{"id": "OPENVAS:1361412562310817231", "vendorId": null, "type": "openvas", "bulletinFamily": "scanner", "title": "Microsoft Windows Multiple Vulnerabilities (KB4565541)", "description": "This host is missing a critical security\n update according to Microsoft KB4565541", "published": "2020-07-15T00:00:00", "modified": "2020-07-20T00:00:00", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {}, "cvss3": {}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310817231", "reporter": "Copyright (C) 2020 Greenbone Networks GmbH", "references": ["https://support.microsoft.com/en-us/help/4565541"], "cvelist": ["CVE-2020-1373", "CVE-2020-1354", "CVE-2020-1438", "CVE-2020-1432", "CVE-2020-1401", "CVE-2020-1403", "CVE-2020-1436", "CVE-2020-1085", "CVE-2020-1390", "CVE-2020-1402", "CVE-2020-1406", "CVE-2020-1371", "CVE-2020-1350", "CVE-2020-1468", "CVE-2020-1360", "CVE-2020-1419", "CVE-2020-1333", "CVE-2020-1356", "CVE-2020-1389", "CVE-2020-1385", "CVE-2020-1396", "CVE-2020-1397", "CVE-2020-1407", "CVE-2020-1384", "CVE-2020-1427", "CVE-2020-1267", "CVE-2020-1399", "CVE-2020-1368", "CVE-2020-1249", "CVE-2020-1430", "CVE-2020-1412", "CVE-2020-1409", "CVE-2020-1374", "CVE-2020-1421", "CVE-2020-1365", "CVE-2020-1435", "CVE-2020-1408", "CVE-2020-1437", "CVE-2020-1400", "CVE-2020-1359", "CVE-2020-1428", "CVE-2020-1351", "CVE-2020-1410"], "immutableFields": [], "lastseen": "2020-07-21T19:51:31", "viewCount": 21, "enchantments": {"dependencies": {"references": [{"type": "attackerkb", "idList": ["AKB:1DE0ADEC-8107-491A-BC8F-DCC3BF6EB3AB"]}, {"type": "avleonov", "idList": ["AVLEONOV:13BED8E5AD26449401A37E1273217B9A", "AVLEONOV:1ABE5F69187E5F9F8625DA462772F80C", "AVLEONOV:7DAB33D28205885E8979C4C664958CDC"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2020-0570", "CPAI-2020-0572", "CPAI-2020-0574", "CPAI-2020-0658", "CPAI-2020-0660"]}, {"type": "cisa", "idList": ["CISA:0A6DEB06CFB7BDA5A3D72E0F236C5665", "CISA:72803FA1C7CD81E274A0417B0A34353E"]}, {"type": "cisa_kev", "idList": ["CISA-KEV-CVE-2020-1350"]}, {"type": "cnvd", "idList": ["CNVD-2021-63329", "CNVD-2021-63330", "CNVD-2021-63331", "CNVD-2021-65603", "CNVD-2021-65604", "CNVD-2021-65605", "CNVD-2021-67488", "CNVD-2021-67489", "CNVD-2021-67490", "CNVD-2021-67491", "CNVD-2021-67492", "CNVD-2021-90801"]}, {"type": "cve", "idList": ["CVE-2020-1085", "CVE-2020-1249", "CVE-2020-1267", "CVE-2020-1333", "CVE-2020-1350", "CVE-2020-1351", "CVE-2020-1353", "CVE-2020-1354", "CVE-2020-1356", "CVE-2020-1359", "CVE-2020-1360", "CVE-2020-1365", "CVE-2020-1367", "CVE-2020-1368", "CVE-2020-1370", "CVE-2020-1371", "CVE-2020-1373", "CVE-2020-1374", "CVE-2020-1384", "CVE-2020-1385", "CVE-2020-1389", "CVE-2020-1390", "CVE-2020-1396", "CVE-2020-1397", "CVE-2020-13977", "CVE-2020-1399", "CVE-2020-1400", "CVE-2020-1401", "CVE-2020-1402", "CVE-2020-1403", "CVE-2020-1404", "CVE-2020-1406", "CVE-2020-1407", "CVE-2020-1408", "CVE-2020-1409", "CVE-2020-1410", "CVE-2020-1412", "CVE-2020-1413", "CVE-2020-1414", "CVE-2020-1415", "CVE-2020-1419", "CVE-2020-1421", "CVE-2020-1422", "CVE-2020-1426", "CVE-2020-1427", "CVE-2020-1428", "CVE-2020-1430", "CVE-2020-1432", "CVE-2020-1435", "CVE-2020-1436", "CVE-2020-1437", "CVE-2020-1438", "CVE-2020-1468"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2020-13977"]}, {"type": "fireeye", "idList": ["FIREEYE:378138E74601CDF1A714585138CDFF3C"]}, {"type": "githubexploit", "idList": ["0AF42B8A-DF0D-58F8-AB60-9E7C63ED9EEB", "2A7F5F31-A737-556D-A869-05B87FD1F625", "37D3D343-97C5-5C12-8595-042E337E31C0", "479FD3C0-1269-5BC3-BD67-CDEE0485485A", "5F6BE6F7-C220-5BDD-BE92-A5156F21A1B2", "730EEC4F-BE81-5690-BA8D-B89482C5C3D0", "93EEDE73-1DB4-5905-BCAB-CDC6F98831CD", "9DE76D04-93D7-5923-9AE3-457D591197D6", "A37C8010-D2C6-52F5-9079-96E8A538B6CA", "C96C8DD1-344C-5476-85AC-6D2865A5C00F", "CB69BCC3-2317-5740-8B01-4F6F0D320AC3", "DD3676BD-E792-5189-86EE-4765FF68EFCB", "F14BCE6F-3415-59C7-AC9D-A5D7ABE1BB8E", "F3CF4A79-402B-56C0-8689-1AF5EBFECF3F", "FA6C0B5A-E89D-54A7-B603-4D8095BF66DD", "FB0D7C2A-01EB-5929-A539-96230C17B90F", "FFF6ABA4-7461-5653-836A-79F11037A7FF"]}, {"type": "huawei", "idList": ["HUAWEI-SA-20200716-01-DNS"]}, {"type": "ics", "idList": ["AA20-275A"]}, {"type": "impervablog", "idList": ["IMPERVABLOG:020B268DFC760B88704D35A6F4CF30D7"]}, {"type": "kaspersky", "idList": ["KLA11858", "KLA11863", "KLA11864", "KLA11865"]}, {"type": "krebs", "idList": ["KREBS:1A886B22AAF8ADC53874F0E126C5A96D"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:D8FE6720785E2D0A74968E661F817C57"]}, {"type": "mscve", "idList": ["MS:CVE-2020-1085", "MS:CVE-2020-1249", "MS:CVE-2020-1267", "MS:CVE-2020-1333", "MS:CVE-2020-1350", "MS:CVE-2020-1351", "MS:CVE-2020-1354", "MS:CVE-2020-1356", "MS:CVE-2020-1359", "MS:CVE-2020-1360", "MS:CVE-2020-1365", "MS:CVE-2020-1368", "MS:CVE-2020-1371", "MS:CVE-2020-1373", "MS:CVE-2020-1374", "MS:CVE-2020-1384", "MS:CVE-2020-1385", "MS:CVE-2020-1389", "MS:CVE-2020-1390", "MS:CVE-2020-1396", "MS:CVE-2020-1397", "MS:CVE-2020-1399", "MS:CVE-2020-1400", "MS:CVE-2020-1401", "MS:CVE-2020-1402", "MS:CVE-2020-1403", "MS:CVE-2020-1406", "MS:CVE-2020-1407", "MS:CVE-2020-1408", "MS:CVE-2020-1409", "MS:CVE-2020-1410", "MS:CVE-2020-1412", "MS:CVE-2020-1419", "MS:CVE-2020-1421", "MS:CVE-2020-1427", "MS:CVE-2020-1428", "MS:CVE-2020-1430", "MS:CVE-2020-1432", "MS:CVE-2020-1435", "MS:CVE-2020-1436", "MS:CVE-2020-1437", "MS:CVE-2020-1438", "MS:CVE-2020-1468"]}, {"type": "mskb", "idList": ["KB4558998", "KB4565479", "KB4565483", "KB4565489", "KB4565503", "KB4565508", "KB4565511", "KB4565513", "KB4565524", "KB4565529", "KB4565535", "KB4565536", "KB4565537", "KB4565539", "KB4565540", "KB4565541"]}, {"type": "msrc", "idList": ["MSRC:0299F0ADFFEC3249877020E014342A78", "MSRC:0BBBB55B6F489CA387A82715A7CF6E11", "MSRC:79080D1EA83C3BB4689C763E5FACBDB5"]}, {"type": "nessus", "idList": ["FEDORA_2021-5689072A7E.NASL", "FEDORA_2021-B5E897A2E5.NASL", "MACOS_MS20_JUL_OFFICE.NASL", "MS_DNS_CVE-2020-1350.NASL", "SMB_NT_MS20_JUL_4558998.NASL", "SMB_NT_MS20_JUL_4565483.NASL", "SMB_NT_MS20_JUL_4565489.NASL", "SMB_NT_MS20_JUL_4565503.NASL", "SMB_NT_MS20_JUL_4565508.NASL", "SMB_NT_MS20_JUL_4565511.NASL", "SMB_NT_MS20_JUL_4565513.NASL", "SMB_NT_MS20_JUL_4565524.NASL", "SMB_NT_MS20_JUL_4565536.NASL", "SMB_NT_MS20_JUL_4565537.NASL", "SMB_NT_MS20_JUL_4565541.NASL", "SMB_NT_MS20_JUL_DNS_CHECK.NASL", "SMB_NT_MS20_JUL_INTERNET_EXPLORER.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310144107", "OPENVAS:1361412562310817088", "OPENVAS:1361412562310817223", "OPENVAS:1361412562310817224", "OPENVAS:1361412562310817226", "OPENVAS:1361412562310817227", "OPENVAS:1361412562310817228", "OPENVAS:1361412562310817229", "OPENVAS:1361412562310817230", "OPENVAS:1361412562310817232"]}, {"type": "pentestpartners", "idList": ["PENTESTPARTNERS:8FD1C9A0D76A3084445136A0275847C0"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:0082A77BD8EFFF48B406D107FEFD0DD3", "QUALYSBLOG:8028F138635C78F91B08AB2CF72FA154", "QUALYSBLOG:A0F20902D80081B44813D92C6DCCDAAF", "QUALYSBLOG:BC22CE22A3E70823D5F0E944CBD5CE4A", "QUALYSBLOG:DE1FEC2B9B661D42DAA0BA398DBFD24E", "QUALYSBLOG:F343178EEC11B54CFAFBD0B4D505010B"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:E36C557104ECB6E144C21C3C499B0492"]}, {"type": "thn", "idList": ["THN:DBFCCEBE2752BA05D9181D55D3477666"]}, {"type": "threatpost", "idList": ["THREATPOST:363C332F7046A481C24C7172C55CF758", "THREATPOST:7E6D2DBA11B2CCCE264B0982306FBEB1", "THREATPOST:96E775E045D4DF55CC1B9A3AA0C28F70"]}, {"type": "trellix", "idList": ["TRELLIX:1C43DDFF23D74094DC43986305E2F780"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2020-13977"]}, {"type": "zdi", "idList": ["ZDI-20-877", "ZDI-20-923", "ZDI-20-924"]}]}, "score": {"value": -0.1, "vector": "NONE"}, "backreferences": {"references": [{"type": "attackerkb", "idList": ["AKB:1DE0ADEC-8107-491A-BC8F-DCC3BF6EB3AB"]}, {"type": "avleonov", "idList": ["AVLEONOV:1ABE5F69187E5F9F8625DA462772F80C"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2020-0570", "CPAI-2020-0572", "CPAI-2020-0574", "CPAI-2020-0658", "CPAI-2020-0660"]}, {"type": "cisa", "idList": ["CISA:0A6DEB06CFB7BDA5A3D72E0F236C5665", "CISA:72803FA1C7CD81E274A0417B0A34353E"]}, {"type": "cve", "idList": ["CVE-2020-1085", "CVE-2020-1249", "CVE-2020-1267", "CVE-2020-1333", "CVE-2020-1350", "CVE-2020-1351", "CVE-2020-1354", "CVE-2020-1356", "CVE-2020-1359", "CVE-2020-1360", "CVE-2020-1365", "CVE-2020-1368", "CVE-2020-1371", "CVE-2020-1373", "CVE-2020-1374", "CVE-2020-1384", "CVE-2020-1385", "CVE-2020-1389", "CVE-2020-1390", "CVE-2020-1396", "CVE-2020-1397", "CVE-2020-1399", "CVE-2020-1400", "CVE-2020-1401", "CVE-2020-1402", "CVE-2020-1403", "CVE-2020-1406", "CVE-2020-1407", "CVE-2020-1408", "CVE-2020-1409", "CVE-2020-1410", "CVE-2020-1412", "CVE-2020-1419", "CVE-2020-1421", "CVE-2020-1427", "CVE-2020-1428", "CVE-2020-1430", "CVE-2020-1432", "CVE-2020-1435", "CVE-2020-1436", "CVE-2020-1437", "CVE-2020-1438", "CVE-2020-1468"]}, {"type": "githubexploit", "idList": ["0AF42B8A-DF0D-58F8-AB60-9E7C63ED9EEB", "2A7F5F31-A737-556D-A869-05B87FD1F625", "37D3D343-97C5-5C12-8595-042E337E31C0", "479FD3C0-1269-5BC3-BD67-CDEE0485485A", "5F6BE6F7-C220-5BDD-BE92-A5156F21A1B2", "93EEDE73-1DB4-5905-BCAB-CDC6F98831CD", "9DE76D04-93D7-5923-9AE3-457D591197D6", "A37C8010-D2C6-52F5-9079-96E8A538B6CA", "C96C8DD1-344C-5476-85AC-6D2865A5C00F", "CB69BCC3-2317-5740-8B01-4F6F0D320AC3", "DD3676BD-E792-5189-86EE-4765FF68EFCB", "F14BCE6F-3415-59C7-AC9D-A5D7ABE1BB8E", "F3CF4A79-402B-56C0-8689-1AF5EBFECF3F", "FA6C0B5A-E89D-54A7-B603-4D8095BF66DD", "FB0D7C2A-01EB-5929-A539-96230C17B90F", "FFF6ABA4-7461-5653-836A-79F11037A7FF"]}, {"type": "huawei", "idList": ["HUAWEI-SA-20200716-01-DNS"]}, {"type": "impervablog", "idList": ["IMPERVABLOG:020B268DFC760B88704D35A6F4CF30D7"]}, {"type": "kaspersky", "idList": ["KLA11858", "KLA11863", "KLA11864", "KLA11865"]}, {"type": "krebs", "idList": ["KREBS:1A886B22AAF8ADC53874F0E126C5A96D"]}, {"type": "mscve", "idList": ["MS:CVE-2020-1085", "MS:CVE-2020-1249", "MS:CVE-2020-1267", "MS:CVE-2020-1333", "MS:CVE-2020-1350", "MS:CVE-2020-1351", "MS:CVE-2020-1354", "MS:CVE-2020-1356", "MS:CVE-2020-1359", "MS:CVE-2020-1360", "MS:CVE-2020-1365", "MS:CVE-2020-1368", "MS:CVE-2020-1371", "MS:CVE-2020-1373", "MS:CVE-2020-1374", "MS:CVE-2020-1384", "MS:CVE-2020-1385", "MS:CVE-2020-1389", "MS:CVE-2020-1390", "MS:CVE-2020-1396", "MS:CVE-2020-1397", "MS:CVE-2020-1399", "MS:CVE-2020-1400", "MS:CVE-2020-1401", "MS:CVE-2020-1402", "MS:CVE-2020-1403", "MS:CVE-2020-1406", "MS:CVE-2020-1407", "MS:CVE-2020-1408", "MS:CVE-2020-1409", "MS:CVE-2020-1410", "MS:CVE-2020-1412", "MS:CVE-2020-1419", "MS:CVE-2020-1421", "MS:CVE-2020-1427", "MS:CVE-2020-1428", "MS:CVE-2020-1430", "MS:CVE-2020-1432", "MS:CVE-2020-1435", "MS:CVE-2020-1436", "MS:CVE-2020-1437", "MS:CVE-2020-1438", "MS:CVE-2020-1468"]}, {"type": "mskb", "idList": ["KB4558998", "KB4565536", "KB4565539", "KB4565541"]}, {"type": "msrc", "idList": ["MSRC:79080D1EA83C3BB4689C763E5FACBDB5"]}, {"type": "nessus", "idList": ["MACOS_MS20_JUL_OFFICE.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310144107", "OPENVAS:1361412562310817088", "OPENVAS:1361412562310817223", "OPENVAS:1361412562310817224", "OPENVAS:1361412562310817226", "OPENVAS:1361412562310817227", "OPENVAS:1361412562310817228", "OPENVAS:1361412562310817229", "OPENVAS:1361412562310817230", "OPENVAS:1361412562310817232"]}, {"type": "pentestpartners", "idList": ["PENTESTPARTNERS:8FD1C9A0D76A3084445136A0275847C0"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:8028F138635C78F91B08AB2CF72FA154", "QUALYSBLOG:F343178EEC11B54CFAFBD0B4D505010B"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:E36C557104ECB6E144C21C3C499B0492"]}, {"type": "thn", "idList": ["THN:DBFCCEBE2752BA05D9181D55D3477666"]}, {"type": "threatpost", "idList": ["THREATPOST:363C332F7046A481C24C7172C55CF758", "THREATPOST:7E6D2DBA11B2CCCE264B0982306FBEB1", "THREATPOST:96E775E045D4DF55CC1B9A3AA0C28F70"]}, {"type": "zdi", "idList": ["ZDI-20-877"]}]}, "exploitation": null, "epss": [{"cve": "CVE-2020-1373", "epss": "0.000430000", "percentile": "0.073850000", "modified": "2023-03-16"}, {"cve": "CVE-2020-1354", "epss": "0.000470000", "percentile": "0.141430000", "modified": "2023-03-16"}, {"cve": "CVE-2020-1438", "epss": "0.000430000", "percentile": "0.073850000", "modified": "2023-03-16"}, {"cve": "CVE-2020-1432", "epss": "0.002150000", "percentile": "0.577520000", "modified": "2023-03-16"}, {"cve": "CVE-2020-1401", "epss": "0.054630000", "percentile": "0.919750000", "modified": "2023-03-16"}, {"cve": "CVE-2020-1403", "epss": "0.011830000", "percentile": "0.828870000", "modified": "2023-03-16"}, {"cve": "CVE-2020-1436", "epss": "0.039780000", "percentile": "0.906480000", "modified": "2023-03-16"}, {"cve": "CVE-2020-1085", "epss": "0.000430000", "percentile": "0.073850000", "modified": "2023-03-16"}, {"cve": "CVE-2020-1390", "epss": "0.000430000", "percentile": "0.073850000", "modified": "2023-03-16"}, {"cve": "CVE-2020-1402", "epss": "0.000470000", "percentile": "0.141430000", "modified": "2023-03-16"}, {"cve": "CVE-2020-1406", "epss": "0.000430000", "percentile": "0.073850000", "modified": "2023-03-16"}, {"cve": "CVE-2020-1371", "epss": "0.000470000", "percentile": "0.141430000", "modified": "2023-03-16"}, {"cve": "CVE-2020-1350", "epss": "0.928020000", "percentile": "0.984330000", "modified": "2023-03-16"}, {"cve": "CVE-2020-1468", "epss": "0.016050000", "percentile": "0.854250000", "modified": "2023-03-16"}, {"cve": "CVE-2020-1360", "epss": "0.000430000", "percentile": "0.073850000", "modified": "2023-03-16"}, {"cve": "CVE-2020-1419", "epss": "0.000430000", "percentile": "0.073850000", "modified": "2023-03-16"}, {"cve": "CVE-2020-1333", "epss": "0.000470000", "percentile": "0.143180000", "modified": "2023-03-16"}, {"cve": "CVE-2020-1356", "epss": "0.000430000", "percentile": "0.073850000", "modified": "2023-03-16"}, {"cve": "CVE-2020-1389", "epss": "0.000430000", "percentile": "0.073850000", "modified": "2023-03-16"}, {"cve": "CVE-2020-1385", "epss": "0.000430000", "percentile": "0.073850000", "modified": "2023-03-16"}, {"cve": "CVE-2020-1396", "epss": "0.000430000", "percentile": "0.073850000", "modified": "2023-03-16"}, {"cve": "CVE-2020-1397", "epss": "0.016050000", "percentile": "0.854250000", "modified": "2023-03-16"}, {"cve": "CVE-2020-1407", "epss": "0.054630000", "percentile": "0.919750000", "modified": "2023-03-16"}, {"cve": "CVE-2020-1384", "epss": "0.000430000", "percentile": "0.073850000", "modified": "2023-03-16"}, {"cve": "CVE-2020-1427", "epss": "0.000430000", "percentile": "0.073850000", "modified": "2023-03-16"}, {"cve": "CVE-2020-1267", "epss": "0.001470000", "percentile": "0.490240000", "modified": "2023-03-16"}, {"cve": "CVE-2020-1399", "epss": "0.000430000", "percentile": "0.073850000", "modified": "2023-03-16"}, {"cve": "CVE-2020-1368", "epss": "0.000430000", "percentile": "0.073850000", "modified": "2023-03-16"}, {"cve": "CVE-2020-1249", "epss": "0.000430000", "percentile": "0.073850000", "modified": "2023-03-16"}, {"cve": "CVE-2020-1430", "epss": "0.000470000", "percentile": "0.141430000", "modified": "2023-03-16"}, {"cve": "CVE-2020-1412", "epss": "0.019850000", "percentile": "0.869830000", "modified": "2023-03-16"}, {"cve": "CVE-2020-1409", "epss": "0.054630000", "percentile": "0.919750000", "modified": "2023-03-16"}, {"cve": "CVE-2020-1374", "epss": "0.011830000", "percentile": "0.828870000", "modified": "2023-03-16"}, {"cve": "CVE-2020-1421", "epss": "0.073890000", "percentile": "0.930110000", "modified": "2023-03-16"}, {"cve": "CVE-2020-1365", "epss": "0.000470000", "percentile": "0.141430000", "modified": "2023-03-16"}, {"cve": "CVE-2020-1435", "epss": "0.052520000", "percentile": "0.918110000", "modified": "2023-03-16"}, {"cve": "CVE-2020-1408", "epss": "0.032910000", "percentile": "0.897760000", "modified": "2023-03-16"}, {"cve": "CVE-2020-1437", "epss": "0.000430000", "percentile": "0.073850000", "modified": "2023-03-16"}, {"cve": "CVE-2020-1400", "epss": "0.014470000", "percentile": "0.846020000", "modified": "2023-03-16"}, {"cve": "CVE-2020-1359", "epss": "0.000430000", "percentile": "0.073850000", "modified": "2023-03-16"}, {"cve": "CVE-2020-1428", "epss": "0.000430000", "percentile": "0.073850000", "modified": "2023-03-16"}, {"cve": "CVE-2020-1351", "epss": "0.000430000", "percentile": "0.073850000", "modified": "2023-03-16"}, {"cve": "CVE-2020-1410", "epss": "0.054630000", "percentile": "0.919750000", "modified": "2023-03-16"}], "vulnersScore": -0.1}, "_state": {"dependencies": 1678960192, "score": 1684001907, "epss": 1678993763}, "_internal": {"score_hash": "cd8767779c26267d2925da2ab38b0a7d"}, "pluginID": "1361412562310817231", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.817231\");\n script_version(\"2020-07-20T05:00:04+0000\");\n script_cve_id(\"CVE-2020-1085\", \"CVE-2020-1249\", \"CVE-2020-1267\", \"CVE-2020-1333\",\n \"CVE-2020-1350\", \"CVE-2020-1351\", \"CVE-2020-1354\", \"CVE-2020-1356\",\n \"CVE-2020-1359\", \"CVE-2020-1360\", \"CVE-2020-1365\", \"CVE-2020-1368\",\n \"CVE-2020-1371\", \"CVE-2020-1373\", \"CVE-2020-1374\", \"CVE-2020-1384\",\n \"CVE-2020-1385\", \"CVE-2020-1389\", \"CVE-2020-1390\", \"CVE-2020-1396\",\n \"CVE-2020-1397\", \"CVE-2020-1399\", \"CVE-2020-1400\", \"CVE-2020-1401\",\n \"CVE-2020-1402\", \"CVE-2020-1403\", \"CVE-2020-1406\", \"CVE-2020-1407\",\n \"CVE-2020-1408\", \"CVE-2020-1409\", \"CVE-2020-1410\", \"CVE-2020-1412\",\n \"CVE-2020-1419\", \"CVE-2020-1421\", \"CVE-2020-1427\", \"CVE-2020-1428\",\n \"CVE-2020-1430\", \"CVE-2020-1432\", \"CVE-2020-1435\", \"CVE-2020-1436\",\n \"CVE-2020-1437\", \"CVE-2020-1438\", \"CVE-2020-1468\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-07-20 05:00:04 +0000 (Mon, 20 Jul 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-07-15 19:22:27 +0530 (Wed, 15 Jul 2020)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4565541)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4565541\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\n on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to,\n\n - Windows Domain Name System servers fail to properly handle requests (SIGRed, CVE-2020-1350).\n\n - DirectWrite fails to properly handle objects in memory.\n\n - Windows Address Book (WAB) fails to properly processes vcard files.\n\n - Windows Graphics Device Interface (GDI) fails to properly handle\n objects in the memory.\n\n - Windows Network Connections Service fails to handle objects in memory.\n Please see the references for more information about the vulnerabilities.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n to execute arbitrary code, elevate privilges, disclose sensitive information\n and denial of service attacks.\");\n\n script_tag(name:\"affected\", value:\"- Microsoft Windows 8.1 32-bit Systems\n\n - Microsoft Windows 8.1 for x64-based Systems\n\n - Microsoft Windows Server 2012 R2\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see\n the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4565541\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win8_1:1, win8_1x64:1, win2012R2:1) <= 0)\n exit(0);\n\ndllPath = smb_get_system32root();\nif(!dllPath)\n exit(0);\n\nfileVer = fetch_file_version(sysPath:dllPath, file_name:\"Gdiplus.dll\");\nif(!fileVer)\n exit(0);\n\nif(version_is_less(version:fileVer, test_version:\"6.3.9600.19756\")) {\n report = report_fixed_ver(file_checked:dllPath + \"\\Gdiplus.dll\",\n file_version:fileVer, vulnerable_range:\"Less than 6.3.9600.19756\");\n security_message(data:report);\n exit(0);\n}\n\nexit(99);\n", "naslFamily": "Windows : Microsoft Bulletins"}
{"openvas": [{"lastseen": "2020-07-21T19:51:37", "description": "This host is missing a critical security\n update according to Microsoft KB4565524", "cvss3": {}, "published": "2020-07-15T00:00:00", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4565524)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-1373", "CVE-2020-1354", "CVE-2020-1438", "CVE-2020-1432", "CVE-2020-1401", "CVE-2020-1403", "CVE-2020-1436", "CVE-2020-1085", "CVE-2020-1390", "CVE-2020-1402", "CVE-2020-1371", "CVE-2020-1350", "CVE-2020-1468", "CVE-2020-1360", "CVE-2020-1419", "CVE-2020-1333", "CVE-2020-1389", "CVE-2020-1396", "CVE-2020-1397", "CVE-2020-1407", "CVE-2020-1384", "CVE-2020-1427", "CVE-2020-1267", "CVE-2020-1430", "CVE-2020-1412", "CVE-2020-1409", "CVE-2020-1374", "CVE-2020-1421", "CVE-2020-1365", "CVE-2020-1435", "CVE-2020-1408", "CVE-2020-1437", "CVE-2020-1400", "CVE-2020-1359", "CVE-2020-1428", "CVE-2020-1351", "CVE-2020-1410"], "modified": "2020-07-20T00:00:00", "id": "OPENVAS:1361412562310817230", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310817230", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.817230\");\n script_version(\"2020-07-20T05:00:04+0000\");\n script_cve_id(\"CVE-2020-1085\", \"CVE-2020-1267\", \"CVE-2020-1333\", \"CVE-2020-1350\",\n \"CVE-2020-1351\", \"CVE-2020-1354\", \"CVE-2020-1359\", \"CVE-2020-1360\",\n \"CVE-2020-1365\", \"CVE-2020-1371\", \"CVE-2020-1373\", \"CVE-2020-1374\",\n \"CVE-2020-1384\", \"CVE-2020-1389\", \"CVE-2020-1390\", \"CVE-2020-1396\",\n \"CVE-2020-1397\", \"CVE-2020-1400\", \"CVE-2020-1401\", \"CVE-2020-1402\",\n \"CVE-2020-1403\", \"CVE-2020-1407\", \"CVE-2020-1408\", \"CVE-2020-1409\",\n \"CVE-2020-1410\", \"CVE-2020-1412\", \"CVE-2020-1419\", \"CVE-2020-1421\",\n \"CVE-2020-1427\", \"CVE-2020-1428\", \"CVE-2020-1430\", \"CVE-2020-1432\",\n \"CVE-2020-1435\", \"CVE-2020-1436\", \"CVE-2020-1437\", \"CVE-2020-1438\",\n \"CVE-2020-1468\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-07-20 05:00:04 +0000 (Mon, 20 Jul 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-07-15 18:26:24 +0530 (Wed, 15 Jul 2020)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4565524)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4565524\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\n on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to,\n\n - Windows Domain Name System servers fail to properly handle requests (SIGRed, CVE-2020-1350).\n\n - Windows Event Logging Service fails to properly handle memory.\n\n - Windows Network Location Awareness Service fails to properly\n handle objects in memory.\n\n - Windows Jet Database Engine fails to properly handle objects in memory.\n\n - Windows Network Connections Service fails to properly handle\n objects in memory.\n\n - Windows Cryptography Next Generation (CNG) Key Isolation service\n fails to properly handle memory.\n\n Please see the references for more information about the vulnerabilities.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n to execute arbitrary code, elevate privilges, disclose sensitive information\n and denial of service attacks.\");\n\n script_tag(name:\"affected\", value:\"- Microsoft Windows Server 2008 R2 for x64-based Systems Service Pack 1\n\n - Microsoft Windows Server 2012\n\n - Microsoft Windows 7 for x64-based Systems Service Pack 1\n\n - Microsoft Windows 7 for 32-bit Systems Service Pack 1\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see\n the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4565524\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win2008r2:2, win2012:1, win7x64:2, win7:2) <= 0){\n exit(0);\n}\n\ndllPath = smb_get_system32root();\nif(!dllPath)\n exit(0);\n\nfileVer = fetch_file_version(sysPath:dllPath, file_name:\"Gdiplus.dll\");\nif(!fileVer)\n exit(0);\n\nif(version_is_less(version:fileVer, test_version:\"5.2.7601.24557\")) {\n report = report_fixed_ver(file_checked:dllPath + \"\\Gdiplus.dll\",\n file_version:fileVer, vulnerable_range:\"Less than 5.2.7601.24557\");\n security_message(data:report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-21T19:50:57", "description": "This host is missing a critical security\n update according to Microsoft KB4565536", "cvss3": {}, "published": "2020-07-15T00:00:00", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4565536)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-1373", "CVE-2020-1354", "CVE-2020-1438", "CVE-2020-1401", "CVE-2020-1403", "CVE-2020-1436", "CVE-2020-1085", "CVE-2020-1390", "CVE-2020-1371", "CVE-2020-1350", "CVE-2020-1468", "CVE-2020-1360", "CVE-2020-1419", "CVE-2020-1333", "CVE-2020-1389", "CVE-2020-1396", "CVE-2020-1397", "CVE-2020-1407", "CVE-2020-1384", "CVE-2020-1427", "CVE-2020-1267", "CVE-2020-1430", "CVE-2020-1412", "CVE-2020-1409", "CVE-2020-1421", "CVE-2020-1365", "CVE-2020-1435", "CVE-2020-1408", "CVE-2020-1437", "CVE-2020-1400", "CVE-2020-1359", "CVE-2020-1428", "CVE-2020-1410"], "modified": "2020-07-20T00:00:00", "id": "OPENVAS:1361412562310817232", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310817232", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.817232\");\n script_version(\"2020-07-20T05:00:04+0000\");\n script_cve_id(\"CVE-2020-1085\", \"CVE-2020-1267\", \"CVE-2020-1333\", \"CVE-2020-1350\",\n \"CVE-2020-1354\", \"CVE-2020-1359\", \"CVE-2020-1360\", \"CVE-2020-1365\",\n \"CVE-2020-1371\", \"CVE-2020-1373\", \"CVE-2020-1384\", \"CVE-2020-1389\",\n \"CVE-2020-1390\", \"CVE-2020-1396\", \"CVE-2020-1397\", \"CVE-2020-1400\",\n \"CVE-2020-1401\", \"CVE-2020-1403\", \"CVE-2020-1407\", \"CVE-2020-1408\",\n \"CVE-2020-1409\", \"CVE-2020-1410\", \"CVE-2020-1412\", \"CVE-2020-1419\",\n \"CVE-2020-1421\", \"CVE-2020-1427\", \"CVE-2020-1428\", \"CVE-2020-1430\",\n \"CVE-2020-1435\", \"CVE-2020-1436\", \"CVE-2020-1437\", \"CVE-2020-1438\",\n \"CVE-2020-1468\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-07-20 05:00:04 +0000 (Mon, 20 Jul 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-07-15 20:23:57 +0530 (Wed, 15 Jul 2020)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4565536)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4565536\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\n on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to,\n\n - Windows Domain Name System servers fail to properly handle requests (SIGRed, CVE-2020-1350).\n\n - DirectWrite fails to properly handle objects in memory.\n\n - Windows Address Book (WAB) fails to properly processes vcard files.\n\n - Windows Graphics Device Interface (GDI) fails to properly handle\n objects in the memory.\n\n - Windows Network Connections Service fails to handle objects in memory.\n\n Please see the references for more information about the vulnerabilities.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n to execute arbitrary code, elevate privilges, disclose sensitive information\n and denial of service attacks.\");\n\n script_tag(name:\"affected\", value:\"- Microsoft Windows Server 2008 for 32-bit Systems Service Pack 2\n\n - Microsoft Windows Server 2008 for x64-based Systems Service Pack 2\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see\n the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4565536\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win2008:3, win2008x64:3) <= 0){\n exit(0);\n}\n\ndllPath = smb_get_system32root();\nif(!dllPath)\n exit(0);\n\nfileVer = fetch_file_version(sysPath:dllPath, file_name:\"Gdiplus.dll\");\nif(!fileVer)\n exit(0);\n\nif(version_is_less(version:fileVer, test_version:\"5.2.6003.20883\")) {\n report = report_fixed_ver(file_checked:dllPath + \"\\Gdiplus.dll\",\n file_version:fileVer, vulnerable_range:\"Less than 5.2.6003.20883\");\n security_message(data:report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-21T19:50:56", "description": "This host is missing a critical security\n update according to Microsoft KB4565513", "cvss3": {}, "published": "2020-07-15T00:00:00", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4565513)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-1373", "CVE-2020-1354", "CVE-2020-1438", "CVE-2020-1404", "CVE-2020-1432", "CVE-2020-1401", "CVE-2020-1403", "CVE-2020-1420", "CVE-2020-1413", "CVE-2020-1344", "CVE-2020-1433", "CVE-2020-1353", "CVE-2020-1436", "CVE-2020-1085", "CVE-2020-1390", "CVE-2020-1358", "CVE-2020-1402", "CVE-2020-1406", "CVE-2020-1371", "CVE-2020-1352", "CVE-2020-1411", "CVE-2020-1393", "CVE-2020-1468", "CVE-2020-1370", "CVE-2020-1360", "CVE-2020-1419", "CVE-2020-1333", "CVE-2020-1389", "CVE-2020-1385", "CVE-2020-1396", "CVE-2020-1362", "CVE-2020-1397", "CVE-2020-1407", "CVE-2020-1384", "CVE-2020-1427", "CVE-2020-1267", "CVE-2020-1399", "CVE-2020-1368", "CVE-2020-1249", "CVE-2020-1430", "CVE-2020-1412", "CVE-2020-1409", "CVE-2020-1147", "CVE-2020-1374", "CVE-2020-1421", "CVE-2020-1365", "CVE-2020-1435", "CVE-2020-1369", "CVE-2020-1408", "CVE-2020-1437", "CVE-2020-1434", "CVE-2020-1361", "CVE-2020-1400", "CVE-2020-1398", "CVE-2020-1359", "CVE-2020-1428", "CVE-2020-1351", "CVE-2020-1429", "CVE-2020-1364", "CVE-2020-1410"], "modified": "2020-07-17T00:00:00", "id": "OPENVAS:1361412562310817229", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310817229", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.817229\");\n script_version(\"2020-07-17T05:57:41+0000\");\n script_cve_id(\"CVE-2020-1085\", \"CVE-2020-1147\", \"CVE-2020-1249\", \"CVE-2020-1267\",\n \"CVE-2020-1333\", \"CVE-2020-1344\", \"CVE-2020-1351\", \"CVE-2020-1352\",\n \"CVE-2020-1353\", \"CVE-2020-1354\", \"CVE-2020-1358\", \"CVE-2020-1359\",\n \"CVE-2020-1360\", \"CVE-2020-1361\", \"CVE-2020-1362\", \"CVE-2020-1364\",\n \"CVE-2020-1365\", \"CVE-2020-1368\", \"CVE-2020-1369\", \"CVE-2020-1370\",\n \"CVE-2020-1371\", \"CVE-2020-1373\", \"CVE-2020-1374\", \"CVE-2020-1384\",\n \"CVE-2020-1385\", \"CVE-2020-1389\", \"CVE-2020-1390\", \"CVE-2020-1393\",\n \"CVE-2020-1396\", \"CVE-2020-1397\", \"CVE-2020-1398\", \"CVE-2020-1399\",\n \"CVE-2020-1400\", \"CVE-2020-1401\", \"CVE-2020-1402\", \"CVE-2020-1403\",\n \"CVE-2020-1404\", \"CVE-2020-1406\", \"CVE-2020-1407\", \"CVE-2020-1408\",\n \"CVE-2020-1409\", \"CVE-2020-1410\", \"CVE-2020-1411\", \"CVE-2020-1412\",\n \"CVE-2020-1413\", \"CVE-2020-1419\", \"CVE-2020-1420\", \"CVE-2020-1421\",\n \"CVE-2020-1427\", \"CVE-2020-1428\", \"CVE-2020-1429\", \"CVE-2020-1430\",\n \"CVE-2020-1432\", \"CVE-2020-1433\", \"CVE-2020-1434\", \"CVE-2020-1435\",\n \"CVE-2020-1436\", \"CVE-2020-1437\", \"CVE-2020-1438\", \"CVE-2020-1468\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-07-17 05:57:41 +0000 (Fri, 17 Jul 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-07-15 17:56:41 +0530 (Wed, 15 Jul 2020)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4565513)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4565513\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\n on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to,\n\n - Windows Event Logging Service fails to properly handle memory.\n\n - Windows WalletService fails to properly handle objects in memory.\n\n - Windows Network Connections Service fails to properly handle objects in memory.\n\n - Windows Jet Database Engine fails to properly handle objects in memory.\n\n - Windows Network Connections Service fails to properly handle\n objects in memory.\n\n - Windows Error Reporting fails to properly handle file operations.\n\n Please see the references for more information about the vulnerabilities.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n to execute arbitrary code, elevate privilges, disclose sensitive information\n and denial of service attacks.\");\n\n script_tag(name:\"affected\", value:\"- Microsoft Windows 10 for 32-bit Systems\n\n - Microsoft Windows 10 for x64-based Systems\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see\n the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4565513\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win10:1, win10x64:1) <= 0){\n exit(0);\n}\n\ndllPath = smb_get_system32root();\nif(!dllPath)\n exit(0);\n\nfileVer = fetch_file_version(sysPath:dllPath, file_name:\"User32.dll\");\nif(!fileVer)\n exit(0);\n\nif(version_is_less(version:fileVer, test_version:\"10.0.10240.18638\")) {\n report = report_fixed_ver(file_checked:dllPath + \"\\User32.dll\",\n file_version:fileVer, vulnerable_range:\"Less than 10.0.10240.18638\");\n security_message(data:report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-21T19:51:39", "description": "This host is missing a critical security\n update according to Microsoft KB4565511", "cvss3": {}, "published": "2020-07-15T00:00:00", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4565511)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-1373", "CVE-2020-1354", "CVE-2020-1438", "CVE-2020-1404", "CVE-2020-1432", "CVE-2020-1401", "CVE-2020-1403", "CVE-2020-1420", "CVE-2020-1413", "CVE-2020-1344", "CVE-2020-1433", "CVE-2020-1353", "CVE-2020-1436", "CVE-2020-1085", "CVE-2020-1390", "CVE-2020-1358", "CVE-2020-1402", "CVE-2020-1406", "CVE-2020-1371", "CVE-2020-1352", "CVE-2020-1350", "CVE-2020-1411", "CVE-2020-1393", "CVE-2020-1468", "CVE-2020-1370", "CVE-2020-1360", "CVE-2020-1419", "CVE-2020-1333", "CVE-2020-1356", "CVE-2020-1336", "CVE-2020-1389", "CVE-2020-1385", "CVE-2020-1396", "CVE-2020-1362", "CVE-2020-1388", "CVE-2020-1397", "CVE-2020-1407", "CVE-2020-1384", "CVE-2020-1463", "CVE-2020-1427", "CVE-2020-1395", "CVE-2020-1267", "CVE-2020-1399", "CVE-2020-1368", "CVE-2020-1249", "CVE-2020-1430", "CVE-2020-1357", "CVE-2020-1412", "CVE-2020-1409", "CVE-2020-1147", "CVE-2020-1462", "CVE-2020-1374", "CVE-2020-1421", "CVE-2020-1365", "CVE-2020-1435", "CVE-2020-1369", "CVE-2020-1408", "CVE-2020-1437", "CVE-2020-1434", "CVE-2020-1361", "CVE-2020-1400", "CVE-2020-1398", "CVE-2020-1359", "CVE-2020-1428", "CVE-2020-1351", "CVE-2020-1429", "CVE-2020-1364", "CVE-2020-1410"], "modified": "2020-07-20T00:00:00", "id": "OPENVAS:1361412562310817226", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310817226", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.817226\");\n script_version(\"2020-07-20T05:00:04+0000\");\n script_cve_id(\"CVE-2020-1085\", \"CVE-2020-1147\", \"CVE-2020-1249\", \"CVE-2020-1267\",\n \"CVE-2020-1333\", \"CVE-2020-1336\", \"CVE-2020-1344\", \"CVE-2020-1350\",\n \"CVE-2020-1351\", \"CVE-2020-1352\", \"CVE-2020-1353\", \"CVE-2020-1354\",\n \"CVE-2020-1356\", \"CVE-2020-1357\", \"CVE-2020-1358\", \"CVE-2020-1359\",\n \"CVE-2020-1360\", \"CVE-2020-1361\", \"CVE-2020-1362\", \"CVE-2020-1364\",\n \"CVE-2020-1365\", \"CVE-2020-1368\", \"CVE-2020-1369\", \"CVE-2020-1370\",\n \"CVE-2020-1371\", \"CVE-2020-1373\", \"CVE-2020-1374\", \"CVE-2020-1384\",\n \"CVE-2020-1385\", \"CVE-2020-1388\", \"CVE-2020-1389\", \"CVE-2020-1390\",\n \"CVE-2020-1393\", \"CVE-2020-1395\", \"CVE-2020-1396\", \"CVE-2020-1397\",\n \"CVE-2020-1398\", \"CVE-2020-1399\", \"CVE-2020-1400\", \"CVE-2020-1401\",\n \"CVE-2020-1402\", \"CVE-2020-1403\", \"CVE-2020-1404\", \"CVE-2020-1406\",\n \"CVE-2020-1407\", \"CVE-2020-1408\", \"CVE-2020-1409\", \"CVE-2020-1410\",\n \"CVE-2020-1411\", \"CVE-2020-1412\", \"CVE-2020-1413\", \"CVE-2020-1419\",\n \"CVE-2020-1420\", \"CVE-2020-1421\", \"CVE-2020-1427\", \"CVE-2020-1428\",\n \"CVE-2020-1429\", \"CVE-2020-1430\", \"CVE-2020-1432\", \"CVE-2020-1433\",\n \"CVE-2020-1434\", \"CVE-2020-1435\", \"CVE-2020-1436\", \"CVE-2020-1437\",\n \"CVE-2020-1438\", \"CVE-2020-1462\", \"CVE-2020-1463\", \"CVE-2020-1468\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-07-20 05:00:04 +0000 (Mon, 20 Jul 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-07-15 15:23:26 +0530 (Wed, 15 Jul 2020)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4565511)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4565511\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\n on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to,\n\n - Windows Domain Name System servers fail to properly handle requests (SIGRed, CVE-2020-1350).\n\n - Windows System Events Broker fails to properly handle file operations.\n\n - Windows WalletService fails to properly handle objects in memory.\n\n - Windows Runtime fails to properly handle objects in memory.\n\n - Windows Jet Database Engine fails to properly handle objects in memory.\n\n - Windows Network Connections Service fails to properly handle\n objects in memory.\n\n - SharedStream Library fails to handle objects in memory.\n\n Please see the references for more information about the vulnerabilities.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n to execute arbitrary code, elevate privilges, disclose sensitive information\n and denial of service attacks.\");\n\n script_tag(name:\"affected\", value:\"- Microsoft Windows 10 Version 1607 for 32-bit Systems\n\n - Microsoft Windows 10 Version 1607 for x64-based Systems\n\n - Microsoft Windows Server 2016\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see\n the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4565511\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win10:1, win10x64:1, win2016:1) <= 0)\n exit(0);\n\ndllPath = smb_get_system32root();\nif(!dllPath)\n exit(0);\n\nfileVer = fetch_file_version(sysPath:dllPath, file_name:\"Gdiplus.dll\");\nif(!fileVer)\n exit(0);\n\nif(version_in_range(version:fileVer, test_version:\"10.0.14393.0\", test_version2:\"10.0.14393.3807\")) {\n report = report_fixed_ver(file_checked:dllPath + \"\\Gdiplus.dll\",\n file_version:fileVer, vulnerable_range:\"10.0.14393.0 - 10.0.14393.3807\");\n security_message(data:report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-21T19:51:33", "description": "This host is missing a important security\n update according to Microsoft KB4565508", "cvss3": {}, "published": "2020-07-15T00:00:00", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4565508)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-1373", "CVE-2020-1354", "CVE-2020-1438", "CVE-2020-1404", "CVE-2020-1432", "CVE-2020-1401", "CVE-2020-1372", "CVE-2020-1403", "CVE-2020-1420", "CVE-2020-1413", "CVE-2020-1392", "CVE-2020-1344", "CVE-2020-1433", "CVE-2020-1353", "CVE-2020-1436", "CVE-2020-1375", "CVE-2020-1085", "CVE-2020-1390", "CVE-2020-1358", "CVE-2020-1402", "CVE-2020-1406", "CVE-2020-1371", "CVE-2020-1352", "CVE-2020-1411", "CVE-2020-1393", "CVE-2020-1386", "CVE-2020-1468", "CVE-2020-1370", "CVE-2020-1347", "CVE-2020-1360", "CVE-2020-1419", "CVE-2020-1333", "CVE-2020-1336", "CVE-2020-1389", "CVE-2020-1418", "CVE-2020-1385", "CVE-2020-1396", "CVE-2020-1362", "CVE-2020-1388", "CVE-2020-1397", "CVE-2020-1407", "CVE-2020-1384", "CVE-2020-1463", "CVE-2020-1427", "CVE-2020-1363", "CVE-2020-1395", "CVE-2020-1267", "CVE-2020-1399", "CVE-2020-1368", "CVE-2020-1249", "CVE-2020-1430", "CVE-2020-1357", "CVE-2020-1412", "CVE-2020-1409", "CVE-2020-1147", "CVE-2020-1462", "CVE-2020-1374", "CVE-2020-1421", "CVE-2020-1365", "CVE-2020-1435", "CVE-2020-1369", "CVE-2020-1408", "CVE-2020-1394", "CVE-2020-1437", "CVE-2020-1434", "CVE-2020-1366", "CVE-2020-1361", "CVE-2020-1400", "CVE-2020-1398", "CVE-2020-1359", "CVE-2020-1428", "CVE-2020-1351", "CVE-2020-1429", "CVE-2020-1364", "CVE-2020-1387", "CVE-2020-1410"], "modified": "2020-07-17T00:00:00", "id": "OPENVAS:1361412562310817223", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310817223", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.817223\");\n script_version(\"2020-07-17T05:57:41+0000\");\n script_cve_id(\"CVE-2020-1085\", \"CVE-2020-1147\", \"CVE-2020-1249\", \"CVE-2020-1267\",\n \"CVE-2020-1333\", \"CVE-2020-1336\", \"CVE-2020-1344\", \"CVE-2020-1347\",\n \"CVE-2020-1351\", \"CVE-2020-1352\", \"CVE-2020-1353\", \"CVE-2020-1354\",\n \"CVE-2020-1357\", \"CVE-2020-1358\", \"CVE-2020-1359\", \"CVE-2020-1360\",\n \"CVE-2020-1361\", \"CVE-2020-1362\", \"CVE-2020-1363\", \"CVE-2020-1364\",\n \"CVE-2020-1365\", \"CVE-2020-1366\", \"CVE-2020-1368\", \"CVE-2020-1369\",\n \"CVE-2020-1370\", \"CVE-2020-1371\", \"CVE-2020-1372\", \"CVE-2020-1373\",\n \"CVE-2020-1374\", \"CVE-2020-1375\", \"CVE-2020-1384\", \"CVE-2020-1385\",\n \"CVE-2020-1386\", \"CVE-2020-1387\", \"CVE-2020-1388\", \"CVE-2020-1389\",\n \"CVE-2020-1390\", \"CVE-2020-1392\", \"CVE-2020-1393\", \"CVE-2020-1394\",\n \"CVE-2020-1395\", \"CVE-2020-1396\", \"CVE-2020-1397\", \"CVE-2020-1398\",\n \"CVE-2020-1399\", \"CVE-2020-1400\", \"CVE-2020-1401\", \"CVE-2020-1402\",\n \"CVE-2020-1403\", \"CVE-2020-1404\", \"CVE-2020-1406\", \"CVE-2020-1407\",\n \"CVE-2020-1408\", \"CVE-2020-1409\", \"CVE-2020-1410\", \"CVE-2020-1411\",\n \"CVE-2020-1412\", \"CVE-2020-1413\", \"CVE-2020-1418\", \"CVE-2020-1419\",\n \"CVE-2020-1420\", \"CVE-2020-1421\", \"CVE-2020-1427\", \"CVE-2020-1428\",\n \"CVE-2020-1429\", \"CVE-2020-1430\", \"CVE-2020-1432\", \"CVE-2020-1433\",\n \"CVE-2020-1434\", \"CVE-2020-1435\", \"CVE-2020-1436\", \"CVE-2020-1437\",\n \"CVE-2020-1438\", \"CVE-2020-1462\", \"CVE-2020-1463\", \"CVE-2020-1468\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-07-17 05:57:41 +0000 (Fri, 17 Jul 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-07-15 09:51:05 +0530 (Wed, 15 Jul 2020)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4565508)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a important security\n update according to Microsoft KB4565508\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\n on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to,\n\n - Windows System Events Broker fails to properly handle file operations.\n\n - Windows WalletService fails to properly handle objects in memory.\n\n - Windows Mobile Device Management (MDM) Diagnostics fails to\n properly handle objects in memory.\n\n - Windows Jet Database Engine fails to properly handle objects in memory.\n\n - Windows Network Connections Service fails to properly handle\n objects in memory.\n\n - SharedStream Library fails to handle objects in memory.\n Please see the references for more information about the vulnerabilities.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n to execute arbitrary code, elevate privilges, disclose sensitive information\n and denial of service attacks.\");\n\n script_tag(name:\"affected\", value:\"- Microsoft Windows 10 Version 1709 for 32-bit Systems\n\n - Microsoft Windows 10 Version 1709 for x64-based Systems\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see\n the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4565508\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win10:1, win10x64:1) <= 0){\n exit(0);\n}\n\ndllPath = smb_get_system32root();\nif(!dllPath)\n exit(0);\n\nfileVer = fetch_file_version(sysPath:dllPath, file_name:\"User32.dll\");\nif(!fileVer)\n exit(0);\n\nif(version_in_range(version:fileVer, test_version:\"10.0.16299.0\", test_version2:\"10.0.16299.1991\")) {\n report = report_fixed_ver(file_checked:dllPath + \"\\User32.dll\",\n file_version:fileVer, vulnerable_range:\"10.0.16299.0 - 10.0.16299.1991\");\n security_message(data:report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-21T19:50:55", "description": "This host is missing a critical security\n update according to Microsoft KB4565489", "cvss3": {}, "published": "2020-07-15T00:00:00", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4565489)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-1373", "CVE-2020-1354", "CVE-2020-1438", "CVE-2020-1404", "CVE-2020-1432", "CVE-2020-1401", "CVE-2020-1372", "CVE-2020-1403", "CVE-2020-1420", "CVE-2020-1413", "CVE-2020-1392", "CVE-2020-1344", "CVE-2020-1414", "CVE-2020-1433", "CVE-2020-1353", "CVE-2020-1415", "CVE-2020-1436", "CVE-2020-1375", "CVE-2020-1085", "CVE-2020-1390", "CVE-2020-1358", "CVE-2020-1402", "CVE-2020-1406", "CVE-2020-1371", "CVE-2020-1352", "CVE-2020-1411", "CVE-2020-1393", "CVE-2020-1386", "CVE-2020-1468", "CVE-2020-1422", "CVE-2020-1370", "CVE-2020-1347", "CVE-2020-1360", "CVE-2020-1419", "CVE-2020-1333", "CVE-2020-1336", "CVE-2020-1389", "CVE-2020-1418", "CVE-2020-1385", "CVE-2020-1396", "CVE-2020-1362", "CVE-2020-1431", "CVE-2020-1388", "CVE-2020-1426", "CVE-2020-1397", "CVE-2020-1407", "CVE-2020-1384", "CVE-2020-1463", "CVE-2020-1427", "CVE-2020-1363", "CVE-2020-1395", "CVE-2020-1267", "CVE-2020-1399", "CVE-2020-1368", "CVE-2020-1249", "CVE-2020-1430", "CVE-2020-1357", "CVE-2020-1412", "CVE-2020-1409", "CVE-2020-1147", "CVE-2020-1462", "CVE-2020-1374", "CVE-2020-1421", "CVE-2020-1365", "CVE-2020-1435", "CVE-2020-1369", "CVE-2020-1408", "CVE-2020-1394", "CVE-2020-1437", "CVE-2020-1434", "CVE-2020-1366", "CVE-2020-1361", "CVE-2020-1400", "CVE-2020-1398", "CVE-2020-1359", "CVE-2020-1424", "CVE-2020-1428", "CVE-2020-1351", "CVE-2020-1429", "CVE-2020-1364", "CVE-2020-1387", "CVE-2020-1410"], "modified": "2020-07-17T00:00:00", "id": "OPENVAS:1361412562310817227", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310817227", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.817227\");\n script_version(\"2020-07-17T05:57:41+0000\");\n script_cve_id(\"CVE-2020-1085\", \"CVE-2020-1147\", \"CVE-2020-1249\", \"CVE-2020-1267\",\n \"CVE-2020-1333\", \"CVE-2020-1336\", \"CVE-2020-1344\", \"CVE-2020-1347\",\n \"CVE-2020-1351\", \"CVE-2020-1352\", \"CVE-2020-1353\", \"CVE-2020-1354\",\n \"CVE-2020-1357\", \"CVE-2020-1358\", \"CVE-2020-1359\", \"CVE-2020-1360\",\n \"CVE-2020-1361\", \"CVE-2020-1362\", \"CVE-2020-1363\", \"CVE-2020-1364\",\n \"CVE-2020-1365\", \"CVE-2020-1366\", \"CVE-2020-1368\", \"CVE-2020-1369\",\n \"CVE-2020-1370\", \"CVE-2020-1371\", \"CVE-2020-1372\", \"CVE-2020-1373\",\n \"CVE-2020-1374\", \"CVE-2020-1375\", \"CVE-2020-1384\", \"CVE-2020-1385\",\n \"CVE-2020-1386\", \"CVE-2020-1387\", \"CVE-2020-1388\", \"CVE-2020-1389\",\n \"CVE-2020-1390\", \"CVE-2020-1392\", \"CVE-2020-1393\", \"CVE-2020-1394\",\n \"CVE-2020-1395\", \"CVE-2020-1396\", \"CVE-2020-1397\", \"CVE-2020-1398\",\n \"CVE-2020-1399\", \"CVE-2020-1400\", \"CVE-2020-1401\", \"CVE-2020-1402\",\n \"CVE-2020-1403\", \"CVE-2020-1404\", \"CVE-2020-1406\", \"CVE-2020-1407\",\n \"CVE-2020-1408\", \"CVE-2020-1409\", \"CVE-2020-1410\", \"CVE-2020-1411\",\n \"CVE-2020-1412\", \"CVE-2020-1413\", \"CVE-2020-1414\", \"CVE-2020-1415\",\n \"CVE-2020-1418\", \"CVE-2020-1419\", \"CVE-2020-1420\", \"CVE-2020-1421\",\n \"CVE-2020-1422\", \"CVE-2020-1424\", \"CVE-2020-1426\", \"CVE-2020-1427\",\n \"CVE-2020-1428\", \"CVE-2020-1429\", \"CVE-2020-1430\", \"CVE-2020-1431\",\n \"CVE-2020-1432\", \"CVE-2020-1433\", \"CVE-2020-1434\", \"CVE-2020-1435\",\n \"CVE-2020-1436\", \"CVE-2020-1437\", \"CVE-2020-1438\", \"CVE-2020-1462\",\n \"CVE-2020-1463\", \"CVE-2020-1468\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-07-17 05:57:41 +0000 (Fri, 17 Jul 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-07-15 15:54:53 +0530 (Wed, 15 Jul 2020)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4565489)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4565489\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\n on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to,\n\n - Windows System Events Broker fails to properly handle file operations.