content/tus/rhel8/8.2/x86_64/rt/debug',\n 'content/tus/rhel8/8.2/x86_64/rt/os',\n 'content/tus/rhel8/8.2/x86_64/rt/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'dotnet-host-fxr-2.1-2.1.20-1.el8_2', 'sp':'2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-runtime-2.1-2.1.20-1.el8_2', 'sp':'2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-sdk-2.1-2.1.516-1.el8_2', 'sp':'2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-sdk-2.1.5xx-2.1.516-1.el8_2', 'sp':'2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n },\n {\n 'repo_relative_urls': [\n 'content/aus/rhel8/8.4/x86_64/appstream/debug',\n 'content/aus/rhel8/8.4/x86_64/appstream/os',\n 'content/aus/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/aus/rhel8/8.4/x86_64/baseos/debug',\n 'content/aus/rhel8/8.4/x86_64/baseos/os',\n 'content/aus/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.4/x86_64/appstream/os',\n 'content/e4s/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.4/x86_64/baseos/os',\n 'content/e4s/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.4/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.4/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.4/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.4/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/sap/debug',\n 'content/e4s/rhel8/8.4/x86_64/sap/os',\n 'content/e4s/rhel8/8.4/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/appstream/debug',\n 'content/eus/rhel8/8.4/x86_64/appstream/os',\n 'content/eus/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/baseos/debug',\n 'content/eus/rhel8/8.4/x86_64/baseos/os',\n 'content/eus/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/codeready-builder/debug',\n 'content/eus/rhel8/8.4/x86_64/codeready-builder/os',\n 'content/eus/rhel8/8.4/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/highavailability/debug',\n 'content/eus/rhel8/8.4/x86_64/highavailability/os',\n 'content/eus/rhel8/8.4/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/resilientstorage/debug',\n 'content/eus/rhel8/8.4/x86_64/resilientstorage/os',\n 'content/eus/rhel8/8.4/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/sap-solutions/debug',\n 'content/eus/rhel8/8.4/x86_64/sap-solutions/os',\n 'content/eus/rhel8/8.4/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/sap/debug',\n 'content/eus/rhel8/8.4/x86_64/sap/os',\n 'content/eus/rhel8/8.4/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/supplementary/debug',\n 'content/eus/rhel8/8.4/x86_64/supplementary/os',\n 'content/eus/rhel8/8.4/x86_64/supplementary/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/appstream/debug',\n 'content/tus/rhel8/8.4/x86_64/appstream/os',\n 'content/tus/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/baseos/debug',\n 'content/tus/rhel8/8.4/x86_64/baseos/os',\n 'content/tus/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/highavailability/debug',\n 'content/tus/rhel8/8.4/x86_64/highavailability/os',\n 'content/tus/rhel8/8.4/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/nfv/debug',\n 'content/tus/rhel8/8.4/x86_64/nfv/os',\n 'content/tus/rhel8/8.4/x86_64/nfv/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/rt/debug',\n 'content/tus/rhel8/8.4/x86_64/rt/os',\n 'content/tus/rhel8/8.4/x86_64/rt/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'dotnet-host-fxr-2.1-2.1.20-1.el8_2', 'sp':'4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-runtime-2.1-2.1.20-1.el8_2', 'sp':'4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-sdk-2.1-2.1.516-1.el8_2', 'sp':'4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-sdk-2.1.5xx-2.1.516-1.el8_2', 'sp':'4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n },\n {\n 'repo_relative_urls': [\n 'content/aus/rhel8/8.6/x86_64/appstream/debug',\n 'content/aus/rhel8/8.6/x86_64/appstream/os',\n 'content/aus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/aus/rhel8/8.6/x86_64/baseos/debug',\n 'content/aus/rhel8/8.6/x86_64/baseos/os',\n 'content/aus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.6/x86_64/appstream/os',\n 'content/e4s/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.6/x86_64/baseos/os',\n 'content/e4s/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/sap/debug',\n 'content/e4s/rhel8/8.6/x86_64/sap/os',\n 'content/e4s/rhel8/8.6/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/appstream/debug',\n 'content/eus/rhel8/8.6/x86_64/appstream/os',\n 'content/eus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/baseos/debug',\n 'content/eus/rhel8/8.6/x86_64/baseos/os',\n 'content/eus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/debug',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/os',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/highavailability/debug',\n 'content/eus/rhel8/8.6/x86_64/highavailability/os',\n 'content/eus/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/debug',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/os',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/debug',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/os',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/sap/debug',\n 'content/eus/rhel8/8.6/x86_64/sap/os',\n 'content/eus/rhel8/8.6/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/supplementary/debug',\n 'content/eus/rhel8/8.6/x86_64/supplementary/os',\n 'content/eus/rhel8/8.6/x86_64/supplementary/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/appstream/debug',\n 'content/tus/rhel8/8.6/x86_64/appstream/os',\n 'content/tus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/baseos/debug',\n 'content/tus/rhel8/8.6/x86_64/baseos/os',\n 'content/tus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/highavailability/debug',\n 'content/tus/rhel8/8.6/x86_64/highavailability/os',\n 'content/tus/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/rt/os',\n 'content/tus/rhel8/8.6/x86_64/rt/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'dotnet-host-fxr-2.1-2.1.20-1.el8_2', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-runtime-2.1-2.1.20-1.el8_2', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-sdk-2.1-2.1.516-1.el8_2', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-sdk-2.1.5xx-2.1.516-1.el8_2', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n },\n {\n 'repo_relative_urls': [\n 'content/dist/rhel8/8/x86_64/appstream/debug',\n 'content/dist/rhel8/8/x86_64/appstream/os',\n 'content/dist/rhel8/8/x86_64/appstream/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/baseos/debug',\n 'content/dist/rhel8/8/x86_64/baseos/os',\n 'content/dist/rhel8/8/x86_64/baseos/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/codeready-builder/debug',\n 'content/dist/rhel8/8/x86_64/codeready-builder/os',\n 'content/dist/rhel8/8/x86_64/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/highavailability/debug',\n 'content/dist/rhel8/8/x86_64/highavailability/os',\n 'content/dist/rhel8/8/x86_64/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/nfv/debug',\n 'content/dist/rhel8/8/x86_64/nfv/os',\n 'content/dist/rhel8/8/x86_64/nfv/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/resilientstorage/debug',\n 'content/dist/rhel8/8/x86_64/resilientstorage/os',\n 'content/dist/rhel8/8/x86_64/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/rt/debug',\n 'content/dist/rhel8/8/x86_64/rt/os',\n 'content/dist/rhel8/8/x86_64/rt/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/sap-solutions/debug',\n 'content/dist/rhel8/8/x86_64/sap-solutions/os',\n 'content/dist/rhel8/8/x86_64/sap-solutions/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/sap/debug',\n 'content/dist/rhel8/8/x86_64/sap/os',\n 'content/dist/rhel8/8/x86_64/sap/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/supplementary/debug',\n 'content/dist/rhel8/8/x86_64/supplementary/os',\n 'content/dist/rhel8/8/x86_64/supplementary/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'dotnet-host-fxr-2.1-2.1.20-1.el8_2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-runtime-2.1-2.1.20-1.el8_2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-sdk-2.1-2.1.516-1.el8_2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-sdk-2.1.5xx-2.1.516-1.el8_2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n var enterprise_linux_flag = rhel_repo_urls_has_content_dist_rhel(repo_urls:repo_relative_urls);\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp']) && !enterprise_linux_flag) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'dotnet-host-fxr-2.1 / dotnet-runtime-2.1 / dotnet-sdk-2.1 / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:04:34", "description": "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:2937 advisory.\n\n - dotnet: XML source markup processing remote code execution (CVE-2020-1147)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-07-15T00:00:00", "type": "nessus", "title": "RHEL 7 : .NET Core 2.1 on Red Hat Enterprise Linux (RHSA-2020:2937)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-1147"], "modified": "2023-04-25T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:7", "p-cpe:/a:redhat:enterprise_linux:rh-dotnet21", "p-cpe:/a:redhat:enterprise_linux:rh-dotnet21-dotnet", "p-cpe:/a:redhat:enterprise_linux:rh-dotnet21-dotnet-host", "p-cpe:/a:redhat:enterprise_linux:rh-dotnet21-dotnet-runtime-2.1", "p-cpe:/a:redhat:enterprise_linux:rh-dotnet21-dotnet-sdk-2.1", "p-cpe:/a:redhat:enterprise_linux:rh-dotnet21-dotnet-sdk-2.1.5xx", "p-cpe:/a:redhat:enterprise_linux:rh-dotnet21-runtime"], "id": "REDHAT-RHSA-2020-2937.NASL", "href": "https://www.tenable.com/plugins/nessus/138504", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:2937. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(138504);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/04/25\");\n\n script_cve_id(\"CVE-2020-1147\");\n script_xref(name:\"RHSA\", value:\"2020:2937\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/03\");\n script_xref(name:\"IAVA\", value:\"2020-A-0305-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0304-S\");\n\n script_name(english:\"RHEL 7 : .NET Core 2.1 on Red Hat Enterprise Linux (RHSA-2020:2937)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in\nthe RHSA-2020:2937 advisory.\n\n - dotnet: XML source markup processing remote code execution (CVE-2020-1147)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-1147\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:2937\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1856929\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-1147\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'SharePoint DataSet / DataTable Deserialization');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_cwe_id(502);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/07/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/07/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-dotnet21\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-dotnet21-dotnet\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-dotnet21-dotnet-host\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-dotnet21-dotnet-runtime-2.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-dotnet21-dotnet-sdk-2.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-dotnet21-dotnet-sdk-2.1.5xx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-dotnet21-runtime\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '7')) audit(AUDIT_OS_NOT, 'Red Hat 7.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/dotnet/1/debug',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/dotnet/1/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/dotnet/1/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/dotnet/1/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/dotnet/1/os',\n 'content/dist/rhel/server/7/7Server/x86_64/dotnet/1/source/SRPMS',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/dotnet/1/debug',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/dotnet/1/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/dotnet/1/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'rh-dotnet21-2.1-19.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rh-dotnet21'},\n {'reference':'rh-dotnet21-dotnet-2.1.516-1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rh-dotnet21'},\n {'reference':'rh-dotnet21-dotnet-host-2.1.20-1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rh-dotnet21'},\n {'reference':'rh-dotnet21-dotnet-runtime-2.1-2.1.20-1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rh-dotnet21'},\n {'reference':'rh-dotnet21-dotnet-sdk-2.1-2.1.516-1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rh-dotnet21'},\n {'reference':'rh-dotnet21-dotnet-sdk-2.1.5xx-2.1.516-1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rh-dotnet21'},\n {'reference':'rh-dotnet21-runtime-2.1-19.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rh-dotnet21'}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'rh-dotnet21 / rh-dotnet21-dotnet / rh-dotnet21-dotnet-host / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}], "kaspersky": [{"lastseen": "2023-06-06T15:24:16", "description": "### *Detect date*:\n07/14/2020\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple vulnerabilities were found in Microsoft Products (Extended Support Update). Malicious users can exploit these vulnerabilities to gain privileges, obtain sensitive information, execute arbitrary code, cause denial of service.\n\n### *Exploitation*:\nMalware exists for this vulnerability. Usually such malware is classified as Exploit. [More details](<https://threats.kaspersky.com/en/class/Exploit/>).\n\n### *Affected products*:\nWindows 10 Version 2004 for ARM64-based Systems \nWindows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) \nWindows 10 Version 1903 for 32-bit Systems \nWindows Server 2019 (Server Core installation) \nWindows 10 Version 1809 for x64-based Systems \nWindows 10 Version 1607 for x64-based Systems \nWindows Server 2012 R2 \nWindows Server 2012 \nWindows Server 2008 for x64-based Systems Service Pack 2 \nWindows 10 Version 1909 for 32-bit Systems \nWindows Server, version 2004 (Server Core installation) \nWindows 10 for x64-based Systems \nWindows Server 2016 (Server Core installation) \nWindows 8.1 for x64-based systems \nWindows Server 2012 (Server Core installation) \nWindows 10 Version 1709 for x64-based Systems \nWindows 7 for 32-bit Systems Service Pack 1 \nWindows 10 Version 1709 for ARM64-based Systems \nWindows 8.1 for 32-bit systems \nWindows 10 Version 1607 for 32-bit Systems \nWindows Server 2016 \nWindows 10 Version 1903 for ARM64-based Systems \nWindows 10 Version 1803 for 32-bit Systems \nWindows 7 for x64-based Systems Service Pack 1 \nWindows 10 Version 1909 for x64-based Systems \nWindows 10 Version 1903 for x64-based Systems \nInternet Explorer 11 \nWindows 10 Version 1909 for ARM64-based Systems \nWindows Server 2008 for 32-bit Systems Service Pack 2 \nWindows 10 Version 2004 for 32-bit Systems \nWindows 10 Version 1809 for 32-bit Systems \nWindows Server, version 1903 (Server Core installation) \nWindows 10 Version 1803 for x64-based Systems \nMicrosoft Office 2019 for Mac \nWindows RT 8.1 \nWindows 10 Version 2004 for x64-based Systems \nWindows Server 2008 R2 for x64-based Systems Service Pack 1 \nMicrosoft Office 2016 for Mac \nWindows Server 2019 \nInternet Explorer 9 \nWindows 10 Version 1803 for ARM64-based Systems \nWindows Server, version 1909 (Server Core installation) \nWindows 10 Version 1809 for ARM64-based Systems \nWindows Server 2012 R2 (Server Core installation) \nWindows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) \nWindows 10 for 32-bit Systems \nWindows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) \nWindows 10 Version 1709 for 32-bit Systems\n\n### *Solution*:\nInstall necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)\n\n### *Original advisories*:\n[CVE-2020-1333](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1333>) \n[CVE-2020-1384](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1384>) \n[CVE-2020-1346](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1346>) \n[CVE-2020-1389](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1389>) \n[CVE-2020-1032](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1032>) \n[CVE-2020-1036](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1036>) \n[CVE-2020-1360](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1360>) \n[CVE-2020-1267](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1267>) \n[CVE-2020-1365](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1365>) \n[CVE-2020-1354](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1354>) \n[CVE-2020-1419](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1419>) \n[CVE-2020-1438](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1438>) \n[CVE-2020-1435](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1435>) \n[CVE-2020-1412](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1412>) \n[CVE-2020-1437](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1437>) \n[CVE-2020-1436](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1436>) \n[CVE-2020-1430](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1430>) \n[CVE-2020-1428](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1428>) \n[CVE-2020-1396](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1396>) \n[CVE-2020-1397](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1397>) \n[CVE-2020-1390](<https://nvd.nist.gov/vuln/detail/CVE-2020-1390>) \n[CVE-2020-1359](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1359>) \n[CVE-2020-1371](<https://nvd.nist.gov/vuln/detail/CVE-2020-1371>) \n[CVE-2020-1350](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1350>) \n[CVE-2020-1351](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1351>) \n[CVE-2020-1040](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1040>) \n[CVE-2020-1041](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1041>) \n[CVE-2020-1042](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1042>) \n[CVE-2020-1043](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1043>) \n[CVE-2020-1373](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1373>) \n[CVE-2020-1410](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1410>) \n[CVE-2020-1374](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1374>) \n[CVE-2020-1085](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1085>) \n[CVE-2020-1407](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1407>) \n[CVE-2020-1400](<https://nvd.nist.gov/vuln/detail/CVE-2020-1400>) \n[CVE-2020-1401](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1401>) \n[CVE-2020-1402](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1402>) \n[CVE-2020-1403](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1403>) \n[CVE-2020-1427](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1427>) \n[CVE-2020-1468](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1468>) \n[CVE-2020-1408](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1408>) \n[CVE-2020-1409](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1409>) \n[CVE-2020-1421](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1421>) \n[ADV200008](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/ADV200008>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Microsoft