\n\n - Windows WalletService fails to properly handle objects in memory.\n\n - Windows Mobile Device Management (MDM) Diagnostics fails to\n properly handle objects in memory.\n\n - Windows Jet Database Engine fails to properly handle objects in memory.\n\n - Windows Network Connections Service fails to properly handle\n objects in memory.\n\n - SharedStream Library fails to handle objects in memory.\n\n Please see the references for more information about the vulnerabilities.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n to execute arbitrary code, elevate privilges, disclose sensitive information\n and denial of service attacks.\");\n\n script_tag(name:\"affected\", value:\"- Microsoft Windows 10 Version 1803 for 32-bit Systems\n\n - Microsoft Windows 10 Version 1803 for x64-based Systems\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see\n the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4565489\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win10:1, win10x64:1) <= 0){\n exit(0);\n}\n\ndllPath = smb_get_system32root();\nif(!dllPath)\n exit(0);\n\nfileVer = fetch_file_version(sysPath:dllPath, file_name:\"User32.dll\");\nif(!fileVer)\n exit(0);\n\nif(version_in_range(version:fileVer, test_version:\"10.0.17134.0\", test_version2:\"10.0.17134.1609\")) {\n report = report_fixed_ver(file_checked:dllPath + \"\\User32.dll\",\n file_version:fileVer, vulnerable_range:\"10.0.17134.0 - 10.0.17134.1609\");\n security_message(data:report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-21T19:51:36", "description": "This host is missing a critical security\n update according to Microsoft KB4558998", "cvss3": {}, "published": "2020-07-15T00:00:00", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4558998)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-1373", "CVE-2020-1367", "CVE-2020-1330", "CVE-2020-1354", "CVE-2020-1438", "CVE-2020-1404", "CVE-2020-1432", "CVE-2020-1401", "CVE-2020-1372", "CVE-2020-1403", "CVE-2020-1420", "CVE-2020-1413", "CVE-2020-1392", "CVE-2020-1405", "CVE-2020-1344", "CVE-2020-1414", "CVE-2020-1433", "CVE-2020-1353", "CVE-2020-1415", "CVE-2020-1436", "CVE-2020-1375", "CVE-2020-1085", "CVE-2020-1390", "CVE-2020-1358", "CVE-2020-1402", "CVE-2020-1406", "CVE-2020-1371", "CVE-2020-1352", "CVE-2020-1350", "CVE-2020-1411", "CVE-2020-1393", "CVE-2020-1386", "CVE-2020-1468", "CVE-2020-1422", "CVE-2020-1370", "CVE-2020-1347", "CVE-2020-1360", "CVE-2020-1419", "CVE-2020-1333", "CVE-2020-1356", "CVE-2020-1336", "CVE-2020-1389", "CVE-2020-1418", "CVE-2020-1385", "CVE-2020-1396", "CVE-2020-1362", "CVE-2020-1431", "CVE-2020-1388", "CVE-2020-1426", "CVE-2020-1397", "CVE-2020-1407", "CVE-2020-1384", "CVE-2020-1463", "CVE-2020-1427", "CVE-2020-1363", "CVE-2020-1395", "CVE-2020-1267", "CVE-2020-1399", "CVE-2020-1368", "CVE-2020-1249", "CVE-2020-1430", "CVE-2020-1357", "CVE-2020-1412", "CVE-2020-1409", "CVE-2020-1462", "CVE-2020-1374", "CVE-2020-1421", "CVE-2020-1365", "CVE-2020-1435", "CVE-2020-1369", "CVE-2020-1408", "CVE-2020-1394", "CVE-2020-1437", "CVE-2020-1434", "CVE-2020-1366", "CVE-2020-1361", "CVE-2020-1400", "CVE-2020-1398", "CVE-2020-1359", "CVE-2020-1424", "CVE-2020-1428", "CVE-2020-1351", "CVE-2020-1429", "CVE-2020-1364", "CVE-2020-1387", "CVE-2020-1410"], "modified": "2020-07-20T00:00:00", "id": "OPENVAS:1361412562310817228", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310817228", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.817228\");\n script_version(\"2020-07-20T05:00:04+0000\");\n script_cve_id(\"CVE-2020-1085\", \"CVE-2020-1249\", \"CVE-2020-1267\", \"CVE-2020-1330\",\n \"CVE-2020-1333\", \"CVE-2020-1336\", \"CVE-2020-1344\", \"CVE-2020-1347\",\n \"CVE-2020-1350\", \"CVE-2020-1351\", \"CVE-2020-1352\", \"CVE-2020-1353\",\n \"CVE-2020-1354\", \"CVE-2020-1356\", \"CVE-2020-1357\", \"CVE-2020-1358\",\n \"CVE-2020-1359\", \"CVE-2020-1360\", \"CVE-2020-1361\", \"CVE-2020-1362\",\n \"CVE-2020-1363\", \"CVE-2020-1364\", \"CVE-2020-1365\", \"CVE-2020-1366\",\n \"CVE-2020-1367\", \"CVE-2020-1368\", \"CVE-2020-1369\", \"CVE-2020-1370\",\n \"CVE-2020-1371\", \"CVE-2020-1372\", \"CVE-2020-1373\", \"CVE-2020-1374\",\n \"CVE-2020-1375\", \"CVE-2020-1384\", \"CVE-2020-1385\", \"CVE-2020-1386\",\n \"CVE-2020-1387\", \"CVE-2020-1388\", \"CVE-2020-1389\", \"CVE-2020-1390\",\n \"CVE-2020-1392\", \"CVE-2020-1393\", \"CVE-2020-1394\", \"CVE-2020-1395\",\n \"CVE-2020-1396\", \"CVE-2020-1397\", \"CVE-2020-1398\", \"CVE-2020-1399\",\n \"CVE-2020-1400\", \"CVE-2020-1401\", \"CVE-2020-1402\", \"CVE-2020-1403\",\n \"CVE-2020-1404\", \"CVE-2020-1405\", \"CVE-2020-1406\", \"CVE-2020-1407\",\n \"CVE-2020-1408\", \"CVE-2020-1409\", \"CVE-2020-1410\", \"CVE-2020-1411\",\n \"CVE-2020-1412\", \"CVE-2020-1413\", \"CVE-2020-1414\", \"CVE-2020-1415\",\n \"CVE-2020-1418\", \"CVE-2020-1419\", \"CVE-2020-1420\", \"CVE-2020-1421\",\n \"CVE-2020-1422\", \"CVE-2020-1424\", \"CVE-2020-1426\", \"CVE-2020-1427\",\n \"CVE-2020-1428\", \"CVE-2020-1429\", \"CVE-2020-1430\", \"CVE-2020-1431\",\n \"CVE-2020-1432\", \"CVE-2020-1433\", \"CVE-2020-1434\", \"CVE-2020-1435\",\n \"CVE-2020-1436\", \"CVE-2020-1437\", \"CVE-2020-1438\", \"CVE-2020-1462\",\n \"CVE-2020-1463\", \"CVE-2020-1468\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-07-20 05:00:04 +0000 (Mon, 20 Jul 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-07-15 17:15:21 +0530 (Wed, 15 Jul 2020)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4558998)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4558998\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\n on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to,\n\n - Windows Domain Name System servers fail to properly handle requests (SIGRed, CVE-2020-1350).\n\n - Windows System Events Broker fails to properly handle file operations.\n\n - Windows WalletService fails to properly handle objects in memory.\n\n - Windows Mobile Device Management (MDM) Diagnostics fails to\n properly handle objects in memory.\n\n - Windows Jet Database Engine fails to properly handle objects in memory.\n\n - Windows Network Connections Service fails to properly handle\n objects in memory.\n\n - SharedStream Library fails to handle objects in memory.\n\n Please see the references for more information about the vulnerabilities.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n to execute arbitrary code, elevate privilges, disclose sensitive information\n and denial of service attacks.\");\n\n script_tag(name:\"affected\", value:\"- Microsoft Windows 10 Version 1809 for 32-bit Systems\n\n - Microsoft Windows 10 Version 1809 for x64-based Systems\n\n - Microsoft Windows Server 2019\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see\n the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4558998\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win10:1, win10x64:1, win2019:1) <= 0){\n exit(0);\n}\n\ndllPath = smb_get_system32root();\nif(!dllPath)\n exit(0);\n\nfileVer = fetch_file_version(sysPath:dllPath, file_name:\"Gdiplus.dll\");\nif(!fileVer)\n exit(0);\n\nif(version_in_range(version:fileVer, test_version:\"10.0.17763.0\", test_version2:\"10.0.17763.1338\")) {\n report = report_fixed_ver(file_checked:dllPath + \"\\Gdiplus.dll\",\n file_version:fileVer, vulnerable_range:\"10.0.17763.0 - 10.0.17763.1338\");\n security_message(data:report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-21T19:50:57", "description": "This host is missing a critical security\n update according to Microsoft KB4565483", "cvss3": {}, "published": "2020-07-15T00:00:00", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4565483)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-1373", "CVE-2020-1382", "CVE-2020-1367", "CVE-2020-1330", "CVE-2020-1354", "CVE-2020-1438", "CVE-2020-1404", "CVE-2020-1432", "CVE-2020-1401", "CVE-2020-1372", "CVE-2020-1403", "CVE-2020-1420", "CVE-2020-1413", "CVE-2020-1392", "CVE-2020-1405", "CVE-2020-1344", "CVE-2020-1414", "CVE-2020-1433", "CVE-2020-1353", "CVE-2020-1355", "CVE-2020-1415", "CVE-2020-1436", "CVE-2020-1375", "CVE-2020-1085", "CVE-2020-1390", "CVE-2020-1358", "CVE-2020-1402", "CVE-2020-1406", "CVE-2020-1371", "CVE-2020-1352", "CVE-2020-1350", "CVE-2020-1391", "CVE-2020-1411", "CVE-2020-1393", "CVE-2020-1386", "CVE-2020-1468", "CVE-2020-1422", "CVE-2020-1370", "CVE-2020-1347", "CVE-2020-1360", "CVE-2020-1419", "CVE-2020-1333", "CVE-2020-1356", "CVE-2020-1336", "CVE-2020-1389", "CVE-2020-1418", "CVE-2020-1385", "CVE-2020-1396", "CVE-2020-1362", "CVE-2020-1431", "CVE-2020-1388", "CVE-2020-1426", "CVE-2020-1397", "CVE-2020-1407", "CVE-2020-1384", "CVE-2020-1463", "CVE-2020-1427", "CVE-2020-1363", "CVE-2020-1381", "CVE-2020-1395", "CVE-2020-1267", "CVE-2020-1399", "CVE-2020-1368", "CVE-2020-1249", "CVE-2020-1430", "CVE-2020-1357", "CVE-2020-1412", "CVE-2020-1409", "CVE-2020-1462", "CVE-2020-1374", "CVE-2020-1421", "CVE-2020-1365", "CVE-2020-1435", "CVE-2020-1369", "CVE-2020-1408", "CVE-2020-1394", "CVE-2020-1437", "CVE-2020-1434", "CVE-2020-1366", "CVE-2020-1361", "CVE-2020-1400", "CVE-2020-1398", "CVE-2020-1359", "CVE-2020-1424", "CVE-2020-1428", "CVE-2020-1351", "CVE-2020-1429", "CVE-2020-1364", "CVE-2020-1387", "CVE-2020-1410"], "modified": "2020-07-20T00:00:00", "id": "OPENVAS:1361412562310817088", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310817088", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.817088\");\n script_version(\"2020-07-20T05:00:04+0000\");\n script_cve_id(\"CVE-2020-1085\", \"CVE-2020-1249\", \"CVE-2020-1267\", \"CVE-2020-1330\",\n \"CVE-2020-1333\", \"CVE-2020-1336\", \"CVE-2020-1344\", \"CVE-2020-1347\",\n \"CVE-2020-1350\", \"CVE-2020-1351\", \"CVE-2020-1352\", \"CVE-2020-1353\",\n \"CVE-2020-1354\", \"CVE-2020-1355\", \"CVE-2020-1356\", \"CVE-2020-1357\",\n \"CVE-2020-1358\", \"CVE-2020-1359\", \"CVE-2020-1360\", \"CVE-2020-1361\",\n \"CVE-2020-1362\", \"CVE-2020-1363\", \"CVE-2020-1364\", \"CVE-2020-1365\",\n \"CVE-2020-1366\", \"CVE-2020-1367\", \"CVE-2020-1368\", \"CVE-2020-1369\",\n \"CVE-2020-1370\", \"CVE-2020-1371\", \"CVE-2020-1372\", \"CVE-2020-1373\",\n \"CVE-2020-1374\", \"CVE-2020-1375\", \"CVE-2020-1381\", \"CVE-2020-1382\",\n \"CVE-2020-1384\", \"CVE-2020-1385\", \"CVE-2020-1386\", \"CVE-2020-1387\",\n \"CVE-2020-1388\", \"CVE-2020-1389\", \"CVE-2020-1390\", \"CVE-2020-1391\",\n \"CVE-2020-1392\", \"CVE-2020-1393\", \"CVE-2020-1394\", \"CVE-2020-1395\",\n \"CVE-2020-1396\", \"CVE-2020-1397\", \"CVE-2020-1398\", \"CVE-2020-1399\",\n \"CVE-2020-1400\", \"CVE-2020-1401\", \"CVE-2020-1402\", \"CVE-2020-1403\",\n \"CVE-2020-1404\", \"CVE-2020-1405\", \"CVE-2020-1406\", \"CVE-2020-1407\",\n \"CVE-2020-1408\", \"CVE-2020-1409\", \"CVE-2020-1410\", \"CVE-2020-1411\",\n \"CVE-2020-1412\", \"CVE-2020-1413\", \"CVE-2020-1414\", \"CVE-2020-1415\",\n \"CVE-2020-1418\", \"CVE-2020-1419\", \"CVE-2020-1420\", \"CVE-2020-1421\",\n \"CVE-2020-1422\", \"CVE-2020-1424\", \"CVE-2020-1426\", \"CVE-2020-1427\",\n \"CVE-2020-1428\", \"CVE-2020-1429\", \"CVE-2020-1430\", \"CVE-2020-1431\",\n \"CVE-2020-1432\", \"CVE-2020-1433\", \"CVE-2020-1434\", \"CVE-2020-1435\",\n \"CVE-2020-1436\", \"CVE-2020-1437\", \"CVE-2020-1438\", \"CVE-2020-1462\",\n \"CVE-2020-1463\", \"CVE-2020-1468\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-07-20 05:00:04 +0000 (Mon, 20 Jul 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-07-15 14:47:24 +0530 (Wed, 15 Jul 2020)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4565483)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4565483\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\n on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to,\n\n - Windows Domain Name System servers fail to properly handle requests (SIGRed, CVE-2020-1350).\n\n - Windows System Events Broker fails to properly handle file operations.\n\n - Windows WalletService fails to properly handle objects in memory.\n\n - Windows Mobile Device Management (MDM) Diagnostics fails to\n properly handle objects in memory.\n\n - Windows Jet Database Engine fails to properly handle objects in memory.\n\n - Windows Network Connections Service fails to properly handle\n objects in memory.\n\n - SharedStream Library fails to handle objects in memory.\n\n Please see the references for more information about the vulnerabilities.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n to execute arbitrary code, elevate privilges, disclose sensitive information\n and denial of service attacks.\");\n\n script_tag(name:\"affected\", value:\"- Microsoft Windows 10 Version 1903 for 32-bit Systems\n\n - Microsoft Windows 10 Version 1909 for 32-bit Systems\n\n - Microsoft Windows 10 Version 1903 for x64-based Systems\n\n - Microsoft Windows 10 Version 1909 for x64-based Systems\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see\n the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4565483\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win10:1, win10x64:1) <= 0)\n exit(0);\n\ndllPath = smb_get_system32root();\nif(!dllPath)\n exit(0);\n\nfileVer = fetch_file_version(sysPath:dllPath, file_name:\"Gdiplus.dll\");\nif(!fileVer)\n exit(0);\n\nif(version_in_range(version:fileVer, test_version:\"10.0.18362.0\", test_version2:\"10.0.18362.959\")) {\n report = report_fixed_ver(file_checked:dllPath + \"\\Gdiplus.dll\",\n file_version:fileVer, vulnerable_range:\"10.0.18362.0 - 10.0.18362.959\");\n security_message(data:report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-21T19:51:32", "description": "This host is missing a critical security\n update according to Microsoft KB4565503", "cvss3": {}, "published": "2020-07-15T00:00:00", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4565503)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-1373", "CVE-2020-1382", "CVE-2020-1367", "CVE-2020-1330", "CVE-2019-1469", "CVE-2020-1354", "CVE-2020-1438", "CVE-2020-1404", "CVE-2020-1432", "CVE-2020-1401", "CVE-2020-1372", "CVE-2020-1403", "CVE-2020-1420", "CVE-2020-1413", "CVE-2020-1392", "CVE-2020-1405", "CVE-2020-1344", "CVE-2020-1414", "CVE-2020-1433", "CVE-2020-1353", "CVE-2020-1355", "CVE-2020-1415", "CVE-2020-1436", "CVE-2020-1375", "CVE-2020-1085", "CVE-2020-1390", "CVE-2020-1358", "CVE-2020-1402", "CVE-2020-1406", "CVE-2020-1371", "CVE-2020-1352", "CVE-2020-1350", "CVE-2020-1391", "CVE-2020-1411", "CVE-2020-1393", "CVE-2020-1386", "CVE-2020-1468", "CVE-2020-1422", "CVE-2020-1370", "CVE-2020-1347", "CVE-2020-1360", "CVE-2020-1419", "CVE-2020-1333", "CVE-2020-1356", "CVE-2020-1336", "CVE-2020-1389", "CVE-2020-1418", "CVE-2020-1385", "CVE-2020-1396", "CVE-2020-1362", "CVE-2020-1431", "CVE-2020-1388", "CVE-2020-1423", "CVE-2020-1426", "CVE-2020-1397", "CVE-2020-1407", "CVE-2020-1384", "CVE-2020-1463", "CVE-2020-1427", "CVE-2020-1363", "CVE-2020-1381", "CVE-2020-1395", "CVE-2020-1267", "CVE-2020-1399", "CVE-2020-1368", "CVE-2020-1249", "CVE-2020-1430", "CVE-2020-1357", "CVE-2020-1412", "CVE-2020-1409", "CVE-2020-1462", "CVE-2020-1374", "CVE-2020-1421", "CVE-2020-1365", "CVE-2020-1435", "CVE-2020-1369", "CVE-2020-1408", "CVE-2020-1394", "CVE-2020-1437", "CVE-2020-1434", "CVE-2020-1366", "CVE-2020-1361", "CVE-2020-1400", "CVE-2020-1398", "CVE-2020-1359", "CVE-2020-1424", "CVE-2020-1428", "CVE-2020-1351", "CVE-2020-1429", "CVE-2020-1364", "CVE-2020-1387", "CVE-2020-1410"], "modified": "2020-07-20T00:00:00", "id": "OPENVAS:1361412562310817224", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310817224", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.817224\");\n script_version(\"2020-07-20T05:00:04+0000\");\n script_cve_id(\"CVE-2019-1469\", \"CVE-2020-1085\", \"CVE-2020-1249\", \"CVE-2020-1267\",\n \"CVE-2020-1330\", \"CVE-2020-1333\", \"CVE-2020-1336\", \"CVE-2020-1344\",\n \"CVE-2020-1347\", \"CVE-2020-1350\", \"CVE-2020-1351\", \"CVE-2020-1352\",\n \"CVE-2020-1353\", \"CVE-2020-1354\", \"CVE-2020-1355\", \"CVE-2020-1356\",\n \"CVE-2020-1357\", \"CVE-2020-1358\", \"CVE-2020-1359\", \"CVE-2020-1360\",\n \"CVE-2020-1361\", \"CVE-2020-1362\", \"CVE-2020-1363\", \"CVE-2020-1364\",\n \"CVE-2020-1365\", \"CVE-2020-1366\", \"CVE-2020-1367\", \"CVE-2020-1368\",\n \"CVE-2020-1369\", \"CVE-2020-1370\", \"CVE-2020-1371\", \"CVE-2020-1372\",\n \"CVE-2020-1373\", \"CVE-2020-1374\", \"CVE-2020-1375\", \"CVE-2020-1381\",\n \"CVE-2020-1382\", \"CVE-2020-1384\", \"CVE-2020-1385\", \"CVE-2020-1386\",\n \"CVE-2020-1387\", \"CVE-2020-1388\", \"CVE-2020-1389\", \"CVE-2020-1390\",\n \"CVE-2020-1391\", \"CVE-2020-1392\", \"CVE-2020-1393\", \"CVE-2020-1394\",\n \"CVE-2020-1395\", \"CVE-2020-1396\", \"CVE-2020-1397\", \"CVE-2020-1398\",\n \"CVE-2020-1399\", \"CVE-2020-1400\", \"CVE-2020-1401\", \"CVE-2020-1402\",\n \"CVE-2020-1403\", \"CVE-2020-1404\", \"CVE-2020-1405\", \"CVE-2020-1406\",\n \"CVE-2020-1407\", \"CVE-2020-1408\", \"CVE-2020-1409\", \"CVE-2020-1410\",\n \"CVE-2020-1411\", \"CVE-2020-1412\", \"CVE-2020-1413\", \"CVE-2020-1414\",\n \"CVE-2020-1415\", \"CVE-2020-1418\", \"CVE-2020-1419\", \"CVE-2020-1420\",\n \"CVE-2020-1421\", \"CVE-2020-1422\", \"CVE-2020-1423\", \"CVE-2020-1424\",\n \"CVE-2020-1426\", \"CVE-2020-1427\", \"CVE-2020-1428\", \"CVE-2020-1429\",\n \"CVE-2020-1430\", \"CVE-2020-1431\", \"CVE-2020-1432\", \"CVE-2020-1433\",\n \"CVE-2020-1434\", \"CVE-2020-1435\", \"CVE-2020-1436\", \"CVE-2020-1437\",\n \"CVE-2020-1438\", \"CVE-2020-1462\", \"CVE-2020-1463\", \"CVE-2020-1468\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-07-20 05:00:04 +0000 (Mon, 20 Jul 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-07-15 12:33:34 +0530 (Wed, 15 Jul 2020)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4565503)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4565503\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\n on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to,\n\n - Windows Domain Name System servers fail to properly handle requests (SIGRed, CVE-2020-1350).\n\n - Windows System Events Broker fails to properly handle file operations.\n\n - Windows WalletService fails to properly handle objects in memory.\n\n - Windows Mobile Device Management (MDM) Diagnostics fails to\n properly handle objects in memory.\n\n - Windows Jet Database Engine fails to properly handle objects in memory.\n\n - Windows Network Connections Service fails to properly handle\n objects in memory.\n\n - SharedStream Library fails to handle objects in memory.\n Please see the references for more information about the vulnerabilities.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n to execute arbitrary code, elevate privilges, disclose sensitive information\n and denial of service attacks.\");\n\n script_tag(name:\"affected\", value:\"- Microsoft Windows 10 Version 2004 for 32-bit Systems\n\n - Microsoft Windows 10 Version 2004 for x64-based Systems\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see\n the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4565503\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win10:1, win10x64:1) <= 0)\n exit(0);\n\ndllPath = smb_get_system32root();\nif(!dllPath)\n exit(0);\n\nfileVer = fetch_file_version(sysPath:dllPath, file_name:\"Gdiplus.dll\");\nif(!fileVer)\n exit(0);\n\nif(version_in_range(version:fileVer, test_version:\"10.0.19041.0\", test_version2:\"10.0.19041.387\")) {\n report = report_fixed_ver(file_checked:dllPath + \"\\Gdiplus.dll\",\n file_version:fileVer, vulnerable_range:\"10.0.19041.0 - 10.0.19041.387\");\n security_message(data:report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-24T12:11:01", "description": "Nagios Core is prone to multiple vulnerabilities.", "cvss3": {}, "published": "2020-06-15T00:00:00", "type": "openvas", "title": "Nagios Core < 4.4.6 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-1408", "CVE-2020-13977"], "modified": "2020-06-15T00:00:00", "id": "OPENVAS:1361412562310144107", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310144107", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nCPE = \"cpe:/a:nagios:nagios\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.144107\");\n script_version(\"2020-06-15T07:19:52+0000\");\n script_tag(name:\"last_modification\", value:\"2020-06-15 07:19:52 +0000 (Mon, 15 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-06-15 07:00:06 +0000 (Mon, 15 Jun 2020)\");\n script_tag(name:\"cvss_base\", value:\"4.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:N/I:P/A:N\");\n\n script_cve_id(\"CVE-2020-1408\", \"CVE-2020-13977\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_name(\"Nagios Core < 4.4.6 Multiple Vulnerabilities\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Web application abuses\");\n script_dependencies(\"nagios_detect.nasl\");\n script_mandatory_keys(\"nagios/installed\");\n\n script_tag(name:\"summary\", value:\"Nagios Core is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Nagios Core is prone to multiple vulnerabilities:\n\n - Authenticated vulnerabilities in histogram.js, map.js, trends.js (CVE-2020-1408)\n\n - URL injection vulnerability (CVE-2020-13977)\");\n\n script_tag(name:\"affected\", value:\"Nagios Core version 4.4.5 and prior.\");\n\n script_tag(name:\"solution\", value:\"Update to Nagios Core version 4.4.6 or later.\");\n\n script_xref(name:\"URL\", value:\"https://anhtai.me/nagios-core-4-4-5-url-injection/\");\n script_xref(name:\"URL\", value:\"https://www.nagios.org/projects/nagios-core/history/4x/\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif (!port = get_app_port(cpe: CPE))\n exit(0);\n\nif (!infos = get_app_version_and_location(cpe: CPE, port: port, exit_no_version: TRUE))\n exit(0);\n\nversion = infos[\"version\"];\nlocation = infos[\"location\"];\n\nif (version_is_less(version: version, test_version: \"4.4.6\")) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"4.4.6\", install_path: location);\n security_message(port: port, data: report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2023-05-18T15:04:05", "description": "The remote Windows host is missing security update 4565540 or cumulative update 4565541. It is, therefore, affected by multiple vulnerabilities :\n\n - A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage. The security update addresses the vulnerability by correcting how DirectWrite handles objects in memory. (CVE-2020-1409)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Credential Picker handles objects in memory. An attacker who successfully exploited the vulnerability could allow an application with limited privileges on an affected system to execute code at a medium integrity level. (CVE-2020-1385)\n\n - An elevation of privilege vulnerability exists when the Windows Profile Service improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges.\n (CVE-2020-1360)\n\n - A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2020-1403)\n\n - A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server. An attacker who successfully exploited this vulnerability could execute arbitrary code on the computer of the connecting client. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2020-1374)\n\n - A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted fonts. For all systems except Windows 10, an attacker who successfully exploited the vulnerability could execute code remotely. For systems running Windows 10, an attacker who successfully exploited the vulnerability could execute code in an AppContainer sandbox context with limited privileges and capabilities. An attacker could then install programs;\n view, change, or delete data; or create new accounts with full user rights. There are multiple ways an attacker could exploit the vulnerability:\n (CVE-2020-1436)\n\n - An elevation of privilege vulnerability exists in the way that the Credential Enrollment Manager service handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1368)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Network List Service handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1406)\n\n - An elevation of privilege vulnerability exists when the Windows UPnP Device Host improperly handles memory.\n (CVE-2020-1354, CVE-2020-1430)\n\n - An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory. (CVE-2020-1468)\n\n - An elevation of privilege vulnerability exists when the Windows Event Logging Service improperly handles memory.\n (CVE-2020-1365, CVE-2020-1371)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Network Location Awareness Service handles objects in memory. An attacker who successfully exploited the vulnerability could allow an application with limited privileges on an affected system to execute code at a medium integrity level. (CVE-2020-1437)\n\n - An information disclosure vulnerability exists in Windows when the Windows Imaging Component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user's system.\n There are multiple ways an attacker could exploit this vulnerability: (CVE-2020-1397)\n\n - A remote code execution vulnerability exists when Windows Address Book (WAB) improperly processes vcard files. (CVE-2020-1410)\n\n - An information disclosure vulnerability exists when the Windows Graphics component improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. An authenticated attacker could exploit this vulnerability by running a specially crafted application. The update addresses the vulnerability by correcting how the Windows Graphics Component handles objects in memory. (CVE-2020-1351)\n\n - An elevation of privilege vulnerability exists when Group Policy Services Policy Processing improperly handle reparse points. An attacker who successfully exploited this vulnerability could overwrite a targeted file that would normally require elevated permissions.\n (CVE-2020-1333)\n\n - A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited the vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1408)\n\n - An elevation of privilege vulnerability exists when the Windows Modules Installer improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges.\n (CVE-2020-1346)\n\n - An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC). An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2020-1396)\n\n - An information disclosure vulnerability exists when Skype for Business is accessed via Internet Explorer. An attacker who exploited the vulnerability could cause the user to place a call without additional consent, leading to information disclosure of the user profile. For the vulnerability to be exploited, a user must click a specially crafted URL that prompts the Skype app.\n (CVE-2020-1432)\n\n - An elevation of privilege vulnerability exists when the Windows ActiveX Installer Service improperly handles memory. (CVE-2020-1402)\n\n - A remote code execution vulnerability exists in .NET Framework, Microsoft SharePoint, and Visual Studio when the software fails to check the source markup of XML file input. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the process responsible for deserialization of the XML content. (CVE-2020-1147)\n\n - An elevation of privilege vulnerability exists when the Windows Cryptography Next Generation (CNG) Key Isolation service improperly handles memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. (CVE-2020-1359, CVE-2020-1384)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Network Connections Service handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1373, CVE-2020-1390, CVE-2020-1427, CVE-2020-1428, CVE-2020-1438)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Function Discovery Service handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1085)\n\n - A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code on a target system. (CVE-2020-1412)\n\n - A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory. (CVE-2020-1400, CVE-2020-1401, CVE-2020-1407)\n\n - An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2020-1389, CVE-2020-1419)\n\n - An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The update addresses the vulnerability by correcting the way the Windows Runtime handles objects in memory.\n (CVE-2020-1249, CVE-2020-1399)\n\n - An elevation of privilege vulnerability exists when the Windows iSCSI Target Service improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges.\n (CVE-2020-1356)\n\n - This security update corrects a denial of service in the Local Security Authority Subsystem Service (LSASS) caused when an authenticated attacker sends a specially crafted authentication request. A remote attacker who successfully exploited this vulnerability could cause a denial of service on the target system's LSASS service, which triggers an automatic reboot of the system. The security update addresses the vulnerability by changing the way that LSASS handles specially crafted authentication requests. (CVE-2020-1267)\n\n - A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1435)\n\n - A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. (CVE-2020-1421)", "cvss3": {}, "published": "2020-07-14T00:00:00", "type": "nessus", "title": "KB4565540: Windows 8.1 and Windows Server 2012 R2 July 2020 Security Update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-1085", "CVE-2020-1147", "CVE-2020-1249", "CVE-2020-1267", "CVE-2020-1333", "CVE-2020-1346", "CVE-2020-1351", "CVE-2020-1354", "CVE-2020-1356", "CVE-2020-1359", "CVE-2020-1360", "CVE-2020-1365", "CVE-2020-1368", "CVE-2020-1371", "CVE-2020-1373", "CVE-2020-1374", "CVE-2020-1384", "CVE-2020-1385", "CVE-2020-1389", "CVE-2020-1390", "CVE-2020-1396", "CVE-2020-1397", "CVE-2020-1399", "CVE-2020-1400", "CVE-2020-1401", "CVE-2020-1402", "CVE-2020-1403", "CVE-2020-1406", "CVE-2020-1407", "CVE-2020-1408", "CVE-2020-1409", "CVE-2020-1410", "CVE-2020-1412", "CVE-2020-1419", "CVE-2020-1421", "CVE-2020-1427", "CVE-2020-1428", "CVE-2020-1430", "CVE-2020-1432", "CVE-2020-1435", "CVE-2020-1436", "CVE-2020-1437", "CVE-2020-1438", "CVE-2020-1468"], "modified": "2023-04-25T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS20_JUL_4565541.NASL", "href": "https://www.tenable.com/plugins/nessus/138463", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(138463);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/04/25\");\n\n script_cve_id(\n \"CVE-2020-1085\",\n \"CVE-2020-1147\",\n \"CVE-2020-1249\",\n \"CVE-2020-1267\",\n \"CVE-2020-1333\",\n \"CVE-2020-1346\",\n \"CVE-2020-1351\",\n \"CVE-2020-1354\",\n \"CVE-2020-1356\",\n \"CVE-2020-1359\",\n \"CVE-2020-1360\",\n \"CVE-2020-1365\",\n \"CVE-2020-1368\",\n \"CVE-2020-1371\",\n \"CVE-2020-1373\",\n \"CVE-2020-1374\",\n \"CVE-2020-1384\",\n \"CVE-2020-1385\",\n \"CVE-2020-1389\",\n \"CVE-2020-1390\",\n \"CVE-2020-1396\",\n \"CVE-2020-1397\",\n \"CVE-2020-1399\",\n \"CVE-2020-1400\",\n \"CVE-2020-1401\",\n \"CVE-2020-1402\",\n \"CVE-2020-1403\",\n \"CVE-2020-1406\",\n \"CVE-2020-1407\",\n \"CVE-2020-1408\",\n \"CVE-2020-1409\",\n \"CVE-2020-1410\",\n \"CVE-2020-1412\",\n \"CVE-2020-1419\",\n \"CVE-2020-1421\",\n \"CVE-2020-1427\",\n \"CVE-2020-1428\",\n \"CVE-2020-1430\",\n \"CVE-2020-1432\",\n \"CVE-2020-1435\",\n \"CVE-2020-1436\",\n \"CVE-2020-1437\",\n \"CVE-2020-1438\",\n \"CVE-2020-1468\"\n );\n script_xref(name:\"MSKB\", value:\"4565540\");\n script_xref(name:\"MSKB\", value:\"4565541\");\n script_xref(name:\"MSFT\", value:\"MS20-4565540\");\n script_xref(name:\"MSFT\", value:\"MS20-4565541\");\n script_xref(name:\"IAVA\", value:\"2020-A-0306-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0313-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/03\");\n\n script_name(english:\"KB4565540: Windows 8.1 and Windows Server 2012 R2 July 2020 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4565540\nor cumulative update 4565541. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - A remote code execution vulnerability exists in the way\n that DirectWrite handles objects in memory. An attacker\n who successfully exploited this vulnerability could take\n control of the affected system. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights. There are\n multiple ways an attacker could exploit the\n vulnerability, such as by convincing a user to open a\n specially crafted document, or by convincing a user to\n visit an untrusted webpage. The security update\n addresses the vulnerability by correcting how\n DirectWrite handles objects in memory. (CVE-2020-1409)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Credential Picker handles objects\n in memory. An attacker who successfully exploited the\n vulnerability could allow an application with limited\n privileges on an affected system to execute code at a\n medium integrity level. (CVE-2020-1385)\n\n - An elevation of privilege vulnerability exists when the\n Windows Profile Service improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could gain elevated privileges.\n (CVE-2020-1360)\n\n - A remote code execution vulnerability exists in the way\n that the VBScript engine handles objects in memory. The\n vulnerability could corrupt memory in such a way that an\n attacker could execute arbitrary code in the context of\n the current user. An attacker who successfully exploited\n the vulnerability could gain the same user rights as the\n current user. (CVE-2020-1403)\n\n - A remote code execution vulnerability exists in the\n Windows Remote Desktop Client when a user connects to a\n malicious server. An attacker who successfully exploited\n this vulnerability could execute arbitrary code on the\n computer of the connecting client. An attacker could\n then install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2020-1374)\n\n - A remote code execution vulnerability exists when the\n Windows font library improperly handles specially\n crafted fonts. For all systems except Windows 10, an\n attacker who successfully exploited the vulnerability\n could execute code remotely. For systems running Windows\n 10, an attacker who successfully exploited the\n vulnerability could execute code in an AppContainer\n sandbox context with limited privileges and\n capabilities. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. There are multiple ways an\n attacker could exploit the vulnerability:\n (CVE-2020-1436)\n\n - An elevation of privilege vulnerability exists in the\n way that the Credential Enrollment Manager service\n handles objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2020-1368)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Network List Service handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2020-1406)\n\n - An elevation of privilege vulnerability exists when the\n Windows UPnP Device Host improperly handles memory.\n (CVE-2020-1354, CVE-2020-1430)\n\n - An information disclosure vulnerability exists when the\n Windows GDI component improperly discloses the contents\n of its memory. An attacker who successfully exploited\n the vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document,\n or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by\n correcting how the Windows GDI component handles objects\n in memory. (CVE-2020-1468)\n\n - An elevation of privilege vulnerability exists when the\n Windows Event Logging Service improperly handles memory.\n (CVE-2020-1365, CVE-2020-1371)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Network Location Awareness Service\n handles objects in memory. An attacker who successfully\n exploited the vulnerability could allow an application\n with limited privileges on an affected system to execute\n code at a medium integrity level. (CVE-2020-1437)\n\n - An information disclosure vulnerability exists in\n Windows when the Windows Imaging Component fails to\n properly handle objects in memory. An attacker who\n successfully exploited this vulnerability could obtain\n information to further compromise the user's system.\n There are multiple ways an attacker could exploit this\n vulnerability: (CVE-2020-1397)\n\n - A remote code execution vulnerability exists when\n Windows Address Book (WAB) improperly processes vcard\n files. (CVE-2020-1410)\n\n - An information disclosure vulnerability exists when the\n Windows Graphics component improperly handles objects in\n memory. An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. An authenticated attacker\n could exploit this vulnerability by running a specially\n crafted application. The update addresses the\n vulnerability by correcting how the Windows Graphics\n Component handles objects in memory. (CVE-2020-1351)\n\n - An elevation of privilege vulnerability exists when\n Group Policy Services Policy Processing improperly\n handle reparse points. An attacker who successfully\n exploited this vulnerability could overwrite a targeted\n file that would normally require elevated permissions.\n (CVE-2020-1333)\n\n - A remote code execution vulnerability exists when the\n Windows font library improperly handles specially\n crafted embedded fonts. An attacker who successfully\n exploited the vulnerability could take control of the\n affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. (CVE-2020-1408)\n\n - An elevation of privilege vulnerability exists when the\n Windows Modules Installer improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could gain elevated privileges.\n (CVE-2020-1346)\n\n - An elevation of privilege vulnerability exists when\n Windows improperly handles calls to Advanced Local\n Procedure Call (ALPC). An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n the security context of the local system. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n (CVE-2020-1396)\n\n - An information disclosure vulnerability exists when\n Skype for Business is accessed via Internet Explorer. An\n attacker who exploited the vulnerability could cause the\n user to place a call without additional consent, leading\n to information disclosure of the user profile. For the\n vulnerability to be exploited, a user must click a\n specially crafted URL that prompts the Skype app.\n (CVE-2020-1432)\n\n - An elevation of privilege vulnerability exists when the\n Windows ActiveX Installer Service improperly handles\n memory. (CVE-2020-1402)\n\n - A remote code execution vulnerability exists in .NET\n Framework, Microsoft SharePoint, and Visual Studio when\n the software fails to check the source markup of XML\n file input. An attacker who successfully exploited the\n vulnerability could run arbitrary code in the context of\n the process responsible for deserialization of the XML\n content. (CVE-2020-1147)\n\n - An elevation of privilege vulnerability exists when the\n Windows Cryptography Next Generation (CNG) Key Isolation\n service improperly handles memory. An attacker who\n successfully exploited this vulnerability could run\n processes in an elevated context. (CVE-2020-1359,\n CVE-2020-1384)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Network Connections Service handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2020-1373, CVE-2020-1390,\n CVE-2020-1427, CVE-2020-1428, CVE-2020-1438)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Function Discovery Service handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2020-1085)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft Graphics Components handle objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute arbitrary code on a target\n system. (CVE-2020-1412)\n\n - A remote code execution vulnerability exists when the\n Windows Jet Database Engine improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on a victim\n system. An attacker could exploit this vulnerability by\n enticing a victim to open a specially crafted file. The\n update addresses the vulnerability by correcting the way\n the Windows Jet Database Engine handles objects in\n memory. (CVE-2020-1400, CVE-2020-1401, CVE-2020-1407)\n\n - An information disclosure vulnerability exists when the\n Windows kernel fails to properly initialize a memory\n address. An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. (CVE-2020-1389,\n CVE-2020-1419)\n\n - An elevation of privilege vulnerability exists when the\n Windows Runtime improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could run arbitrary code in an elevated context. An\n attacker could exploit this vulnerability by running a\n specially crafted application on the victim system. The\n update addresses the vulnerability by correcting the way\n the Windows Runtime handles objects in memory.\n (CVE-2020-1249, CVE-2020-1399)\n\n - An elevation of privilege vulnerability exists when the\n Windows iSCSI Target Service improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could gain elevated privileges.\n (CVE-2020-1356)\n\n - This security update corrects a denial of service in the\n Local Security Authority Subsystem Service (LSASS)\n caused when an authenticated attacker sends a specially\n crafted authentication request. A remote attacker who\n successfully exploited this vulnerability could cause a\n denial of service on the target system's LSASS service,\n which triggers an automatic reboot of the system. The\n security update addresses the vulnerability by changing\n the way that LSASS handles specially crafted\n authentication requests. (CVE-2020-1267)\n\n - A remote code execution vulnerability exists in the way\n that the Windows Graphics Device Interface (GDI) handles\n objects in the memory. An attacker who successfully\n exploited this vulnerability could take control of the\n affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. (CVE-2020-1435)\n\n - A remote code execution vulnerability exists in\n Microsoft Windows that could allow remote code execution\n if a .LNK file is processed. An attacker who\n successfully exploited this vulnerability could gain the\n same user rights as the local user. (CVE-2020-1421)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/help/4565540/windows-8-1-kb4565540\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/help/4565541/windows-8-1-kb4565541\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Security Only update KB4565540 or Cumulative Update KB4565541.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-1435\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-1436\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'SharePoint DataSet / DataTable Deserialization');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/07/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/07/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('smb_func.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_reg_query.inc');\ninclude('install_func.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = 'MS20-07';\nkbs = make_list(\n '4565541',\n '4565540'\n);\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(win81:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\n# Windows 8 EOL\nproductname = get_kb_item_or_exit(\"SMB/ProductName\", exit_code:1);\nif (\"Windows 8\" >< productname && \"8.1\" >!< productname)\n audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:'6.3', \n sp:0,\n rollup_date:'07_2020',\n bulletin:bulletin,\n rollup_kb_list:[4565541, 4565540])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n\n\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:04:05", "description": "The remote Windows host is missing security update 4565529 or cumulative update 4565536. It is, therefore, affected by multiple vulnerabilities :\n\n - A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage. The security update addresses the vulnerability by correcting how DirectWrite handles objects in memory. (CVE-2020-1409)\n\n - An elevation of privilege vulnerability exists when the Windows Profile Service improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges.\n (CVE-2020-1360)\n\n - A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2020-1403)\n\n - An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory. (CVE-2020-1468)\n\n - A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted fonts. For all systems except Windows 10, an attacker who successfully exploited the vulnerability could execute code remotely. For systems running Windows 10, an attacker who successfully exploited the vulnerability could execute code in an AppContainer sandbox context with limited privileges and capabilities. An attacker could then install programs;\n view, change, or delete data; or create new accounts with full user rights. There are multiple ways an attacker could exploit the vulnerability:\n (CVE-2020-1436)\n\n - An elevation of privilege vulnerability exists when the Windows UPnP Device Host improperly handles memory.\n (CVE-2020-1354, CVE-2020-1430)\n\n - An elevation of privilege vulnerability exists when the Windows Modules Installer improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges.\n (CVE-2020-1346)\n\n - An information disclosure vulnerability exists in Windows when the Windows Imaging Component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user's system.\n There are multiple ways an attacker could exploit this vulnerability: (CVE-2020-1397)\n\n - A remote code execution vulnerability exists when Windows Address Book (WAB) improperly processes vcard files. (CVE-2020-1410)\n\n - An elevation of privilege vulnerability exists when Group Policy Services Policy Processing improperly handle reparse points. An attacker who successfully exploited this vulnerability could overwrite a targeted file that would normally require elevated permissions.\n (CVE-2020-1333)\n\n - A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited the vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1408)\n\n - An elevation of privilege vulnerability exists when the Windows Event Logging Service improperly handles memory.\n (CVE-2020-1365, CVE-2020-1371)\n\n - An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC). An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2020-1396)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Network Location Awareness Service handles objects in memory. An attacker who successfully exploited the vulnerability could allow an application with limited privileges on an affected system to execute code at a medium integrity level. (CVE-2020-1437)\n\n - A remote code execution vulnerability exists in .NET Framework, Microsoft SharePoint, and Visual Studio when the software fails to check the source markup of XML file input. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the process responsible for deserialization of the XML content. (CVE-2020-1147)\n\n - An elevation of privilege vulnerability exists when the Windows Cryptography Next Generation (CNG) Key Isolation service improperly handles memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. (CVE-2020-1359, CVE-2020-1384)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Network Connections Service handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1373, CVE-2020-1390, CVE-2020-1427, CVE-2020-1428, CVE-2020-1438)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Function Discovery Service handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1085)\n\n - A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code on a target system. (CVE-2020-1412)\n\n - A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory. (CVE-2020-1400, CVE-2020-1401, CVE-2020-1407)\n\n - An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2020-1389, CVE-2020-1419)\n\n - This security update corrects a denial of service in the Local Security Authority Subsystem Service (LSASS) caused when an authenticated attacker sends a specially crafted authentication request. A remote attacker who successfully exploited this vulnerability could cause a denial of service on the target system's LSASS service, which triggers an automatic reboot of the system. The security update addresses the vulnerability by changing the way that LSASS handles specially crafted authentication requests. (CVE-2020-1267)\n\n - A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1435)\n\n - A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. (CVE-2020-1421)", "cvss3": {}, "published": "2020-07-14T00:00:00", "type": "nessus", "title": "KB4565529: Windows Server 2008 July 2020 Security Update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-1085", "CVE-2020-1147", "CVE-2020-1267", "CVE-2020-1333", "CVE-2020-1346", "CVE-2020-1354", "CVE-2020-1359", "CVE-2020-1360", "CVE-2020-1365", "CVE-2020-1371", "CVE-2020-1373", "CVE-2020-1384", "CVE-2020-1389", "CVE-2020-1390", "CVE-2020-1396", "CVE-2020-1397", "CVE-2020-1400", "CVE-2020-1401", "CVE-2020-1403", "CVE-2020-1407", "CVE-2020-1408", "CVE-2020-1409", "CVE-2020-1410", "CVE-2020-1412", "CVE-2020-1419", "CVE-2020-1421", "CVE-2020-1427", "CVE-2020-1428", "CVE-2020-1430", "CVE-2020-1435", "CVE-2020-1436", "CVE-2020-1437", "CVE-2020-1438", "CVE-2020-1468"], "modified": "2023-04-25T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS20_JUL_4565536.NASL", "href": "https://www.tenable.com/plugins/nessus/138461", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(138461);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/04/25\");\n\n script_cve_id(\n \"CVE-2020-1085\",\n \"CVE-2020-1147\",\n \"CVE-2020-1267\",\n \"CVE-2020-1333\",\n \"CVE-2020-1346\",\n \"CVE-2020-1354\",\n \"CVE-2020-1359\",\n \"CVE-2020-1360\",\n \"CVE-2020-1365\",\n \"CVE-2020-1371\",\n \"CVE-2020-1373\",\n \"CVE-2020-1384\",\n \"CVE-2020-1389\",\n \"CVE-2020-1390\",\n \"CVE-2020-1396\",\n \"CVE-2020-1397\",\n \"CVE-2020-1400\",\n \"CVE-2020-1401\",\n \"CVE-2020-1403\",\n \"CVE-2020-1407\",\n \"CVE-2020-1408\",\n \"CVE-2020-1409\",\n \"CVE-2020-1410\",\n \"CVE-2020-1412\",\n \"CVE-2020-1419\",\n \"CVE-2020-1421\",\n \"CVE-2020-1427\",\n \"CVE-2020-1428\",\n \"CVE-2020-1430\",\n \"CVE-2020-1435\",\n \"CVE-2020-1436\",\n \"CVE-2020-1437\",\n \"CVE-2020-1438\",\n \"CVE-2020-1468\"\n );\n script_xref(name:\"MSKB\", value:\"4565536\");\n script_xref(name:\"MSKB\", value:\"4565529\");\n script_xref(name:\"MSFT\", value:\"MS20-4565536\");\n script_xref(name:\"MSFT\", value:\"MS20-4565529\");\n script_xref(name:\"IAVA\", value:\"2020-A-0306-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0313-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/03\");\n\n script_name(english:\"KB4565529: Windows Server 2008 July 2020 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4565529\nor cumulative update 4565536. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - A remote code execution vulnerability exists in the way\n that DirectWrite handles objects in memory. An attacker\n who successfully exploited this vulnerability could take\n control of the affected system. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights. There are\n multiple ways an attacker could exploit the\n vulnerability, such as by convincing a user to open a\n specially crafted document, or by convincing a user to\n visit an untrusted webpage. The security update\n addresses the vulnerability by correcting how\n DirectWrite handles objects in memory. (CVE-2020-1409)\n\n - An elevation of privilege vulnerability exists when the\n Windows Profile Service improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could gain elevated privileges.\n (CVE-2020-1360)\n\n - A remote code execution vulnerability exists in the way\n that the VBScript engine handles objects in memory. The\n vulnerability could corrupt memory in such a way that an\n attacker could execute arbitrary code in the context of\n the current user. An attacker who successfully exploited\n the vulnerability could gain the same user rights as the\n current user. (CVE-2020-1403)\n\n - An information disclosure vulnerability exists when the\n Windows GDI component improperly discloses the contents\n of its memory. An attacker who successfully exploited\n the vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document,\n or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by\n correcting how the Windows GDI component handles objects\n in memory. (CVE-2020-1468)\n\n - A remote code execution vulnerability exists when the\n Windows font library improperly handles specially\n crafted fonts. For all systems except Windows 10, an\n attacker who successfully exploited the vulnerability\n could execute code remotely. For systems running Windows\n 10, an attacker who successfully exploited the\n vulnerability could execute code in an AppContainer\n sandbox context with limited privileges and\n capabilities. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. There are multiple ways an\n attacker could exploit the vulnerability:\n (CVE-2020-1436)\n\n - An elevation of privilege vulnerability exists when the\n Windows UPnP Device Host improperly handles memory.\n (CVE-2020-1354, CVE-2020-1430)\n\n - An elevation of privilege vulnerability exists when the\n Windows Modules Installer improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could gain elevated privileges.\n (CVE-2020-1346)\n\n - An information disclosure vulnerability exists in\n Windows when the Windows Imaging Component fails to\n properly handle objects in memory. An attacker who\n successfully exploited this vulnerability could obtain\n information to further compromise the user's system.\n There are multiple ways an attacker could exploit this\n vulnerability: (CVE-2020-1397)\n\n - A remote code execution vulnerability exists when\n Windows Address Book (WAB) improperly processes vcard\n files. (CVE-2020-1410)\n\n - An elevation of privilege vulnerability exists when\n Group Policy Services Policy Processing improperly\n handle reparse points. An attacker who successfully\n exploited this vulnerability could overwrite a targeted\n file that would normally require elevated permissions.\n (CVE-2020-1333)\n\n - A remote code execution vulnerability exists when the\n Windows font library improperly handles specially\n crafted embedded fonts. An attacker who successfully\n exploited the vulnerability could take control of the\n affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. (CVE-2020-1408)\n\n - An elevation of privilege vulnerability exists when the\n Windows Event Logging Service improperly handles memory.\n (CVE-2020-1365, CVE-2020-1371)\n\n - An elevation of privilege vulnerability exists when\n Windows improperly handles calls to Advanced Local\n Procedure Call (ALPC). An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n the security context of the local system. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n (CVE-2020-1396)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Network Location Awareness Service\n handles objects in memory. An attacker who successfully\n exploited the vulnerability could allow an application\n with limited privileges on an affected system to execute\n code at a medium integrity level. (CVE-2020-1437)\n\n - A remote code execution vulnerability exists in .NET\n Framework, Microsoft SharePoint, and Visual Studio when\n the software fails to check the source markup of XML\n file input. An attacker who successfully exploited the\n vulnerability could run arbitrary code in the context of\n the process responsible for deserialization of the XML\n content. (CVE-2020-1147)\n\n - An elevation of privilege vulnerability exists when the\n Windows Cryptography Next Generation (CNG) Key Isolation\n service improperly handles memory. An attacker who\n successfully exploited this vulnerability could run\n processes in an elevated context. (CVE-2020-1359,\n CVE-2020-1384)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Network Connections Service handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2020-1373, CVE-2020-1390,\n CVE-2020-1427, CVE-2020-1428, CVE-2020-1438)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Function Discovery Service handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2020-1085)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft Graphics Components handle objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute arbitrary code on a target\n system. (CVE-2020-1412)\n\n - A remote code execution vulnerability exists when the\n Windows Jet Database Engine improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on a victim\n system. An attacker could exploit this vulnerability by\n enticing a victim to open a specially crafted file. The\n update addresses the vulnerability by correcting the way\n the Windows Jet Database Engine handles objects in\n memory. (CVE-2020-1400, CVE-2020-1401, CVE-2020-1407)\n\n - An information disclosure vulnerability exists when the\n Windows kernel fails to properly initialize a memory\n address. An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. (CVE-2020-1389,\n CVE-2020-1419)\n\n - This security update corrects a denial of service in the\n Local Security Authority Subsystem Service (LSASS)\n caused when an authenticated attacker sends a specially\n crafted authentication request. A remote attacker who\n successfully exploited this vulnerability could cause a\n denial of service on the target system's LSASS service,\n which triggers an automatic reboot of the system. The\n security update addresses the vulnerability by changing\n the way that LSASS handles specially crafted\n authentication requests. (CVE-2020-1267)\n\n - A remote code execution vulnerability exists in the way\n that the Windows Graphics Device Interface (GDI) handles\n objects in the memory. An attacker who successfully\n exploited this vulnerability could take control of the\n affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. (CVE-2020-1435)\n\n - A remote code execution vulnerability exists in\n Microsoft Windows that could allow remote code execution\n if a .LNK file is processed. An attacker who\n successfully exploited this vulnerability could gain the\n same user rights as the local user. (CVE-2020-1421)\");\n # https://support.microsoft.com/en-us/help/4565536/windows-server-2008-update-kb4565536\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?9e9e22c7\");\n # https://support.microsoft.com/en-us/help/4565529/windows-server-2008-update-kb4565529\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?4c89c5a1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Security Only update KB4565529 or Cumulative Update KB4565536.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-1435\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-1436\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'SharePoint DataSet / DataTable Deserialization');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/07/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/07/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('smb_func.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_reg_query.inc');\ninclude('install_func.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = 'MS20-07';\nkbs = make_list(\n '4565536',\n '4565529'\n);\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(vista:'2') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:'6.0', \n sp:2,\n rollup_date:'07_2020',\n bulletin:bulletin,\n rollup_kb_list:[4565536, 4565529])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:05:02", "description": "The remote Windows host is missing security update 4565535 or cumulative update 4565537. It is, therefore, affected by multiple vulnerabilities :\n\n - A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage. The security update addresses the vulnerability by correcting how DirectWrite handles objects in memory. (CVE-2020-1409)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Credential Picker handles objects in memory. An attacker who successfully exploited the vulnerability could allow an application with limited privileges on an affected system to execute code at a medium integrity level. (CVE-2020-1385)\n\n - An elevation of privilege vulnerability exists when the Windows Profile Service improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges.\n (CVE-2020-1360)\n\n - A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2020-1403)\n\n - A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server. An attacker who successfully exploited this vulnerability could execute arbitrary code on the computer of the connecting client. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2020-1374)\n\n - A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted fonts. For all systems except Windows 10, an attacker who successfully exploited the vulnerability could execute code remotely. For systems running Windows 10, an attacker who successfully exploited the vulnerability could execute code in an AppContainer sandbox context with limited privileges and capabilities. An attacker could then install programs;\n view, change, or delete data; or create new accounts with full user rights. There are multiple ways an attacker could exploit the vulnerability:\n (CVE-2020-1436)\n\n - An elevation of privilege vulnerability exists in the way that the Credential Enrollment Manager service handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1368)\n\n - An elevation of privilege vulnerability exists when the Windows UPnP Device Host improperly handles memory.\n (CVE-2020-1354, CVE-2020-1430)\n\n - An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory. (CVE-2020-1468)\n\n - An elevation of privilege vulnerability exists when the Windows Event Logging Service improperly handles memory.\n (CVE-2020-1365, CVE-2020-1371)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Network Location Awareness Service handles objects in memory. An attacker who successfully exploited the vulnerability could allow an application with limited privileges on an affected system to execute code at a medium integrity level. (CVE-2020-1437)\n\n - An information disclosure vulnerability exists in Windows when the Windows Imaging Component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user's system.\n There are multiple ways an attacker could exploit this vulnerability: (CVE-2020-1397)\n\n - A remote code execution vulnerability exists when Windows Address Book (WAB) improperly processes vcard files. (CVE-2020-1410)\n\n - An information disclosure vulnerability exists when the Windows Graphics component improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. An authenticated attacker could exploit this vulnerability by running a specially crafted application. The update addresses the vulnerability by correcting how the Windows Graphics Component handles objects in memory. (CVE-2020-1351)\n\n - An elevation of privilege vulnerability exists when Group Policy Services Policy Processing improperly handle reparse points. An attacker who successfully exploited this vulnerability could overwrite a targeted file that would normally require elevated permissions.\n (CVE-2020-1333)\n\n - A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited the vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1408)\n\n - An elevation of privilege vulnerability exists when the Windows Modules Installer improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges.\n (CVE-2020-1346)\n\n - An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC). An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2020-1396)\n\n - An information disclosure vulnerability exists when Skype for Business is accessed via Internet Explorer. An attacker who exploited the vulnerability could cause the user to place a call without additional consent, leading to information disclosure of the user profile. For the vulnerability to be exploited, a user must click a specially crafted URL that prompts the Skype app.\n (CVE-2020-1432)\n\n - An elevation of privilege vulnerability exists when the Windows ActiveX Installer Service improperly handles memory. (CVE-2020-1402)\n\n - A remote code execution vulnerability exists in .NET Framework, Microsoft SharePoint, and Visual Studio when the software fails to check the source markup of XML file input. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the process responsible for deserialization of the XML content. (CVE-2020-1147)\n\n - An elevation of privilege vulnerability exists when the Windows Cryptography Next Generation (CNG) Key Isolation service improperly handles memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. (CVE-2020-1359, CVE-2020-1384)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Network Connections Service handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1373, CVE-2020-1390, CVE-2020-1427, CVE-2020-1428, CVE-2020-1438)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Function Discovery Service handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1085)\n\n - A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code on a target system. (CVE-2020-1412)\n\n - A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory. (CVE-2020-1400, CVE-2020-1401, CVE-2020-1407)\n\n - An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2020-1389, CVE-2020-1419)\n\n - An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The update addresses the vulnerability by correcting the way the Windows Runtime handles objects in memory.\n (CVE-2020-1249, CVE-2020-1399)\n\n - An elevation of privilege vulnerability exists when the Windows iSCSI Target Service improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges.\n (CVE-2020-1356)\n\n - This security update corrects a denial of service in the Local Security Authority Subsystem Service (LSASS) caused when an authenticated attacker sends a specially crafted authentication request. A remote attacker who successfully exploited this vulnerability could cause a denial of service on the target system's LSASS service, which triggers an automatic reboot of the system. The security update addresses the vulnerability by changing the way that LSASS handles specially crafted authentication requests. (CVE-2020-1267)\n\n - A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1435)\n\n - A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. (CVE-2020-1421)", "cvss3": {}, "published": "2020-07-14T00:00:00", "type": "nessus", "title": "KB4565535: Windows Server 2012 July 2020 Security Update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-1085", "CVE-2020-1147", "CVE-2020-1249", "CVE-2020-1267", "CVE-2020-1333", "CVE-2020-1346", "CVE-2020-1351", "CVE-2020-1354", "CVE-2020-1356", "CVE-2020-1359", "CVE-2020-1360", "CVE-2020-1365", "CVE-2020-1368", "CVE-2020-1371", "CVE-2020-1373", "CVE-2020-1374", "CVE-2020-1384", "CVE-2020-1385", "CVE-2020-1389", "CVE-2020-1390", "CVE-2020-1396", "CVE-2020-1397", "CVE-2020-1399", "CVE-2020-1400", "CVE-2020-1401", "CVE-2020-1402", "CVE-2020-1403", "CVE-2020-1407", "CVE-2020-1408", "CVE-2020-1409", "CVE-2020-1410", "CVE-2020-1412", "CVE-2020-1419", "CVE-2020-1421", "CVE-2020-1427", "CVE-2020-1428", "CVE-2020-1430", "CVE-2020-1432", "CVE-2020-1435", "CVE-2020-1436", "CVE-2020-1437", "CVE-2020-1438", "CVE-2020-1468"], "modified": "2023-04-25T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS20_JUL_4565537.NASL", "href": "https://www.tenable.com/plugins/nessus/138462", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(138462);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/04/25\");\n\n script_cve_id(\n \"CVE-2020-1085\",\n \"CVE-2020-1147\",\n \"CVE-2020-1249\",\n \"CVE-2020-1267\",\n \"CVE-2020-1333\",\n \"CVE-2020-1346\",\n \"CVE-2020-1351\",\n \"CVE-2020-1354\",\n \"CVE-2020-1356\",\n \"CVE-2020-1359\",\n \"CVE-2020-1360\",\n \"CVE-2020-1365\",\n \"CVE-2020-1368\",\n \"CVE-2020-1371\",\n \"CVE-2020-1373\",\n \"CVE-2020-1374\",\n \"CVE-2020-1384\",\n \"CVE-2020-1385\",\n \"CVE-2020-1389\",\n \"CVE-2020-1390\",\n \"CVE-2020-1396\",\n \"CVE-2020-1397\",\n \"CVE-2020-1399\",\n \"CVE-2020-1400\",\n \"CVE-2020-1401\",\n \"CVE-2020-1402\",\n \"CVE-2020-1403\",\n \"CVE-2020-1407\",\n \"CVE-2020-1408\",\n \"CVE-2020-1409\",\n \"CVE-2020-1410\",\n \"CVE-2020-1412\",\n \"CVE-2020-1419\",\n \"CVE-2020-1421\",\n \"CVE-2020-1427\",\n \"CVE-2020-1428\",\n \"CVE-2020-1430\",\n \"CVE-2020-1432\",\n \"CVE-2020-1435\",\n \"CVE-2020-1436\",\n \"CVE-2020-1437\",\n \"CVE-2020-1438\",\n \"CVE-2020-1468\"\n );\n script_xref(name:\"MSKB\", value:\"4565535\");\n script_xref(name:\"MSKB\", value:\"4565537\");\n script_xref(name:\"MSFT\", value:\"MS20-4565535\");\n script_xref(name:\"MSFT\", value:\"MS20-4565537\");\n script_xref(name:\"IAVA\", value:\"2020-A-0306-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0313-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/03\");\n\n script_name(english:\"KB4565535: Windows Server 2012 July 2020 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4565535\nor cumulative update 4565537. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - A remote code execution vulnerability exists in the way\n that DirectWrite handles objects in memory. An attacker\n who successfully exploited this vulnerability could take\n control of the affected system. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights. There are\n multiple ways an attacker could exploit the\n vulnerability, such as by convincing a user to open a\n specially crafted document, or by convincing a user to\n visit an untrusted webpage. The security update\n addresses the vulnerability by correcting how\n DirectWrite handles objects in memory. (CVE-2020-1409)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Credential Picker handles objects\n in memory. An attacker who successfully exploited the\n vulnerability could allow an application with limited\n privileges on an affected system to execute code at a\n medium integrity level. (CVE-2020-1385)\n\n - An elevation of privilege vulnerability exists when the\n Windows Profile Service improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could gain elevated privileges.\n (CVE-2020-1360)\n\n - A remote code execution vulnerability exists in the way\n that the VBScript engine handles objects in memory. The\n vulnerability could corrupt memory in such a way that an\n attacker could execute arbitrary code in the context of\n the current user. An attacker who successfully exploited\n the vulnerability could gain the same user rights as the\n current user. (CVE-2020-1403)\n\n - A remote code execution vulnerability exists in the\n Windows Remote Desktop Client when a user connects to a\n malicious server. An attacker who successfully exploited\n this vulnerability could execute arbitrary code on the\n computer of the connecting client. An attacker could\n then install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2020-1374)\n\n - A remote code execution vulnerability exists when the\n Windows font library improperly handles specially\n crafted fonts. For all systems except Windows 10, an\n attacker who successfully exploited the vulnerability\n could execute code remotely. For systems running Windows\n 10, an attacker who successfully exploited the\n vulnerability could execute code in an AppContainer\n sandbox context with limited privileges and\n capabilities. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. There are multiple ways an\n attacker could exploit the vulnerability:\n (CVE-2020-1436)\n\n - An elevation of privilege vulnerability exists in the\n way that the Credential Enrollment Manager service\n handles objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2020-1368)\n\n - An elevation of privilege vulnerability exists when the\n Windows UPnP Device Host improperly handles memory.\n (CVE-2020-1354, CVE-2020-1430)\n\n - An information disclosure vulnerability exists when the\n Windows GDI component improperly discloses the contents\n of its memory. An attacker who successfully exploited\n the vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document,\n or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by\n correcting how the Windows GDI component handles objects\n in memory. (CVE-2020-1468)\n\n - An elevation of privilege vulnerability exists when the\n Windows Event Logging Service improperly handles memory.\n (CVE-2020-1365, CVE-2020-1371)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Network Location Awareness Service\n handles objects in memory. An attacker who successfully\n exploited the vulnerability could allow an application\n with limited privileges on an affected system to execute\n code at a medium integrity level. (CVE-2020-1437)\n\n - An information disclosure vulnerability exists in\n Windows when the Windows Imaging Component fails to\n properly handle objects in memory. An attacker who\n successfully exploited this vulnerability could obtain\n information to further compromise the user's system.\n There are multiple ways an attacker could exploit this\n vulnerability: (CVE-2020-1397)\n\n - A remote code execution vulnerability exists when\n Windows Address Book (WAB) improperly processes vcard\n files. (CVE-2020-1410)\n\n - An information disclosure vulnerability exists when the\n Windows Graphics component improperly handles objects in\n memory. An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. An authenticated attacker\n could exploit this vulnerability by running a specially\n crafted application. The update addresses the\n vulnerability by correcting how the Windows Graphics\n Component handles objects in memory. (CVE-2020-1351)\n\n - An elevation of privilege vulnerability exists when\n Group Policy Services Policy Processing improperly\n handle reparse points. An attacker who successfully\n exploited this vulnerability could overwrite a targeted\n file that would normally require elevated permissions.\n (CVE-2020-1333)\n\n - A remote code execution vulnerability exists when the\n Windows font library improperly handles specially\n crafted embedded fonts. An attacker who successfully\n exploited the vulnerability could take control of the\n affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. (CVE-2020-1408)\n\n - An elevation of privilege vulnerability exists when the\n Windows Modules Installer improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could gain elevated privileges.\n (CVE-2020-1346)\n\n - An elevation of privilege vulnerability exists when\n Windows improperly handles calls to Advanced Local\n Procedure Call (ALPC). An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n the security context of the local system. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n (CVE-2020-1396)\n\n - An information disclosure vulnerability exists when\n Skype for Business is accessed via Internet Explorer. An\n attacker who exploited the vulnerability could cause the\n user to place a call without additional consent, leading\n to information disclosure of the user profile. For the\n vulnerability to be exploited, a user must click a\n specially crafted URL that prompts the Skype app.\n (CVE-2020-1432)\n\n - An elevation of privilege vulnerability exists when the\n Windows ActiveX Installer Service improperly handles\n memory. (CVE-2020-1402)\n\n - A remote code execution vulnerability exists in .NET\n Framework, Microsoft SharePoint, and Visual Studio when\n the software fails to check the source markup of XML\n file input. An attacker who successfully exploited the\n vulnerability could run arbitrary code in the context of\n the process responsible for deserialization of the XML\n content. (CVE-2020-1147)\n\n - An elevation of privilege vulnerability exists when the\n Windows Cryptography Next Generation (CNG) Key Isolation\n service improperly handles memory. An attacker who\n successfully exploited this vulnerability could run\n processes in an elevated context. (CVE-2020-1359,\n CVE-2020-1384)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Network Connections Service handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2020-1373, CVE-2020-1390,\n CVE-2020-1427, CVE-2020-1428, CVE-2020-1438)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Function Discovery Service handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2020-1085)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft Graphics Components handle objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute arbitrary code on a target\n system. (CVE-2020-1412)\n\n - A remote code execution vulnerability exists when the\n Windows Jet Database Engine improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on a victim\n system. An attacker could exploit this vulnerability by\n enticing a victim to open a specially crafted file. The\n update addresses the vulnerability by correcting the way\n the Windows Jet Database Engine handles objects in\n memory. (CVE-2020-1400, CVE-2020-1401, CVE-2020-1407)\n\n - An information disclosure vulnerability exists when the\n Windows kernel fails to properly initialize a memory\n address. An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. (CVE-2020-1389,\n CVE-2020-1419)\n\n - An elevation of privilege vulnerability exists when the\n Windows Runtime improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could run arbitrary code in an elevated context. An\n attacker could exploit this vulnerability by running a\n specially crafted application on the victim system. The\n update addresses the vulnerability by correcting the way\n the Windows Runtime handles objects in memory.\n (CVE-2020-1249, CVE-2020-1399)\n\n - An elevation of privilege vulnerability exists when the\n Windows iSCSI Target Service improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could gain elevated privileges.\n (CVE-2020-1356)\n\n - This security update corrects a denial of service in the\n Local Security Authority Subsystem Service (LSASS)\n caused when an authenticated attacker sends a specially\n crafted authentication request. A remote attacker who\n successfully exploited this vulnerability could cause a\n denial of service on the target system's LSASS service,\n which triggers an automatic reboot of the system. The\n security update addresses the vulnerability by changing\n the way that LSASS handles specially crafted\n authentication requests. (CVE-2020-1267)\n\n - A remote code execution vulnerability exists in the way\n that the Windows Graphics Device Interface (GDI) handles\n objects in the memory. An attacker who successfully\n exploited this vulnerability could take control of the\n affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. (CVE-2020-1435)\n\n - A remote code execution vulnerability exists in\n Microsoft Windows that could allow remote code execution\n if a .LNK file is processed. An attacker who\n successfully exploited this vulnerability could gain the\n same user rights as the local user. (CVE-2020-1421)\");\n # https://support.microsoft.com/en-us/help/4565535/windows-server-2012-update-kb4565535\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?33ff1388\");\n # https://support.microsoft.com/en-us/help/4565537/windows-server-2012-update-kb4565537\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?81575436\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Security Only update KB4565535 or Cumulative Update KB4565537.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-1435\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-1436\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'SharePoint DataSet / DataTable Deserialization');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/07/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/07/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('smb_func.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_reg_query.inc');\ninclude('install_func.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = 'MS20-07';\nkbs = make_list(\n '4565537',\n '4565535'\n);\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(win8:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\n# Windows 8 EOL\nproductname = get_kb_item_or_exit(\"SMB/ProductName\", exit_code:1);\nif (\"Windows 8\" >< productname) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:'6.2', \n sp:0,\n rollup_date:'07_2020',\n bulletin:bulletin,\n rollup_kb_list:[4565537, 4565535])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n\n\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:04:33", "description": "The remote Windows host is missing security update 4565539 or cumulative update 4565524. It is, therefore, affected by multiple vulnerabilities :\n\n - A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage. The security update addresses the vulnerability by correcting how DirectWrite handles objects in memory. (CVE-2020-1409)\n\n - An elevation of privilege vulnerability exists when the Windows Profile Service improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges.\n (CVE-2020-1360)\n\n - A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2020-1403)\n\n - A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server. An attacker who successfully exploited this vulnerability could execute arbitrary code on the computer of the connecting client. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2020-1374)\n\n - A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted fonts. For all systems except Windows 10, an attacker who successfully exploited the vulnerability could execute code remotely. For systems running Windows 10, an attacker who successfully exploited the vulnerability could execute code in an AppContainer sandbox context with limited privileges and capabilities. An attacker could then install programs;\n view, change, or delete data; or create new accounts with full user rights. There are multiple ways an attacker could exploit the vulnerability:\n (CVE-2020-1436)\n\n - An elevation of privilege vulnerability exists when the Windows UPnP Device Host improperly handles memory.\n (CVE-2020-1354, CVE-2020-1430)\n\n - An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory. (CVE-2020-1468)\n\n - An elevation of privilege vulnerability exists when the Windows Event Logging Service improperly handles memory.\n (CVE-2020-1365, CVE-2020-1371)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Network Location Awareness Service handles objects in memory. An attacker who successfully exploited the vulnerability could allow an application with limited privileges on an affected system to execute code at a medium integrity level. (CVE-2020-1437)\n\n - An information disclosure vulnerability exists in Windows when the Windows Imaging Component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user's system.\n There are multiple ways an attacker could exploit this vulnerability: (CVE-2020-1397)\n\n - A remote code execution vulnerability exists when Windows Address Book (WAB) improperly processes vcard files. (CVE-2020-1410)\n\n - An information disclosure vulnerability exists when the Windows Graphics component improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. An authenticated attacker could exploit this vulnerability by running a specially crafted application. The update addresses the vulnerability by correcting how the Windows Graphics Component handles objects in memory. (CVE-2020-1351)\n\n - An elevation of privilege vulnerability exists when Group Policy Services Policy Processing improperly handle reparse points. An attacker who successfully exploited this vulnerability could overwrite a targeted file that would normally require elevated permissions.\n (CVE-2020-1333)\n\n - A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited the vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1408)\n\n - An elevation of privilege vulnerability exists when the Windows Modules Installer improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges.\n (CVE-2020-1346)\n\n - An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC). An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2020-1396)\n\n - An information disclosure vulnerability exists when Skype for Business is accessed via Internet Explorer. An attacker who exploited the vulnerability could cause the user to place a call without additional consent, leading to information disclosure of the user profile. For the vulnerability to be exploited, a user must click a specially crafted URL that prompts the Skype app.\n (CVE-2020-1432)\n\n - An elevation of privilege vulnerability exists when the Windows ActiveX Installer Service improperly handles memory. (CVE-2020-1402)\n\n - A remote code execution vulnerability exists in .NET Framework, Microsoft SharePoint, and Visual Studio when the software fails to check the source markup of XML file input. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the process responsible for deserialization of the XML content. (CVE-2020-1147)\n\n - An elevation of privilege vulnerability exists when the Windows Cryptography Next Generation (CNG) Key Isolation service improperly handles memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. (CVE-2020-1359, CVE-2020-1384)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Network Connections Service handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1373, CVE-2020-1390, CVE-2020-1427, CVE-2020-1428, CVE-2020-1438)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Function Discovery Service handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1085)\n\n - A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code on a target system. (CVE-2020-1412)\n\n - A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory. (CVE-2020-1400, CVE-2020-1401, CVE-2020-1407)\n\n - An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2020-1389, CVE-2020-1419)\n\n - This security update corrects a denial of service in the Local Security Authority Subsystem Service (LSASS) caused when an authenticated attacker sends a specially crafted authentication request. A remote attacker who successfully exploited this vulnerability could cause a denial of service on the target system's LSASS service, which triggers an automatic reboot of the system. The security update addresses the vulnerability by changing the way that LSASS handles specially crafted authentication requests. (CVE-2020-1267)\n\n - A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1435)\n\n - A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. (CVE-2020-1421)", "cvss3": {}, "published": "2020-07-14T00:00:00", "type": "nessus", "title": "KB4565539: Windows 7 and Windows Server 2008 R2 July 2020 Security Update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-1085", "CVE-2020-1147", "CVE-2020-1267", "CVE-2020-1333", "CVE-2020-1346", "CVE-2020-1351", "CVE-2020-1354", "CVE-2020-1359", "CVE-2020-1360", "CVE-2020-1365", "CVE-2020-1371", "CVE-2020-1373", "CVE-2020-1374", "CVE-2020-1384", "CVE-2020-1389", "CVE-2020-1390", "CVE-2020-1396", "CVE-2020-1397", "CVE-2020-1400", "CVE-2020-1401", "CVE-2020-1402", "CVE-2020-1403", "CVE-2020-1407", "CVE-2020-1408", "CVE-2020-1409", "CVE-2020-1410", "CVE-2020-1412", "CVE-2020-1419", "CVE-2020-1421", "CVE-2020-1427", "CVE-2020-1428", "CVE-2020-1430", "CVE-2020-1432", "CVE-2020-1435", "CVE-2020-1436", "CVE-2020-1437", "CVE-2020-1438", "CVE-2020-1468"], "modified": "2023-04-25T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS20_JUL_4565524.NASL", "href": "https://www.tenable.com/plugins/nessus/138460", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(138460);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/04/25\");\n\n script_cve_id(\n \"CVE-2020-1085\",\n \"CVE-2020-1147\",\n \"CVE-2020-1267\",\n \"CVE-2020-1333\",\n \"CVE-2020-1346\",\n \"CVE-2020-1351\",\n \"CVE-2020-1354\",\n \"CVE-2020-1359\",\n \"CVE-2020-1360\",\n \"CVE-2020-1365\",\n \"CVE-2020-1371\",\n \"CVE-2020-1373\",\n \"CVE-2020-1374\",\n \"CVE-2020-1384\",\n \"CVE-2020-1389\",\n \"CVE-2020-1390\",\n \"CVE-2020-1396\",\n \"CVE-2020-1397\",\n \"CVE-2020-1400\",\n \"CVE-2020-1401\",\n \"CVE-2020-1402\",\n \"CVE-2020-1403\",\n \"CVE-2020-1407\",\n \"CVE-2020-1408\",\n \"CVE-2020-1409\",\n \"CVE-2020-1410\",\n \"CVE-2020-1412\",\n \"CVE-2020-1419\",\n \"CVE-2020-1421\",\n \"CVE-2020-1427\",\n \"CVE-2020-1428\",\n \"CVE-2020-1430\",\n \"CVE-2020-1432\",\n \"CVE-2020-1435\",\n \"CVE-2020-1436\",\n \"CVE-2020-1437\",\n \"CVE-2020-1438\",\n \"CVE-2020-1468\"\n );\n script_xref(name:\"MSKB\", value:\"4565539\");\n script_xref(name:\"MSKB\", value:\"4565524\");\n script_xref(name:\"MSFT\", value:\"MS20-4565539\");\n script_xref(name:\"MSFT\", value:\"MS20-4565524\");\n script_xref(name:\"IAVA\", value:\"2020-A-0306-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0313-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/03\");\n\n script_name(english:\"KB4565539: Windows 7 and Windows Server 2008 R2 July 2020 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4565539\nor cumulative update 4565524. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - A remote code execution vulnerability exists in the way\n that DirectWrite handles objects in memory. An attacker\n who successfully exploited this vulnerability could take\n control of the affected system. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights. There are\n multiple ways an attacker could exploit the\n vulnerability, such as by convincing a user to open a\n specially crafted document, or by convincing a user to\n visit an untrusted webpage. The security update\n addresses the vulnerability by correcting how\n DirectWrite handles objects in memory. (CVE-2020-1409)\n\n - An elevation of privilege vulnerability exists when the\n Windows Profile Service improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could gain elevated privileges.\n (CVE-2020-1360)\n\n - A remote code execution vulnerability exists in the way\n that the VBScript engine handles objects in memory. The\n vulnerability could corrupt memory in such a way that an\n attacker could execute arbitrary code in the context of\n the current user. An attacker who successfully exploited\n the vulnerability could gain the same user rights as the\n current user. (CVE-2020-1403)\n\n - A remote code execution vulnerability exists in the\n Windows Remote Desktop Client when a user connects to a\n malicious server. An attacker who successfully exploited\n this vulnerability could execute arbitrary code on the\n computer of the connecting client. An attacker could\n then install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2020-1374)\n\n - A remote code execution vulnerability exists when the\n Windows font library improperly handles specially\n crafted fonts. For all systems except Windows 10, an\n attacker who successfully exploited the vulnerability\n could execute code remotely. For systems running Windows\n 10, an attacker who successfully exploited the\n vulnerability could execute code in an AppContainer\n sandbox context with limited privileges and\n capabilities. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. There are multiple ways an\n attacker could exploit the vulnerability:\n (CVE-2020-1436)\n\n - An elevation of privilege vulnerability exists when the\n Windows UPnP Device Host improperly handles memory.\n (CVE-2020-1354, CVE-2020-1430)\n\n - An information disclosure vulnerability exists when the\n Windows GDI component improperly discloses the contents\n of its memory. An attacker who successfully exploited\n the vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document,\n or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by\n correcting how the Windows GDI component handles objects\n in memory. (CVE-2020-1468)\n\n - An elevation of privilege vulnerability exists when the\n Windows Event Logging Service improperly handles memory.\n (CVE-2020-1365, CVE-2020-1371)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Network Location Awareness Service\n handles objects in memory. An attacker who successfully\n exploited the vulnerability could allow an application\n with limited privileges on an affected system to execute\n code at a medium integrity level. (CVE-2020-1437)\n\n - An information disclosure vulnerability exists in\n Windows when the Windows Imaging Component fails to\n properly handle objects in memory. An attacker who\n successfully exploited this vulnerability could obtain\n information to further compromise the user's system.\n There are multiple ways an attacker could exploit this\n vulnerability: (CVE-2020-1397)\n\n - A remote code execution vulnerability exists when\n Windows Address Book (WAB) improperly processes vcard\n files. (CVE-2020-1410)\n\n - An information disclosure vulnerability exists when the\n Windows Graphics component improperly handles objects in\n memory. An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. An authenticated attacker\n could exploit this vulnerability by running a specially\n crafted application. The update addresses the\n vulnerability by correcting how the Windows Graphics\n Component handles objects in memory. (CVE-2020-1351)\n\n - An elevation of privilege vulnerability exists when\n Group Policy Services Policy Processing improperly\n handle reparse points. An attacker who successfully\n exploited this vulnerability could overwrite a targeted\n file that would normally require elevated permissions.\n (CVE-2020-1333)\n\n - A remote code execution vulnerability exists when the\n Windows font library improperly handles specially\n crafted embedded fonts. An attacker who successfully\n exploited the vulnerability could take control of the\n affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. (CVE-2020-1408)\n\n - An elevation of privilege vulnerability exists when the\n Windows Modules Installer improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could gain elevated privileges.\n (CVE-2020-1346)\n\n - An elevation of privilege vulnerability exists when\n Windows improperly handles calls to Advanced Local\n Procedure Call (ALPC). An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n the security context of the local system. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n (CVE-2020-1396)\n\n - An information disclosure vulnerability exists when\n Skype for Business is accessed via Internet Explorer. An\n attacker who exploited the vulnerability could cause the\n user to place a call without additional consent, leading\n to information disclosure of the user profile. For the\n vulnerability to be exploited, a user must click a\n specially crafted URL that prompts the Skype app.\n (CVE-2020-1432)\n\n - An elevation of privilege vulnerability exists when the\n Windows ActiveX Installer Service improperly handles\n memory. (CVE-2020-1402)\n\n - A remote code execution vulnerability exists in .NET\n Framework, Microsoft SharePoint, and Visual Studio when\n the software fails to check the source markup of XML\n file input. An attacker who successfully exploited the\n vulnerability could run arbitrary code in the context of\n the process responsible for deserialization of the XML\n content. (CVE-2020-1147)\n\n - An elevation of privilege vulnerability exists when the\n Windows Cryptography Next Generation (CNG) Key Isolation\n service improperly handles memory. An attacker who\n successfully exploited this vulnerability could run\n processes in an elevated context. (CVE-2020-1359,\n CVE-2020-1384)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Network Connections Service handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2020-1373, CVE-2020-1390,\n CVE-2020-1427, CVE-2020-1428, CVE-2020-1438)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Function Discovery Service handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2020-1085)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft Graphics Components handle objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute arbitrary code on a target\n system. (CVE-2020-1412)\n\n - A remote code execution vulnerability exists when the\n Windows Jet Database Engine improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on a victim\n system. An attacker could exploit this vulnerability by\n enticing a victim to open a specially crafted file. The\n update addresses the vulnerability by correcting the way\n the Windows Jet Database Engine handles objects in\n memory. (CVE-2020-1400, CVE-2020-1401, CVE-2020-1407)\n\n - An information disclosure vulnerability exists when the\n Windows kernel fails to properly initialize a memory\n address. An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. (CVE-2020-1389,\n CVE-2020-1419)\n\n - This security update corrects a denial of service in the\n Local Security Authority Subsystem Service (LSASS)\n caused when an authenticated attacker sends a specially\n crafted authentication request. A remote attacker who\n successfully exploited this vulnerability could cause a\n denial of service on the target system's LSASS service,\n which triggers an automatic reboot of the system. The\n security update addresses the vulnerability by changing\n the way that LSASS handles specially crafted\n authentication requests. (CVE-2020-1267)\n\n - A remote code execution vulnerability exists in the way\n that the Windows Graphics Device Interface (GDI) handles\n objects in the memory. An attacker who successfully\n exploited this vulnerability could take control of the\n affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. (CVE-2020-1435)\n\n - A remote code execution vulnerability exists in\n Microsoft Windows that could allow remote code execution\n if a .LNK file is processed. An attacker who\n successfully exploited this vulnerability could gain the\n same user rights as the local user. (CVE-2020-1421)\");\n # https://support.microsoft.com/en-us/help/4565539/windows-7-update-kb4565539\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?f84b756f\");\n # https://support.microsoft.com/en-us/help/4565524/windows-7-update-kb4565524\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d3552b4f\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Security Only update KB4565539 or Cumulative Update KB4565524.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-1435\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-1436\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'SharePoint DataSet / DataTable Deserialization');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/07/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/07/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('smb_func.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_reg_query.inc');\ninclude('install_func.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = 'MS20-07';\nkbs = make_list(\n '4565524',\n '4565539'\n);\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(win7:'1') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:'6.1', \n sp:1,\n rollup_date:'07_2020',\n bulletin:bulletin,\n rollup_kb_list:[4565524, 4565539])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n\n\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-19T15:25:36", "description": "The remote Windows host is missing security update 4565513. It is, therefore, affected by multiple vulnerabilities :\n\n - An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1411)\n\n - An elevation of privilege vulnerability exists when the Windows Diagnostics Hub Standard Collector Service fails to properly sanitize input, leading to an unsecure library-loading behavior. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2020-1393)\n\n - A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage. The security update addresses the vulnerability by correcting how DirectWrite handles objects in memory. (CVE-2020-1409)\n\n - An elevation of privilege vulnerability exists when the Windows Profile Service improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges.\n (CVE-2020-1360)\n\n - A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2020-1403)\n\n - A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server. An attacker who successfully exploited this vulnerability could execute arbitrary code on the computer of the connecting client. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2020-1374)\n\n - A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted fonts. For all systems except Windows 10, an attacker who successfully exploited the vulnerability could execute code remotely. For systems running Windows 10, an attacker who successfully exploited the vulnerability could execute code in an AppContainer sandbox context with limited privileges and capabilities. An attacker could then install programs;\n view, change, or delete data; or create new accounts with full user rights. There are multiple ways an attacker could exploit the vulnerability:\n (CVE-2020-1436)\n\n - An elevation of privilege vulnerability exists in the way that the Credential Enrollment Manager service handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1368)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Network List Service handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1406)\n\n - An information disclosure vulnerability exists when the Windows Graphics component improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. An authenticated attacker could exploit this vulnerability by running a specially crafted application. The update addresses the vulnerability by correcting how the Windows Graphics Component handles objects in memory. (CVE-2020-1351)\n\n - An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory. (CVE-2020-1468)\n\n - An elevation of privilege vulnerability exists when the Windows Event Logging Service improperly handles memory.\n (CVE-2020-1365, CVE-2020-1371)\n\n - An elevation of privilege vulnerability exists in the way that the Windows WalletService handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1344, CVE-2020-1362, CVE-2020-1369)\n\n - An elevation of privilege vulnerability exists when the Windows ActiveX Installer Service improperly handles memory. (CVE-2020-1402)\n\n - This security update corrects a denial of service in the Local Security Authority Subsystem Service (LSASS) caused when an authenticated attacker sends a specially crafted authentication request. A remote attacker who successfully exploited this vulnerability could cause a denial of service on the target system's LSASS service, which triggers an automatic reboot of the system. The security update addresses the vulnerability by changing the way that LSASS handles specially crafted authentication requests. (CVE-2020-1267)\n\n - A remote code execution vulnerability exists when Windows Address Book (WAB) improperly processes vcard files. (CVE-2020-1410)\n\n - An elevation of privilege vulnerability exists when the Windows USO Core Worker improperly handles memory.\n (CVE-2020-1352)\n\n - An elevation of privilege vulnerability exists when the Windows UPnP Device Host improperly handles memory.\n (CVE-2020-1354, CVE-2020-1430)\n\n - An elevation of privilege vulnerability exists when Group Policy Services Policy Processing improperly handle reparse points. An attacker who successfully exploited this vulnerability could overwrite a targeted file that would normally require elevated permissions.\n (CVE-2020-1333)\n\n - A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited the vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1408)\n\n - An elevation of privilege vulnerability exists when the Windows Modules Installer improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges.\n (CVE-2020-1346)\n\n - An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC). An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2020-1396)\n\n - A denial of service vulnerability exists in the way that the WalletService handles files. An attacker who successfully exploited the vulnerability could corrupt system files. (CVE-2020-1364)\n\n - An information disclosure vulnerability exists when Skype for Business is accessed via Internet Explorer. An attacker who exploited the vulnerability could cause the user to place a call without additional consent, leading to information disclosure of the user profile. For the vulnerability to be exploited, a user must click a specially crafted URL that prompts the Skype app.\n (CVE-2020-1432)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Network Location Awareness Service handles objects in memory. An attacker who successfully exploited the vulnerability could allow an application with limited privileges on an affected system to execute code at a medium integrity level. (CVE-2020-1437)\n\n - A remote code execution vulnerability exists in .NET Framework, Microsoft SharePoint, and Visual Studio when the software fails to check the source markup of XML file input. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the process responsible for deserialization of the XML content. (CVE-2020-1147)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Network Connections Service handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1373, CVE-2020-1390, CVE-2020-1427, CVE-2020-1428, CVE-2020-1438)\n\n - An elevation of privilege vulnerability exists when the Windows Cryptography Next Generation (CNG) Key Isolation service improperly handles memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. (CVE-2020-1359, CVE-2020-1384)\n\n - An information disclosure vulnerability exists when the Windows Resource Policy component improperly handles memory. (CVE-2020-1358)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Function Discovery Service handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1085)\n\n - An information disclosure vulnerability exists when Windows Error Reporting improperly handles file operations. (CVE-2020-1420)\n\n - A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code on a target system. (CVE-2020-1412)\n\n - An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The update addresses the vulnerability by correcting the way the Windows Runtime handles objects in memory.\n (CVE-2020-1249, CVE-2020-1353, CVE-2020-1370, CVE-2020-1399, CVE-2020-1404, CVE-2020-1413)\n\n - An information disclosure vulnerability exists when Microsoft Edge PDF Reader improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2020-1433)\n\n - A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory. (CVE-2020-1400, CVE-2020-1401, CVE-2020-1407)\n\n - An elevation of privilege vulnerability exists when Windows Error Reporting manager improperly handles a process crash. An attacker who successfully exploited this vulnerability could delete a targeted file leading to an elevated status. (CVE-2020-1429)\n\n - An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2020-1389, CVE-2020-1419)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Credential Picker handles objects in memory. An attacker who successfully exploited the vulnerability could allow an application with limited privileges on an affected system to execute code at a medium integrity level. (CVE-2020-1385)\n\n - A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. (CVE-2020-1421)\n\n - An information disclosure vulnerability exists in Windows when the Windows Imaging Component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user's system.\n There are multiple ways an attacker could exploit this vulnerability: (CVE-2020-1397)\n\n - A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1435)\n\n - An information disclosure vulnerability exists in the way that the WalletService handles memory.\n (CVE-2020-1361)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Sync Host Service handles objects in memory. An attacker who successfully exploited the vulnerability could allow an application with limited privileges on an affected system to execute code at a medium integrity level. (CVE-2020-1434)\n\n - An elevation of privilege vulnerability exists when Windows Lockscreen fails to properly handle Ease of Access dialog. An attacker who successfully exploited the vulnerability could execute commands with elevated permissions. The security update addresses the vulnerability by ensuring that the Ease of Access dialog is handled properly. (CVE-2020-1398)", "cvss3": {}, "published": "2020-07-14T00:00:00", "type": "nessus", "title": "KB4565513: Windows 10 July 2020 Security Update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-1085", "CVE-2020-1147", "CVE-2020-1249", "CVE-2020-1267", "CVE-2020-1333", "CVE-2020-1344", "CVE-2020-1346", "CVE-2020-1351", "CVE-2020-1352", "CVE-2020-1353", "CVE-2020-1354", "CVE-2020-1358", "CVE-2020-1359", "CVE-2020-1360", "CVE-2020-1361", "CVE-2020-1362", "CVE-2020-1364", "CVE-2020-1365", "CVE-2020-1368", "CVE-2020-1369", "CVE-2020-1370", "CVE-2020-1371", "CVE-2020-1373", "CVE-2020-1374", "CVE-2020-1384", "CVE-2020-1385", "CVE-2020-1389", "CVE-2020-1390", "CVE-2020-1393", "CVE-2020-1396", "CVE-2020-1397", "CVE-2020-1398", "CVE-2020-1399", "CVE-2020-1400", "CVE-2020-1401", "CVE-2020-1402", "CVE-2020-1403", "CVE-2020-1404", "CVE-2020-1406", "CVE-2020-1407", "CVE-2020-1408", "CVE-2020-1409", "CVE-2020-1410", "CVE-2020-1411", "CVE-2020-1412", "CVE-2020-1413", "CVE-2020-1419", "CVE-2020-1420", "CVE-2020-1421", "CVE-2020-1427", "CVE-2020-1428", "CVE-2020-1429", "CVE-2020-1430", "CVE-2020-1432", "CVE-2020-1433", "CVE-2020-1434", "CVE-2020-1435", "CVE-2020-1436", "CVE-2020-1437", "CVE-2020-1438", "CVE-2020-1468"], "modified": "2023-01-24T00:00:00", "cpe": ["cpe:/o:microsoft:windows", "cpe:/a:microsoft:edge"], "id": "SMB_NT_MS20_JUL_4565513.NASL", "href": "https://www.tenable.com/plugins/nessus/138459", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(138459);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/24\");\n\n script_cve_id(\n \"CVE-2020-1085\",\n \"CVE-2020-1147\",\n \"CVE-2020-1249\",\n \"CVE-2020-1267\",\n \"CVE-2020-1333\",\n \"CVE-2020-1344\",\n \"CVE-2020-1346\",\n \"CVE-2020-1351\",\n \"CVE-2020-1352\",\n \"CVE-2020-1353\",\n \"CVE-2020-1354\",\n \"CVE-2020-1358\",\n \"CVE-2020-1359\",\n \"CVE-2020-1360\",\n \"CVE-2020-1361\",\n \"CVE-2020-1362\",\n \"CVE-2020-1364\",\n \"CVE-2020-1365\",\n \"CVE-2020-1368\",\n \"CVE-2020-1369\",\n \"CVE-2020-1370\",\n \"CVE-2020-1371\",\n \"CVE-2020-1373\",\n \"CVE-2020-1374\",\n \"CVE-2020-1384\",\n \"CVE-2020-1385\",\n \"CVE-2020-1389\",\n \"CVE-2020-1390\",\n \"CVE-2020-1393\",\n \"CVE-2020-1396\",\n \"CVE-2020-1397\",\n \"CVE-2020-1398\",\n \"CVE-2020-1399\",\n \"CVE-2020-1400\",\n \"CVE-2020-1401\",\n \"CVE-2020-1402\",\n \"CVE-2020-1403\",\n \"CVE-2020-1404\",\n \"CVE-2020-1406\",\n \"CVE-2020-1407\",\n \"CVE-2020-1408\",\n \"CVE-2020-1409\",\n \"CVE-2020-1410\",\n \"CVE-2020-1411\",\n \"CVE-2020-1412\",\n \"CVE-2020-1413\",\n \"CVE-2020-1419\",\n \"CVE-2020-1420\",\n \"CVE-2020-1421\",\n \"CVE-2020-1427\",\n \"CVE-2020-1428\",\n \"CVE-2020-1429\",\n \"CVE-2020-1430\",\n \"CVE-2020-1432\",\n \"CVE-2020-1433\",\n \"CVE-2020-1434\",\n \"CVE-2020-1435\",\n \"CVE-2020-1436\",\n \"CVE-2020-1437\",\n \"CVE-2020-1438\",\n \"CVE-2020-1468\"\n );\n script_xref(name:\"MSKB\", value:\"4565513\");\n script_xref(name:\"MSFT\", value:\"MS20-4565513\");\n script_xref(name:\"IAVA\", value:\"2020-A-0300-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0302-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0313-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/03\");\n\n script_name(english:\"KB4565513: Windows 10 July 2020 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4565513. It is, \ntherefore, affected by multiple vulnerabilities :\n\n - An elevation of privilege vulnerability exists when the\n Windows kernel fails to properly handle objects in\n memory. An attacker who successfully exploited this\n vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change,\n or delete data; or create new accounts with full user\n rights. (CVE-2020-1411)\n\n - An elevation of privilege vulnerability exists when the\n Windows Diagnostics Hub Standard Collector Service fails\n to properly sanitize input, leading to an unsecure\n library-loading behavior. An attacker who successfully\n exploited this vulnerability could run arbitrary code\n with elevated system privileges. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2020-1393)\n\n - A remote code execution vulnerability exists in the way\n that DirectWrite handles objects in memory. An attacker\n who successfully exploited this vulnerability could take\n control of the affected system. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights. There are\n multiple ways an attacker could exploit the\n vulnerability, such as by convincing a user to open a\n specially crafted document, or by convincing a user to\n visit an untrusted webpage. The security update\n addresses the vulnerability by correcting how\n DirectWrite handles objects in memory. (CVE-2020-1409)\n\n - An elevation of privilege vulnerability exists when the\n Windows Profile Service improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could gain elevated privileges.\n (CVE-2020-1360)\n\n - A remote code execution vulnerability exists in the way\n that the VBScript engine handles objects in memory. The\n vulnerability could corrupt memory in such a way that an\n attacker could execute arbitrary code in the context of\n the current user. An attacker who successfully exploited\n the vulnerability could gain the same user rights as the\n current user. (CVE-2020-1403)\n\n - A remote code execution vulnerability exists in the\n Windows Remote Desktop Client when a user connects to a\n malicious server. An attacker who successfully exploited\n this vulnerability could execute arbitrary code on the\n computer of the connecting client. An attacker could\n then install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2020-1374)\n\n - A remote code execution vulnerability exists when the\n Windows font library improperly handles specially\n crafted fonts. For all systems except Windows 10, an\n attacker who successfully exploited the vulnerability\n could execute code remotely. For systems running Windows\n 10, an attacker who successfully exploited the\n vulnerability could execute code in an AppContainer\n sandbox context with limited privileges and\n capabilities. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. There are multiple ways an\n attacker could exploit the vulnerability:\n (CVE-2020-1436)\n\n - An elevation of privilege vulnerability exists in the\n way that the Credential Enrollment Manager service\n handles objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2020-1368)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Network List Service handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2020-1406)\n\n - An information disclosure vulnerability exists when the\n Windows Graphics component improperly handles objects in\n memory. An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. An authenticated attacker\n could exploit this vulnerability by running a specially\n crafted application. The update addresses the\n vulnerability by correcting how the Windows Graphics\n Component handles objects in memory. (CVE-2020-1351)\n\n - An information disclosure vulnerability exists when the\n Windows GDI component improperly discloses the contents\n of its memory. An attacker who successfully exploited\n the vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document,\n or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by\n correcting how the Windows GDI component handles objects\n in memory. (CVE-2020-1468)\n\n - An elevation of privilege vulnerability exists when the\n Windows Event Logging Service improperly handles memory.\n (CVE-2020-1365, CVE-2020-1371)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows WalletService handles objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute code with elevated\n permissions. (CVE-2020-1344, CVE-2020-1362,\n CVE-2020-1369)\n\n - An elevation of privilege vulnerability exists when the\n Windows ActiveX Installer Service improperly handles\n memory. (CVE-2020-1402)\n\n - This security update corrects a denial of service in the\n Local Security Authority Subsystem Service (LSASS)\n caused when an authenticated attacker sends a specially\n crafted authentication request. A remote attacker who\n successfully exploited this vulnerability could cause a\n denial of service on the target system's LSASS service,\n which triggers an automatic reboot of the system. The\n security update addresses the vulnerability by changing\n the way that LSASS handles specially crafted\n authentication requests. (CVE-2020-1267)\n\n - A remote code execution vulnerability exists when\n Windows Address Book (WAB) improperly processes vcard\n files. (CVE-2020-1410)\n\n - An elevation of privilege vulnerability exists when the\n Windows USO Core Worker improperly handles memory.\n (CVE-2020-1352)\n\n - An elevation of privilege vulnerability exists when the\n Windows UPnP Device Host improperly handles memory.\n (CVE-2020-1354, CVE-2020-1430)\n\n - An elevation of privilege vulnerability exists when\n Group Policy Services Policy Processing improperly\n handle reparse points. An attacker who successfully\n exploited this vulnerability could overwrite a targeted\n file that would normally require elevated permissions.\n (CVE-2020-1333)\n\n - A remote code execution vulnerability exists when the\n Windows font library improperly handles specially\n crafted embedded fonts. An attacker who successfully\n exploited the vulnerability could take control of the\n affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. (CVE-2020-1408)\n\n - An elevation of privilege vulnerability exists when the\n Windows Modules Installer improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could gain elevated privileges.\n (CVE-2020-1346)\n\n - An elevation of privilege vulnerability exists when\n Windows improperly handles calls to Advanced Local\n Procedure Call (ALPC). An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n the security context of the local system. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n (CVE-2020-1396)\n\n - A denial of service vulnerability exists in the way that\n the WalletService handles files. An attacker who\n successfully exploited the vulnerability could corrupt\n system files. (CVE-2020-1364)\n\n - An information disclosure vulnerability exists when\n Skype for Business is accessed via Internet Explorer. An\n attacker who exploited the vulnerability could cause the\n user to place a call without additional consent, leading\n to information disclosure of the user profile. For the\n vulnerability to be exploited, a user must click a\n specially crafted URL that prompts the Skype app.\n (CVE-2020-1432)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Network Location Awareness Service\n handles objects in memory. An attacker who successfully\n exploited the vulnerability could allow an application\n with limited privileges on an affected system to execute\n code at a medium integrity level. (CVE-2020-1437)\n\n - A remote code execution vulnerability exists in .NET\n Framework, Microsoft SharePoint, and Visual Studio when\n the software fails to check the source markup of XML\n file input. An attacker who successfully exploited the\n vulnerability could run arbitrary code in the context of\n the process responsible for deserialization of the XML\n content. (CVE-2020-1147)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Network Connections Service handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2020-1373, CVE-2020-1390,\n CVE-2020-1427, CVE-2020-1428, CVE-2020-1438)\n\n - An elevation of privilege vulnerability exists when the\n Windows Cryptography Next Generation (CNG) Key Isolation\n service improperly handles memory. An attacker who\n successfully exploited this vulnerability could run\n processes in an elevated context. (CVE-2020-1359,\n CVE-2020-1384)\n\n - An information disclosure vulnerability exists when the\n Windows Resource Policy component improperly handles\n memory. (CVE-2020-1358)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Function Discovery Service handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2020-1085)\n\n - An information disclosure vulnerability exists when\n Windows Error Reporting improperly handles file\n operations. (CVE-2020-1420)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft Graphics Components handle objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute arbitrary code on a target\n system. (CVE-2020-1412)\n\n - An elevation of privilege vulnerability exists when the\n Windows Runtime improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could run arbitrary code in an elevated context. An\n attacker could exploit this vulnerability by running a\n specially crafted application on the victim system. The\n update addresses the vulnerability by correcting the way\n the Windows Runtime handles objects in memory.\n (CVE-2020-1249, CVE-2020-1353, CVE-2020-1370,\n CVE-2020-1399, CVE-2020-1404, CVE-2020-1413)\n\n - An information disclosure vulnerability exists when\n Microsoft Edge PDF Reader improperly handles objects in\n memory. An attacker who successfully exploited the\n vulnerability could obtain information to further\n compromise the users system. (CVE-2020-1433)\n\n - A remote code execution vulnerability exists when the\n Windows Jet Database Engine improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on a victim\n system. An attacker could exploit this vulnerability by\n enticing a victim to open a specially crafted file. The\n update addresses the vulnerability by correcting the way\n the Windows Jet Database Engine handles objects in\n memory. (CVE-2020-1400, CVE-2020-1401, CVE-2020-1407)\n\n - An elevation of privilege vulnerability exists when\n Windows Error Reporting manager improperly handles a\n process crash. An attacker who successfully exploited\n this vulnerability could delete a targeted file leading\n to an elevated status. (CVE-2020-1429)\n\n - An information disclosure vulnerability exists when the\n Windows kernel fails to properly initialize a memory\n address. An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. (CVE-2020-1389,\n CVE-2020-1419)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Credential Picker handles objects\n in memory. An attacker who successfully exploited the\n vulnerability could allow an application with limited\n privileges on an affected system to execute code at a\n medium integrity level. (CVE-2020-1385)\n\n - A remote code execution vulnerability exists in\n Microsoft Windows that could allow remote code execution\n if a .LNK file is processed. An attacker who\n successfully exploited this vulnerability could gain the\n same user rights as the local user. (CVE-2020-1421)\n\n - An information disclosure vulnerability exists in\n Windows when the Windows Imaging Component fails to\n properly handle objects in memory. An attacker who\n successfully exploited this vulnerability could obtain\n information to further compromise the user's system.\n There are multiple ways an attacker could exploit this\n vulnerability: (CVE-2020-1397)\n\n - A remote code execution vulnerability exists in the way\n that the Windows Graphics Device Interface (GDI) handles\n objects in the memory. An attacker who successfully\n exploited this vulnerability could take control of the\n affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. (CVE-2020-1435)\n\n - An information disclosure vulnerability exists in the\n way that the WalletService handles memory.\n (CVE-2020-1361)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Sync Host Service handles objects\n in memory. An attacker who successfully exploited the\n vulnerability could allow an application with limited\n privileges on an affected system to execute code at a\n medium integrity level. (CVE-2020-1434)\n\n - An elevation of privilege vulnerability exists when\n Windows Lockscreen fails to properly handle Ease of\n Access dialog. An attacker who successfully exploited\n the vulnerability could execute commands with elevated\n permissions. The security update addresses the\n vulnerability by ensuring that the Ease of Access dialog\n is handled properly. (CVE-2020-1398)\");\n # https://support.microsoft.com/en-us/help/4565513/windows-10-update-kb4565513\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d0366a03\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update KB4565513.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-1435\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-1436\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'SharePoint DataSet / DataTable Deserialization');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/07/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/07/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('smb_func.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_reg_query.inc');\ninclude('install_func.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = 'MS20-07';\nkbs = make_list(\n '4565513'\n);\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:'10',\n sp:0,\n os_build:'10240',\n rollup_date:'07_2020',\n bulletin:bulletin,\n rollup_kb_list:[4565513])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n\n\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-19T15:24:04", "description": "The remote Windows host is missing security update 4565511. It is, therefore, affected by multiple vulnerabilities :\n\n - An elevation of privilege vulnerability exists when the Windows System Events Broker improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges.\n (CVE-2020-1357)\n\n - An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1411)\n\n - An elevation of privilege vulnerability exists when the Windows USO Core Worker improperly handles memory.\n (CVE-2020-1352)\n\n - An elevation of privilege vulnerability exists when the Windows Diagnostics Hub Standard Collector Service fails to properly sanitize input, leading to an unsecure library-loading behavior. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2020-1393)\n\n - A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage. The security update addresses the vulnerability by correcting how DirectWrite handles objects in memory. (CVE-2020-1409)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Credential Picker handles objects in memory. An attacker who successfully exploited the vulnerability could allow an application with limited privileges on an affected system to execute code at a medium integrity level. (CVE-2020-1385)\n\n - An elevation of privilege vulnerability exists when the Windows Profile Service improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges.\n (CVE-2020-1360)\n\n - A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2020-1403)\n\n - A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server. An attacker who successfully exploited this vulnerability could execute arbitrary code on the computer of the connecting client. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2020-1374)\n\n - A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted fonts. For all systems except Windows 10, an attacker who successfully exploited the vulnerability could execute code remotely. For systems running Windows 10, an attacker who successfully exploited the vulnerability could execute code in an AppContainer sandbox context with limited privileges and capabilities. An attacker could then install programs;\n view, change, or delete data; or create new accounts with full user rights. There are multiple ways an attacker could exploit the vulnerability:\n (CVE-2020-1436)\n\n - An elevation of privilege vulnerability exists in the way that the Credential Enrollment Manager service handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1368)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Network List Service handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1406)\n\n - An information disclosure vulnerability exists when the Windows Graphics component improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. An authenticated attacker could exploit this vulnerability by running a specially crafted application. The update addresses the vulnerability by correcting how the Windows Graphics Component handles objects in memory. (CVE-2020-1351)\n\n - An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory. (CVE-2020-1468)\n\n - An elevation of privilege vulnerability exists when the Windows Event Logging Service improperly handles memory.\n (CVE-2020-1365, CVE-2020-1371)\n\n - An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2020-1389, CVE-2020-1419)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Speech Brokered API handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1395)\n\n - An elevation of privilege vulnerability exists in the way that the Windows WalletService handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1344, CVE-2020-1362, CVE-2020-1369)\n\n - An elevation of privilege vulnerability exists when the Windows ActiveX Installer Service improperly handles memory. (CVE-2020-1402)\n\n - This security update corrects a denial of service in the Local Security Authority Subsystem Service (LSASS) caused when an authenticated attacker sends a specially crafted authentication request. A remote attacker who successfully exploited this vulnerability could cause a denial of service on the target system's LSASS service, which triggers an automatic reboot of the system. The security update addresses the vulnerability by changing the way that LSASS handles specially crafted authentication requests. (CVE-2020-1267)\n\n - A remote code execution vulnerability exists when Windows Address Book (WAB) improperly processes vcard files. (CVE-2020-1410)\n\n - An elevation of privilege vulnerability exists when the Windows Modules Installer improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges.\n (CVE-2020-1346)\n\n - An elevation of privilege vulnerability exists when the Windows UPnP Device Host improperly handles memory.\n (CVE-2020-1354, CVE-2020-1430)\n\n - An elevation of privilege vulnerability exists in the way that the SharedStream Library handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1463)\n\n - An elevation of privilege vulnerability exists when Group Policy Services Policy Processing improperly handle reparse points. An attacker who successfully exploited this vulnerability could overwrite a targeted file that would normally require elevated permissions.\n (CVE-2020-1333)\n\n - An information disclosure vulnerability exists when Skype for Business is accessed via Microsoft Edge (EdgeHTML-based). An attacker who exploited the vulnerability could cause the user to place a call without additional consent, leading to information disclosure of the user profile. For the vulnerability to be exploited, a user must click a specially crafted URL that prompts the Skype app. (CVE-2020-1462)\n\n - A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited the vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1408)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory.\n An attacker who successfully exploited the vulnerability could execute code with elevated permissions.\n (CVE-2020-1336)\n\n - An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC). An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2020-1396)\n\n - A denial of service vulnerability exists in the way that the WalletService handles files. An attacker who successfully exploited the vulnerability could corrupt system files. (CVE-2020-1364)\n\n - An information disclosure vulnerability exists when Skype for Business is accessed via Internet Explorer. An attacker who exploited the vulnerability could cause the user to place a call without additional consent, leading to information disclosure of the user profile. For the vulnerability to be exploited, a user must click a specially crafted URL that prompts the Skype app.\n (CVE-2020-1432)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Network Location Awareness Service handles objects in memory. An attacker who successfully exploited the vulnerability could allow an application with limited privileges on an affected system to execute code at a medium integrity level. (CVE-2020-1437)\n\n - A remote code execution vulnerability exists in .NET Framework, Microsoft SharePoint, and Visual Studio when the software fails to check the source markup of XML file input. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the process responsible for deserialization of the XML content. (CVE-2020-1147)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Network Connections Service handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1373, CVE-2020-1390, CVE-2020-1427, CVE-2020-1428, CVE-2020-1438)\n\n - An elevation of privilege vulnerability exists when the Windows Cryptography Next Generation (CNG) Key Isolation service improperly handles memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. (CVE-2020-1359, CVE-2020-1384)\n\n - An information disclosure vulnerability exists when the Windows Resource Policy component improperly handles memory. (CVE-2020-1358)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Function Discovery Service handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1085)\n\n - An information disclosure vulnerability exists when Windows Error Reporting improperly handles file operations. (CVE-2020-1420)\n\n - A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code on a target system. (CVE-2020-1412)\n\n - An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The update addresses the vulnerability by correcting the way the Windows Runtime handles objects in memory.\n (CVE-2020-1249, CVE-2020-1353, CVE-2020-1370, CVE-2020-1399, CVE-2020-1404, CVE-2020-1413)\n\n - An information disclosure vulnerability exists when Microsoft Edge PDF Reader improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2020-1433)\n\n - A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory. (CVE-2020-1400, CVE-2020-1401, CVE-2020-1407)\n\n - An elevation of privilege vulnerability exists when Windows Error Reporting manager improperly handles a process crash. An attacker who successfully exploited this vulnerability could delete a targeted file leading to an elevated status. (CVE-2020-1429)\n\n - An elevation of privilege vulnerability exists in the way that the psmsrv.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.\n (CVE-2020-1388)\n\n - An elevation of privilege vulnerability exists when the Windows iSCSI Target Service improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges.\n (CVE-2020-1356)\n\n - A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. (CVE-2020-1421)\n\n - An information disclosure vulnerability exists in Windows when the Windows Imaging Component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user's system.\n There are multiple ways an attacker could exploit this vulnerability: (CVE-2020-1397)\n\n - A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1435)\n\n - An information disclosure vulnerability exists in the way that the WalletService handles memory.\n (CVE-2020-1361)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Sync Host Service handles objects in memory. An attacker who successfully exploited the vulnerability could allow an application with limited privileges on an affected system to execute code at a medium integrity level. (CVE-2020-1434)\n\n - An elevation of privilege vulnerability exists when Windows Lockscreen fails to properly handle Ease of Access dialog. An attacker who successfully exploited the vulnerability could execute commands with elevated permissions. The security update addresses the vulnerability by ensuring that the Ease of Access dialog is handled properly. (CVE-2020-1398)", "cvss3": {}, "published": "2020-07-14T00:00:00", "type": "nessus", "title": "KB4565511: Windows 10 Version 1607 and Windows Server 2016 July 2020 Security Update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-1085", "CVE-2020-1147", "CVE-2020-1249", "CVE-2020-1267", "CVE-2020-1333", "CVE-2020-1336", "CVE-2020-1344", "CVE-2020-1346", "CVE-2020-1351", "CVE-2020-1352", "CVE-2020-1353", "CVE-2020-1354", "CVE-2020-1356", "CVE-2020-1357", "CVE-2020-1358", "CVE-2020-1359", "CVE-2020-1360", "CVE-2020-1361", "CVE-2020-1362", "CVE-2020-1364", "CVE-2020-1365", "CVE-2020-1368", "CVE-2020-1369", "CVE-2020-1370", "CVE-2020-1371", "CVE-2020-1373", "CVE-2020-1374", "CVE-2020-1384", "CVE-2020-1385", "CVE-2020-1388", "CVE-2020-1389", "CVE-2020-1390", "CVE-2020-1393", "CVE-2020-1395", "CVE-2020-1396", "CVE-2020-1397", "CVE-2020-1398", "CVE-2020-1399", "CVE-2020-1400", "CVE-2020-1401", "CVE-2020-1402", "CVE-2020-1403", "CVE-2020-1404", "CVE-2020-1406", "CVE-2020-1407", "CVE-2020-1408", "CVE-2020-1409", "CVE-2020-1410", "CVE-2020-1411", "CVE-2020-1412", "CVE-2020-1413", "CVE-2020-1419", "CVE-2020-1420", "CVE-2020-1421", "CVE-2020-1427", "CVE-2020-1428", "CVE-2020-1429", "CVE-2020-1430", "CVE-2020-1432", "CVE-2020-1433", "CVE-2020-1434", "CVE-2020-1435", "CVE-2020-1436", "CVE-2020-1437", "CVE-2020-1438", "CVE-2020-1462", "CVE-2020-1463", "CVE-2020-1468"], "modified": "2023-04-25T00:00:00", "cpe": ["cpe:/o:microsoft:windows", "cpe:/a:microsoft:edge"], "id": "SMB_NT_MS20_JUL_4565511.NASL", "href": "https://www.tenable.com/plugins/nessus/138458", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(138458);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/04/25\");\n\n script_cve_id(\n \"CVE-2020-1085\",\n \"CVE-2020-1147\",\n \"CVE-2020-1249\",\n \"CVE-2020-1267\",\n \"CVE-2020-1333\",\n \"CVE-2020-1336\",\n \"CVE-2020-1344\",\n \"CVE-2020-1346\",\n \"CVE-2020-1351\",\n \"CVE-2020-1352\",\n \"CVE-2020-1353\",\n \"CVE-2020-1354\",\n \"CVE-2020-1356\",\n \"CVE-2020-1357\",\n \"CVE-2020-1358\",\n \"CVE-2020-1359\",\n \"CVE-2020-1360\",\n \"CVE-2020-1361\",\n \"CVE-2020-1362\",\n \"CVE-2020-1364\",\n \"CVE-2020-1365\",\n \"CVE-2020-1368\",\n \"CVE-2020-1369\",\n \"CVE-2020-1370\",\n \"CVE-2020-1371\",\n \"CVE-2020-1373\",\n \"CVE-2020-1374\",\n \"CVE-2020-1384\",\n \"CVE-2020-1385\",\n \"CVE-2020-1388\",\n \"CVE-2020-1389\",\n \"CVE-2020-1390\",\n \"CVE-2020-1393\",\n \"CVE-2020-1395\",\n \"CVE-2020-1396\",\n \"CVE-2020-1397\",\n \"CVE-2020-1398\",\n \"CVE-2020-1399\",\n \"CVE-2020-1400\",\n \"CVE-2020-1401\",\n \"CVE-2020-1402\",\n \"CVE-2020-1403\",\n \"CVE-2020-1404\",\n \"CVE-2020-1406\",\n \"CVE-2020-1407\",\n \"CVE-2020-1408\",\n \"CVE-2020-1409\",\n \"CVE-2020-1410\",\n \"CVE-2020-1411\",\n \"CVE-2020-1412\",\n \"CVE-2020-1413\",\n \"CVE-2020-1419\",\n \"CVE-2020-1420\",\n \"CVE-2020-1421\",\n \"CVE-2020-1427\",\n \"CVE-2020-1428\",\n \"CVE-2020-1429\",\n \"CVE-2020-1430\",\n \"CVE-2020-1432\",\n \"CVE-2020-1433\",\n \"CVE-2020-1434\",\n \"CVE-2020-1435\",\n \"CVE-2020-1436\",\n \"CVE-2020-1437\",\n \"CVE-2020-1438\",\n \"CVE-2020-1462\",\n \"CVE-2020-1463\",\n \"CVE-2020-1468\"\n );\n script_xref(name:\"MSKB\", value:\"4565511\");\n script_xref(name:\"MSFT\", value:\"MS20-4565511\");\n script_xref(name:\"IAVA\", value:\"2020-A-0300-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0302-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0306-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0313-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/03\");\n\n script_name(english:\"KB4565511: Windows 10 Version 1607 and Windows Server 2016 July 2020 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4565511. It is, \ntherefore, affected by multiple vulnerabilities :\n\n - An elevation of privilege vulnerability exists when the\n Windows System Events Broker improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could gain elevated privileges.\n (CVE-2020-1357)\n\n - An elevation of privilege vulnerability exists when the\n Windows kernel fails to properly handle objects in\n memory. An attacker who successfully exploited this\n vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change,\n or delete data; or create new accounts with full user\n rights. (CVE-2020-1411)\n\n - An elevation of privilege vulnerability exists when the\n Windows USO Core Worker improperly handles memory.\n (CVE-2020-1352)\n\n - An elevation of privilege vulnerability exists when the\n Windows Diagnostics Hub Standard Collector Service fails\n to properly sanitize input, leading to an unsecure\n library-loading behavior. An attacker who successfully\n exploited this vulnerability could run arbitrary code\n with elevated system privileges. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2020-1393)\n\n - A remote code execution vulnerability exists in the way\n that DirectWrite handles objects in memory. An attacker\n who successfully exploited this vulnerability could take\n control of the affected system. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights. There are\n multiple ways an attacker could exploit the\n vulnerability, such as by convincing a user to open a\n specially crafted document, or by convincing a user to\n visit an untrusted webpage. The security update\n addresses the vulnerability by correcting how\n DirectWrite handles objects in memory. (CVE-2020-1409)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Credential Picker handles objects\n in memory. An attacker who successfully exploited the\n vulnerability could allow an application with limited\n privileges on an affected system to execute code at a\n medium integrity level. (CVE-2020-1385)\n\n - An elevation of privilege vulnerability exists when the\n Windows Profile Service improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could gain elevated privileges.\n (CVE-2020-1360)\n\n - A remote code execution vulnerability exists in the way\n that the VBScript engine handles objects in memory. The\n vulnerability could corrupt memory in such a way that an\n attacker could execute arbitrary code in the context of\n the current user. An attacker who successfully exploited\n the vulnerability could gain the same user rights as the\n current user. (CVE-2020-1403)\n\n - A remote code execution vulnerability exists in the\n Windows Remote Desktop Client when a user connects to a\n malicious server. An attacker who successfully exploited\n this vulnerability could execute arbitrary code on the\n computer of the connecting client. An attacker could\n then install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2020-1374)\n\n - A remote code execution vulnerability exists when the\n Windows font library improperly handles specially\n crafted fonts. For all systems except Windows 10, an\n attacker who successfully exploited the vulnerability\n could execute code remotely. For systems running Windows\n 10, an attacker who successfully exploited the\n vulnerability could execute code in an AppContainer\n sandbox context with limited privileges and\n capabilities. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. There are multiple ways an\n attacker could exploit the vulnerability:\n (CVE-2020-1436)\n\n - An elevation of privilege vulnerability exists in the\n way that the Credential Enrollment Manager service\n handles objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2020-1368)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Network List Service handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2020-1406)\n\n - An information disclosure vulnerability exists when the\n Windows Graphics component improperly handles objects in\n memory. An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. An authenticated attacker\n could exploit this vulnerability by running a specially\n crafted application. The update addresses the\n vulnerability by correcting how the Windows Graphics\n Component handles objects in memory. (CVE-2020-1351)\n\n - An information disclosure vulnerability exists when the\n Windows GDI component improperly discloses the contents\n of its memory. An attacker who successfully exploited\n the vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document,\n or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by\n correcting how the Windows GDI component handles objects\n in memory. (CVE-2020-1468)\n\n - An elevation of privilege vulnerability exists when the\n Windows Event Logging Service improperly handles memory.\n (CVE-2020-1365, CVE-2020-1371)\n\n - An information disclosure vulnerability exists when the\n Windows kernel fails to properly initialize a memory\n address. An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. (CVE-2020-1389,\n CVE-2020-1419)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Speech Brokered API handles objects\n in memory. An attacker who successfully exploited the\n vulnerability could execute code with elevated\n permissions. (CVE-2020-1395)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows WalletService handles objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute code with elevated\n permissions. (CVE-2020-1344, CVE-2020-1362,\n CVE-2020-1369)\n\n - An elevation of privilege vulnerability exists when the\n Windows ActiveX Installer Service improperly handles\n memory. (CVE-2020-1402)\n\n - This security update corrects a denial of service in the\n Local Security Authority Subsystem Service (LSASS)\n caused when an authenticated attacker sends a specially\n crafted authentication request. A remote attacker who\n successfully exploited this vulnerability could cause a\n denial of service on the target system's LSASS service,\n which triggers an automatic reboot of the system. The\n security update addresses the vulnerability by changing\n the way that LSASS handles specially crafted\n authentication requests. (CVE-2020-1267)\n\n - A remote code execution vulnerability exists when\n Windows Address Book (WAB) improperly processes vcard\n files. (CVE-2020-1410)\n\n - An elevation of privilege vulnerability exists when the\n Windows Modules Installer improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could gain elevated privileges.\n (CVE-2020-1346)\n\n - An elevation of privilege vulnerability exists when the\n Windows UPnP Device Host improperly handles memory.\n (CVE-2020-1354, CVE-2020-1430)\n\n - An elevation of privilege vulnerability exists in the\n way that the SharedStream Library handles objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute code with elevated\n permissions. (CVE-2020-1463)\n\n - An elevation of privilege vulnerability exists when\n Group Policy Services Policy Processing improperly\n handle reparse points. An attacker who successfully\n exploited this vulnerability could overwrite a targeted\n file that would normally require elevated permissions.\n (CVE-2020-1333)\n\n - An information disclosure vulnerability exists when\n Skype for Business is accessed via Microsoft Edge\n (EdgeHTML-based). An attacker who exploited the\n vulnerability could cause the user to place a call\n without additional consent, leading to information\n disclosure of the user profile. For the vulnerability to\n be exploited, a user must click a specially crafted URL\n that prompts the Skype app. (CVE-2020-1462)\n\n - A remote code execution vulnerability exists when the\n Windows font library improperly handles specially\n crafted embedded fonts. An attacker who successfully\n exploited the vulnerability could take control of the\n affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. (CVE-2020-1408)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Kernel handles objects in memory.\n An attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2020-1336)\n\n - An elevation of privilege vulnerability exists when\n Windows improperly handles calls to Advanced Local\n Procedure Call (ALPC). An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n the security context of the local system. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n (CVE-2020-1396)\n\n - A denial of service vulnerability exists in the way that\n the WalletService handles files. An attacker who\n successfully exploited the vulnerability could corrupt\n system files. (CVE-2020-1364)\n\n - An information disclosure vulnerability exists when\n Skype for Business is accessed via Internet Explorer. An\n attacker who exploited the vulnerability could cause the\n user to place a call without additional consent, leading\n to information disclosure of the user profile. For the\n vulnerability to be exploited, a user must click a\n specially crafted URL that prompts the Skype app.\n (CVE-2020-1432)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Network Location Awareness Service\n handles objects in memory. An attacker who successfully\n exploited the vulnerability could allow an application\n with limited privileges on an affected system to execute\n code at a medium integrity level. (CVE-2020-1437)\n\n - A remote code execution vulnerability exists in .NET\n Framework, Microsoft SharePoint, and Visual Studio when\n the software fails to check the source markup of XML\n file input. An attacker who successfully exploited the\n vulnerability could run arbitrary code in the context of\n the process responsible for deserialization of the XML\n content. (CVE-2020-1147)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Network Connections Service handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2020-1373, CVE-2020-1390,\n CVE-2020-1427, CVE-2020-1428, CVE-2020-1438)\n\n - An elevation of privilege vulnerability exists when the\n Windows Cryptography Next Generation (CNG) Key Isolation\n service improperly handles memory. An attacker who\n successfully exploited this vulnerability could run\n processes in an elevated context. (CVE-2020-1359,\n CVE-2020-1384)\n\n - An information disclosure vulnerability exists when the\n Windows Resource Policy component improperly handles\n memory. (CVE-2020-1358)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Function Discovery Service handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2020-1085)\n\n - An information disclosure vulnerability exists when\n Windows Error Reporting improperly handles file\n operations. (CVE-2020-1420)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft Graphics Components handle objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute arbitrary code on a target\n system. (CVE-2020-1412)\n\n - An elevation of privilege vulnerability exists when the\n Windows Runtime improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could run arbitrary code in an elevated context. An\n attacker could exploit this vulnerability by running a\n specially crafted application on the victim system. The\n update addresses the vulnerability by correcting the way\n the Windows Runtime handles objects in memory.\n (CVE-2020-1249, CVE-2020-1353, CVE-2020-1370,\n CVE-2020-1399, CVE-2020-1404, CVE-2020-1413)\n\n - An information disclosure vulnerability exists when\n Microsoft Edge PDF Reader improperly handles objects in\n memory. An attacker who successfully exploited the\n vulnerability could obtain information to further\n compromise the users system. (CVE-2020-1433)\n\n - A remote code execution vulnerability exists when the\n Windows Jet Database Engine improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on a victim\n system. An attacker could exploit this vulnerability by\n enticing a victim to open a specially crafted file. The\n update addresses the vulnerability by correcting the way\n the Windows Jet Database Engine handles objects in\n memory. (CVE-2020-1400, CVE-2020-1401, CVE-2020-1407)\n\n - An elevation of privilege vulnerability exists when\n Windows Error Reporting manager improperly handles a\n process crash. An attacker who successfully exploited\n this vulnerability could delete a targeted file leading\n to an elevated status. (CVE-2020-1429)\n\n - An elevation of privilege vulnerability exists in the\n way that the psmsrv.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2020-1388)\n\n - An elevation of privilege vulnerability exists when the\n Windows iSCSI Target Service improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could gain elevated privileges.\n (CVE-2020-1356)\n\n - A remote code execution vulnerability exists in\n Microsoft Windows that could allow remote code execution\n if a .LNK file is processed. An attacker who\n successfully exploited this vulnerability could gain the\n same user rights as the local user. (CVE-2020-1421)\n\n - An information disclosure vulnerability exists in\n Windows when the Windows Imaging Component fails to\n properly handle objects in memory. An attacker who\n successfully exploited this vulnerability could obtain\n information to further compromise the user's system.\n There are multiple ways an attacker could exploit this\n vulnerability: (CVE-2020-1397)\n\n - A remote code execution vulnerability exists in the way\n that the Windows Graphics Device Interface (GDI) handles\n objects in the memory. An attacker who successfully\n exploited this vulnerability could take control of the\n affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. (CVE-2020-1435)\n\n - An information disclosure vulnerability exists in the\n way that the WalletService handles memory.\n (CVE-2020-1361)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Sync Host Service handles objects\n in memory. An attacker who successfully exploited the\n vulnerability could allow an application with limited\n privileges on an affected system to execute code at a\n medium integrity level. (CVE-2020-1434)\n\n - An elevation of privilege vulnerability exists when\n Windows Lockscreen fails to properly handle Ease of\n Access dialog. An attacker who successfully exploited\n the vulnerability could execute commands with elevated\n permissions. The security update addresses the\n vulnerability by ensuring that the Ease of Access dialog\n is handled properly. (CVE-2020-1398)\");\n # https://support.microsoft.com/en-us/help/4565511/windows-10-update-kb4565511\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?777905a0\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update KB4565511.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-1435\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-1436\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'SharePoint DataSet / DataTable Deserialization');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/07/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/07/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('smb_func.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_reg_query.inc');\ninclude('install_func.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = 'MS20-07';\nkbs = make_list(\n '4565511'\n);\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:'10',\n sp:0,\n os_build:'14393',\n rollup_date:'07_2020',\n bulletin:bulletin,\n rollup_kb_list:[4565511])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n\n\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-19T15:25:06", "description": "The remote Windows host is missing security update 4565508. It is, therefore, affected by multiple vulnerabilities :\n\n - An elevation of privilege vulnerability exists when the Windows System Events Broker improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges.\n (CVE-2020-1357)\n\n - An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1411)\n\n - An elevation of privilege vulnerability exists when the Windows Diagnostics Execution Service fails to properly sanitize input, leading to an unsecure library-loading behavior. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1418)\n\n - An elevation of privilege vulnerability exists when the Windows USO Core Worker improperly handles memory.\n (CVE-2020-1352)\n\n - An elevation of privilege vulnerability exists when Windows improperly handles COM object creation. An attacker who successfully exploited the vulnerability could run arbitrary code with elevated privileges.\n (CVE-2020-1375)\n\n - A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage. The security update addresses the vulnerability by correcting how DirectWrite handles objects in memory. (CVE-2020-1409)\n\n - An elevation of privilege vulnerability exists when the Windows Profile Service improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges.\n (CVE-2020-1360)\n\n - An elevation of privilege vulnerability exists when Windows Mobile Device Management (MDM) Diagnostics improperly handles objects in memory. An attacker who successfully exploited this vulnerability could bypass access restrictions to delete files. (CVE-2020-1372)\n\n - An elevation of privilege vulnerability exists when the Windows Picker Platform improperly handles memory.\n (CVE-2020-1363)\n\n - An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC). An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2020-1396)\n\n - A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2020-1403)\n\n - A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server. An attacker who successfully exploited this vulnerability could execute arbitrary code on the computer of the connecting client. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2020-1374)\n\n - A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted fonts. For all systems except Windows 10, an attacker who successfully exploited the vulnerability could execute code remotely. For systems running Windows 10, an attacker who successfully exploited the vulnerability could execute code in an AppContainer sandbox context with limited privileges and capabilities. An attacker could then install programs;\n view, change, or delete data; or create new accounts with full user rights. There are multiple ways an attacker could exploit the vulnerability:\n (CVE-2020-1436)\n\n - An elevation of privilege vulnerability exists in the way that the Credential Enrollment Manager service handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1368)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Network List Service handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1406)\n\n - An information disclosure vulnerability exists when the Windows Graphics component improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. An authenticated attacker could exploit this vulnerability by running a specially crafted application. The update addresses the vulnerability by correcting how the Windows Graphics Component handles objects in memory. (CVE-2020-1351)\n\n - An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory. (CVE-2020-1468)\n\n - An elevation of privilege vulnerability exists when the Windows Event Logging Service improperly handles memory.\n (CVE-2020-1365, CVE-2020-1371)\n\n - An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2020-1389, CVE-2020-1419)\n\n - An elevation of privilege vulnerability exists when the Windows Print Workflow Service improperly handles objects in memory. An attacker who successfully exploited this vulnerability could gain elevated privileges and break out of the AppContainer sandbox.\n (CVE-2020-1366)\n\n - An elevation of privilege vulnerability exists in the way that the Windows WalletService handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1344, CVE-2020-1362, CVE-2020-1369)\n\n - An elevation of privilege vulnerability exists when the Windows ActiveX Installer Service improperly handles memory. (CVE-2020-1402)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Geolocation Framework handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1394)\n\n - An information vulnerability exists when Windows Connected User Experiences and Telemetry Service improperly discloses file information. Successful exploitation of the vulnerability could allow the attacker to read any file on the file system.\n (CVE-2020-1386)\n\n - This security update corrects a denial of service in the Local Security Authority Subsystem Service (LSASS) caused when an authenticated attacker sends a specially crafted authentication request. A remote attacker who successfully exploited this vulnerability could cause a denial of service on the target system's LSASS service, which triggers an automatic reboot of the system. The security update addresses the vulnerability by changing the way that LSASS handles specially crafted authentication requests. (CVE-2020-1267)\n\n - An elevation of privilege vulnerability exists when the Windows Delivery Optimization service improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2020-1392)\n\n - A remote code execution vulnerability exists when Windows Address Book (WAB) improperly processes vcard files. (CVE-2020-1410)\n\n - An elevation of privilege vulnerability exists when the Windows Modules Installer improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges.\n (CVE-2020-1346)\n\n - An elevation of privilege vulnerability exists when the Windows UPnP Device Host improperly handles memory.\n (CVE-2020-1354, CVE-2020-1430)\n\n - An elevation of privilege vulnerability exists in the way that the SharedStream Library handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1463)\n\n - An elevation of privilege vulnerability exists when Group Policy Services Policy Processing improperly handle reparse points. An attacker who successfully exploited this vulnerability could overwrite a targeted file that would normally require elevated permissions.\n (CVE-2020-1333)\n\n - An elevation of privilege vulnerability exists in the way the Windows Push Notification Service handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could then install programs; view, change or delete data. (CVE-2020-1387)\n\n - A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited the vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1408)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory.\n An attacker who successfully exploited the vulnerability could execute code with elevated permissions.\n (CVE-2020-1336)\n\n - An elevation of privilege vulnerability exists when the Windows Storage Services improperly handle file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges.\n (CVE-2020-1347)\n\n - A denial of service vulnerability exists in the way that the WalletService handles files. An attacker who successfully exploited the vulnerability could corrupt system files. (CVE-2020-1364)\n\n - An information disclosure vulnerability exists when Skype for Business is accessed via Internet Explorer. An attacker who exploited the vulnerability could cause the user to place a call without additional consent, leading to information disclosure of the user profile. For the vulnerability to be exploited, a user must click a specially crafted URL that prompts the Skype app.\n (CVE-2020-1432)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Network Location Awareness Service handles objects in memory. An attacker who successfully exploited the vulnerability could allow an application with limited privileges on an affected system to execute code at a medium integrity level. (CVE-2020-1437)\n\n - An elevation of privilege vulnerability exists when the Windows Diagnostics Hub Standard Collector Service fails to properly sanitize input, leading to an unsecure library-loading behavior. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2020-1393)\n\n - A remote code execution vulnerability exists in .NET Framework, Microsoft SharePoint, and Visual Studio when the software fails to check the source markup of XML file input. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the process responsible for deserialization of the XML content. (CVE-2020-1147)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Network Connections Service handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1373, CVE-2020-1390, CVE-2020-1427, CVE-2020-1428, CVE-2020-1438)\n\n - An elevation of privilege vulnerability exists when the Windows Cryptography Next Generation (CNG) Key Isolation service improperly handles memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. (CVE-2020-1359, CVE-2020-1384)\n\n - An information disclosure vulnerability exists when the Windows Resource Policy component improperly handles memory. (CVE-2020-1358)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Speech Brokered API handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1395)\n\n - An information disclosure vulnerability exists when Windows Error Reporting improperly handles file operations. (CVE-2020-1420)\n\n - A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code on a target system. (CVE-2020-1412)\n\n - An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The update addresses the vulnerability by correcting the way the Windows Runtime handles objects in memory.\n (CVE-2020-1249, CVE-2020-1353, CVE-2020-1370, CVE-2020-1399, CVE-2020-1404, CVE-2020-1413)\n\n - An information disclosure vulnerability exists when Microsoft Edge PDF Reader improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2020-1433)\n\n - A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory. (CVE-2020-1400, CVE-2020-1401, CVE-2020-1407)\n\n - An elevation of privilege vulnerability exists when Windows Error Reporting manager improperly handles a process crash. An attacker who successfully exploited this vulnerability could delete a targeted file leading to an elevated status. (CVE-2020-1429)\n\n - An elevation of privilege vulnerability exists in the way that the psmsrv.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.\n (CVE-2020-1388)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Credential Picker handles objects in memory. An attacker who successfully exploited the vulnerability could allow an application with limited privileges on an affected system to execute code at a medium integrity level. (CVE-2020-1385)\n\n - A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. (CVE-2020-1421)\n\n - An information disclosure vulnerability exists in Windows when the Windows Imaging Component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user's system.\n There are multiple ways an attacker could exploit this vulnerability: (CVE-2020-1397)\n\n - A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1435)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Function Discovery Service handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1085)\n\n - An information disclosure vulnerability exists in the way that the WalletService handles memory.\n (CVE-2020-1361)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Sync Host Service handles objects in memory. An attacker who successfully exploited the vulnerability could allow an application with limited privileges on an affected system to execute code at a medium integrity level. (CVE-2020-1434)\n\n - An information disclosure vulnerability exists when Skype for Business is accessed via Microsoft Edge (EdgeHTML-based). An attacker who exploited the vulnerability could cause the user to place a call without additional consent, leading to information disclosure of the user profile. For the vulnerability to be exploited, a user must click a specially crafted URL that prompts the Skype app. (CVE-2020-1462)\n\n - An elevation of privilege vulnerability exists when Windows Lockscreen fails to properly handle Ease of Access dialog. An attacker who successfully exploited the vulnerability could execute commands with elevated permissions. The security update addresses the vulnerability by ensuring that the Ease of Access dialog is handled properly. (CVE-2020-1398)", "cvss3": {}, "published": "2020-07-14T00:00:00", "type": "nessus", "title": "KB4565508: Windows 10 Version 1709 July 2020 Security Update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-1085", "CVE-2020-1147", "CVE-2020-1249", "CVE-2020-1267", "CVE-2020-1333", "CVE-2020-1336", "CVE-2020-1344", "CVE-2020-1346", "CVE-2020-1347", "CVE-2020-1351", "CVE-2020-1352", "CVE-2020-1353", "CVE-2020-1354", "CVE-2020-1357", "CVE-2020-1358", "CVE-2020-1359", "CVE-2020-1360", "CVE-2020-1361", "CVE-2020-1362", "CVE-2020-1363", "CVE-2020-1364", "CVE-2020-1365", "CVE-2020-1366", "CVE-2020-1368", "CVE-2020-1369", "CVE-2020-1370", "CVE-2020-1371", "CVE-2020-1372", "CVE-2020-1373", "CVE-2020-1374", "CVE-2020-1375", "CVE-2020-1384", "CVE-2020-1385", "CVE-2020-1386", "CVE-2020-1387", "CVE-2020-1388", "CVE-2020-1389", "CVE-2020-1390", "CVE-2020-1392", "CVE-2020-1393", "CVE-2020-1394", "CVE-2020-1395", "CVE-2020-1396", "CVE-2020-1397", "CVE-2020-1398", "CVE-2020-1399", "CVE-2020-1400", "CVE-2020-1401", "CVE-2020-1402", "CVE-2020-1403", "CVE-2020-1404", "CVE-2020-1406", "CVE-2020-1407", "CVE-2020-1408", "CVE-2020-1409", "CVE-2020-1410", "CVE-2020-1411", "CVE-2020-1412", "CVE-2020-1413", "CVE-2020-1418", "CVE-2020-1419", "CVE-2020-1420", "CVE-2020-1421", "CVE-2020-1427", "CVE-2020-1428", "CVE-2020-1429", "CVE-2020-1430", "CVE-2020-1432", "CVE-2020-1433", "CVE-2020-1434", "CVE-2020-1435", "CVE-2020-1436", "CVE-2020-1437", "CVE-2020-1438", "CVE-2020-1462", "CVE-2020-1463", "CVE-2020-1468"], "modified": "2023-01-24T00:00:00", "cpe": ["cpe:/o:microsoft:windows", "cpe:/a:microsoft:edge"], "id": "SMB_NT_MS20_JUL_4565508.NASL", "href": "https://www.tenable.com/plugins/nessus/138457", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(138457);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/24\");\n\n script_cve_id(\n \"CVE-2020-1085\",\n \"CVE-2020-1147\",\n \"CVE-2020-1249\",\n \"CVE-2020-1267\",\n \"CVE-2020-1333\",\n \"CVE-2020-1336\",\n \"CVE-2020-1344\",\n \"CVE-2020-1346\",\n \"CVE-2020-1347\",\n \"CVE-2020-1351\",\n \"CVE-2020-1352\",\n \"CVE-2020-1353\",\n \"CVE-2020-1354\",\n \"CVE-2020-1357\",\n \"CVE-2020-1358\",\n \"CVE-2020-1359\",\n \"CVE-2020-1360\",\n \"CVE-2020-1361\",\n \"CVE-2020-1362\",\n \"CVE-2020-1363\",\n \"CVE-2020-1364\",\n \"CVE-2020-1365\",\n \"CVE-2020-1366\",\n \"CVE-2020-1368\",\n \"CVE-2020-1369\",\n \"CVE-2020-1370\",\n \"CVE-2020-1371\",\n \"CVE-2020-1372\",\n \"CVE-2020-1373\",\n \"CVE-2020-1374\",\n \"CVE-2020-1375\",\n \"CVE-2020-1384\",\n \"CVE-2020-1385\",\n \"CVE-2020-1386\",\n \"CVE-2020-1387\",\n \"CVE-2020-1388\",\n \"CVE-2020-1389\",\n \"CVE-2020-1390\",\n \"CVE-2020-1392\",\n \"CVE-2020-1393\",\n \"CVE-2020-1394\",\n \"CVE-2020-1395\",\n \"CVE-2020-1396\",\n \"CVE-2020-1397\",\n \"CVE-2020-1398\",\n \"CVE-2020-1399\",\n \"CVE-2020-1400\",\n \"CVE-2020-1401\",\n \"CVE-2020-1402\",\n \"CVE-2020-1403\",\n \"CVE-2020-1404\",\n \"CVE-2020-1406\",\n \"CVE-2020-1407\",\n \"CVE-2020-1408\",\n \"CVE-2020-1409\",\n \"CVE-2020-1410\",\n \"CVE-2020-1411\",\n \"CVE-2020-1412\",\n \"CVE-2020-1413\",\n \"CVE-2020-1418\",\n \"CVE-2020-1419\",\n \"CVE-2020-1420\",\n \"CVE-2020-1421\",\n \"CVE-2020-1427\",\n \"CVE-2020-1428\",\n \"CVE-2020-1429\",\n \"CVE-2020-1430\",\n \"CVE-2020-1432\",\n \"CVE-2020-1433\",\n \"CVE-2020-1434\",\n \"CVE-2020-1435\",\n \"CVE-2020-1436\",\n \"CVE-2020-1437\",\n \"CVE-2020-1438\",\n \"CVE-2020-1462\",\n \"CVE-2020-1463\",\n \"CVE-2020-1468\"\n );\n script_xref(name:\"MSKB\", value:\"4565508\");\n script_xref(name:\"MSFT\", value:\"MS20-4565508\");\n script_xref(name:\"IAVA\", value:\"2020-A-0300-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0302-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0313-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/03\");\n\n script_name(english:\"KB4565508: Windows 10 Version 1709 July 2020 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4565508. It is, \ntherefore, affected by multiple vulnerabilities :\n\n - An elevation of privilege vulnerability exists when the\n Windows System Events Broker improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could gain elevated privileges.\n (CVE-2020-1357)\n\n - An elevation of privilege vulnerability exists when the\n Windows kernel fails to properly handle objects in\n memory. An attacker who successfully exploited this\n vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change,\n or delete data; or create new accounts with full user\n rights. (CVE-2020-1411)\n\n - An elevation of privilege vulnerability exists when the\n Windows Diagnostics Execution Service fails to properly\n sanitize input, leading to an unsecure library-loading\n behavior. An attacker who successfully exploited this\n vulnerability could run arbitrary code with elevated\n system privileges. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. (CVE-2020-1418)\n\n - An elevation of privilege vulnerability exists when the\n Windows USO Core Worker improperly handles memory.\n (CVE-2020-1352)\n\n - An elevation of privilege vulnerability exists when\n Windows improperly handles COM object creation. An\n attacker who successfully exploited the vulnerability\n could run arbitrary code with elevated privileges.\n (CVE-2020-1375)\n\n - A remote code execution vulnerability exists in the way\n that DirectWrite handles objects in memory. An attacker\n who successfully exploited this vulnerability could take\n control of the affected system. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights. There are\n multiple ways an attacker could exploit the\n vulnerability, such as by convincing a user to open a\n specially crafted document, or by convincing a user to\n visit an untrusted webpage. The security update\n addresses the vulnerability by correcting how\n DirectWrite handles objects in memory. (CVE-2020-1409)\n\n - An elevation of privilege vulnerability exists when the\n Windows Profile Service improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could gain elevated privileges.\n (CVE-2020-1360)\n\n - An elevation of privilege vulnerability exists when\n Windows Mobile Device Management (MDM) Diagnostics\n improperly handles objects in memory. An attacker who\n successfully exploited this vulnerability could bypass\n access restrictions to delete files. (CVE-2020-1372)\n\n - An elevation of privilege vulnerability exists when the\n Windows Picker Platform improperly handles memory.\n (CVE-2020-1363)\n\n - An elevation of privilege vulnerability exists when\n Windows improperly handles calls to Advanced Local\n Procedure Call (ALPC). An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n the security context of the local system. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n (CVE-2020-1396)\n\n - A remote code execution vulnerability exists in the way\n that the VBScript engine handles objects in memory. The\n vulnerability could corrupt memory in such a way that an\n attacker could execute arbitrary code in the context of\n the current user. An attacker who successfully exploited\n the vulnerability could gain the same user rights as the\n current user. (CVE-2020-1403)\n\n - A remote code execution vulnerability exists in the\n Windows Remote Desktop Client when a user connects to a\n malicious server. An attacker who successfully exploited\n this vulnerability could execute arbitrary code on the\n computer of the connecting client. An attacker could\n then install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2020-1374)\n\n - A remote code execution vulnerability exists when the\n Windows font library improperly handles specially\n crafted fonts. For all systems except Windows 10, an\n attacker who successfully exploited the vulnerability\n could execute code remotely. For systems running Windows\n 10, an attacker who successfully exploited the\n vulnerability could execute code in an AppContainer\n sandbox context with limited privileges and\n capabilities. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. There are multiple ways an\n attacker could exploit the vulnerability:\n (CVE-2020-1436)\n\n - An elevation of privilege vulnerability exists in the\n way that the Credential Enrollment Manager service\n handles objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2020-1368)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Network List Service handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2020-1406)\n\n - An information disclosure vulnerability exists when the\n Windows Graphics component improperly handles objects in\n memory. An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. An authenticated attacker\n could exploit this vulnerability by running a specially\n crafted application. The update addresses the\n vulnerability by correcting how the Windows Graphics\n Component handles objects in memory. (CVE-2020-1351)\n\n - An information disclosure vulnerability exists when the\n Windows GDI component improperly discloses the contents\n of its memory. An attacker who successfully exploited\n the vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document,\n or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by\n correcting how the Windows GDI component handles objects\n in memory. (CVE-2020-1468)\n\n - An elevation of privilege vulnerability exists when the\n Windows Event Logging Service improperly handles memory.\n (CVE-2020-1365, CVE-2020-1371)\n\n - An information disclosure vulnerability exists when the\n Windows kernel fails to properly initialize a memory\n address. An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. (CVE-2020-1389,\n CVE-2020-1419)\n\n - An elevation of privilege vulnerability exists when the\n Windows Print Workflow Service improperly handles\n objects in memory. An attacker who successfully\n exploited this vulnerability could gain elevated\n privileges and break out of the AppContainer sandbox.\n (CVE-2020-1366)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows WalletService handles objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute code with elevated\n permissions. (CVE-2020-1344, CVE-2020-1362,\n CVE-2020-1369)\n\n - An elevation of privilege vulnerability exists when the\n Windows ActiveX Installer Service improperly handles\n memory. (CVE-2020-1402)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Geolocation Framework handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2020-1394)\n\n - An information vulnerability exists when Windows\n Connected User Experiences and Telemetry Service\n improperly discloses file information. Successful\n exploitation of the vulnerability could allow the\n attacker to read any file on the file system.\n (CVE-2020-1386)\n\n - This security update corrects a denial of service in the\n Local Security Authority Subsystem Service (LSASS)\n caused when an authenticated attacker sends a specially\n crafted authentication request. A remote attacker who\n successfully exploited this vulnerability could cause a\n denial of service on the target system's LSASS service,\n which triggers an automatic reboot of the system. The\n security update addresses the vulnerability by changing\n the way that LSASS handles specially crafted\n authentication requests. (CVE-2020-1267)\n\n - An elevation of privilege vulnerability exists when the\n Windows Delivery Optimization service improperly handles\n objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code\n with elevated system privileges. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2020-1392)\n\n - A remote code execution vulnerability exists when\n Windows Address Book (WAB) improperly processes vcard\n files. (CVE-2020-1410)\n\n - An elevation of privilege vulnerability exists when the\n Windows Modules Installer improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could gain elevated privileges.\n (CVE-2020-1346)\n\n - An elevation of privilege vulnerability exists when the\n Windows UPnP Device Host improperly handles memory.\n (CVE-2020-1354, CVE-2020-1430)\n\n - An elevation of privilege vulnerability exists in the\n way that the SharedStream Library handles objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute code with elevated\n permissions. (CVE-2020-1463)\n\n - An elevation of privilege vulnerability exists when\n Group Policy Services Policy Processing improperly\n handle reparse points. An attacker who successfully\n exploited this vulnerability could overwrite a targeted\n file that would normally require elevated permissions.\n (CVE-2020-1333)\n\n - An elevation of privilege vulnerability exists in the\n way the Windows Push Notification Service handles\n objects in memory. An attacker who successfully\n exploited this vulnerability could run processes in an\n elevated context. An attacker could then install\n programs; view, change or delete data. (CVE-2020-1387)\n\n - A remote code execution vulnerability exists when the\n Windows font library improperly handles specially\n crafted embedded fonts. An attacker who successfully\n exploited the vulnerability could take control of the\n affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. (CVE-2020-1408)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Kernel handles objects in memory.\n An attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2020-1336)\n\n - An elevation of privilege vulnerability exists when the\n Windows Storage Services improperly handle file\n operations. An attacker who successfully exploited this\n vulnerability could gain elevated privileges.\n (CVE-2020-1347)\n\n - A denial of service vulnerability exists in the way that\n the WalletService handles files. An attacker who\n successfully exploited the vulnerability could corrupt\n system files. (CVE-2020-1364)\n\n - An information disclosure vulnerability exists when\n Skype for Business is accessed via Internet Explorer. An\n attacker who exploited the vulnerability could cause the\n user to place a call without additional consent, leading\n to information disclosure of the user profile. For the\n vulnerability to be exploited, a user must click a\n specially crafted URL that prompts the Skype app.