Internet Explorer](<https://threats.kaspersky.com/en/product/Microsoft-Internet-Explorer/>)\n\n### *CVE-IDS*:\n[CVE-2020-1403](<https://vulners.com/cve/CVE-2020-1403>)7.6Critical \n[CVE-2020-1333](<https://vulners.com/cve/CVE-2020-1333>)3.7Warning \n[CVE-2020-1384](<https://vulners.com/cve/CVE-2020-1384>)4.6Warning \n[CVE-2020-1346](<https://vulners.com/cve/CVE-2020-1346>)4.6Warning \n[CVE-2020-1389](<https://vulners.com/cve/CVE-2020-1389>)2.1Warning \n[CVE-2020-1032](<https://vulners.com/cve/CVE-2020-1032>)7.7Critical \n[CVE-2020-1036](<https://vulners.com/cve/CVE-2020-1036>)7.7Critical \n[CVE-2020-1360](<https://vulners.com/cve/CVE-2020-1360>)4.6Warning \n[CVE-2020-1267](<https://vulners.com/cve/CVE-2020-1267>)4.0Warning \n[CVE-2020-1365](<https://vulners.com/cve/CVE-2020-1365>)4.6Warning \n[CVE-2020-1354](<https://vulners.com/cve/CVE-2020-1354>)4.6Warning \n[CVE-2020-1419](<https://vulners.com/cve/CVE-2020-1419>)2.1Warning \n[CVE-2020-1438](<https://vulners.com/cve/CVE-2020-1438>)4.6Warning \n[CVE-2020-1435](<https://vulners.com/cve/CVE-2020-1435>)9.3Critical \n[CVE-2020-1412](<https://vulners.com/cve/CVE-2020-1412>)9.3Critical \n[CVE-2020-1437](<https://vulners.com/cve/CVE-2020-1437>)4.6Warning \n[CVE-2020-1436](<https://vulners.com/cve/CVE-2020-1436>)6.8High \n[CVE-2020-1430](<https://vulners.com/cve/CVE-2020-1430>)4.6Warning \n[CVE-2020-1428](<https://vulners.com/cve/CVE-2020-1428>)4.6Warning \n[CVE-2020-1396](<https://vulners.com/cve/CVE-2020-1396>)4.6Warning \n[CVE-2020-1397](<https://vulners.com/cve/CVE-2020-1397>)4.3Warning \n[CVE-2020-1390](<https://vulners.com/cve/CVE-2020-1390>)4.6Warning \n[CVE-2020-1359](<https://vulners.com/cve/CVE-2020-1359>)4.6Warning \n[CVE-2020-1371](<https://vulners.com/cve/CVE-2020-1371>)4.6Warning \n[CVE-2020-1351](<https://vulners.com/cve/CVE-2020-1351>)2.1Warning \n[CVE-2020-1040](<https://vulners.com/cve/CVE-2020-1040>)7.7Critical \n[CVE-2020-1041](<https://vulners.com/cve/CVE-2020-1041>)7.7Critical \n[CVE-2020-1042](<https://vulners.com/cve/CVE-2020-1042>)7.7Critical \n[CVE-2020-1043](<https://vulners.com/cve/CVE-2020-1043>)7.7Critical \n[CVE-2020-1373](<https://vulners.com/cve/CVE-2020-1373>)4.6Warning \n[CVE-2020-1410](<https://vulners.com/cve/CVE-2020-1410>)9.3Critical \n[CVE-2020-1374](<https://vulners.com/cve/CVE-2020-1374>)5.1High \n[CVE-2020-1085](<https://vulners.com/cve/CVE-2020-1085>)4.6Warning \n[CVE-2020-1407](<https://vulners.com/cve/CVE-2020-1407>)9.3Critical \n[CVE-2020-1400](<https://vulners.com/cve/CVE-2020-1400>)9.3Critical \n[CVE-2020-1401](<https://vulners.com/cve/CVE-2020-1401>)9.3Critical \n[CVE-2020-1402](<https://vulners.com/cve/CVE-2020-1402>)7.2High \n[CVE-2020-1427](<https://vulners.com/cve/CVE-2020-1427>)4.6Warning \n[CVE-2020-1468](<https://vulners.com/cve/CVE-2020-1468>)4.3Warning \n[CVE-2020-1408](<https://vulners.com/cve/CVE-2020-1408>)9.3Critical \n[CVE-2020-1409](<https://vulners.com/cve/CVE-2020-1409>)9.3Critical \n[CVE-2020-1421](<https://vulners.com/cve/CVE-2020-1421>)9.3Critical\n\n### *KB list*:\n[4565524](<http://support.microsoft.com/kb/4565524>) \n[4565479](<http://support.microsoft.com/kb/4565479>) \n[4565529](<http://support.microsoft.com/kb/4565529>) \n[4565539](<http://support.microsoft.com/kb/4565539>) \n[4565353](<http://support.microsoft.com/kb/4565353>) \n[4565354](<http://support.microsoft.com/kb/4565354>) \n[4565536](<http://support.microsoft.com/kb/4565536>)\n\n### *Microsoft official advisories*:", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2020-07-14T00:00:00", "type": "kaspersky", "title": "KLA11863 Multiple vulnerabilities in Microsoft Products (ESU)", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1032", "CVE-2020-1036", "CVE-2020-1040", "CVE-2020-1041", "CVE-2020-1042", "CVE-2020-1043", "CVE-2020-1085", "CVE-2020-1267", "CVE-2020-1333", "CVE-2020-1346", "CVE-2020-1350", "CVE-2020-1351", "CVE-2020-1354", "CVE-2020-1359", "CVE-2020-1360", "CVE-2020-1365", "CVE-2020-1371", "CVE-2020-1373", "CVE-2020-1374", "CVE-2020-1384", "CVE-2020-1389", "CVE-2020-1390", "CVE-2020-1396", "CVE-2020-1397", "CVE-2020-1400", "CVE-2020-1401", "CVE-2020-1402", "CVE-2020-1403", "CVE-2020-1407", "CVE-2020-1408", "CVE-2020-1409", "CVE-2020-1410", "CVE-2020-1412", "CVE-2020-1419", "CVE-2020-1421", "CVE-2020-1427", "CVE-2020-1428", "CVE-2020-1430", "CVE-2020-1435", "CVE-2020-1436", "CVE-2020-1437", "CVE-2020-1438", "CVE-2020-1468"], "modified": "2020-07-22T00:00:00", "id": "KLA11863", "href": "https://threats.kaspersky.com/en/vulnerability/KLA11863/", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-06-06T15:24:15", "description": "### *Detect date*:\n07/14/2020\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to gain privileges, obtain sensitive information, execute arbitrary code, cause denial of service.\n\n### *Exploitation*:\nMalware exists for this vulnerability. Usually such malware is classified as Exploit. [More details](<https://threats.kaspersky.com/en/class/Exploit/>).\n\n### *Affected products*:\nWindows 10 Version 2004 for ARM64-based Systems \nWindows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) \nWindows 10 Version 1903 for 32-bit Systems \nWindows Server 2019 (Server Core installation) \nWindows 10 Version 1809 for x64-based Systems \nWindows 10 Version 1607 for x64-based Systems \nWindows Server 2012 R2 \nWindows Server 2012 \nWindows Server 2008 for x64-based Systems Service Pack 2 \nWindows 10 Version 1909 for 32-bit Systems \nWindows Server, version 2004 (Server Core installation) \nWindows 10 for x64-based Systems \nWindows Server 2016 (Server Core installation) \nWindows 8.1 for x64-based systems \nWindows Server 2012 (Server Core installation) \nWindows 10 Version 1709 for x64-based Systems \nWindows 7 for 32-bit Systems Service Pack 1 \nWindows 10 Version 1709 for ARM64-based Systems \nWindows 8.1 for 32-bit systems \nWindows 10 Version 1607 for 32-bit Systems \nWindows Server 2016 \nWindows 10 Version 1903 for ARM64-based Systems \nWindows 10 Version 1803 for 32-bit Systems \nWindows 7 for x64-based Systems Service Pack 1 \nWindows 10 Version 1909 for x64-based Systems \nWindows 10 Version 1903 for x64-based Systems \nWindows 10 Version 1909 for ARM64-based Systems \nWindows Server 2008 for 32-bit Systems Service Pack 2 \nWindows 10 Version 2004 for 32-bit Systems \nWindows 10 Version 1809 for 32-bit Systems \nWindows Server, version 1903 (Server Core installation) \nWindows 10 Version 1803 for x64-based Systems \nWindows RT 8.1 \nWindows 10 Version 2004 for x64-based Systems \nWindows Server 2008 R2 for x64-based Systems Service Pack 1 \nWindows Server 2019 \nWindows 10 Version 1803 for ARM64-based Systems \nWindows Server, version 1909 (Server Core installation) \nWindows 10 Version 1809 for ARM64-based Systems \nWindows Server 2012 R2 (Server Core installation) \nWindows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) \nWindows 10 for 32-bit Systems \nWindows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) \nWindows 10 Version 1709 for 32-bit Systems\n\n### *Solution*:\nInstall necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)\n\n### *Original advisories*:\n[CVE-2020-1347](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1347>) \n[CVE-2020-1346](<https://nvd.nist.gov/vuln/detail/CVE-2020-1346>) \n[CVE-2020-1344](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1344>) \n[CVE-2020-1267](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1267>) \n[CVE-2020-1419](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1419>) \n[CVE-2020-1418](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1418>) \n[CVE-2020-1413](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1413>) \n[CVE-2020-1412](<https://nvd.nist.gov/vuln/detail/CVE-2020-1412>) \n[CVE-2020-1411](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1411>) \n[CVE-2020-1410](<https://nvd.nist.gov/vuln/detail/CVE-2020-1410>) \n[CVE-2020-1415](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1415>) \n[CVE-2020-1414](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1414>) \n[CVE-2020-1358](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1358>) \n[CVE-2020-1359](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1359>) \n[CVE-2020-1350](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1350>) \n[CVE-2020-1351](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1351>) \n[CVE-2020-1352](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1352>) \n[CVE-2020-1353](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1353>) \n[CVE-2020-1354](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1354>) \n[CVE-2020-1355](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1355>) \n[CVE-2020-1356](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1356>) \n[CVE-2020-1357](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1357>) \n[CVE-2020-1085](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1085>) \n[CVE-2020-1404](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1404>) \n[CVE-2020-1405](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1405>) \n[CVE-2020-1406](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1406>) \n[CVE-2020-1407](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1407>) \n[CVE-2020-1400](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1400>) \n[CVE-2020-1401](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1401>) \n[CVE-2020-1402](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1402>) \n[CVE-2020-1408](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1408>) \n[CVE-2020-1409](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1409>) \n[CVE-2020-1336](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1336>) \n[CVE-2020-1333](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1333>) \n[CVE-2020-1330](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1330>) \n[CVE-2020-1463](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1463>) \n[CVE-2020-1468](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1468>) \n[CVE-2020-1382](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1382>) \n[CVE-2020-1381](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1381>) \n[CVE-2020-1387](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1387>) \n[CVE-2020-1386](<https://nvd.nist.gov/vuln/detail/CVE-2020-1386>) \n[CVE-2020-1385](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1385>) \n[CVE-2020-1384](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1384>) \n[CVE-2020-1389](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1389>) \n[CVE-2020-1388](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1388>) \n[CVE-2020-1398](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1398>) \n[CVE-2020-1399](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1399>) \n[CVE-2020-1394](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1394>) \n[CVE-2020-1395](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1395>) \n[CVE-2020-1396](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1396>) \n[CVE-2020-1397](<https://nvd.nist.gov/vuln/detail/CVE-2020-1397>) \n[CVE-2020-1390](<https://nvd.nist.gov/vuln/detail/CVE-2020-1390>) \n[CVE-2020-1391](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1391>) \n[CVE-2020-1392](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1392>) \n[CVE-2020-1393](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1393>) \n[CVE-2020-1040](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1040>) \n[CVE-2020-1041](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1041>) \n[CVE-2020-1042](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1042>) \n[CVE-2020-1043](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1043>) \n[CVE-2020-1032](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1032>) \n[CVE-2020-1036](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1036>) \n[CVE-2020-1361](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1361>) \n[CVE-2020-1360](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1360>) \n[CVE-2020-1363](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1363>) \n[CVE-2020-1362](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1362>) \n[CVE-2020-1365](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1365>) \n[CVE-2020-1364](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1364>) \n[CVE-2020-1367](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1367>) \n[CVE-2020-1366](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1366>) \n[CVE-2020-1369](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1369>) \n[CVE-2020-1368](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1368>) \n[CVE-2020-1438](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1438>) \n[CVE-2020-1435](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1435>) \n[CVE-2020-1434](<https://nvd.nist.gov/vuln/detail/CVE-2020-1434>) \n[CVE-2020-1437](<https://nvd.nist.gov/vuln/detail/CVE-2020-1437>) \n[CVE-2020-1436](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1436>) \n[CVE-2020-1431](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1431>) \n[CVE-2020-1430](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1430>) \n[CVE-2020-1372](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1372>) \n[CVE-2020-1373](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1373>) \n[CVE-2020-1370](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1370>) \n[CVE-2020-1371](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1371>) \n[CVE-2020-1374](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1374>) \n[CVE-2020-1375](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1375>) \n[CVE-2020-1249](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1249>) \n[CVE-2020-1428](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1428>) \n[CVE-2020-1429](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1429>) \n[CVE-2020-1426](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1426>) \n[CVE-2020-1427](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1427>) \n[CVE-2020-1424](<https://nvd.nist.gov/vuln/detail/CVE-2020-1424>) \n[CVE-2020-1422](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1422>) \n[CVE-2020-1423](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1423>) \n[CVE-2020-1420](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1420>) \n[CVE-2020-1421](<https://nvd.nist.gov/vuln/detail/CVE-2020-1421>) \n[ADV200008](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200008>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Microsoft Windows](<https://threats.kaspersky.com/en/product/Microsoft-Windows/>)\n\n### *CVE-IDS*:\n[CVE-2020-1393](<https://vulners.com/cve/CVE-2020-1393>)4.6Warning \n[CVE-2020-1333](<https://vulners.com/cve/CVE-2020-1333>)3.7Warning \n[CVE-2020-1384](<https://vulners.com/cve/CVE-2020-1384>)4.6Warning \n[CVE-2020-1346](<https://vulners.com/cve/CVE-2020-1346>)4.6Warning \n[CVE-2020-1389](<https://vulners.com/cve/CVE-2020-1389>)2.1Warning \n[CVE-2020-1032](<https://vulners.com/cve/CVE-2020-1032>)7.7Critical \n[CVE-2020-1036](<https://vulners.com/cve/CVE-2020-1036>)7.7Critical \n[CVE-2020-1360](<https://vulners.com/cve/CVE-2020-1360>)4.6Warning \n[CVE-2020-1267](<https://vulners.com/cve/CVE-2020-1267>)4.0Warning \n[CVE-2020-1365](<https://vulners.com/cve/CVE-2020-1365>)4.6Warning \n[CVE-2020-1354](<https://vulners.com/cve/CVE-2020-1354>)4.6Warning \n[CVE-2020-1419](<https://vulners.com/cve/CVE-2020-1419>)2.1Warning \n[CVE-2020-1438](<https://vulners.com/cve/CVE-2020-1438>)4.6Warning \n[CVE-2020-1435](<https://vulners.com/cve/CVE-2020-1435>)9.3Critical \n[CVE-2020-1412](<https://vulners.com/cve/CVE-2020-1412>)9.3Critical \n[CVE-2020-1437](<https://vulners.com/cve/CVE-2020-1437>)4.6Warning \n[CVE-2020-1436](<https://vulners.com/cve/CVE-2020-1436>)6.8High \n[CVE-2020-1430](<https://vulners.com/cve/CVE-2020-1430>)4.6Warning \n[CVE-2020-1428](<https://vulners.com/cve/CVE-2020-1428>)4.6Warning \n[CVE-2020-1396](<https://vulners.com/cve/CVE-2020-1396>)4.6Warning \n[CVE-2020-1397](<https://vulners.com/cve/CVE-2020-1397>)4.3Warning \n[CVE-2020-1390](<https://vulners.com/cve/CVE-2020-1390>)4.6Warning \n[CVE-2020-1359](<https://vulners.com/cve/CVE-2020-1359>)4.6Warning \n[CVE-2020-1371](<https://vulners.com/cve/CVE-2020-1371>)4.6Warning \n[CVE-2020-1351](<https://vulners.com/cve/CVE-2020-1351>)2.1Warning \n[CVE-2020-1040](<https://vulners.com/cve/CVE-2020-1040>)7.7Critical \n[CVE-2020-1041](<https://vulners.com/cve/CVE-2020-1041>)7.7Critical \n[CVE-2020-1042](<https://vulners.com/cve/CVE-2020-1042>)7.7Critical \n[CVE-2020-1043](<https://vulners.com/cve/CVE-2020-1043>)7.7Critical \n[CVE-2020-1373](<https://vulners.com/cve/CVE-2020-1373>)4.6Warning \n[CVE-2020-1410](<https://vulners.com/cve/CVE-2020-1410>)9.3Critical \n[CVE-2020-1374](<https://vulners.com/cve/CVE-2020-1374>)5.1High \n[CVE-2020-1085](<https://vulners.com/cve/CVE-2020-1085>)4.6Warning \n[CVE-2020-1407](<https://vulners.com/cve/CVE-2020-1407>)9.3Critical \n[CVE-2020-1400](<https://vulners.com/cve/CVE-2020-1400>)9.3Critical \n[CVE-2020-1401](<https://vulners.com/cve/CVE-2020-1401>)9.3Critical \n[CVE-2020-1402](<https://vulners.com/cve/CVE-2020-1402>)7.2High \n[CVE-2020-1427](<https://vulners.com/cve/CVE-2020-1427>)4.6Warning \n[CVE-2020-1468](<https://vulners.com/cve/CVE-2020-1468>)4.3Warning \n[CVE-2020-1408](<https://vulners.com/cve/CVE-2020-1408>)9.3Critical \n[CVE-2020-1409](<https://vulners.com/cve/CVE-2020-1409>)9.3Critical \n[CVE-2020-1421](<https://vulners.com/cve/CVE-2020-1421>)9.3Critical \n[CVE-2020-1347](<https://vulners.com/cve/CVE-2020-1347>)4.6Warning \n[CVE-2020-1344](<https://vulners.com/cve/CVE-2020-1344>)4.6Warning \n[CVE-2020-1418](<https://vulners.com/cve/CVE-2020-1418>)7.2High \n[CVE-2020-1413](<https://vulners.com/cve/CVE-2020-1413>)4.6Warning \n[CVE-2020-1411](<https://vulners.com/cve/CVE-2020-1411>)7.2High \n[CVE-2020-1415](<https://vulners.com/cve/CVE-2020-1415>)4.6Warning \n[CVE-2020-1414](<https://vulners.com/cve/CVE-2020-1414>)4.6Warning \n[CVE-2020-1358](<https://vulners.com/cve/CVE-2020-1358>)2.1Warning \n[CVE-2020-1352](<https://vulners.com/cve/CVE-2020-1352>)4.6Warning \n[CVE-2020-1353](<https://vulners.com/cve/CVE-2020-1353>)4.6Warning \n[CVE-2020-1355](<https://vulners.com/cve/CVE-2020-1355>)4.6Warning \n[CVE-2020-1356](<https://vulners.com/cve/CVE-2020-1356>)4.6Warning \n[CVE-2020-1357](<https://vulners.com/cve/CVE-2020-1357>)4.6Warning \n[CVE-2020-1404](<https://vulners.com/cve/CVE-2020-1404>)4.6Warning \n[CVE-2020-1405](<https://vulners.com/cve/CVE-2020-1405>)3.6Warning \n[CVE-2020-1406](<https://vulners.com/cve/CVE-2020-1406>)7.2High \n[CVE-2020-1336](<https://vulners.com/cve/CVE-2020-1336>)4.6Warning \n[CVE-2020-1330](<https://vulners.com/cve/CVE-2020-1330>)2.1Warning \n[CVE-2020-1463](<https://vulners.com/cve/CVE-2020-1463>)4.6Warning \n[CVE-2020-1382](<https://vulners.com/cve/CVE-2020-1382>)4.6Warning \n[CVE-2020-1381](<https://vulners.com/cve/CVE-2020-1381>)4.6Warning \n[CVE-2020-1387](<https://vulners.com/cve/CVE-2020-1387>)4.6Warning \n[CVE-2020-1386](<https://vulners.com/cve/CVE-2020-1386>)2.1Warning \n[CVE-2020-1385](<https://vulners.com/cve/CVE-2020-1385>)4.6Warning \n[CVE-2020-1388](<https://vulners.com/cve/CVE-2020-1388>)4.6Warning \n[CVE-2020-1398](<https://vulners.com/cve/CVE-2020-1398>)4.6Warning \n[CVE-2020-1399](<https://vulners.com/cve/CVE-2020-1399>)4.6Warning \n[CVE-2020-1394](<https://vulners.com/cve/CVE-2020-1394>)4.6Warning \n[CVE-2020-1395](<https://vulners.com/cve/CVE-2020-1395>)4.6Warning \n[CVE-2020-1391](<https://vulners.com/cve/CVE-2020-1391>)2.1Warning \n[CVE-2020-1392](<https://vulners.com/cve/CVE-2020-1392>)4.6Warning \n[CVE-2020-1361](<https://vulners.com/cve/CVE-2020-1361>)2.1Warning \n[CVE-2020-1363](<https://vulners.com/cve/CVE-2020-1363>)4.6Warning \n[CVE-2020-1362](<https://vulners.com/cve/CVE-2020-1362>)4.6Warning \n[CVE-2020-1364](<https://vulners.com/cve/CVE-2020-1364>)3.6Warning \n[CVE-2020-1367](<https://vulners.com/cve/CVE-2020-1367>)2.1Warning \n[CVE-2020-1366](<https://vulners.com/cve/CVE-2020-1366>)4.6Warning \n[CVE-2020-1369](<https://vulners.com/cve/CVE-2020-1369>)4.6Warning \n[CVE-2020-1368](<https://vulners.com/cve/CVE-2020-1368>)4.6Warning \n[CVE-2020-1434](<https://vulners.com/cve/CVE-2020-1434>)4.6Warning \n[CVE-2020-1431](<https://vulners.com/cve/CVE-2020-1431>)4.6Warning \n[CVE-2020-1372](<https://vulners.com/cve/CVE-2020-1372>)4.6Warning \n[CVE-2020-1370](<https://vulners.com/cve/CVE-2020-1370>)4.6Warning \n[CVE-2020-1375](<https://vulners.com/cve/CVE-2020-1375>)4.6Warning \n[CVE-2020-1249](<https://vulners.com/cve/CVE-2020-1249>)4.6Warning \n[CVE-2020-1429](<https://vulners.com/cve/CVE-2020-1429>)7.2High \n[CVE-2020-1426](<https://vulners.com/cve/CVE-2020-1426>)2.1Warning \n[CVE-2020-1424](<https://vulners.com/cve/CVE-2020-1424>)7.2High \n[CVE-2020-1422](<https://vulners.com/cve/CVE-2020-1422>)4.6Warning \n[CVE-2020-1423](<https://vulners.com/cve/CVE-2020-1423>)4.6Warning \n[CVE-2020-1420](<https://vulners.com/cve/CVE-2020-1420>)2.1Warning\n\n### *KB list*:\n[4565541](<http://support.microsoft.com/kb/4565541>) \n[4558998](<http://support.microsoft.com/kb/4558998>) \n[4565489](<http://support.microsoft.com/kb/4565489>) \n[4565483](<http://support.microsoft.com/kb/4565483>) \n[4565508](<http://support.microsoft.com/kb/4565508>) \n[4565511](<http://support.microsoft.com/kb/4565511>) \n[4565513](<http://support.microsoft.com/kb/4565513>) \n[4565537](<http://support.microsoft.com/kb/4565537>) \n[4565503](<http://support.microsoft.com/kb/4565503>) \n[4565540](<http://support.microsoft.com/kb/4565540>) \n[4565554](<http://support.microsoft.com/kb/4565554>) \n[4565553](<http://support.microsoft.com/kb/4565553>) \n[4566425](<http://support.microsoft.com/kb/4566425>) \n[4558997](<http://support.microsoft.com/kb/4558997>) \n[4565911](<http://support.microsoft.com/kb/4565911>) \n[4565912](<http://support.microsoft.com/kb/4565912>) \n[4566785](<http://support.microsoft.com/kb/4566785>) \n[4566426](<http://support.microsoft.com/kb/4566426>) \n[4565535](<http://support.microsoft.com/kb/4565535>) \n[4565552](<http://support.microsoft.com/kb/4565552>) \n[4571692](<http://support.microsoft.com/kb/4571692>) \n[4571694](<http://support.microsoft.com/kb/4571694>)\n\n### *Microsoft official advisories*:", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2020-07-14T00:00:00", "type": "kaspersky", "title": "KLA11865 Multiple vulnerabilities in Microsoft Windows", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1032", "CVE-2020-1036", "CVE-2020-1040", "CVE-2020-1041", "CVE-2020-1042", "CVE-2020-1043", "CVE-2020-1085", "CVE-2020-1249", "CVE-2020-1267", "CVE-2020-1330", "CVE-2020-1333", "CVE-2020-1336", "CVE-2020-1344", "CVE-2020-1346", "CVE-2020-1347", "CVE-2020-1350", "CVE-2020-1351", "CVE-2020-1352", "CVE-2020-1353", "CVE-2020-1354", "CVE-2020-1355", "CVE-2020-1356", "CVE-2020-1357", "CVE-2020-1358", "CVE-2020-1359", "CVE-2020-1360", "CVE-2020-1361", "CVE-2020-1362", "CVE-2020-1363", "CVE-2020-1364", "CVE-2020-1365", "CVE-2020-1366", "CVE-2020-1367", "CVE-2020-1368", "CVE-2020-1369", "CVE-2020-1370", "CVE-2020-1371", "CVE-2020-1372", "CVE-2020-1373", "CVE-2020-1374", "CVE-2020-1375", "CVE-2020-1381", "CVE-2020-1382", "CVE-2020-1384", "CVE-2020-1385", "CVE-2020-1386", "CVE-2020-1387", "CVE-2020-1388", "CVE-2020-1389", "CVE-2020-1390", "CVE-2020-1391", "CVE-2020-1392", "CVE-2020-1393", "CVE-2020-1394", "CVE-2020-1395", "CVE-2020-1396", "CVE-2020-1397", "CVE-2020-1398", "CVE-2020-1399", "CVE-2020-1400", "CVE-2020-1401", "CVE-2020-1402", "CVE-2020-1404", "CVE-2020-1405", "CVE-2020-1406", "CVE-2020-1407", "CVE-2020-1408", "CVE-2020-1409", "CVE-2020-1410", "CVE-2020-1411", "CVE-2020-1412", "CVE-2020-1413", "CVE-2020-1414", "CVE-2020-1415", "CVE-2020-1418", "CVE-2020-1419", "CVE-2020-1420", "CVE-2020-1421", "CVE-2020-1422", "CVE-2020-1423", "CVE-2020-1424", "CVE-2020-1426", "CVE-2020-1427", "CVE-2020-1428", "CVE-2020-1429", "CVE-2020-1430", "CVE-2020-1431", "CVE-2020-1434", "CVE-2020-1435", "CVE-2020-1436", "CVE-2020-1437", "CVE-2020-1438", "CVE-2020-1463", "CVE-2020-1468"], "modified": "2020-09-10T00:00:00", "id": "KLA11865", "href": "https://threats.kaspersky.com/en/vulnerability/KLA11865/", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-06-06T15:24:19", "description": "### *Detect date*:\n07/14/2020\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple vulnerabilities were found in Microsoft Browser. Malicious users can exploit these vulnerabilities to obtain sensitive information, execute arbitrary code.\n\n### *Exploitation*:\nMalware exists for this vulnerability. Usually such malware is classified as Exploit. [More details](<https://threats.kaspersky.com/en/class/Exploit/>).\n\n### *Affected products*:\nInternet Explorer 9 \nInternet Explorer 11 \nMicrosoft Edge (EdgeHTML-based)\n\n### *Solution*:\nInstall necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)\n\n### *Original advisories*:\n[CVE-2020-1462](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1462>) \n[CVE-2020-1432](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1432>) \n[CVE-2020-1433](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1433>) \n[CVE-2020-1403](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1403>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Microsoft Internet Explorer](<https://threats.kaspersky.com/en/product/Microsoft-Internet-Explorer/>)\n\n### *CVE-IDS*:\n[CVE-2020-1462](<https://vulners.com/cve/CVE-2020-1462>)4.3Warning \n[CVE-2020-1432](<https://vulners.com/cve/CVE-2020-1432>)4.3Warning \n[CVE-2020-1433](<https://vulners.com/cve/CVE-2020-1433>)4.3Warning \n[CVE-2020-1403](<https://vulners.com/cve/CVE-2020-1403>)7.6Critical\n\n### *KB list*:\n[4565541](<http://support.microsoft.com/kb/4565541>) \n[4565524](<http://support.microsoft.com/kb/4565524>) \n[4558998](<http://support.microsoft.com/kb/4558998>) \n[4565489](<http://support.microsoft.com/kb/4565489>) \n[4565479](<http://support.microsoft.com/kb/4565479>) \n[4565483](<http://support.microsoft.com/kb/4565483>) \n[4565508](<http://support.microsoft.com/kb/4565508>) \n[4565511](<http://support.microsoft.com/kb/4565511>) \n[4565513](<http://support.microsoft.com/kb/4565513>) \n[4565537](<http://support.microsoft.com/kb/4565537>) \n[4565503](<http://support.microsoft.com/kb/4565503>)\n\n### *Microsoft official advisories*:", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-07-14T00:00:00", "type": "kaspersky", "title": "KLA11858 Multiple vulnerabilities in Microsoft Browser", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1403", "CVE-2020-1432", "CVE-2020-1433", "CVE-2020-1462"], "modified": "2020-07-22T00:00:00", "id": "KLA11858", "href": "https://threats.kaspersky.com/en/vulnerability/KLA11858/", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-06-06T15:24:19", "description": "### *Detect date*:\n07/14/2020\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple vulnerabilities were found in Microsoft Developer Tools. Malicious users can exploit these vulnerabilities to gain privileges, execute arbitrary code, spoof user interface.\n\n### *Exploitation*:\nMalware exists for this vulnerability. Usually such malware is classified as Exploit. [More details](<https://threats.kaspersky.com/en/class/Exploit/>).