\n (CVE-2020-1432)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Network Location Awareness Service\n handles objects in memory. An attacker who successfully\n exploited the vulnerability could allow an application\n with limited privileges on an affected system to execute\n code at a medium integrity level. (CVE-2020-1437)\n\n - An elevation of privilege vulnerability exists when the\n Windows Diagnostics Hub Standard Collector Service fails\n to properly sanitize input, leading to an unsecure\n library-loading behavior. An attacker who successfully\n exploited this vulnerability could run arbitrary code\n with elevated system privileges. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2020-1393)\n\n - A remote code execution vulnerability exists in .NET\n Framework, Microsoft SharePoint, and Visual Studio when\n the software fails to check the source markup of XML\n file input. An attacker who successfully exploited the\n vulnerability could run arbitrary code in the context of\n the process responsible for deserialization of the XML\n content. (CVE-2020-1147)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Network Connections Service handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2020-1373, CVE-2020-1390,\n CVE-2020-1427, CVE-2020-1428, CVE-2020-1438)\n\n - An elevation of privilege vulnerability exists when the\n Windows Cryptography Next Generation (CNG) Key Isolation\n service improperly handles memory. An attacker who\n successfully exploited this vulnerability could run\n processes in an elevated context. (CVE-2020-1359,\n CVE-2020-1384)\n\n - An information disclosure vulnerability exists when the\n Windows Resource Policy component improperly handles\n memory. (CVE-2020-1358)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Speech Brokered API handles objects\n in memory. An attacker who successfully exploited the\n vulnerability could execute code with elevated\n permissions. (CVE-2020-1395)\n\n - An information disclosure vulnerability exists when\n Windows Error Reporting improperly handles file\n operations. (CVE-2020-1420)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft Graphics Components handle objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute arbitrary code on a target\n system. (CVE-2020-1412)\n\n - An elevation of privilege vulnerability exists when the\n Windows Runtime improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could run arbitrary code in an elevated context. An\n attacker could exploit this vulnerability by running a\n specially crafted application on the victim system. The\n update addresses the vulnerability by correcting the way\n the Windows Runtime handles objects in memory.\n (CVE-2020-1249, CVE-2020-1353, CVE-2020-1370,\n CVE-2020-1399, CVE-2020-1404, CVE-2020-1413)\n\n - An information disclosure vulnerability exists when\n Microsoft Edge PDF Reader improperly handles objects in\n memory. An attacker who successfully exploited the\n vulnerability could obtain information to further\n compromise the users system. (CVE-2020-1433)\n\n - A remote code execution vulnerability exists when the\n Windows Jet Database Engine improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on a victim\n system. An attacker could exploit this vulnerability by\n enticing a victim to open a specially crafted file. The\n update addresses the vulnerability by correcting the way\n the Windows Jet Database Engine handles objects in\n memory. (CVE-2020-1400, CVE-2020-1401, CVE-2020-1407)\n\n - An elevation of privilege vulnerability exists when\n Windows Error Reporting manager improperly handles a\n process crash. An attacker who successfully exploited\n this vulnerability could delete a targeted file leading\n to an elevated status. (CVE-2020-1429)\n\n - An elevation of privilege vulnerability exists in the\n way that the psmsrv.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2020-1388)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Credential Picker handles objects\n in memory. An attacker who successfully exploited the\n vulnerability could allow an application with limited\n privileges on an affected system to execute code at a\n medium integrity level. (CVE-2020-1385)\n\n - A remote code execution vulnerability exists in\n Microsoft Windows that could allow remote code execution\n if a .LNK file is processed. An attacker who\n successfully exploited this vulnerability could gain the\n same user rights as the local user. (CVE-2020-1421)\n\n - An information disclosure vulnerability exists in\n Windows when the Windows Imaging Component fails to\n properly handle objects in memory. An attacker who\n successfully exploited this vulnerability could obtain\n information to further compromise the user's system.\n There are multiple ways an attacker could exploit this\n vulnerability: (CVE-2020-1397)\n\n - A remote code execution vulnerability exists in the way\n that the Windows Graphics Device Interface (GDI) handles\n objects in the memory. An attacker who successfully\n exploited this vulnerability could take control of the\n affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. (CVE-2020-1435)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Function Discovery Service handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2020-1085)\n\n - An information disclosure vulnerability exists in the\n way that the WalletService handles memory.\n (CVE-2020-1361)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Sync Host Service handles objects\n in memory. An attacker who successfully exploited the\n vulnerability could allow an application with limited\n privileges on an affected system to execute code at a\n medium integrity level. (CVE-2020-1434)\n\n - An information disclosure vulnerability exists when\n Skype for Business is accessed via Microsoft Edge\n (EdgeHTML-based). An attacker who exploited the\n vulnerability could cause the user to place a call\n without additional consent, leading to information\n disclosure of the user profile. For the vulnerability to\n be exploited, a user must click a specially crafted URL\n that prompts the Skype app. (CVE-2020-1462)\n\n - An elevation of privilege vulnerability exists when\n Windows Lockscreen fails to properly handle Ease of\n Access dialog. An attacker who successfully exploited\n the vulnerability could execute commands with elevated\n permissions. The security update addresses the\n vulnerability by ensuring that the Ease of Access dialog\n is handled properly. (CVE-2020-1398)\");\n # https://support.microsoft.com/en-us/help/4565508/windows-10-update-kb4565508\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?b2aadf5b\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update KB4565508.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-1435\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-1436\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'SharePoint DataSet / DataTable Deserialization');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/07/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/07/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('smb_func.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_reg_query.inc');\ninclude('install_func.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = 'MS20-07';\nkbs = make_list(\n '4565508'\n);\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:'10',\n sp:0,\n os_build:'16299',\n rollup_date:'07_2020',\n bulletin:bulletin,\n rollup_kb_list:[4565508])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n\n\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-21T16:03:44", "description": "The remote Windows host is missing security update 4558998. It is, therefore, affected by multiple vulnerabilities :\n\n - An elevation of privilege vulnerability exists when the Windows System Events Broker improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges.\n (CVE-2020-1357)\n\n - An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1411)\n\n - An elevation of privilege vulnerability exists when the Windows Diagnostics Execution Service fails to properly sanitize input, leading to an unsecure library-loading behavior. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1418)\n\n - An elevation of privilege vulnerability exists when the Windows USO Core Worker improperly handles memory.\n (CVE-2020-1352)\n\n - An elevation of privilege vulnerability exists when the Windows Modules Installer improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges.\n (CVE-2020-1346)\n\n - An elevation of privilege vulnerability exists when the Windows Diagnostics Hub Standard Collector Service fails to properly sanitize input, leading to an unsecure library-loading behavior. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2020-1393)\n\n - A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage. The security update addresses the vulnerability by correcting how DirectWrite handles objects in memory. (CVE-2020-1409)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Credential Picker handles objects in memory. An attacker who successfully exploited the vulnerability could allow an application with limited privileges on an affected system to execute code at a medium integrity level. (CVE-2020-1385)\n\n - An elevation of privilege vulnerability exists when the Windows Profile Service improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges.\n (CVE-2020-1360)\n\n - An elevation of privilege vulnerability exists when Windows Mobile Device Management (MDM) Diagnostics improperly handles objects in memory. An attacker who successfully exploited this vulnerability could bypass access restrictions to delete files. (CVE-2020-1372)\n\n - An elevation of privilege vulnerability exists when the Windows Picker Platform improperly handles memory.\n (CVE-2020-1363)\n\n - An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC). An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2020-1396)\n\n - An information disclosure vulnerability exists when Windows Mobile Device Management (MDM) Diagnostics improperly handles junctions. An attacker who successfully exploited this vulnerability could bypass access restrictions to read files. (CVE-2020-1330)\n\n - A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server. An attacker who successfully exploited this vulnerability could execute arbitrary code on the computer of the connecting client. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2020-1374)\n\n - A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted fonts. For all systems except Windows 10, an attacker who successfully exploited the vulnerability could execute code remotely. For systems running Windows 10, an attacker who successfully exploited the vulnerability could execute code in an AppContainer sandbox context with limited privileges and capabilities. An attacker could then install programs;\n view, change, or delete data; or create new accounts with full user rights. There are multiple ways an attacker could exploit the vulnerability:\n (CVE-2020-1436)\n\n - An elevation of privilege vulnerability exists in the way that the Credential Enrollment Manager service handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1368)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Network List Service handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1406)\n\n - An information disclosure vulnerability exists when the Windows Graphics component improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. An authenticated attacker could exploit this vulnerability by running a specially crafted application. The update addresses the vulnerability by correcting how the Windows Graphics Component handles objects in memory. (CVE-2020-1351)\n\n - An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory. (CVE-2020-1468)\n\n - An elevation of privilege vulnerability exists when the Windows Event Logging Service improperly handles memory.\n (CVE-2020-1365, CVE-2020-1371)\n\n - An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2020-1389, CVE-2020-1419)\n\n - An elevation of privilege vulnerability exists when the Windows Print Workflow Service improperly handles objects in memory. An attacker who successfully exploited this vulnerability could gain elevated privileges and break out of the AppContainer sandbox.\n (CVE-2020-1366)\n\n - An elevation of privilege vulnerability exists in the way that the Windows WalletService handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1344, CVE-2020-1362, CVE-2020-1369)\n\n - An elevation of privilege vulnerability exists when the Windows ActiveX Installer Service improperly handles memory. (CVE-2020-1402)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Geolocation Framework handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1394)\n\n - An information vulnerability exists when Windows Connected User Experiences and Telemetry Service improperly discloses file information. Successful exploitation of the vulnerability could allow the attacker to read any file on the file system.\n (CVE-2020-1386)\n\n - This security update corrects a denial of service in the Local Security Authority Subsystem Service (LSASS) caused when an authenticated attacker sends a specially crafted authentication request. A remote attacker who successfully exploited this vulnerability could cause a denial of service on the target system's LSASS service, which triggers an automatic reboot of the system. The security update addresses the vulnerability by changing the way that LSASS handles specially crafted authentication requests. (CVE-2020-1267)\n\n - An elevation of privilege vulnerability exists when the Windows Delivery Optimization service improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2020-1392)\n\n - A remote code execution vulnerability exists when Windows Address Book (WAB) improperly processes vcard files. (CVE-2020-1410)\n\n - An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The update addresses the vulnerability by correcting the way the Windows Runtime handles objects in memory.\n (CVE-2020-1249, CVE-2020-1353, CVE-2020-1370, CVE-2020-1399, CVE-2020-1404, CVE-2020-1413, CVE-2020-1414, CVE-2020-1415, CVE-2020-1422)\n\n - A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1435)\n\n - An elevation of privilege vulnerability exists when the Windows UPnP Device Host improperly handles memory.\n (CVE-2020-1354, CVE-2020-1430)\n\n - An elevation of privilege vulnerability exists when the Windows Update Stack fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1424)\n\n - An elevation of privilege vulnerability exists in the way that the SharedStream Library handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1463)\n\n - An elevation of privilege vulnerability exists when Group Policy Services Policy Processing improperly handle reparse points. An attacker who successfully exploited this vulnerability could overwrite a targeted file that would normally require elevated permissions.\n (CVE-2020-1333)\n\n - An elevation of privilege vulnerability exists in the way the Windows Push Notification Service handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could then install programs; view, change or delete data. (CVE-2020-1387)\n\n - A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited the vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1408)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory.\n An attacker who successfully exploited the vulnerability could execute code with elevated permissions.\n (CVE-2020-1336)\n\n - An elevation of privilege vulnerability exists when the Windows Storage Services improperly handle file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges.\n (CVE-2020-1347)\n\n - A denial of service vulnerability exists in the way that the WalletService handles files. An attacker who successfully exploited the vulnerability could corrupt system files. (CVE-2020-1364)\n\n - An information disclosure vulnerability exists when Skype for Business is accessed via Internet Explorer. An attacker who exploited the vulnerability could cause the user to place a call without additional consent, leading to information disclosure of the user profile. For the vulnerability to be exploited, a user must click a specially crafted URL that prompts the Skype app.\n (CVE-2020-1432)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Network Location Awareness Service handles objects in memory. An attacker who successfully exploited the vulnerability could allow an application with limited privileges on an affected system to execute code at a medium integrity level. (CVE-2020-1437)\n\n - An elevation of privilege vulnerability exists when Windows improperly handles COM object creation. An attacker who successfully exploited the vulnerability could run arbitrary code with elevated privileges.\n (CVE-2020-1375)\n\n - A remote code execution vulnerability exists in .NET Framework, Microsoft SharePoint, and Visual Studio when the software fails to check the source markup of XML file input. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the process responsible for deserialization of the XML content. (CVE-2020-1147)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Network Connections Service handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1373, CVE-2020-1390, CVE-2020-1427, CVE-2020-1428, CVE-2020-1438)\n\n - An elevation of privilege vulnerability exists when the Windows Cryptography Next Generation (CNG) Key Isolation service improperly handles memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. (CVE-2020-1359, CVE-2020-1384)\n\n - An information disclosure vulnerability exists when the Windows Resource Policy component improperly handles memory. (CVE-2020-1358)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Speech Brokered API handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1395)\n\n - An information disclosure vulnerability exists when Windows Error Reporting improperly handles file operations. (CVE-2020-1420)\n\n - A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code on a target system. (CVE-2020-1412)\n\n - An elevation of privilege vulnerability exists when the Windows AppX Deployment Extensions improperly performs privilege management, resulting in access to system files. (CVE-2020-1431)\n\n - An information disclosure vulnerability exists when Microsoft Edge PDF Reader improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2020-1433)\n\n - A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory. (CVE-2020-1400, CVE-2020-1401, CVE-2020-1407)\n\n - An elevation of privilege vulnerability exists when Windows Error Reporting manager improperly handles a process crash. An attacker who successfully exploited this vulnerability could delete a targeted file leading to an elevated status. (CVE-2020-1429)\n\n - An elevation of privilege vulnerability exists in the way that the psmsrv.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.\n (CVE-2020-1388)\n\n - An elevation of privilege vulnerability exists when Windows Mobile Device Management (MDM) Diagnostics improperly handles junctions. An attacker who successfully exploited this vulnerability could bypass access restrictions to delete files. (CVE-2020-1405)\n\n - An elevation of privilege vulnerability exists when the Windows iSCSI Target Service improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges.\n (CVE-2020-1356)\n\n - A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. (CVE-2020-1421)\n\n - An information disclosure vulnerability exists in Windows when the Windows Imaging Component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user's system.\n There are multiple ways an attacker could exploit this vulnerability: (CVE-2020-1397)\n\n - An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. An authenticated attacker could exploit this vulnerability by running a specially crafted application. The update addresses the vulnerability by correcting how the Windows kernel handles objects in memory. (CVE-2020-1367, CVE-2020-1426)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Function Discovery Service handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1085)\n\n - An information disclosure vulnerability exists in the way that the WalletService handles memory.\n (CVE-2020-1361)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Sync Host Service handles objects in memory. An attacker who successfully exploited the vulnerability could allow an application with limited privileges on an affected system to execute code at a medium integrity level. (CVE-2020-1434)\n\n - An information disclosure vulnerability exists when Skype for Business is accessed via Microsoft Edge (EdgeHTML-based). An attacker who exploited the vulnerability could cause the user to place a call without additional consent, leading to information disclosure of the user profile. For the vulnerability to be exploited, a user must click a specially crafted URL that prompts the Skype app. (CVE-2020-1462)\n\n - An elevation of privilege vulnerability exists when Windows Lockscreen fails to properly handle Ease of Access dialog. An attacker who successfully exploited the vulnerability could execute commands with elevated permissions. The security update addresses the vulnerability by ensuring that the Ease of Access dialog is handled properly. (CVE-2020-1398)\n\n - A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2020-1403)", "cvss3": {}, "published": "2020-07-14T00:00:00", "type": "nessus", "title": "KB4558998: Windows 10 Version 1809 and Windows Server 2019 July 2020 Security Update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-1085", "CVE-2020-1147", "CVE-2020-1249", "CVE-2020-1267", "CVE-2020-1330", "CVE-2020-1333", "CVE-2020-1336", "CVE-2020-1344", "CVE-2020-1346", "CVE-2020-1347", "CVE-2020-1351", "CVE-2020-1352", "CVE-2020-1353", "CVE-2020-1354", "CVE-2020-1356", "CVE-2020-1357", "CVE-2020-1358", "CVE-2020-1359", "CVE-2020-1360", "CVE-2020-1361", "CVE-2020-1362", "CVE-2020-1363", "CVE-2020-1364", "CVE-2020-1365", "CVE-2020-1366", "CVE-2020-1367", "CVE-2020-1368", "CVE-2020-1369", "CVE-2020-1370", "CVE-2020-1371", "CVE-2020-1372", "CVE-2020-1373", "CVE-2020-1374", "CVE-2020-1375", "CVE-2020-1384", "CVE-2020-1385", "CVE-2020-1386", "CVE-2020-1387", "CVE-2020-1388", "CVE-2020-1389", "CVE-2020-1390", "CVE-2020-1392", "CVE-2020-1393", "CVE-2020-1394", "CVE-2020-1395", "CVE-2020-1396", "CVE-2020-1397", "CVE-2020-1398", "CVE-2020-1399", "CVE-2020-1400", "CVE-2020-1401", "CVE-2020-1402", "CVE-2020-1403", "CVE-2020-1404", "CVE-2020-1405", "CVE-2020-1406", "CVE-2020-1407", "CVE-2020-1408", "CVE-2020-1409", "CVE-2020-1410", "CVE-2020-1411", "CVE-2020-1412", "CVE-2020-1413", "CVE-2020-1414", "CVE-2020-1415", "CVE-2020-1418", "CVE-2020-1419", "CVE-2020-1420", "CVE-2020-1421", "CVE-2020-1422", "CVE-2020-1424", "CVE-2020-1426", "CVE-2020-1427", "CVE-2020-1428", "CVE-2020-1429", "CVE-2020-1430", "CVE-2020-1431", "CVE-2020-1432", "CVE-2020-1433", "CVE-2020-1434", "CVE-2020-1435", "CVE-2020-1436", "CVE-2020-1437", "CVE-2020-1438", "CVE-2020-1462", "CVE-2020-1463", "CVE-2020-1468"], "modified": "2023-04-25T00:00:00", "cpe": ["cpe:/o:microsoft:windows", "cpe:/a:microsoft:edge"], "id": "SMB_NT_MS20_JUL_4558998.NASL", "href": "https://www.tenable.com/plugins/nessus/138453", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(138453);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/04/25\");\n\n script_cve_id(\n \"CVE-2020-1085\",\n \"CVE-2020-1147\",\n \"CVE-2020-1249\",\n \"CVE-2020-1267\",\n \"CVE-2020-1330\",\n \"CVE-2020-1333\",\n \"CVE-2020-1336\",\n \"CVE-2020-1344\",\n \"CVE-2020-1346\",\n \"CVE-2020-1347\",\n \"CVE-2020-1351\",\n \"CVE-2020-1352\",\n \"CVE-2020-1353\",\n \"CVE-2020-1354\",\n \"CVE-2020-1356\",\n \"CVE-2020-1357\",\n \"CVE-2020-1358\",\n \"CVE-2020-1359\",\n \"CVE-2020-1360\",\n \"CVE-2020-1361\",\n \"CVE-2020-1362\",\n \"CVE-2020-1363\",\n \"CVE-2020-1364\",\n \"CVE-2020-1365\",\n \"CVE-2020-1366\",\n \"CVE-2020-1367\",\n \"CVE-2020-1368\",\n \"CVE-2020-1369\",\n \"CVE-2020-1370\",\n \"CVE-2020-1371\",\n \"CVE-2020-1372\",\n \"CVE-2020-1373\",\n \"CVE-2020-1374\",\n \"CVE-2020-1375\",\n \"CVE-2020-1384\",\n \"CVE-2020-1385\",\n \"CVE-2020-1386\",\n \"CVE-2020-1387\",\n \"CVE-2020-1388\",\n \"CVE-2020-1389\",\n \"CVE-2020-1390\",\n \"CVE-2020-1392\",\n \"CVE-2020-1393\",\n \"CVE-2020-1394\",\n \"CVE-2020-1395\",\n \"CVE-2020-1396\",\n \"CVE-2020-1397\",\n \"CVE-2020-1398\",\n \"CVE-2020-1399\",\n \"CVE-2020-1400\",\n \"CVE-2020-1401\",\n \"CVE-2020-1402\",\n \"CVE-2020-1403\",\n \"CVE-2020-1404\",\n \"CVE-2020-1405\",\n \"CVE-2020-1406\",\n \"CVE-2020-1407\",\n \"CVE-2020-1408\",\n \"CVE-2020-1409\",\n \"CVE-2020-1410\",\n \"CVE-2020-1411\",\n \"CVE-2020-1412\",\n \"CVE-2020-1413\",\n \"CVE-2020-1414\",\n \"CVE-2020-1415\",\n \"CVE-2020-1418\",\n \"CVE-2020-1419\",\n \"CVE-2020-1420\",\n \"CVE-2020-1421\",\n \"CVE-2020-1422\",\n \"CVE-2020-1424\",\n \"CVE-2020-1426\",\n \"CVE-2020-1427\",\n \"CVE-2020-1428\",\n \"CVE-2020-1429\",\n \"CVE-2020-1430\",\n \"CVE-2020-1431\",\n \"CVE-2020-1432\",\n \"CVE-2020-1433\",\n \"CVE-2020-1434\",\n \"CVE-2020-1435\",\n \"CVE-2020-1436\",\n \"CVE-2020-1437\",\n \"CVE-2020-1438\",\n \"CVE-2020-1462\",\n \"CVE-2020-1463\",\n \"CVE-2020-1468\"\n );\n script_xref(name:\"MSKB\", value:\"4558998\");\n script_xref(name:\"MSFT\", value:\"MS20-4558998\");\n script_xref(name:\"IAVA\", value:\"2020-A-0300-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0302-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0306-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0313-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/03\");\n\n script_name(english:\"KB4558998: Windows 10 Version 1809 and Windows Server 2019 July 2020 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4558998. It is, \ntherefore, affected by multiple vulnerabilities :\n\n - An elevation of privilege vulnerability exists when the\n Windows System Events Broker improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could gain elevated privileges.\n (CVE-2020-1357)\n\n - An elevation of privilege vulnerability exists when the\n Windows kernel fails to properly handle objects in\n memory. An attacker who successfully exploited this\n vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change,\n or delete data; or create new accounts with full user\n rights. (CVE-2020-1411)\n\n - An elevation of privilege vulnerability exists when the\n Windows Diagnostics Execution Service fails to properly\n sanitize input, leading to an unsecure library-loading\n behavior. An attacker who successfully exploited this\n vulnerability could run arbitrary code with elevated\n system privileges. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. (CVE-2020-1418)\n\n - An elevation of privilege vulnerability exists when the\n Windows USO Core Worker improperly handles memory.\n (CVE-2020-1352)\n\n - An elevation of privilege vulnerability exists when the\n Windows Modules Installer improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could gain elevated privileges.\n (CVE-2020-1346)\n\n - An elevation of privilege vulnerability exists when the\n Windows Diagnostics Hub Standard Collector Service fails\n to properly sanitize input, leading to an unsecure\n library-loading behavior. An attacker who successfully\n exploited this vulnerability could run arbitrary code\n with elevated system privileges. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2020-1393)\n\n - A remote code execution vulnerability exists in the way\n that DirectWrite handles objects in memory. An attacker\n who successfully exploited this vulnerability could take\n control of the affected system. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights. There are\n multiple ways an attacker could exploit the\n vulnerability, such as by convincing a user to open a\n specially crafted document, or by convincing a user to\n visit an untrusted webpage. The security update\n addresses the vulnerability by correcting how\n DirectWrite handles objects in memory. (CVE-2020-1409)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Credential Picker handles objects\n in memory. An attacker who successfully exploited the\n vulnerability could allow an application with limited\n privileges on an affected system to execute code at a\n medium integrity level. (CVE-2020-1385)\n\n - An elevation of privilege vulnerability exists when the\n Windows Profile Service improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could gain elevated privileges.\n (CVE-2020-1360)\n\n - An elevation of privilege vulnerability exists when\n Windows Mobile Device Management (MDM) Diagnostics\n improperly handles objects in memory. An attacker who\n successfully exploited this vulnerability could bypass\n access restrictions to delete files. (CVE-2020-1372)\n\n - An elevation of privilege vulnerability exists when the\n Windows Picker Platform improperly handles memory.\n (CVE-2020-1363)\n\n - An elevation of privilege vulnerability exists when\n Windows improperly handles calls to Advanced Local\n Procedure Call (ALPC). An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n the security context of the local system. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n (CVE-2020-1396)\n\n - An information disclosure vulnerability exists when\n Windows Mobile Device Management (MDM) Diagnostics\n improperly handles junctions. An attacker who\n successfully exploited this vulnerability could bypass\n access restrictions to read files. (CVE-2020-1330)\n\n - A remote code execution vulnerability exists in the\n Windows Remote Desktop Client when a user connects to a\n malicious server. An attacker who successfully exploited\n this vulnerability could execute arbitrary code on the\n computer of the connecting client. An attacker could\n then install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2020-1374)\n\n - A remote code execution vulnerability exists when the\n Windows font library improperly handles specially\n crafted fonts. For all systems except Windows 10, an\n attacker who successfully exploited the vulnerability\n could execute code remotely. For systems running Windows\n 10, an attacker who successfully exploited the\n vulnerability could execute code in an AppContainer\n sandbox context with limited privileges and\n capabilities. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. There are multiple ways an\n attacker could exploit the vulnerability:\n (CVE-2020-1436)\n\n - An elevation of privilege vulnerability exists in the\n way that the Credential Enrollment Manager service\n handles objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2020-1368)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Network List Service handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2020-1406)\n\n - An information disclosure vulnerability exists when the\n Windows Graphics component improperly handles objects in\n memory. An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. An authenticated attacker\n could exploit this vulnerability by running a specially\n crafted application. The update addresses the\n vulnerability by correcting how the Windows Graphics\n Component handles objects in memory. (CVE-2020-1351)\n\n - An information disclosure vulnerability exists when the\n Windows GDI component improperly discloses the contents\n of its memory. An attacker who successfully exploited\n the vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document,\n or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by\n correcting how the Windows GDI component handles objects\n in memory. (CVE-2020-1468)\n\n - An elevation of privilege vulnerability exists when the\n Windows Event Logging Service improperly handles memory.\n (CVE-2020-1365, CVE-2020-1371)\n\n - An information disclosure vulnerability exists when the\n Windows kernel fails to properly initialize a memory\n address. An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. (CVE-2020-1389,\n CVE-2020-1419)\n\n - An elevation of privilege vulnerability exists when the\n Windows Print Workflow Service improperly handles\n objects in memory. An attacker who successfully\n exploited this vulnerability could gain elevated\n privileges and break out of the AppContainer sandbox.\n (CVE-2020-1366)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows WalletService handles objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute code with elevated\n permissions. (CVE-2020-1344, CVE-2020-1362,\n CVE-2020-1369)\n\n - An elevation of privilege vulnerability exists when the\n Windows ActiveX Installer Service improperly handles\n memory. (CVE-2020-1402)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Geolocation Framework handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2020-1394)\n\n - An information vulnerability exists when Windows\n Connected User Experiences and Telemetry Service\n improperly discloses file information. Successful\n exploitation of the vulnerability could allow the\n attacker to read any file on the file system.\n (CVE-2020-1386)\n\n - This security update corrects a denial of service in the\n Local Security Authority Subsystem Service (LSASS)\n caused when an authenticated attacker sends a specially\n crafted authentication request. A remote attacker who\n successfully exploited this vulnerability could cause a\n denial of service on the target system's LSASS service,\n which triggers an automatic reboot of the system. The\n security update addresses the vulnerability by changing\n the way that LSASS handles specially crafted\n authentication requests. (CVE-2020-1267)\n\n - An elevation of privilege vulnerability exists when the\n Windows Delivery Optimization service improperly handles\n objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code\n with elevated system privileges. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2020-1392)\n\n - A remote code execution vulnerability exists when\n Windows Address Book (WAB) improperly processes vcard\n files. (CVE-2020-1410)\n\n - An elevation of privilege vulnerability exists when the\n Windows Runtime improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could run arbitrary code in an elevated context. An\n attacker could exploit this vulnerability by running a\n specially crafted application on the victim system. The\n update addresses the vulnerability by correcting the way\n the Windows Runtime handles objects in memory.\n (CVE-2020-1249, CVE-2020-1353, CVE-2020-1370,\n CVE-2020-1399, CVE-2020-1404, CVE-2020-1413,\n CVE-2020-1414, CVE-2020-1415, CVE-2020-1422)\n\n - A remote code execution vulnerability exists in the way\n that the Windows Graphics Device Interface (GDI) handles\n objects in the memory. An attacker who successfully\n exploited this vulnerability could take control of the\n affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. (CVE-2020-1435)\n\n - An elevation of privilege vulnerability exists when the\n Windows UPnP Device Host improperly handles memory.\n (CVE-2020-1354, CVE-2020-1430)\n\n - An elevation of privilege vulnerability exists when the\n Windows Update Stack fails to properly handle objects in\n memory. An attacker who successfully exploited this\n vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change,\n or delete data; or create new accounts with full user\n rights. (CVE-2020-1424)\n\n - An elevation of privilege vulnerability exists in the\n way that the SharedStream Library handles objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute code with elevated\n permissions. (CVE-2020-1463)\n\n - An elevation of privilege vulnerability exists when\n Group Policy Services Policy Processing improperly\n handle reparse points. An attacker who successfully\n exploited this vulnerability could overwrite a targeted\n file that would normally require elevated permissions.\n (CVE-2020-1333)\n\n - An elevation of privilege vulnerability exists in the\n way the Windows Push Notification Service handles\n objects in memory. An attacker who successfully\n exploited this vulnerability could run processes in an\n elevated context. An attacker could then install\n programs; view, change or delete data. (CVE-2020-1387)\n\n - A remote code execution vulnerability exists when the\n Windows font library improperly handles specially\n crafted embedded fonts. An attacker who successfully\n exploited the vulnerability could take control of the\n affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. (CVE-2020-1408)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Kernel handles objects in memory.\n An attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2020-1336)\n\n - An elevation of privilege vulnerability exists when the\n Windows Storage Services improperly handle file\n operations. An attacker who successfully exploited this\n vulnerability could gain elevated privileges.\n (CVE-2020-1347)\n\n - A denial of service vulnerability exists in the way that\n the WalletService handles files. An attacker who\n successfully exploited the vulnerability could corrupt\n system files. (CVE-2020-1364)\n\n - An information disclosure vulnerability exists when\n Skype for Business is accessed via Internet Explorer. An\n attacker who exploited the vulnerability could cause the\n user to place a call without additional consent, leading\n to information disclosure of the user profile. For the\n vulnerability to be exploited, a user must click a\n specially crafted URL that prompts the Skype app.\n (CVE-2020-1432)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Network Location Awareness Service\n handles objects in memory. An attacker who successfully\n exploited the vulnerability could allow an application\n with limited privileges on an affected system to execute\n code at a medium integrity level. (CVE-2020-1437)\n\n - An elevation of privilege vulnerability exists when\n Windows improperly handles COM object creation. An\n attacker who successfully exploited the vulnerability\n could run arbitrary code with elevated privileges.\n (CVE-2020-1375)\n\n - A remote code execution vulnerability exists in .NET\n Framework, Microsoft SharePoint, and Visual Studio when\n the software fails to check the source markup of XML\n file input. An attacker who successfully exploited the\n vulnerability could run arbitrary code in the context of\n the process responsible for deserialization of the XML\n content. (CVE-2020-1147)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Network Connections Service handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2020-1373, CVE-2020-1390,\n CVE-2020-1427, CVE-2020-1428, CVE-2020-1438)\n\n - An elevation of privilege vulnerability exists when the\n Windows Cryptography Next Generation (CNG) Key Isolation\n service improperly handles memory. An attacker who\n successfully exploited this vulnerability could run\n processes in an elevated context. (CVE-2020-1359,\n CVE-2020-1384)\n\n - An information disclosure vulnerability exists when the\n Windows Resource Policy component improperly handles\n memory. (CVE-2020-1358)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Speech Brokered API handles objects\n in memory. An attacker who successfully exploited the\n vulnerability could execute code with elevated\n permissions. (CVE-2020-1395)\n\n - An information disclosure vulnerability exists when\n Windows Error Reporting improperly handles file\n operations. (CVE-2020-1420)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft Graphics Components handle objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute arbitrary code on a target\n system. (CVE-2020-1412)\n\n - An elevation of privilege vulnerability exists when the\n Windows AppX Deployment Extensions improperly performs\n privilege management, resulting in access to system\n files. (CVE-2020-1431)\n\n - An information disclosure vulnerability exists when\n Microsoft Edge PDF Reader improperly handles objects in\n memory. An attacker who successfully exploited the\n vulnerability could obtain information to further\n compromise the users system. (CVE-2020-1433)\n\n - A remote code execution vulnerability exists when the\n Windows Jet Database Engine improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on a victim\n system. An attacker could exploit this vulnerability by\n enticing a victim to open a specially crafted file. The\n update addresses the vulnerability by correcting the way\n the Windows Jet Database Engine handles objects in\n memory. (CVE-2020-1400, CVE-2020-1401, CVE-2020-1407)\n\n - An elevation of privilege vulnerability exists when\n Windows Error Reporting manager improperly handles a\n process crash. An attacker who successfully exploited\n this vulnerability could delete a targeted file leading\n to an elevated status. (CVE-2020-1429)\n\n - An elevation of privilege vulnerability exists in the\n way that the psmsrv.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2020-1388)\n\n - An elevation of privilege vulnerability exists when\n Windows Mobile Device Management (MDM) Diagnostics\n improperly handles junctions. An attacker who\n successfully exploited this vulnerability could bypass\n access restrictions to delete files. (CVE-2020-1405)\n\n - An elevation of privilege vulnerability exists when the\n Windows iSCSI Target Service improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could gain elevated privileges.\n (CVE-2020-1356)\n\n - A remote code execution vulnerability exists in\n Microsoft Windows that could allow remote code execution\n if a .LNK file is processed. An attacker who\n successfully exploited this vulnerability could gain the\n same user rights as the local user. (CVE-2020-1421)\n\n - An information disclosure vulnerability exists in\n Windows when the Windows Imaging Component fails to\n properly handle objects in memory. An attacker who\n successfully exploited this vulnerability could obtain\n information to further compromise the user's system.\n There are multiple ways an attacker could exploit this\n vulnerability: (CVE-2020-1397)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. An authenticated attacker could exploit this\n vulnerability by running a specially crafted\n application. The update addresses the vulnerability by\n correcting how the Windows kernel handles objects in\n memory. (CVE-2020-1367, CVE-2020-1426)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Function Discovery Service handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2020-1085)\n\n - An information disclosure vulnerability exists in the\n way that the WalletService handles memory.\n (CVE-2020-1361)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Sync Host Service handles objects\n in memory. An attacker who successfully exploited the\n vulnerability could allow an application with limited\n privileges on an affected system to execute code at a\n medium integrity level. (CVE-2020-1434)\n\n - An information disclosure vulnerability exists when\n Skype for Business is accessed via Microsoft Edge\n (EdgeHTML-based). An attacker who exploited the\n vulnerability could cause the user to place a call\n without additional consent, leading to information\n disclosure of the user profile. For the vulnerability to\n be exploited, a user must click a specially crafted URL\n that prompts the Skype app. (CVE-2020-1462)\n\n - An elevation of privilege vulnerability exists when\n Windows Lockscreen fails to properly handle Ease of\n Access dialog. An attacker who successfully exploited\n the vulnerability could execute commands with elevated\n permissions. The security update addresses the\n vulnerability by ensuring that the Ease of Access dialog\n is handled properly. (CVE-2020-1398)\n\n - A remote code execution vulnerability exists in the way\n that the VBScript engine handles objects in memory. The\n vulnerability could corrupt memory in such a way that an\n attacker could execute arbitrary code in the context of\n the current user. An attacker who successfully exploited\n the vulnerability could gain the same user rights as the\n current user. (CVE-2020-1403)\");\n # https://support.microsoft.com/en-us/help/4558998/windows-10-update-kb4558998\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?a508fbe1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update KB4558998.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-1435\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-1436\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'SharePoint DataSet / DataTable Deserialization');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/07/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/07/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS20-07\";\nkbs = make_list('4558998');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:\"17763\",\n rollup_date:\"07_2020\",\n bulletin:bulletin,\n rollup_kb_list:[4558998])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n\n\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-19T15:24:01", "description": "The remote Windows host is missing security update 4565489. It is, therefore, affected by multiple vulnerabilities :\n\n - An elevation of privilege vulnerability exists when the Windows System Events Broker improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges.\n (CVE-2020-1357)\n\n - An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1411)\n\n - An elevation of privilege vulnerability exists when the Windows Diagnostics Execution Service fails to properly sanitize input, leading to an unsecure library-loading behavior. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1418)\n\n - An elevation of privilege vulnerability exists when the Windows USO Core Worker improperly handles memory.\n (CVE-2020-1352)\n\n - An elevation of privilege vulnerability exists when the Windows Modules Installer improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges.\n (CVE-2020-1346)\n\n - An elevation of privilege vulnerability exists when Windows improperly handles COM object creation. An attacker who successfully exploited the vulnerability could run arbitrary code with elevated privileges.\n (CVE-2020-1375)\n\n - A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage. The security update addresses the vulnerability by correcting how DirectWrite handles objects in memory. (CVE-2020-1409)\n\n - An elevation of privilege vulnerability exists when the Windows AppX Deployment Extensions improperly performs privilege management, resulting in access to system files. (CVE-2020-1431)\n\n - An elevation of privilege vulnerability exists when the Windows Profile Service improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges.\n (CVE-2020-1360)\n\n - An elevation of privilege vulnerability exists when Windows Mobile Device Management (MDM) Diagnostics improperly handles objects in memory. An attacker who successfully exploited this vulnerability could bypass access restrictions to delete files. (CVE-2020-1372)\n\n - An elevation of privilege vulnerability exists when the Windows Picker Platform improperly handles memory.\n (CVE-2020-1363)\n\n - An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC). An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2020-1396)\n\n - A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2020-1403)\n\n - A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server. An attacker who successfully exploited this vulnerability could execute arbitrary code on the computer of the connecting client. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2020-1374)\n\n - A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted fonts. For all systems except Windows 10, an attacker who successfully exploited the vulnerability could execute code remotely. For systems running Windows 10, an attacker who successfully exploited the vulnerability could execute code in an AppContainer sandbox context with limited privileges and capabilities. An attacker could then install programs;\n view, change, or delete data; or create new accounts with full user rights. There are multiple ways an attacker could exploit the vulnerability:\n (CVE-2020-1436)\n\n - An elevation of privilege vulnerability exists in the way that the Credential Enrollment Manager service handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1368)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Network List Service handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1406)\n\n - An information disclosure vulnerability exists when the Windows Graphics component improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. An authenticated attacker could exploit this vulnerability by running a specially crafted application. The update addresses the vulnerability by correcting how the Windows Graphics Component handles objects in memory. (CVE-2020-1351)\n\n - An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory. (CVE-2020-1468)\n\n - An elevation of privilege vulnerability exists when the Windows Event Logging Service improperly handles memory.\n (CVE-2020-1365, CVE-2020-1371)\n\n - An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2020-1389, CVE-2020-1419)\n\n - An elevation of privilege vulnerability exists when the Windows Print Workflow Service improperly handles objects in memory. An attacker who successfully exploited this vulnerability could gain elevated privileges and break out of the AppContainer sandbox.\n (CVE-2020-1366)\n\n - An elevation of privilege vulnerability exists in the way that the Windows WalletService handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1344, CVE-2020-1362, CVE-2020-1369)\n\n - An elevation of privilege vulnerability exists when the Windows ActiveX Installer Service improperly handles memory. (CVE-2020-1402)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Geolocation Framework handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1394)\n\n - An information vulnerability exists when Windows Connected User Experiences and Telemetry Service improperly discloses file information. Successful exploitation of the vulnerability could allow the attacker to read any file on the file system.\n (CVE-2020-1386)\n\n - This security update corrects a denial of service in the Local Security Authority Subsystem Service (LSASS) caused when an authenticated attacker sends a specially crafted authentication request. A remote attacker who successfully exploited this vulnerability could cause a denial of service on the target system's LSASS service, which triggers an automatic reboot of the system. The security update addresses the vulnerability by changing the way that LSASS handles specially crafted authentication requests. (CVE-2020-1267)\n\n - An elevation of privilege vulnerability exists when the Windows Delivery Optimization service improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2020-1392)\n\n - A remote code execution vulnerability exists when Windows Address Book (WAB) improperly processes vcard files. (CVE-2020-1410)\n\n - An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The update addresses the vulnerability by correcting the way the Windows Runtime handles objects in memory.\n (CVE-2020-1249, CVE-2020-1353, CVE-2020-1370, CVE-2020-1399, CVE-2020-1404, CVE-2020-1413, CVE-2020-1414, CVE-2020-1415, CVE-2020-1422)\n\n - An elevation of privilege vulnerability exists when the Windows UPnP Device Host improperly handles memory.\n (CVE-2020-1354, CVE-2020-1430)\n\n - An elevation of privilege vulnerability exists when the Windows Update Stack fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1424)\n\n - An elevation of privilege vulnerability exists in the way that the SharedStream Library handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1463)\n\n - An elevation of privilege vulnerability exists when Group Policy Services Policy Processing improperly handle reparse points. An attacker who successfully exploited this vulnerability could overwrite a targeted file that would normally require elevated permissions.\n (CVE-2020-1333)\n\n - An elevation of privilege vulnerability exists in the way the Windows Push Notification Service handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could then install programs; view, change or delete data. (CVE-2020-1387)\n\n - A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited the vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1408)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory.\n An attacker who successfully exploited the vulnerability could execute code with elevated permissions.\n (CVE-2020-1336)\n\n - An elevation of privilege vulnerability exists when the Windows Storage Services improperly handle file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges.\n (CVE-2020-1347)\n\n - A denial of service vulnerability exists in the way that the WalletService handles files. An attacker who successfully exploited the vulnerability could corrupt system files. (CVE-2020-1364)\n\n - An information disclosure vulnerability exists when Skype for Business is accessed via Internet Explorer. An attacker who exploited the vulnerability could cause the user to place a call without additional consent, leading to information disclosure of the user profile. For the vulnerability to be exploited, a user must click a specially crafted URL that prompts the Skype app.\n (CVE-2020-1432)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Network Location Awareness Service handles objects in memory. An attacker who successfully exploited the vulnerability could allow an application with limited privileges on an affected system to execute code at a medium integrity level. (CVE-2020-1437)\n\n - An elevation of privilege vulnerability exists when the Windows Diagnostics Hub Standard Collector Service fails to properly sanitize input, leading to an unsecure library-loading behavior. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2020-1393)\n\n - A remote code execution vulnerability exists in .NET Framework, Microsoft SharePoint, and Visual Studio when the software fails to check the source markup of XML file input. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the process responsible for deserialization of the XML content. (CVE-2020-1147)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Network Connections Service handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1373, CVE-2020-1390, CVE-2020-1427, CVE-2020-1428, CVE-2020-1438)\n\n - An elevation of privilege vulnerability exists when the Windows Cryptography Next Generation (CNG) Key Isolation service improperly handles memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. (CVE-2020-1359, CVE-2020-1384)\n\n - An information disclosure vulnerability exists when the Windows Resource Policy component improperly handles memory. (CVE-2020-1358)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Speech Brokered API handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1395)\n\n - An information disclosure vulnerability exists when Windows Error Reporting improperly handles file operations. (CVE-2020-1420)\n\n - A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code on a target system. (CVE-2020-1412)\n\n - An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. An authenticated attacker could exploit this vulnerability by running a specially crafted application. The update addresses the vulnerability by correcting how the Windows kernel handles objects in memory. (CVE-2020-1426)\n\n - An information disclosure vulnerability exists when Microsoft Edge PDF Reader improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2020-1433)\n\n - A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory. (CVE-2020-1400, CVE-2020-1401, CVE-2020-1407)\n\n - An elevation of privilege vulnerability exists when Windows Error Reporting manager improperly handles a process crash. An attacker who successfully exploited this vulnerability could delete a targeted file leading to an elevated status. (CVE-2020-1429)\n\n - An elevation of privilege vulnerability exists in the way that the psmsrv.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.\n (CVE-2020-1388)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Credential Picker handles objects in memory. An attacker who successfully exploited the vulnerability could allow an application with limited privileges on an affected system to execute code at a medium integrity level. (CVE-2020-1385)\n\n - A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. (CVE-2020-1421)\n\n - An information disclosure vulnerability exists in Windows when the Windows Imaging Component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user's system.\n There are multiple ways an attacker could exploit this vulnerability: (CVE-2020-1397)\n\n - A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1435)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Function Discovery Service handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1085)\n\n - An information disclosure vulnerability exists in the way that the WalletService handles memory.\n (CVE-2020-1361)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Sync Host Service handles objects in memory. An attacker who successfully exploited the vulnerability could allow an application with limited privileges on an affected system to execute code at a medium integrity level. (CVE-2020-1434)\n\n - An information disclosure vulnerability exists when Skype for Business is accessed via Microsoft Edge (EdgeHTML-based). An attacker who exploited the vulnerability could cause the user to place a call without additional consent, leading to information disclosure of the user profile. For the vulnerability to be exploited, a user must click a specially crafted URL that prompts the Skype app. (CVE-2020-1462)\n\n - An elevation of privilege vulnerability exists when Windows Lockscreen fails to properly handle Ease of Access dialog. An attacker who successfully exploited the vulnerability could execute commands with elevated permissions. The security update addresses the vulnerability by ensuring that the Ease of Access dialog is handled properly. (CVE-2020-1398)", "cvss3": {}, "published": "2020-07-14T00:00:00", "type": "nessus", "title": "KB4565489: Windows 10 Version 1803 July 2020 Security Update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-1085", "CVE-2020-1147", "CVE-2020-1249", "CVE-2020-1267", "CVE-2020-1333", "CVE-2020-1336", "CVE-2020-1344", "CVE-2020-1346", "CVE-2020-1347", "CVE-2020-1351", "CVE-2020-1352", "CVE-2020-1353", "CVE-2020-1354", "CVE-2020-1357", "CVE-2020-1358", "CVE-2020-1359", "CVE-2020-1360", "CVE-2020-1361", "CVE-2020-1362", "CVE-2020-1363", "CVE-2020-1364", "CVE-2020-1365", "CVE-2020-1366", "CVE-2020-1368", "CVE-2020-1369", "CVE-2020-1370", "CVE-2020-1371", "CVE-2020-1372", "CVE-2020-1373", "CVE-2020-1374", "CVE-2020-1375", "CVE-2020-1384", "CVE-2020-1385", "CVE-2020-1386", "CVE-2020-1387", "CVE-2020-1388", "CVE-2020-1389", "CVE-2020-1390", "CVE-2020-1392", "CVE-2020-1393", "CVE-2020-1394", "CVE-2020-1395", "CVE-2020-1396", "CVE-2020-1397", "CVE-2020-1398", "CVE-2020-1399", "CVE-2020-1400", "CVE-2020-1401", "CVE-2020-1402", "CVE-2020-1403", "CVE-2020-1404", "CVE-2020-1406", "CVE-2020-1407", "CVE-2020-1408", "CVE-2020-1409", "CVE-2020-1410", "CVE-2020-1411", "CVE-2020-1412", "CVE-2020-1413", "CVE-2020-1414", "CVE-2020-1415", "CVE-2020-1418", "CVE-2020-1419", "CVE-2020-1420", "CVE-2020-1421", "CVE-2020-1422", "CVE-2020-1424", "CVE-2020-1426", "CVE-2020-1427", "CVE-2020-1428", "CVE-2020-1429", "CVE-2020-1430", "CVE-2020-1431", "CVE-2020-1432", "CVE-2020-1433", "CVE-2020-1434", "CVE-2020-1435", "CVE-2020-1436", "CVE-2020-1437", "CVE-2020-1438", "CVE-2020-1462", "CVE-2020-1463", "CVE-2020-1468"], "modified": "2023-01-24T00:00:00", "cpe": ["cpe:/o:microsoft:windows", "cpe:/a:microsoft:edge"], "id": "SMB_NT_MS20_JUL_4565489.NASL", "href": "https://www.tenable.com/plugins/nessus/138455", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(138455);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/24\");\n\n script_cve_id(\n \"CVE-2020-1085\",\n \"CVE-2020-1147\",\n \"CVE-2020-1249\",\n \"CVE-2020-1267\",\n \"CVE-2020-1333\",\n \"CVE-2020-1336\",\n \"CVE-2020-1344\",\n \"CVE-2020-1346\",\n \"CVE-2020-1347\",\n \"CVE-2020-1351\",\n \"CVE-2020-1352\",\n \"CVE-2020-1353\",\n \"CVE-2020-1354\",\n \"CVE-2020-1357\",\n \"CVE-2020-1358\",\n \"CVE-2020-1359\",\n \"CVE-2020-1360\",\n \"CVE-2020-1361\",\n \"CVE-2020-1362\",\n \"CVE-2020-1363\",\n \"CVE-2020-1364\",\n \"CVE-2020-1365\",\n \"CVE-2020-1366\",\n \"CVE-2020-1368\",\n \"CVE-2020-1369\",\n \"CVE-2020-1370\",\n \"CVE-2020-1371\",\n \"CVE-2020-1372\",\n \"CVE-2020-1373\",\n \"CVE-2020-1374\",\n \"CVE-2020-1375\",\n \"CVE-2020-1384\",\n \"CVE-2020-1385\",\n \"CVE-2020-1386\",\n \"CVE-2020-1387\",\n \"CVE-2020-1388\",\n \"CVE-2020-1389\",\n \"CVE-2020-1390\",\n \"CVE-2020-1392\",\n \"CVE-2020-1393\",\n \"CVE-2020-1394\",\n \"CVE-2020-1395\",\n \"CVE-2020-1396\",\n \"CVE-2020-1397\",\n \"CVE-2020-1398\",\n \"CVE-2020-1399\",\n \"CVE-2020-1400\",\n \"CVE-2020-1401\",\n \"CVE-2020-1402\",\n \"CVE-2020-1403\",\n \"CVE-2020-1404\",\n \"CVE-2020-1406\",\n \"CVE-2020-1407\",\n \"CVE-2020-1408\",\n \"CVE-2020-1409\",\n \"CVE-2020-1410\",\n \"CVE-2020-1411\",\n \"CVE-2020-1412\",\n \"CVE-2020-1413\",\n \"CVE-2020-1414\",\n \"CVE-2020-1415\",\n \"CVE-2020-1418\",\n \"CVE-2020-1419\",\n \"CVE-2020-1420\",\n \"CVE-2020-1421\",\n \"CVE-2020-1422\",\n \"CVE-2020-1424\",\n \"CVE-2020-1426\",\n \"CVE-2020-1427\",\n \"CVE-2020-1428\",\n \"CVE-2020-1429\",\n \"CVE-2020-1430\",\n \"CVE-2020-1431\",\n \"CVE-2020-1432\",\n \"CVE-2020-1433\",\n \"CVE-2020-1434\",\n \"CVE-2020-1435\",\n \"CVE-2020-1436\",\n \"CVE-2020-1437\",\n \"CVE-2020-1438\",\n \"CVE-2020-1462\",\n \"CVE-2020-1463\",\n \"CVE-2020-1468\"\n );\n script_xref(name:\"MSKB\", value:\"4565489\");\n script_xref(name:\"MSFT\", value:\"MS20-4565489\");\n script_xref(name:\"IAVA\", value:\"2020-A-0300-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0302-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0313-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/03\");\n\n script_name(english:\"KB4565489: Windows 10 Version 1803 July 2020 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4565489. It is, \ntherefore, affected by multiple vulnerabilities :\n\n - An elevation of privilege vulnerability exists when the\n Windows System Events Broker improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could gain elevated privileges.\n (CVE-2020-1357)\n\n - An elevation of privilege vulnerability exists when the\n Windows kernel fails to properly handle objects in\n memory. An attacker who successfully exploited this\n vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change,\n or delete data; or create new accounts with full user\n rights. (CVE-2020-1411)\n\n - An elevation of privilege vulnerability exists when the\n Windows Diagnostics Execution Service fails to properly\n sanitize input, leading to an unsecure library-loading\n behavior. An attacker who successfully exploited this\n vulnerability could run arbitrary code with elevated\n system privileges. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. (CVE-2020-1418)\n\n - An elevation of privilege vulnerability exists when the\n Windows USO Core Worker improperly handles memory.\n (CVE-2020-1352)\n\n - An elevation of privilege vulnerability exists when the\n Windows Modules Installer improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could gain elevated privileges.\n (CVE-2020-1346)\n\n - An elevation of privilege vulnerability exists when\n Windows improperly handles COM object creation. An\n attacker who successfully exploited the vulnerability\n could run arbitrary code with elevated privileges.\n (CVE-2020-1375)\n\n - A remote code execution vulnerability exists in the way\n that DirectWrite handles objects in memory. An attacker\n who successfully exploited this vulnerability could take\n control of the affected system. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights. There are\n multiple ways an attacker could exploit the\n vulnerability, such as by convincing a user to open a\n specially crafted document, or by convincing a user to\n visit an untrusted webpage. The security update\n addresses the vulnerability by correcting how\n DirectWrite handles objects in memory. (CVE-2020-1409)\n\n - An elevation of privilege vulnerability exists when the\n Windows AppX Deployment Extensions improperly performs\n privilege management, resulting in access to system\n files. (CVE-2020-1431)\n\n - An elevation of privilege vulnerability exists when the\n Windows Profile Service improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could gain elevated privileges.\n (CVE-2020-1360)\n\n - An elevation of privilege vulnerability exists when\n Windows Mobile Device Management (MDM) Diagnostics\n improperly handles objects in memory. An attacker who\n successfully exploited this vulnerability could bypass\n access restrictions to delete files. (CVE-2020-1372)\n\n - An elevation of privilege vulnerability exists when the\n Windows Picker Platform improperly handles memory.\n (CVE-2020-1363)\n\n - An elevation of privilege vulnerability exists when\n Windows improperly handles calls to Advanced Local\n Procedure Call (ALPC). An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n the security context of the local system. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n (CVE-2020-1396)\n\n - A remote code execution vulnerability exists in the way\n that the VBScript engine handles objects in memory. The\n vulnerability could corrupt memory in such a way that an\n attacker could execute arbitrary code in the context of\n the current user. An attacker who successfully exploited\n the vulnerability could gain the same user rights as the\n current user. (CVE-2020-1403)\n\n - A remote code execution vulnerability exists in the\n Windows Remote Desktop Client when a user connects to a\n malicious server. An attacker who successfully exploited\n this vulnerability could execute arbitrary code on the\n computer of the connecting client. An attacker could\n then install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2020-1374)\n\n - A remote code execution vulnerability exists when the\n Windows font library improperly handles specially\n crafted fonts. For all systems except Windows 10, an\n attacker who successfully exploited the vulnerability\n could execute code remotely. For systems running Windows\n 10, an attacker who successfully exploited the\n vulnerability could execute code in an AppContainer\n sandbox context with limited privileges and\n capabilities. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. There are multiple ways an\n attacker could exploit the vulnerability:\n (CVE-2020-1436)\n\n - An elevation of privilege vulnerability exists in the\n way that the Credential Enrollment Manager service\n handles objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2020-1368)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Network List Service handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2020-1406)\n\n - An information disclosure vulnerability exists when the\n Windows Graphics component improperly handles objects in\n memory. An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. An authenticated attacker\n could exploit this vulnerability by running a specially\n crafted application. The update addresses the\n vulnerability by correcting how the Windows Graphics\n Component handles objects in memory. (CVE-2020-1351)\n\n - An information disclosure vulnerability exists when the\n Windows GDI component improperly discloses the contents\n of its memory. An attacker who successfully exploited\n the vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document,\n or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by\n correcting how the Windows GDI component handles objects\n in memory. (CVE-2020-1468)\n\n - An elevation of privilege vulnerability exists when the\n Windows Event Logging Service improperly handles memory.\n (CVE-2020-1365, CVE-2020-1371)\n\n - An information disclosure vulnerability exists when the\n Windows kernel fails to properly initialize a memory\n address. An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. (CVE-2020-1389,\n CVE-2020-1419)\n\n - An elevation of privilege vulnerability exists when the\n Windows Print Workflow Service improperly handles\n objects in memory. An attacker who successfully\n exploited this vulnerability could gain elevated\n privileges and break out of the AppContainer sandbox.\n (CVE-2020-1366)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows WalletService handles objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute code with elevated\n permissions. (CVE-2020-1344, CVE-2020-1362,\n CVE-2020-1369)\n\n - An elevation of privilege vulnerability exists when the\n Windows ActiveX Installer Service improperly handles\n memory. (CVE-2020-1402)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Geolocation Framework handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2020-1394)\n\n - An information vulnerability exists when Windows\n Connected User Experiences and Telemetry Service\n improperly discloses file information. Successful\n exploitation of the vulnerability could allow the\n attacker to read any file on the file system.\n (CVE-2020-1386)\n\n - This security update corrects a denial of service in the\n Local Security Authority Subsystem Service (LSASS)\n caused when an authenticated attacker sends a specially\n crafted authentication request. A remote attacker who\n successfully exploited this vulnerability could cause a\n denial of service on the target system's LSASS service,\n which triggers an automatic reboot of the system. The\n security update addresses the vulnerability by changing\n the way that LSASS handles specially crafted\n authentication requests. (CVE-2020-1267)\n\n - An elevation of privilege vulnerability exists when the\n Windows Delivery Optimization service improperly handles\n objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code\n with elevated system privileges. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2020-1392)\n\n - A remote code execution vulnerability exists when\n Windows Address Book (WAB) improperly processes vcard\n files. (CVE-2020-1410)\n\n - An elevation of privilege vulnerability exists when the\n Windows Runtime improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could run arbitrary code in an elevated context. An\n attacker could exploit this vulnerability by running a\n specially crafted application on the victim system. The\n update addresses the vulnerability by correcting the way\n the Windows Runtime handles objects in memory.\n (CVE-2020-1249, CVE-2020-1353, CVE-2020-1370,\n CVE-2020-1399, CVE-2020-1404, CVE-2020-1413,\n CVE-2020-1414, CVE-2020-1415, CVE-2020-1422)\n\n - An elevation of privilege vulnerability exists when the\n Windows UPnP Device Host improperly handles memory.\n (CVE-2020-1354, CVE-2020-1430)\n\n - An elevation of privilege vulnerability exists when the\n Windows Update Stack fails to properly handle objects in\n memory. An attacker who successfully exploited this\n vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change,\n or delete data; or create new accounts with full user\n rights. (CVE-2020-1424)\n\n - An elevation of privilege vulnerability exists in the\n way that the SharedStream Library handles objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute code with elevated\n permissions. (CVE-2020-1463)\n\n - An elevation of privilege vulnerability exists when\n Group Policy Services Policy Processing improperly\n handle reparse points. An attacker who successfully\n exploited this vulnerability could overwrite a targeted\n file that would normally require elevated permissions.\n (CVE-2020-1333)\n\n - An elevation of privilege vulnerability exists in the\n way the Windows Push Notification Service handles\n objects in memory. An attacker who successfully\n exploited this vulnerability could run processes in an\n elevated context. An attacker could then install\n programs; view, change or delete data. (CVE-2020-1387)\n\n - A remote code execution vulnerability exists when the\n Windows font library improperly handles specially\n crafted embedded fonts. An attacker who successfully\n exploited the vulnerability could take control of the\n affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. (CVE-2020-1408)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Kernel handles objects in memory.\n An attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2020-1336)\n\n - An elevation of privilege vulnerability exists when the\n Windows Storage Services improperly handle file\n operations. An attacker who successfully exploited this\n vulnerability could gain elevated privileges.\n (CVE-2020-1347)\n\n - A denial of service vulnerability exists in the way that\n the WalletService handles files. An attacker who\n successfully exploited the vulnerability could corrupt\n system files. (CVE-2020-1364)\n\n - An information disclosure vulnerability exists when\n Skype for Business is accessed via Internet Explorer. An\n attacker who exploited the vulnerability could cause the\n user to place a call without additional consent, leading\n to information disclosure of the user profile. For the\n vulnerability to be exploited, a user must click a\n specially crafted URL that prompts the Skype app.\n (CVE-2020-1432)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Network Location Awareness Service\n handles objects in memory. An attacker who successfully\n exploited the vulnerability could allow an application\n with limited privileges on an affected system to execute\n code at a medium integrity level. (CVE-2020-1437)\n\n - An elevation of privilege vulnerability exists when the\n Windows Diagnostics Hub Standard Collector Service fails\n to properly sanitize input, leading to an unsecure\n library-loading behavior. An attacker who successfully\n exploited this vulnerability could run arbitrary code\n with elevated system privileges. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2020-1393)\n\n - A remote code execution vulnerability exists in .NET\n Framework, Microsoft SharePoint, and Visual Studio when\n the software fails to check the source markup of XML\n file input. An attacker who successfully exploited the\n vulnerability could run arbitrary code in the context of\n the process responsible for deserialization of the XML\n content. (CVE-2020-1147)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Network Connections Service handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2020-1373, CVE-2020-1390,\n CVE-2020-1427, CVE-2020-1428, CVE-2020-1438)\n\n - An elevation of privilege vulnerability exists when the\n Windows Cryptography Next Generation (CNG) Key Isolation\n service improperly handles memory. An attacker who\n successfully exploited this vulnerability could run\n processes in an elevated context. (CVE-2020-1359,\n CVE-2020-1384)\n\n - An information disclosure vulnerability exists when the\n Windows Resource Policy component improperly handles\n memory. (CVE-2020-1358)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Speech Brokered API handles objects\n in memory. An attacker who successfully exploited the\n vulnerability could execute code with elevated\n permissions. (CVE-2020-1395)\n\n - An information disclosure vulnerability exists when\n Windows Error Reporting improperly handles file\n operations. (CVE-2020-1420)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft Graphics Components handle objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute arbitrary code on a target\n system. (CVE-2020-1412)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. An authenticated attacker could exploit this\n vulnerability by running a specially crafted\n application. The update addresses the vulnerability by\n correcting how the Windows kernel handles objects in\n memory. (CVE-2020-1426)\n\n - An information disclosure vulnerability exists when\n Microsoft Edge PDF Reader improperly handles objects in\n memory. An attacker who successfully exploited the\n vulnerability could obtain information to further\n compromise the users system. (CVE-2020-1433)\n\n - A remote code execution vulnerability exists when the\n Windows Jet Database Engine improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on a victim\n system. An attacker could exploit this vulnerability by\n enticing a victim to open a specially crafted file. The\n update addresses the vulnerability by correcting the way\n the Windows Jet Database Engine handles objects in\n memory. (CVE-2020-1400, CVE-2020-1401, CVE-2020-1407)\n\n - An elevation of privilege vulnerability exists when\n Windows Error Reporting manager improperly handles a\n process crash. An attacker who successfully exploited\n this vulnerability could delete a targeted file leading\n to an elevated status. (CVE-2020-1429)\n\n - An elevation of privilege vulnerability exists in the\n way that the psmsrv.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2020-1388)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Credential Picker handles objects\n in memory. An attacker who successfully exploited the\n vulnerability could allow an application with limited\n privileges on an affected system to execute code at a\n medium integrity level. (CVE-2020-1385)\n\n - A remote code execution vulnerability exists in\n Microsoft Windows that could allow remote code execution\n if a .LNK file is processed. An attacker who\n successfully exploited this vulnerability could gain the\n same user rights as the local user. (CVE-2020-1421)\n\n - An information disclosure vulnerability exists in\n Windows when the Windows Imaging Component fails to\n properly handle objects in memory. An attacker who\n successfully exploited this vulnerability could obtain\n information to further compromise the user's system.\n There are multiple ways an attacker could exploit this\n vulnerability: (CVE-2020-1397)\n\n - A remote code execution vulnerability exists in the way\n that the Windows Graphics Device Interface (GDI) handles\n objects in the memory. An attacker who successfully\n exploited this vulnerability could take control of the\n affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. (CVE-2020-1435)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Function Discovery Service handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2020-1085)\n\n - An information disclosure vulnerability exists in the\n way that the WalletService handles memory.\n (CVE-2020-1361)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Sync Host Service handles objects\n in memory. An attacker who successfully exploited the\n vulnerability could allow an application with limited\n privileges on an affected system to execute code at a\n medium integrity level. (CVE-2020-1434)\n\n - An information disclosure vulnerability exists when\n Skype for Business is accessed via Microsoft Edge\n (EdgeHTML-based). An attacker who exploited the\n vulnerability could cause the user to place a call\n without additional consent, leading to information\n disclosure of the user profile. For the vulnerability to\n be exploited, a user must click a specially crafted URL\n that prompts the Skype app. (CVE-2020-1462)\n\n - An elevation of privilege vulnerability exists when\n Windows Lockscreen fails to properly handle Ease of\n Access dialog. An attacker who successfully exploited\n the vulnerability could execute commands with elevated\n permissions. The security update addresses the\n vulnerability by ensuring that the Ease of Access dialog\n is handled properly. (CVE-2020-1398)\");\n # https://support.microsoft.com/en-us/help/4565489/windows-10-update-kb4565489\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?e6e77e0f\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update KB4565489.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-1435\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-1436\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'SharePoint DataSet / DataTable Deserialization');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/07/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/07/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('smb_func.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_reg_query.inc');\ninclude('install_func.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = 'MS20-07';\nkbs = make_list(\n '4565489'\n);\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:'10',\n sp:0,\n os_build:'17134',\n rollup_date:'07_2020',\n bulletin:bulletin,\n rollup_kb_list:[4565489])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n\n\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-21T16:03:44", "description": "The remote Windows host is missing security update 4565503. It is, therefore, affected by multiple vulnerabilities :\n\n - An elevation of privilege vulnerability exists when the Windows System Events Broker improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges.\n (CVE-2020-1357)\n\n - An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1411)\n\n - An elevation of privilege vulnerability exists when the Windows Diagnostics Execution Service fails to properly sanitize input, leading to an unsecure library-loading behavior. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1418)\n\n - An elevation of privilege vulnerability exists when the Windows USO Core Worker improperly handles memory.\n (CVE-2020-1352)\n\n - An elevation of privilege vulnerability exists when the Windows Modules Installer improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges.\n (CVE-2020-1346)\n\n - An elevation of privilege vulnerability exists when the Windows Diagnostics Hub Standard Collector Service fails to properly sanitize input, leading to an unsecure library-loading behavior. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2020-1393)\n\n - A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage. The security update addresses the vulnerability by correcting how DirectWrite handles objects in memory. (CVE-2020-1409)\n\n - An elevation of privilege vulnerability exists when the Windows AppX Deployment Extensions improperly performs privilege management, resulting in access to system files. (CVE-2020-1431)\n\n - An elevation of privilege vulnerability exists when the Windows Profile Service improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges.\n (CVE-2020-1360)\n\n - An elevation of privilege vulnerability exists when Windows Mobile Device Management (MDM) Diagnostics improperly handles objects in memory. An attacker who successfully exploited this vulnerability could bypass access restrictions to delete files. (CVE-2020-1372)\n\n - An elevation of privilege vulnerability exists when the Windows Picker Platform improperly handles memory.\n (CVE-2020-1363)\n\n - An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC). An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2020-1396)\n\n - An information disclosure vulnerability exists when Windows Mobile Device Management (MDM) Diagnostics improperly handles junctions. An attacker who successfully exploited this vulnerability could bypass access restrictions to read files. (CVE-2020-1330)\n\n - A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server. An attacker who successfully exploited this vulnerability could execute arbitrary code on the computer of the connecting client. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2020-1374)\n\n - A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted fonts. For all systems except Windows 10, an attacker who successfully exploited the vulnerability could execute code remotely. For systems running Windows 10, an attacker who successfully exploited the vulnerability could execute code in an AppContainer sandbox context with limited privileges and capabilities. An attacker could then install programs;\n view, change, or delete data; or create new accounts with full user rights. There are multiple ways an attacker could exploit the vulnerability:\n (CVE-2020-1436)\n\n - An elevation of privilege vulnerability exists in the way that the Credential Enrollment Manager service handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1368)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Network List Service handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1406)\n\n - An information disclosure vulnerability exists when the Windows Graphics component improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. An authenticated attacker could exploit this vulnerability by running a specially crafted application. The update addresses the vulnerability by correcting how the Windows Graphics Component handles objects in memory. (CVE-2020-1351)\n\n - An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory. (CVE-2020-1468)\n\n - An elevation of privilege vulnerability exists when the Windows Event Logging Service improperly handles memory.\n (CVE-2020-1365, CVE-2020-1371)\n\n - An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2020-1389, CVE-2020-1419)\n\n - An elevation of privilege vulnerability exists when the Windows Print Workflow Service improperly handles objects in memory. An attacker who successfully exploited this vulnerability could gain elevated privileges and break out of the AppContainer sandbox.\n (CVE-2020-1366)\n\n - An elevation of privilege vulnerability exists in the way that the Windows WalletService handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1344, CVE-2020-1362, CVE-2020-1369)\n\n - An elevation of privilege vulnerability exists when the Windows ActiveX Installer Service improperly handles memory. (CVE-2020-1402)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Geolocation Framework handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1394)\n\n - An information vulnerability exists when Windows Connected User Experiences and Telemetry Service improperly discloses file information. Successful exploitation of the vulnerability could allow the attacker to read any file on the file system.\n (CVE-2020-1386)\n\n - This security update corrects a denial of service in the Local Security Authority Subsystem Service (LSASS) caused when an authenticated attacker sends a specially crafted authentication request. A remote attacker who successfully exploited this vulnerability could cause a denial of service on the target system's LSASS service, which triggers an automatic reboot of the system. The security update addresses the vulnerability by changing the way that LSASS handles specially crafted authentication requests. (CVE-2020-1267)\n\n - An elevation of privilege vulnerability exists when the Windows Delivery Optimization service improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2020-1392)\n\n - A remote code execution vulnerability exists when Windows Address Book (WAB) improperly processes vcard files. (CVE-2020-1410)\n\n - An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The update addresses the vulnerability by correcting the way the Windows Runtime handles objects in memory.\n (CVE-2020-1249, CVE-2020-1353, CVE-2020-1370, CVE-2020-1399, CVE-2020-1404, CVE-2020-1413, CVE-2020-1414, CVE-2020-1415, CVE-2020-1422)\n\n - A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1435)\n\n - An elevation of privilege vulnerability exists when the Windows UPnP Device Host improperly handles memory.\n (CVE-2020-1354, CVE-2020-1430)\n\n - An elevation of privilege vulnerability exists when the Windows Update Stack fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1424)\n\n - An elevation of privilege vulnerability exists in the way that the SharedStream Library handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1463)\n\n - An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. (CVE-2020-1381, CVE-2020-1382)\n\n - An elevation of privilege vulnerability exists when Group Policy Services Policy Processing improperly handle reparse points. An attacker who successfully exploited this vulnerability could overwrite a targeted file that would normally require elevated permissions.\n (CVE-2020-1333)\n\n - An elevation of privilege vulnerability exists in the way the Windows Push Notification Service handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could then install programs; view, change or delete data. (CVE-2020-1387)\n\n - A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited the vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1408)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory.\n An attacker who successfully exploited the vulnerability could execute code with elevated permissions.\n (CVE-2020-1336)\n\n - A remote code execution vulnerability exists in .NET Framework, Microsoft SharePoint, and Visual Studio when the software fails to check the source markup of XML file input. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the process responsible for deserialization of the XML content. (CVE-2020-1147)\n\n - An elevation of privilege vulnerability exists when the Windows Storage Services improperly handle file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges.\n (CVE-2020-1347)\n\n - A denial of service vulnerability exists in the way that the WalletService handles files. An attacker who successfully exploited the vulnerability could corrupt system files. (CVE-2020-1364)\n\n - An information disclosure vulnerability exists when Skype for Business is accessed via Internet Explorer. An attacker who exploited the vulnerability could cause the user to place a call without additional consent, leading to information disclosure of the user profile. For the vulnerability to be exploited, a user must click a specially crafted URL that prompts the Skype app.\n (CVE-2020-1432)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Network Location Awareness Service handles objects in memory. An attacker who successfully exploited the vulnerability could allow an application with limited privileges on an affected system to execute code at a medium integrity level. (CVE-2020-1437)\n\n - An elevation of privilege vulnerability exists when Windows improperly handles COM object creation. An attacker who successfully exploited the vulnerability could run arbitrary code with elevated privileges.\n (CVE-2020-1375)\n\n - A remote code execution vulnerability exists when the Windows Font Driver Host improperly handles memory. An attacker who successfully exploited the vulnerability would gain execution on a victim system. The security update addresses the vulnerability by correcting how the Windows Font Driver Host handles memory. (CVE-2020-1355)\n\n - An information disclosure vulnerability exists when the Windows Agent Activation Runtime (AarSvc) fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.\n (CVE-2020-1391)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Subsystem for Linux handles files.\n An attacker who successfully exploited the vulnerability could execute code with elevated privileges.