\n\n### *Affected products*:\nMicrosoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8) \nMicrosoft .NET Framework 3.0 Service Pack 2 \nAzure Storage Explorer \nMicrosoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 \nMicrosoft .NET Framework 4.8 \nMicrosoft .NET Framework 3.5.1 \nMicrosoft SharePoint Server 2019 \nMicrosoft .NET Framework 3.5 \nAzure DevOps Server 2019.0.1 \nMicrosoft Visual Studio Code ESLint extension \nMicrosoft Visual Studio 2019 version 16.0 \nMicrosoft .NET Framework 3.5 AND 4.7.1/4.7.2 \nMicrosoft .NET Framework 3.5 AND 4.6/4.6.1/4.6.2 \nMicrosoft SharePoint Enterprise Server 2016 \nAzure DevOps Server 2019 Update 1 \nMicrosoft .NET Framework 2.0 Service Pack 2 \nMicrosoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3) \nMicrosoft .NET Framework 3.5 AND 4.7.2 \n.NET Core 2.1 \nVisual Studio Code \nMicrosoft .NET Framework 4.5.2 \nTypeScript \nMicrosoft Visual Studio 2019 version 16.6 (includes 16.0 - 16.5) \nAzure DevOps Server 2019 Update 1.1 \nMicrosoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 \nMicrosoft .NET Framework 4.6 \nMicrosoft .NET Framework 3.5 AND 4.8 \nMicrosoft SharePoint Server 2010 Service Pack 2 \nMicrosoft Visual Studio 2015 Update 3 \nMicrosoft SharePoint Enterprise Server 2013 Service Pack 1 \n.NET Core 3.1\n\n### *Solution*:\nInstall necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)\n\n### *Original advisories*:\n[CVE-2020-1393](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1393>) \n[CVE-2020-1147](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1147>) \n[CVE-2020-1326](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1326>) \n[CVE-2020-1416](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1416>) \n[CVE-2020-1481](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1481>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Microsoft .NET Framework](<https://threats.kaspersky.com/en/product/Microsoft-.NET-Framework/>)\n\n### *CVE-IDS*:\n[CVE-2020-1393](<https://vulners.com/cve/CVE-2020-1393>)4.6Warning \n[CVE-2020-1147](<https://vulners.com/cve/CVE-2020-1147>)6.8High \n[CVE-2020-1326](<https://vulners.com/cve/CVE-2020-1326>)3.5Warning \n[CVE-2020-1416](<https://vulners.com/cve/CVE-2020-1416>)9.3Critical \n[CVE-2020-1481](<https://vulners.com/cve/CVE-2020-1481>)9.3Critical\n\n### *KB list*:\n[4566468](<http://support.microsoft.com/kb/4566468>) \n[4566469](<http://support.microsoft.com/kb/4566469>) \n[4566466](<http://support.microsoft.com/kb/4566466>) \n[4566467](<http://support.microsoft.com/kb/4566467>) \n[4567703](<http://support.microsoft.com/kb/4567703>) \n[4579980](<http://support.microsoft.com/kb/4579980>) \n[4578974](<http://support.microsoft.com/kb/4578974>) \n[4578972](<http://support.microsoft.com/kb/4578972>) \n[4578971](<http://support.microsoft.com/kb/4578971>) \n[4579977](<http://support.microsoft.com/kb/4579977>) \n[4579978](<http://support.microsoft.com/kb/4579978>) \n[4579979](<http://support.microsoft.com/kb/4579979>) \n[4578968](<http://support.microsoft.com/kb/4578968>) \n[4578969](<http://support.microsoft.com/kb/4578969>) \n[4580328](<http://support.microsoft.com/kb/4580328>) \n[4579976](<http://support.microsoft.com/kb/4579976>) \n[4580330](<http://support.microsoft.com/kb/4580330>) \n[4580327](<http://support.microsoft.com/kb/4580327>) \n[4580346](<http://support.microsoft.com/kb/4580346>) \n[4578963](<http://support.microsoft.com/kb/4578963>)\n\n### *Microsoft official advisories*:", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-07-14T00:00:00", "type": "kaspersky", "title": "KLA11859 Multiple vulnerabilities in Microsoft Developer Tools", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1147", "CVE-2020-1326", "CVE-2020-1393", "CVE-2020-1416", "CVE-2020-1481"], "modified": "2022-05-24T00:00:00", "id": "KLA11859", "href": "https://threats.kaspersky.com/en/vulnerability/KLA11859/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "krebs": [{"lastseen": "2020-07-16T10:01:23", "description": "**Microsoft** today released updates to plug a whopping 123 security holes in **Windows** and related software, including fixes for a critical, \"wormable\" flaw in **Windows Server** versions that Microsoft says is likely to be exploited soon. While this particular weakness mainly affects enterprises, July's care package from Redmond has a little something for everyone. So if you're a Windows (ab)user, it's time once again to back up and patch up (preferably in that order).\n\n![](https://krebsonsecurity.com/wp-content/uploads/2020/07/cworm.png)Top of the heap this month in terms of outright scariness is [CVE-2020-1350](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1350>), which concerns a remotely exploitable bug in more or less all versions of Windows Server that attackers could use to install malicious software simply by sending a specially crafted DNS request.\n\nMicrosoft said it is not aware of reports that anyone is exploiting the weakness (yet), but the flaw has been assigned a [CVSS score](<https://www.first.org/cvss/user-guide>) of 10, which translates to \"easy to attack\" and \"likely to be exploited.\"\n\n\"We consider this to be a wormable vulnerability, meaning that it has the potential to spread via malware between vulnerable computers without user interaction,\" Microsoft wrote in its documentation of CVE-2020-1350. \"DNS is a foundational networking component and commonly installed on Domain Controllers, so a compromise could lead to significant service interruptions and the compromise of high level domain accounts.\"\n\nCVE-2020-1350 is just the latest worry for enterprise system administrators in charge of patching dangerous bugs in widely-used software. Over the past couple of weeks, fixes for flaws with high severity ratings have been released for a broad array of software products typically used by businesses, [including Citrix, F5, Juniper, Oracle and SAP](<https://www.zdnet.com/article/recon-bug-lets-hackers-create-admin-accounts-on-sap-servers/>). This at a time when many organizations are already short-staffed and dealing with employees working remotely thanks to the COVID-19 pandemic.\n\nThe Windows Server vulnerability isn't the only nasty one addressed this month that malware or malcontents can use to break into systems without any help from users. A full 17 other critical flaws fixed in this release tackle security weaknesses that Microsoft assigned its most dire \"critical\" rating, such as in **Office**, **Internet Exploder**, **SharePoint**, **Visual Studio**, and Microsoft's **.NET Framework**.\n\nSome of the more eyebrow-raising critical bugs addressed this month include [CVE-2020-1410](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1410>), which according to **Recorded Future** concerns the Windows Address Book and could be exploited via a malicious vcard file. Then there's [CVE-2020-1421](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1421>), which protects against potentially malicious .LNK files (think [Stuxnet](<https://krebsonsecurity.com/2010/07/microsoft-to-issue-emergency-patch-for-critical-windows-bug/>)) that could be exploited via an infected removable drive or remote share. And we have the dynamic duo of [CVE-2020-1435](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1435>) and [CVE-2020-1436](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1436>), which involve problems with the way Windows handles images and fonts that could both be exploited to install malware just by getting a user to click a booby-trapped link or document.\n\nNot to say flaws rated \"important\" as opposed to critical aren't also a concern. Chief among those is [CVE-2020-1463](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1463>), a problem within **Windows 10** and **Server 2016** or later that was detailed publicly prior to this month's Patch Tuesday.\n\nBefore you update with this month\u2019s patch batch, please make sure you have backed up your system and/or important files. It\u2019s not uncommon for a particular Windows update to hose one\u2019s system or prevent it from booting properly, and some updates even have been known to erase or corrupt files. Last month's bundle of joy from Microsoft sent my Windows 10 system into a perpetual crash state. Thankfully, I was able to restore from a recent backup.\n\nSo do yourself a favor and backup _before_ installing any patches. Windows 10 even has [some built-in tools](<https://lifehacker.com/how-to-back-up-your-computer-automatically-with-windows-1762867473>) to help you do that, either on a per-file/folder basis or by making a complete and bootable copy of your hard drive all at once.\n\nAlso, keep in mind that Windows 10 is set to apply patches on its own schedule, which means if you delay backing up you could be in for a wild ride. If you wish to ensure the operating system has been set to pause updating so you can back up your files and/or system _before_ the operating system decides to reboot and install patches whenever it sees fit, see [this guide](<https://www.computerworld.com/article/3543189/check-to-make-sure-you-have-windows-updates-paused.html>).\n\nAs always, if you experience glitches or problems installing any of these patches this month, please consider leaving a comment about it below; there\u2019s a better-than-even chance other readers have experienced the same and may chime in here with some helpful tips. Also, keep an eye on [the AskWoody blog from Woody Leonhard](<https://www.askwoody.com/>), who keeps a reliable lookout for buggy Microsoft updates each month.", "edition": 2, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 10.0, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 6.0}, "published": "2020-07-14T21:45:28", "type": "krebs", "title": "\u2018Wormable\u2019 Flaw Leads July Microsoft Patches", "bulletinFamily": "blog", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1350", "CVE-2020-1410", "CVE-2020-1421", "CVE-2020-1435", "CVE-2020-1436", "CVE-2020-1463"], "modified": "2020-07-14T21:45:28", "id": "KREBS:1A886B22AAF8ADC53874F0E126C5A96D", "href": "https://krebsonsecurity.com/2020/07/wormable-flaw-leads-july-microsoft-patches/", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "cve": [{"lastseen": "2023-06-06T14:24:02", "description": "An elevation of privilege vulnerability exists in the way that the Windows Network Connections Service handles objects in memory, aka 'Windows Network Connections Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1373, CVE-2020-1390, CVE-2020-1427, CVE-2020-1428.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-07-14T23:15:00", "type": "cve", "title": "CVE-2020-1438", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1373", "CVE-2020-1390", "CVE-2020-1427", "CVE-2020-1428", "CVE-2020-1438"], "modified": "2021-07-21T11:39:00", "cpe": ["cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_server_2016:1909", "cpe:/o:microsoft:windows_10:1709", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_10:1903", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_server_2016:1903", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:1909"], "id": "CVE-2020-1438", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1438", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:itanium:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*"]}, {"lastseen": "2023-06-06T14:22:51", "description": "An elevation of privilege vulnerability exists in the way that the Windows Network Connections Service handles objects in memory, aka 'Windows Network Connections Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1373, CVE-2020-1427, CVE-2020-1428, CVE-2020-1438.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-07-14T23:15:00", "type": "cve", "title": "CVE-2020-1390", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1373", "CVE-2020-1390", "CVE-2020-1427", "CVE-2020-1428", "CVE-2020-1438"], "modified": "2021-07-21T11:39:00", "cpe": ["cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_server_2016:1909", "cpe:/o:microsoft:windows_10:1709", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_10:1903", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_server_2016:1903", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:1909"], "id": "CVE-2020-1390", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1390", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:itanium:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*"]}, {"lastseen": "2023-06-06T14:23:44", "description": "An elevation of privilege vulnerability exists in the way that the Windows Network Connections Service handles objects in memory, aka 'Windows Network Connections Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1373, CVE-2020-1390, CVE-2020-1428, CVE-2020-1438.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-07-14T23:15:00", "type": "cve", "title": "CVE-2020-1427", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1373", "CVE-2020-1390", "CVE-2020-1427", "CVE-2020-1428", "CVE-2020-1438"], "modified": "2021-07-21T11:39:00", "cpe": ["cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_server_2016:1909", "cpe:/o:microsoft:windows_10:1709", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_10:1903", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_server_2016:1903", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:1909"], "id": "CVE-2020-1427", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1427", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:itanium:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*"]}, {"lastseen": "2023-06-06T14:23:47", "description": "An elevation of privilege vulnerability exists in the way that the Windows Network Connections Service handles objects in memory, aka 'Windows Network Connections Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1373, CVE-2020-1390, CVE-2020-1427, CVE-2020-1438.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-07-14T23:15:00", "type": "cve", "title": "CVE-2020-1428", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1373", "CVE-2020-1390", "CVE-2020-1427", "CVE-2020-1428", "CVE-2020-1438"], "modified": "2021-07-21T11:39:00", "cpe": ["cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_server_2016:1909", "cpe:/o:microsoft:windows_10:1709", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_10:1903", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_server_2016:1903", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:1909"], "id": "CVE-2020-1428", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1428", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:itanium:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*"]}, {"lastseen": "2023-06-06T14:22:23", "description": "An elevation of privilege vulnerability exists in the way that the Windows Network Connections Service handles objects in memory, aka 'Windows Network Connections Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1390, CVE-2020-1427, CVE-2020-1428, CVE-2020-1438.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-07-14T23:15:00", "type": "cve", "title": "CVE-2020-1373", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1373", "CVE-2020-1390", "CVE-2020-1427", "CVE-2020-1428", "CVE-2020-1438"], "modified": "2021-07-21T11:39:00", "cpe": ["cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_server_2016:1909", "cpe:/o:microsoft:windows_10:1709", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_10:1903", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_server_2016:1903", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:1909"], "id": "CVE-2020-1373", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1373", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:itanium:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*"]}, {"lastseen": "2023-06-06T14:23:08", "description": "An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka 'Windows Runtime Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1249, CVE-2020-1353, CVE-2020-1370, CVE-2020-1404, CVE-2020-1413, CVE-2020-1414, CVE-2020-1415, CVE-2020-1422.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-07-14T23:15:00", "type": "cve", "title": "CVE-2020-1399", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1249", "CVE-2020-1353", "CVE-2020-1370", "CVE-2020-1399", "CVE-2020-1404", "CVE-2020-1413", "CVE-2020-1414", "CVE-2020-1415", "CVE-2020-1422"], "modified": "2021-07-21T11:39:00", "cpe": ["cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_server_2016:1909", "cpe:/o:microsoft:windows_10:1709", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_10:1903", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_server_2016:1903", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:1909"], "id": "CVE-2020-1399", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1399", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:itanium:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*"]}, {"lastseen": "2023-06-06T14:19:12", "description": "An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka 'Windows Runtime Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1353, CVE-2020-1370, CVE-2020-1399, CVE-2020-1404, CVE-2020-1413, CVE-2020-1414, CVE-2020-1415, CVE-2020-1422.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-07-14T23:15:00", "type": "cve", "title": "CVE-2020-1249", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1249", "CVE-2020-1353", "CVE-2020-1370", "CVE-2020-1399", "CVE-2020-1404", "CVE-2020-1413", "CVE-2020-1414", "CVE-2020-1415", "CVE-2020-1422"], "modified": "2021-07-21T11:39:00", "cpe": ["cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_server_2016:1909", "cpe:/o:microsoft:windows_10:1709", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_server_2016:1903", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_10:1903", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_10:1607"], "id": "CVE-2020-1249", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1249", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*"]}, {"lastseen": "2023-06-06T14:23:39", "description": "An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka 'Windows Runtime Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1249, CVE-2020-1353, CVE-2020-1370, CVE-2020-1399, CVE-2020-1404, CVE-2020-1413, CVE-2020-1414, CVE-2020-1415.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-07-14T23:15:00", "type": "cve", "title": "CVE-2020-1422", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1249", "CVE-2020-1353", "CVE-2020-1370", "CVE-2020-1399", "CVE-2020-1404", "CVE-2020-1413", "CVE-2020-1414", "CVE-2020-1415", "CVE-2020-1422"], "modified": "2021-07-21T11:39:00", "cpe": ["cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_server_2016:1909", "cpe:/o:microsoft:windows_server_2016:1903", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_10:1903", "cpe:/o:microsoft:windows_10:1809"], "id": "CVE-2020-1422", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1422", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*"]}, {"lastseen": "2023-06-06T14:23:30", "description": "An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka 'Windows Runtime Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1249, CVE-2020-1353, CVE-2020-1370, CVE-2020-1399, CVE-2020-1404, CVE-2020-1413, CVE-2020-1414, CVE-2020-1422.