\n (CVE-2020-1423)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Network Connections Service handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1373, CVE-2020-1390, CVE-2020-1427, CVE-2020-1428, CVE-2020-1438)\n\n - An elevation of privilege vulnerability exists when the Windows Cryptography Next Generation (CNG) Key Isolation service improperly handles memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. (CVE-2020-1359, CVE-2020-1384)\n\n - An information disclosure vulnerability exists when the Windows Resource Policy component improperly handles memory. (CVE-2020-1358)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Speech Brokered API handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1395)\n\n - An information disclosure vulnerability exists when Windows Error Reporting improperly handles file operations. (CVE-2020-1420)\n\n - A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code on a target system. (CVE-2020-1412)\n\n - An information disclosure vulnerability exists when Microsoft Edge PDF Reader improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2020-1433)\n\n - A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory. (CVE-2020-1400, CVE-2020-1401, CVE-2020-1407)\n\n - An elevation of privilege vulnerability exists when Windows Error Reporting manager improperly handles a process crash. An attacker who successfully exploited this vulnerability could delete a targeted file leading to an elevated status. (CVE-2020-1429)\n\n - An elevation of privilege vulnerability exists in the way that the psmsrv.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.\n (CVE-2020-1388)\n\n - An elevation of privilege vulnerability exists when Windows Mobile Device Management (MDM) Diagnostics improperly handles junctions. An attacker who successfully exploited this vulnerability could bypass access restrictions to delete files. (CVE-2020-1405)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Credential Picker handles objects in memory. An attacker who successfully exploited the vulnerability could allow an application with limited privileges on an affected system to execute code at a medium integrity level. (CVE-2020-1385)\n\n - A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. (CVE-2020-1421)\n\n - An information disclosure vulnerability exists in Windows when the Windows Imaging Component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user's system.\n There are multiple ways an attacker could exploit this vulnerability: (CVE-2020-1397)\n\n - An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. An authenticated attacker could exploit this vulnerability by running a specially crafted application. The update addresses the vulnerability by correcting how the Windows kernel handles objects in memory. (CVE-2020-1367, CVE-2020-1426)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Function Discovery Service handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1085)\n\n - An information disclosure vulnerability exists in the way that the WalletService handles memory.\n (CVE-2020-1361)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Sync Host Service handles objects in memory. An attacker who successfully exploited the vulnerability could allow an application with limited privileges on an affected system to execute code at a medium integrity level. (CVE-2020-1434)\n\n - An information disclosure vulnerability exists when Skype for Business is accessed via Microsoft Edge (EdgeHTML-based). An attacker who exploited the vulnerability could cause the user to place a call without additional consent, leading to information disclosure of the user profile. For the vulnerability to be exploited, a user must click a specially crafted URL that prompts the Skype app. (CVE-2020-1462)\n\n - An elevation of privilege vulnerability exists when Windows Lockscreen fails to properly handle Ease of Access dialog. An attacker who successfully exploited the vulnerability could execute commands with elevated permissions. The security update addresses the vulnerability by ensuring that the Ease of Access dialog is handled properly. (CVE-2020-1398)\n\n - A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2020-1403)", "cvss3": {}, "published": "2020-07-14T00:00:00", "type": "nessus", "title": "KB4565503: Windows 10 Version 2004 July 2020 Security Update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-1085", "CVE-2020-1147", "CVE-2020-1249", "CVE-2020-1267", "CVE-2020-1330", "CVE-2020-1333", "CVE-2020-1336", "CVE-2020-1344", "CVE-2020-1346", "CVE-2020-1347", "CVE-2020-1351", "CVE-2020-1352", "CVE-2020-1353", "CVE-2020-1354", "CVE-2020-1355", "CVE-2020-1357", "CVE-2020-1358", "CVE-2020-1359", "CVE-2020-1360", "CVE-2020-1361", "CVE-2020-1362", "CVE-2020-1363", "CVE-2020-1364", "CVE-2020-1365", "CVE-2020-1366", "CVE-2020-1367", "CVE-2020-1368", "CVE-2020-1369", "CVE-2020-1370", "CVE-2020-1371", "CVE-2020-1372", "CVE-2020-1373", "CVE-2020-1374", "CVE-2020-1375", "CVE-2020-1381", "CVE-2020-1382", "CVE-2020-1384", "CVE-2020-1385", "CVE-2020-1386", "CVE-2020-1387", "CVE-2020-1388", "CVE-2020-1389", "CVE-2020-1390", "CVE-2020-1391", "CVE-2020-1392", "CVE-2020-1393", "CVE-2020-1394", "CVE-2020-1395", "CVE-2020-1396", "CVE-2020-1397", "CVE-2020-1398", "CVE-2020-1399", "CVE-2020-1400", "CVE-2020-1401", "CVE-2020-1402", "CVE-2020-1403", "CVE-2020-1404", "CVE-2020-1405", "CVE-2020-1406", "CVE-2020-1407", "CVE-2020-1408", "CVE-2020-1409", "CVE-2020-1410", "CVE-2020-1411", "CVE-2020-1412", "CVE-2020-1413", "CVE-2020-1414", "CVE-2020-1415", "CVE-2020-1418", "CVE-2020-1419", "CVE-2020-1420", "CVE-2020-1421", "CVE-2020-1422", "CVE-2020-1423", "CVE-2020-1424", "CVE-2020-1426", "CVE-2020-1427", "CVE-2020-1428", "CVE-2020-1429", "CVE-2020-1430", "CVE-2020-1431", "CVE-2020-1432", "CVE-2020-1433", "CVE-2020-1434", "CVE-2020-1435", "CVE-2020-1436", "CVE-2020-1437", "CVE-2020-1438", "CVE-2020-1462", "CVE-2020-1463", "CVE-2020-1468"], "modified": "2023-01-24T00:00:00", "cpe": ["cpe:/o:microsoft:windows", "cpe:/a:microsoft:edge"], "id": "SMB_NT_MS20_JUL_4565503.NASL", "href": "https://www.tenable.com/plugins/nessus/138456", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(138456);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/24\");\n\n script_cve_id(\n \"CVE-2020-1085\",\n \"CVE-2020-1147\",\n \"CVE-2020-1249\",\n \"CVE-2020-1267\",\n \"CVE-2020-1330\",\n \"CVE-2020-1333\",\n \"CVE-2020-1336\",\n \"CVE-2020-1344\",\n \"CVE-2020-1346\",\n \"CVE-2020-1347\",\n \"CVE-2020-1351\",\n \"CVE-2020-1352\",\n \"CVE-2020-1353\",\n \"CVE-2020-1354\",\n \"CVE-2020-1355\",\n \"CVE-2020-1357\",\n \"CVE-2020-1358\",\n \"CVE-2020-1359\",\n \"CVE-2020-1360\",\n \"CVE-2020-1361\",\n \"CVE-2020-1362\",\n \"CVE-2020-1363\",\n \"CVE-2020-1364\",\n \"CVE-2020-1365\",\n \"CVE-2020-1366\",\n \"CVE-2020-1367\",\n \"CVE-2020-1368\",\n \"CVE-2020-1369\",\n \"CVE-2020-1370\",\n \"CVE-2020-1371\",\n \"CVE-2020-1372\",\n \"CVE-2020-1373\",\n \"CVE-2020-1374\",\n \"CVE-2020-1375\",\n \"CVE-2020-1381\",\n \"CVE-2020-1382\",\n \"CVE-2020-1384\",\n \"CVE-2020-1385\",\n \"CVE-2020-1386\",\n \"CVE-2020-1387\",\n \"CVE-2020-1388\",\n \"CVE-2020-1389\",\n \"CVE-2020-1390\",\n \"CVE-2020-1391\",\n \"CVE-2020-1392\",\n \"CVE-2020-1393\",\n \"CVE-2020-1394\",\n \"CVE-2020-1395\",\n \"CVE-2020-1396\",\n \"CVE-2020-1397\",\n \"CVE-2020-1398\",\n \"CVE-2020-1399\",\n \"CVE-2020-1400\",\n \"CVE-2020-1401\",\n \"CVE-2020-1402\",\n \"CVE-2020-1403\",\n \"CVE-2020-1404\",\n \"CVE-2020-1405\",\n \"CVE-2020-1406\",\n \"CVE-2020-1407\",\n \"CVE-2020-1408\",\n \"CVE-2020-1409\",\n \"CVE-2020-1410\",\n \"CVE-2020-1411\",\n \"CVE-2020-1412\",\n \"CVE-2020-1413\",\n \"CVE-2020-1414\",\n \"CVE-2020-1415\",\n \"CVE-2020-1418\",\n \"CVE-2020-1419\",\n \"CVE-2020-1420\",\n \"CVE-2020-1421\",\n \"CVE-2020-1422\",\n \"CVE-2020-1423\",\n \"CVE-2020-1424\",\n \"CVE-2020-1426\",\n \"CVE-2020-1427\",\n \"CVE-2020-1428\",\n \"CVE-2020-1429\",\n \"CVE-2020-1430\",\n \"CVE-2020-1431\",\n \"CVE-2020-1432\",\n \"CVE-2020-1433\",\n \"CVE-2020-1434\",\n \"CVE-2020-1435\",\n \"CVE-2020-1436\",\n \"CVE-2020-1437\",\n \"CVE-2020-1438\",\n \"CVE-2020-1462\",\n \"CVE-2020-1463\",\n \"CVE-2020-1468\"\n );\n script_xref(name:\"MSKB\", value:\"4565503\");\n script_xref(name:\"MSFT\", value:\"MS20-4565503\");\n script_xref(name:\"IAVA\", value:\"2020-A-0300-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0302-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0313-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/03\");\n\n script_name(english:\"KB4565503: Windows 10 Version 2004 July 2020 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4565503. It is, \ntherefore, affected by multiple vulnerabilities :\n\n - An elevation of privilege vulnerability exists when the\n Windows System Events Broker improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could gain elevated privileges.\n (CVE-2020-1357)\n\n - An elevation of privilege vulnerability exists when the\n Windows kernel fails to properly handle objects in\n memory. An attacker who successfully exploited this\n vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change,\n or delete data; or create new accounts with full user\n rights. (CVE-2020-1411)\n\n - An elevation of privilege vulnerability exists when the\n Windows Diagnostics Execution Service fails to properly\n sanitize input, leading to an unsecure library-loading\n behavior. An attacker who successfully exploited this\n vulnerability could run arbitrary code with elevated\n system privileges. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. (CVE-2020-1418)\n\n - An elevation of privilege vulnerability exists when the\n Windows USO Core Worker improperly handles memory.\n (CVE-2020-1352)\n\n - An elevation of privilege vulnerability exists when the\n Windows Modules Installer improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could gain elevated privileges.\n (CVE-2020-1346)\n\n - An elevation of privilege vulnerability exists when the\n Windows Diagnostics Hub Standard Collector Service fails\n to properly sanitize input, leading to an unsecure\n library-loading behavior. An attacker who successfully\n exploited this vulnerability could run arbitrary code\n with elevated system privileges. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2020-1393)\n\n - A remote code execution vulnerability exists in the way\n that DirectWrite handles objects in memory. An attacker\n who successfully exploited this vulnerability could take\n control of the affected system. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights. There are\n multiple ways an attacker could exploit the\n vulnerability, such as by convincing a user to open a\n specially crafted document, or by convincing a user to\n visit an untrusted webpage. The security update\n addresses the vulnerability by correcting how\n DirectWrite handles objects in memory. (CVE-2020-1409)\n\n - An elevation of privilege vulnerability exists when the\n Windows AppX Deployment Extensions improperly performs\n privilege management, resulting in access to system\n files. (CVE-2020-1431)\n\n - An elevation of privilege vulnerability exists when the\n Windows Profile Service improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could gain elevated privileges.\n (CVE-2020-1360)\n\n - An elevation of privilege vulnerability exists when\n Windows Mobile Device Management (MDM) Diagnostics\n improperly handles objects in memory. An attacker who\n successfully exploited this vulnerability could bypass\n access restrictions to delete files. (CVE-2020-1372)\n\n - An elevation of privilege vulnerability exists when the\n Windows Picker Platform improperly handles memory.\n (CVE-2020-1363)\n\n - An elevation of privilege vulnerability exists when\n Windows improperly handles calls to Advanced Local\n Procedure Call (ALPC). An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n the security context of the local system. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n (CVE-2020-1396)\n\n - An information disclosure vulnerability exists when\n Windows Mobile Device Management (MDM) Diagnostics\n improperly handles junctions. An attacker who\n successfully exploited this vulnerability could bypass\n access restrictions to read files. (CVE-2020-1330)\n\n - A remote code execution vulnerability exists in the\n Windows Remote Desktop Client when a user connects to a\n malicious server. An attacker who successfully exploited\n this vulnerability could execute arbitrary code on the\n computer of the connecting client. An attacker could\n then install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2020-1374)\n\n - A remote code execution vulnerability exists when the\n Windows font library improperly handles specially\n crafted fonts. For all systems except Windows 10, an\n attacker who successfully exploited the vulnerability\n could execute code remotely. For systems running Windows\n 10, an attacker who successfully exploited the\n vulnerability could execute code in an AppContainer\n sandbox context with limited privileges and\n capabilities. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. There are multiple ways an\n attacker could exploit the vulnerability:\n (CVE-2020-1436)\n\n - An elevation of privilege vulnerability exists in the\n way that the Credential Enrollment Manager service\n handles objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2020-1368)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Network List Service handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2020-1406)\n\n - An information disclosure vulnerability exists when the\n Windows Graphics component improperly handles objects in\n memory. An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. An authenticated attacker\n could exploit this vulnerability by running a specially\n crafted application. The update addresses the\n vulnerability by correcting how the Windows Graphics\n Component handles objects in memory. (CVE-2020-1351)\n\n - An information disclosure vulnerability exists when the\n Windows GDI component improperly discloses the contents\n of its memory. An attacker who successfully exploited\n the vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document,\n or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by\n correcting how the Windows GDI component handles objects\n in memory. (CVE-2020-1468)\n\n - An elevation of privilege vulnerability exists when the\n Windows Event Logging Service improperly handles memory.\n (CVE-2020-1365, CVE-2020-1371)\n\n - An information disclosure vulnerability exists when the\n Windows kernel fails to properly initialize a memory\n address. An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. (CVE-2020-1389,\n CVE-2020-1419)\n\n - An elevation of privilege vulnerability exists when the\n Windows Print Workflow Service improperly handles\n objects in memory. An attacker who successfully\n exploited this vulnerability could gain elevated\n privileges and break out of the AppContainer sandbox.\n (CVE-2020-1366)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows WalletService handles objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute code with elevated\n permissions. (CVE-2020-1344, CVE-2020-1362,\n CVE-2020-1369)\n\n - An elevation of privilege vulnerability exists when the\n Windows ActiveX Installer Service improperly handles\n memory. (CVE-2020-1402)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Geolocation Framework handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2020-1394)\n\n - An information vulnerability exists when Windows\n Connected User Experiences and Telemetry Service\n improperly discloses file information. Successful\n exploitation of the vulnerability could allow the\n attacker to read any file on the file system.\n (CVE-2020-1386)\n\n - This security update corrects a denial of service in the\n Local Security Authority Subsystem Service (LSASS)\n caused when an authenticated attacker sends a specially\n crafted authentication request. A remote attacker who\n successfully exploited this vulnerability could cause a\n denial of service on the target system's LSASS service,\n which triggers an automatic reboot of the system. The\n security update addresses the vulnerability by changing\n the way that LSASS handles specially crafted\n authentication requests. (CVE-2020-1267)\n\n - An elevation of privilege vulnerability exists when the\n Windows Delivery Optimization service improperly handles\n objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code\n with elevated system privileges. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2020-1392)\n\n - A remote code execution vulnerability exists when\n Windows Address Book (WAB) improperly processes vcard\n files. (CVE-2020-1410)\n\n - An elevation of privilege vulnerability exists when the\n Windows Runtime improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could run arbitrary code in an elevated context. An\n attacker could exploit this vulnerability by running a\n specially crafted application on the victim system. The\n update addresses the vulnerability by correcting the way\n the Windows Runtime handles objects in memory.\n (CVE-2020-1249, CVE-2020-1353, CVE-2020-1370,\n CVE-2020-1399, CVE-2020-1404, CVE-2020-1413,\n CVE-2020-1414, CVE-2020-1415, CVE-2020-1422)\n\n - A remote code execution vulnerability exists in the way\n that the Windows Graphics Device Interface (GDI) handles\n objects in the memory. An attacker who successfully\n exploited this vulnerability could take control of the\n affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. (CVE-2020-1435)\n\n - An elevation of privilege vulnerability exists when the\n Windows UPnP Device Host improperly handles memory.\n (CVE-2020-1354, CVE-2020-1430)\n\n - An elevation of privilege vulnerability exists when the\n Windows Update Stack fails to properly handle objects in\n memory. An attacker who successfully exploited this\n vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change,\n or delete data; or create new accounts with full user\n rights. (CVE-2020-1424)\n\n - An elevation of privilege vulnerability exists in the\n way that the SharedStream Library handles objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute code with elevated\n permissions. (CVE-2020-1463)\n\n - An elevation of privilege vulnerability exists when the\n Windows Graphics Component improperly handles objects in\n memory. An attacker who successfully exploited this\n vulnerability could run processes in an elevated\n context. (CVE-2020-1381, CVE-2020-1382)\n\n - An elevation of privilege vulnerability exists when\n Group Policy Services Policy Processing improperly\n handle reparse points. An attacker who successfully\n exploited this vulnerability could overwrite a targeted\n file that would normally require elevated permissions.\n (CVE-2020-1333)\n\n - An elevation of privilege vulnerability exists in the\n way the Windows Push Notification Service handles\n objects in memory. An attacker who successfully\n exploited this vulnerability could run processes in an\n elevated context. An attacker could then install\n programs; view, change or delete data. (CVE-2020-1387)\n\n - A remote code execution vulnerability exists when the\n Windows font library improperly handles specially\n crafted embedded fonts. An attacker who successfully\n exploited the vulnerability could take control of the\n affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. (CVE-2020-1408)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Kernel handles objects in memory.\n An attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2020-1336)\n\n - A remote code execution vulnerability exists in .NET\n Framework, Microsoft SharePoint, and Visual Studio when\n the software fails to check the source markup of XML\n file input. An attacker who successfully exploited the\n vulnerability could run arbitrary code in the context of\n the process responsible for deserialization of the XML\n content. (CVE-2020-1147)\n\n - An elevation of privilege vulnerability exists when the\n Windows Storage Services improperly handle file\n operations. An attacker who successfully exploited this\n vulnerability could gain elevated privileges.\n (CVE-2020-1347)\n\n - A denial of service vulnerability exists in the way that\n the WalletService handles files. An attacker who\n successfully exploited the vulnerability could corrupt\n system files. (CVE-2020-1364)\n\n - An information disclosure vulnerability exists when\n Skype for Business is accessed via Internet Explorer. An\n attacker who exploited the vulnerability could cause the\n user to place a call without additional consent, leading\n to information disclosure of the user profile. For the\n vulnerability to be exploited, a user must click a\n specially crafted URL that prompts the Skype app.\n (CVE-2020-1432)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Network Location Awareness Service\n handles objects in memory. An attacker who successfully\n exploited the vulnerability could allow an application\n with limited privileges on an affected system to execute\n code at a medium integrity level. (CVE-2020-1437)\n\n - An elevation of privilege vulnerability exists when\n Windows improperly handles COM object creation. An\n attacker who successfully exploited the vulnerability\n could run arbitrary code with elevated privileges.\n (CVE-2020-1375)\n\n - A remote code execution vulnerability exists when the\n Windows Font Driver Host improperly handles memory. An\n attacker who successfully exploited the vulnerability\n would gain execution on a victim system. The security\n update addresses the vulnerability by correcting how the\n Windows Font Driver Host handles memory. (CVE-2020-1355)\n\n - An information disclosure vulnerability exists when the\n Windows Agent Activation Runtime (AarSvc) fails to\n properly handle objects in memory. An attacker who\n successfully exploited the vulnerability could obtain\n information to further compromise the users system.\n (CVE-2020-1391)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Subsystem for Linux handles files.\n An attacker who successfully exploited the vulnerability\n could execute code with elevated privileges.\n (CVE-2020-1423)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Network Connections Service handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2020-1373, CVE-2020-1390,\n CVE-2020-1427, CVE-2020-1428, CVE-2020-1438)\n\n - An elevation of privilege vulnerability exists when the\n Windows Cryptography Next Generation (CNG) Key Isolation\n service improperly handles memory. An attacker who\n successfully exploited this vulnerability could run\n processes in an elevated context. (CVE-2020-1359,\n CVE-2020-1384)\n\n - An information disclosure vulnerability exists when the\n Windows Resource Policy component improperly handles\n memory. (CVE-2020-1358)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Speech Brokered API handles objects\n in memory. An attacker who successfully exploited the\n vulnerability could execute code with elevated\n permissions. (CVE-2020-1395)\n\n - An information disclosure vulnerability exists when\n Windows Error Reporting improperly handles file\n operations. (CVE-2020-1420)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft Graphics Components handle objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute arbitrary code on a target\n system. (CVE-2020-1412)\n\n - An information disclosure vulnerability exists when\n Microsoft Edge PDF Reader improperly handles objects in\n memory. An attacker who successfully exploited the\n vulnerability could obtain information to further\n compromise the users system. (CVE-2020-1433)\n\n - A remote code execution vulnerability exists when the\n Windows Jet Database Engine improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on a victim\n system. An attacker could exploit this vulnerability by\n enticing a victim to open a specially crafted file. The\n update addresses the vulnerability by correcting the way\n the Windows Jet Database Engine handles objects in\n memory. (CVE-2020-1400, CVE-2020-1401, CVE-2020-1407)\n\n - An elevation of privilege vulnerability exists when\n Windows Error Reporting manager improperly handles a\n process crash. An attacker who successfully exploited\n this vulnerability could delete a targeted file leading\n to an elevated status. (CVE-2020-1429)\n\n - An elevation of privilege vulnerability exists in the\n way that the psmsrv.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2020-1388)\n\n - An elevation of privilege vulnerability exists when\n Windows Mobile Device Management (MDM) Diagnostics\n improperly handles junctions. An attacker who\n successfully exploited this vulnerability could bypass\n access restrictions to delete files. (CVE-2020-1405)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Credential Picker handles objects\n in memory. An attacker who successfully exploited the\n vulnerability could allow an application with limited\n privileges on an affected system to execute code at a\n medium integrity level. (CVE-2020-1385)\n\n - A remote code execution vulnerability exists in\n Microsoft Windows that could allow remote code execution\n if a .LNK file is processed. An attacker who\n successfully exploited this vulnerability could gain the\n same user rights as the local user. (CVE-2020-1421)\n\n - An information disclosure vulnerability exists in\n Windows when the Windows Imaging Component fails to\n properly handle objects in memory. An attacker who\n successfully exploited this vulnerability could obtain\n information to further compromise the user's system.\n There are multiple ways an attacker could exploit this\n vulnerability: (CVE-2020-1397)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. An authenticated attacker could exploit this\n vulnerability by running a specially crafted\n application. The update addresses the vulnerability by\n correcting how the Windows kernel handles objects in\n memory. (CVE-2020-1367, CVE-2020-1426)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Function Discovery Service handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2020-1085)\n\n - An information disclosure vulnerability exists in the\n way that the WalletService handles memory.\n (CVE-2020-1361)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Sync Host Service handles objects\n in memory. An attacker who successfully exploited the\n vulnerability could allow an application with limited\n privileges on an affected system to execute code at a\n medium integrity level. (CVE-2020-1434)\n\n - An information disclosure vulnerability exists when\n Skype for Business is accessed via Microsoft Edge\n (EdgeHTML-based). An attacker who exploited the\n vulnerability could cause the user to place a call\n without additional consent, leading to information\n disclosure of the user profile. For the vulnerability to\n be exploited, a user must click a specially crafted URL\n that prompts the Skype app. (CVE-2020-1462)\n\n - An elevation of privilege vulnerability exists when\n Windows Lockscreen fails to properly handle Ease of\n Access dialog. An attacker who successfully exploited\n the vulnerability could execute commands with elevated\n permissions. The security update addresses the\n vulnerability by ensuring that the Ease of Access dialog\n is handled properly. (CVE-2020-1398)\n\n - A remote code execution vulnerability exists in the way\n that the VBScript engine handles objects in memory. The\n vulnerability could corrupt memory in such a way that an\n attacker could execute arbitrary code in the context of\n the current user. An attacker who successfully exploited\n the vulnerability could gain the same user rights as the\n current user. (CVE-2020-1403)\");\n # https://support.microsoft.com/en-us/help/4565503/windows-10-update-kb4565503\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?7a974e0a\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update KB4565503.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-1435\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-1436\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'SharePoint DataSet / DataTable Deserialization');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/07/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/07/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS20-07\";\nkbs = make_list('4565503');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:\"19041\",\n rollup_date:\"07_2020\",\n bulletin:bulletin,\n rollup_kb_list:[4565503])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n\n\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-21T16:03:44", "description": "The remote Windows host is missing security update 4565483 or 4565554. It is, therefore, affected by multiple vulnerabilities :\n\n - An elevation of privilege vulnerability exists when the Windows System Events Broker improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges.\n (CVE-2020-1357)\n\n - An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1411)\n\n - An elevation of privilege vulnerability exists when the Windows Diagnostics Execution Service fails to properly sanitize input, leading to an unsecure library-loading behavior. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1418)\n\n - An elevation of privilege vulnerability exists when the Windows USO Core Worker improperly handles memory.\n (CVE-2020-1352)\n\n - An elevation of privilege vulnerability exists when the Windows Modules Installer improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges.\n (CVE-2020-1346)\n\n - An elevation of privilege vulnerability exists when the Windows Diagnostics Hub Standard Collector Service fails to properly sanitize input, leading to an unsecure library-loading behavior. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2020-1393)\n\n - A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage. The security update addresses the vulnerability by correcting how DirectWrite handles objects in memory. (CVE-2020-1409)\n\n - An elevation of privilege vulnerability exists when the Windows AppX Deployment Extensions improperly performs privilege management, resulting in access to system files. (CVE-2020-1431)\n\n - An elevation of privilege vulnerability exists when the Windows Profile Service improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges.\n (CVE-2020-1360)\n\n - An elevation of privilege vulnerability exists when Windows Mobile Device Management (MDM) Diagnostics improperly handles objects in memory. An attacker who successfully exploited this vulnerability could bypass access restrictions to delete files. (CVE-2020-1372)\n\n - An elevation of privilege vulnerability exists when the Windows Picker Platform improperly handles memory.\n (CVE-2020-1363)\n\n - An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC). An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2020-1396)\n\n - An information disclosure vulnerability exists when Windows Mobile Device Management (MDM) Diagnostics improperly handles junctions. An attacker who successfully exploited this vulnerability could bypass access restrictions to read files. (CVE-2020-1330)\n\n - A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server. An attacker who successfully exploited this vulnerability could execute arbitrary code on the computer of the connecting client. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2020-1374)\n\n - A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted fonts. For all systems except Windows 10, an attacker who successfully exploited the vulnerability could execute code remotely. For systems running Windows 10, an attacker who successfully exploited the vulnerability could execute code in an AppContainer sandbox context with limited privileges and capabilities. An attacker could then install programs;\n view, change, or delete data; or create new accounts with full user rights. There are multiple ways an attacker could exploit the vulnerability:\n (CVE-2020-1436)\n\n - An elevation of privilege vulnerability exists in the way that the Credential Enrollment Manager service handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1368)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Network List Service handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1406)\n\n - An information disclosure vulnerability exists when the Windows Graphics component improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. An authenticated attacker could exploit this vulnerability by running a specially crafted application. The update addresses the vulnerability by correcting how the Windows Graphics Component handles objects in memory. (CVE-2020-1351)\n\n - An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory. (CVE-2020-1468)\n\n - An elevation of privilege vulnerability exists when the Windows Event Logging Service improperly handles memory.\n (CVE-2020-1365, CVE-2020-1371)\n\n - An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2020-1389, CVE-2020-1419)\n\n - An elevation of privilege vulnerability exists when the Windows Print Workflow Service improperly handles objects in memory. An attacker who successfully exploited this vulnerability could gain elevated privileges and break out of the AppContainer sandbox.\n (CVE-2020-1366)\n\n - An elevation of privilege vulnerability exists in the way that the Windows WalletService handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1344, CVE-2020-1362, CVE-2020-1369)\n\n - An elevation of privilege vulnerability exists when the Windows ActiveX Installer Service improperly handles memory. (CVE-2020-1402)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Geolocation Framework handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1394)\n\n - An information vulnerability exists when Windows Connected User Experiences and Telemetry Service improperly discloses file information. Successful exploitation of the vulnerability could allow the attacker to read any file on the file system.\n (CVE-2020-1386)\n\n - This security update corrects a denial of service in the Local Security Authority Subsystem Service (LSASS) caused when an authenticated attacker sends a specially crafted authentication request. A remote attacker who successfully exploited this vulnerability could cause a denial of service on the target system's LSASS service, which triggers an automatic reboot of the system. The security update addresses the vulnerability by changing the way that LSASS handles specially crafted authentication requests. (CVE-2020-1267)\n\n - An elevation of privilege vulnerability exists when the Windows Delivery Optimization service improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2020-1392)\n\n - A remote code execution vulnerability exists when Windows Address Book (WAB) improperly processes vcard files. (CVE-2020-1410)\n\n - An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The update addresses the vulnerability by correcting the way the Windows Runtime handles objects in memory.\n (CVE-2020-1249, CVE-2020-1353, CVE-2020-1370, CVE-2020-1399, CVE-2020-1404, CVE-2020-1413, CVE-2020-1414, CVE-2020-1415, CVE-2020-1422)\n\n - A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1435)\n\n - An elevation of privilege vulnerability exists when the Windows Update Stack fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1424)\n\n - An elevation of privilege vulnerability exists in the way that the SharedStream Library handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1463)\n\n - An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. (CVE-2020-1381, CVE-2020-1382)\n\n - An elevation of privilege vulnerability exists when Group Policy Services Policy Processing improperly handle reparse points. An attacker who successfully exploited this vulnerability could overwrite a targeted file that would normally require elevated permissions.\n (CVE-2020-1333)\n\n - An elevation of privilege vulnerability exists in the way the Windows Push Notification Service handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could then install programs; view, change or delete data. (CVE-2020-1387)\n\n - A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited the vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1408)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory.\n An attacker who successfully exploited the vulnerability could execute code with elevated permissions.\n (CVE-2020-1336)\n\n - A remote code execution vulnerability exists in .NET Framework, Microsoft SharePoint, and Visual Studio when the software fails to check the source markup of XML file input. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the process responsible for deserialization of the XML content. (CVE-2020-1147)\n\n - An elevation of privilege vulnerability exists when the Windows Storage Services improperly handle file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges.\n (CVE-2020-1347)\n\n - A denial of service vulnerability exists in the way that the WalletService handles files. An attacker who successfully exploited the vulnerability could corrupt system files. (CVE-2020-1364)\n\n - An elevation of privilege vulnerability exists when the Windows UPnP Device Host improperly handles memory.\n (CVE-2020-1430)\n\n - An information disclosure vulnerability exists when Skype for Business is accessed via Internet Explorer. An attacker who exploited the vulnerability could cause the user to place a call without additional consent, leading to information disclosure of the user profile. For the vulnerability to be exploited, a user must click a specially crafted URL that prompts the Skype app.\n (CVE-2020-1432)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Network Location Awareness Service handles objects in memory. An attacker who successfully exploited the vulnerability could allow an application with limited privileges on an affected system to execute code at a medium integrity level. (CVE-2020-1437)\n\n - An elevation of privilege vulnerability exists when Windows improperly handles COM object creation. An attacker who successfully exploited the vulnerability could run arbitrary code with elevated privileges.\n (CVE-2020-1375)\n\n - A remote code execution vulnerability exists when the Windows Font Driver Host improperly handles memory. An attacker who successfully exploited the vulnerability would gain execution on a victim system. The security update addresses the vulnerability by correcting how the Windows Font Driver Host handles memory. (CVE-2020-1355)\n\n - An information disclosure vulnerability exists when the Windows Agent Activation Runtime (AarSvc) fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.\n (CVE-2020-1391)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Network Connections Service handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1373, CVE-2020-1390, CVE-2020-1427, CVE-2020-1428, CVE-2020-1438)\n\n - An elevation of privilege vulnerability exists when the Windows Cryptography Next Generation (CNG) Key Isolation service improperly handles memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. (CVE-2020-1359, CVE-2020-1384)\n\n - An information disclosure vulnerability exists when the Windows Resource Policy component improperly handles memory. (CVE-2020-1358)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Speech Brokered API handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1395)\n\n - An information disclosure vulnerability exists when Windows Error Reporting improperly handles file operations. (CVE-2020-1420)\n\n - A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code on a target system. (CVE-2020-1412)\n\n - An information disclosure vulnerability exists when Microsoft Edge PDF Reader improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2020-1433)\n\n - A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory. (CVE-2020-1400, CVE-2020-1401, CVE-2020-1407)\n\n - An elevation of privilege vulnerability exists when Windows Error Reporting manager improperly handles a process crash. An attacker who successfully exploited this vulnerability could delete a targeted file leading to an elevated status. (CVE-2020-1429)\n\n - An elevation of privilege vulnerability exists in the way that the psmsrv.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.\n (CVE-2020-1388)\n\n - An elevation of privilege vulnerability exists when Windows Mobile Device Management (MDM) Diagnostics improperly handles junctions. An attacker who successfully exploited this vulnerability could bypass access restrictions to delete files. (CVE-2020-1405)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Credential Picker handles objects in memory. An attacker who successfully exploited the vulnerability could allow an application with limited privileges on an affected system to execute code at a medium integrity level. (CVE-2020-1385)\n\n - A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. (CVE-2020-1421)\n\n - An information disclosure vulnerability exists in Windows when the Windows Imaging Component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user's system.\n There are multiple ways an attacker could exploit this vulnerability: (CVE-2020-1397)\n\n - An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. An authenticated attacker could exploit this vulnerability by running a specially crafted application. The update addresses the vulnerability by correcting how the Windows kernel handles objects in memory. (CVE-2020-1367, CVE-2020-1426)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Function Discovery Service handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1085)\n\n - An information disclosure vulnerability exists in the way that the WalletService handles memory.\n (CVE-2020-1361)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Sync Host Service handles objects in memory. An attacker who successfully exploited the vulnerability could allow an application with limited privileges on an affected system to execute code at a medium integrity level. (CVE-2020-1434)\n\n - An information disclosure vulnerability exists when Skype for Business is accessed via Microsoft Edge (EdgeHTML-based). An attacker who exploited the vulnerability could cause the user to place a call without additional consent, leading to information disclosure of the user profile. For the vulnerability to be exploited, a user must click a specially crafted URL that prompts the Skype app. (CVE-2020-1462)\n\n - An elevation of privilege vulnerability exists when Windows Lockscreen fails to properly handle Ease of Access dialog. An attacker who successfully exploited the vulnerability could execute commands with elevated permissions. The security update addresses the vulnerability by ensuring that the Ease of Access dialog is handled properly. (CVE-2020-1398)\n\n - A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2020-1403)", "cvss3": {}, "published": "2020-07-14T00:00:00", "type": "nessus", "title": "KB4565483: Windows 10 Version 1903 and Windows 10 Version 1909 July 2020 Security Update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-1085", "CVE-2020-1147", "CVE-2020-1249", "CVE-2020-1267", "CVE-2020-1330", "CVE-2020-1333", "CVE-2020-1336", "CVE-2020-1344", "CVE-2020-1346", "CVE-2020-1347", "CVE-2020-1351", "CVE-2020-1352", "CVE-2020-1353", "CVE-2020-1355", "CVE-2020-1357", "CVE-2020-1358", "CVE-2020-1359", "CVE-2020-1360", "CVE-2020-1361", "CVE-2020-1362", "CVE-2020-1363", "CVE-2020-1364", "CVE-2020-1365", "CVE-2020-1366", "CVE-2020-1367", "CVE-2020-1368", "CVE-2020-1369", "CVE-2020-1370", "CVE-2020-1371", "CVE-2020-1372", "CVE-2020-1373", "CVE-2020-1374", "CVE-2020-1375", "CVE-2020-1381", "CVE-2020-1382", "CVE-2020-1384", "CVE-2020-1385", "CVE-2020-1386", "CVE-2020-1387", "CVE-2020-1388", "CVE-2020-1389", "CVE-2020-1390", "CVE-2020-1391", "CVE-2020-1392", "CVE-2020-1393", "CVE-2020-1394", "CVE-2020-1395", "CVE-2020-1396", "CVE-2020-1397", "CVE-2020-1398", "CVE-2020-1399", "CVE-2020-1400", "CVE-2020-1401", "CVE-2020-1402", "CVE-2020-1403", "CVE-2020-1404", "CVE-2020-1405", "CVE-2020-1406", "CVE-2020-1407", "CVE-2020-1408", "CVE-2020-1409", "CVE-2020-1410", "CVE-2020-1411", "CVE-2020-1412", "CVE-2020-1413", "CVE-2020-1414", "CVE-2020-1415", "CVE-2020-1418", "CVE-2020-1419", "CVE-2020-1420", "CVE-2020-1421", "CVE-2020-1422", "CVE-2020-1424", "CVE-2020-1426", "CVE-2020-1427", "CVE-2020-1428", "CVE-2020-1429", "CVE-2020-1430", "CVE-2020-1431", "CVE-2020-1432", "CVE-2020-1433", "CVE-2020-1434", "CVE-2020-1435", "CVE-2020-1436", "CVE-2020-1437", "CVE-2020-1438", "CVE-2020-1462", "CVE-2020-1463", "CVE-2020-1468"], "modified": "2023-01-24T00:00:00", "cpe": ["cpe:/o:microsoft:windows", "cpe:/a:microsoft:edge"], "id": "SMB_NT_MS20_JUL_4565483.NASL", "href": "https://www.tenable.com/plugins/nessus/138454", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(138454);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/24\");\n\n script_cve_id(\n \"CVE-2020-1085\",\n \"CVE-2020-1147\",\n \"CVE-2020-1249\",\n \"CVE-2020-1267\",\n \"CVE-2020-1330\",\n \"CVE-2020-1333\",\n \"CVE-2020-1336\",\n \"CVE-2020-1344\",\n \"CVE-2020-1346\",\n \"CVE-2020-1347\",\n \"CVE-2020-1351\",\n \"CVE-2020-1352\",\n \"CVE-2020-1353\",\n \"CVE-2020-1355\",\n \"CVE-2020-1357\",\n \"CVE-2020-1358\",\n \"CVE-2020-1359\",\n \"CVE-2020-1360\",\n \"CVE-2020-1361\",\n \"