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-07-14T23:15:00", "type": "cve", "title": "CVE-2020-1415", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1249", "CVE-2020-1353", "CVE-2020-1370", "CVE-2020-1399", "CVE-2020-1404", "CVE-2020-1413", "CVE-2020-1414", "CVE-2020-1415", "CVE-2020-1422"], "modified": "2021-07-21T11:39:00", "cpe": ["cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_server_2016:1909", "cpe:/o:microsoft:windows_server_2016:1903", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_10:1903", "cpe:/o:microsoft:windows_10:1809"], "id": "CVE-2020-1415", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1415", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*"]}, {"lastseen": "2023-06-06T14:21:53", "description": "An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka 'Windows Runtime Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1249, CVE-2020-1370, CVE-2020-1399, CVE-2020-1404, CVE-2020-1413, CVE-2020-1414, CVE-2020-1415, CVE-2020-1422.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-07-14T23:15:00", "type": "cve", "title": "CVE-2020-1353", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1249", "CVE-2020-1353", "CVE-2020-1370", "CVE-2020-1399", "CVE-2020-1404", "CVE-2020-1413", "CVE-2020-1414", "CVE-2020-1415", "CVE-2020-1422"], "modified": "2021-07-21T11:39:00", "cpe": ["cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_server_2016:1909", "cpe:/o:microsoft:windows_10:1709", "cpe:/o:microsoft:windows_server_2016:1903", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_10:1903", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_server_2016:-"], "id": "CVE-2020-1353", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1353", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*"]}, {"lastseen": "2023-06-06T14:22:20", "description": "An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka 'Windows Runtime Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1249, CVE-2020-1353, CVE-2020-1399, CVE-2020-1404, CVE-2020-1413, CVE-2020-1414, CVE-2020-1415, CVE-2020-1422.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-07-14T23:15:00", "type": "cve", "title": "CVE-2020-1370", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1249", "CVE-2020-1353", "CVE-2020-1370", "CVE-2020-1399", "CVE-2020-1404", "CVE-2020-1413", "CVE-2020-1414", "CVE-2020-1415", "CVE-2020-1422"], "modified": "2021-07-21T11:39:00", "cpe": ["cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_server_2016:1909", "cpe:/o:microsoft:windows_10:1709", "cpe:/o:microsoft:windows_server_2016:1903", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_10:1903", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_server_2016:-"], "id": "CVE-2020-1370", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1370", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*"]}, {"lastseen": "2023-06-06T14:23:27", "description": "An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka 'Windows Runtime Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1249, CVE-2020-1353, CVE-2020-1370, CVE-2020-1399, CVE-2020-1404, CVE-2020-1414, CVE-2020-1415, CVE-2020-1422.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-07-14T23:15:00", "type": "cve", "title": "CVE-2020-1413", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1249", "CVE-2020-1353", "CVE-2020-1370", "CVE-2020-1399", "CVE-2020-1404", "CVE-2020-1413", "CVE-2020-1414", "CVE-2020-1415", "CVE-2020-1422"], "modified": "2021-07-21T11:39:00", "cpe": ["cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_server_2016:1909", "cpe:/o:microsoft:windows_10:1709", "cpe:/o:microsoft:windows_server_2016:1903", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_10:1903", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_server_2016:-"], "id": "CVE-2020-1413", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1413", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*"]}, {"lastseen": "2023-06-06T14:23:11", "description": "A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1400, CVE-2020-1407.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-07-14T23:15:00", "type": "cve", "title": "CVE-2020-1401", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1400", "CVE-2020-1401", "CVE-2020-1407"], "modified": "2021-07-21T11:39:00", "cpe": ["cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_server_2016:1909", "cpe:/o:microsoft:windows_10:1709", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_10:1903", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_server_2016:1903", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:1909"], "id": "CVE-2020-1401", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1401", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*"]}, {"lastseen": "2023-06-06T14:23:18", "description": "A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1400, CVE-2020-1401.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-07-14T23:15:00", "type": "cve", "title": "CVE-2020-1407", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1400", "CVE-2020-1401", "CVE-2020-1407"], "modified": "2021-07-21T11:39:00", "cpe": ["cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_server_2016:1909", "cpe:/o:microsoft:windows_10:1709", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_10:1903", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_server_2016:1903", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:1909"], "id": "CVE-2020-1407", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1407", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*"]}, {"lastseen": "2023-06-06T14:23:15", "description": "An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka 'Windows Runtime Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1249, CVE-2020-1353, CVE-2020-1370, CVE-2020-1399, CVE-2020-1413, CVE-2020-1414, CVE-2020-1415, CVE-2020-1422.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-07-14T23:15:00", "type": "cve", "title": "CVE-2020-1404", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1249", "CVE-2020-1353", "CVE-2020-1370", "CVE-2020-1399", "CVE-2020-1404", "CVE-2020-1413", "CVE-2020-1414", "CVE-2020-1415", "CVE-2020-1422"], "modified": "2021-07-21T11:39:00", "cpe": ["cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_server_2016:1909", "cpe:/o:microsoft:windows_10:1709", "cpe:/o:microsoft:windows_server_2016:1903", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_10:1903", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_server_2016:-"], "id": "CVE-2020-1404", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1404", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*"]}, {"lastseen": "2023-06-06T14:23:30", "description": "An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka 'Windows Runtime Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1249, CVE-2020-1353, CVE-2020-1370, CVE-2020-1399, CVE-2020-1404, CVE-2020-1413, CVE-2020-1415, CVE-2020-1422.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-07-14T23:15:00", "type": "cve", "title": "CVE-2020-1414", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1249", "CVE-2020-1353", "CVE-2020-1370", "CVE-2020-1399", "CVE-2020-1404", "CVE-2020-1413", "CVE-2020-1414", "CVE-2020-1415", "CVE-2020-1422"], "modified": "2021-07-21T11:39:00", "cpe": ["cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_server_2016:1909", "cpe:/o:microsoft:windows_server_2016:1903", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_10:1903", "cpe:/o:microsoft:windows_10:1809"], "id": "CVE-2020-1414", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1414", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*"]}, {"lastseen": "2023-06-06T14:23:09", "description": "A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1401, CVE-2020-1407.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-07-14T23:15:00", "type": "cve", "title": "CVE-2020-1400", "cwe": ["CWE-191"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1400", "CVE-2020-1401", "CVE-2020-1407"], "modified": "2022-04-27T15:35:00", "cpe": ["cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_server_2016:1909", "cpe:/o:microsoft:windows_10:1709", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_10:1903", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_server_2016:1903", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:1909"], "id": "CVE-2020-1400", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1400", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*"]}, {"lastseen": "2023-06-06T14:22:09", "description": "An elevation of privilege vulnerability exists in the way that the Windows WalletService handles objects in memory, aka 'Windows WalletService Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1344, CVE-2020-1369.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-07-14T23:15:00", "type": "cve", "title": "CVE-2020-1362", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1344", "CVE-2020-1362", "CVE-2020-1369"], "modified": "2021-07-21T11:39:00", "cpe": ["cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_server_2016:1909", "cpe:/o:microsoft:windows_10:1709", "cpe:/o:microsoft:windows_server_2016:1903", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_10:1903", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_server_2016:-"], "id": "CVE-2020-1362", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1362", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*"]}, {"lastseen": "2023-06-06T14:22:18", "description": "An elevation of privilege vulnerability exists in the way that the Windows WalletService handles objects in memory, aka 'Windows WalletService Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1344, CVE-2020-1362.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH"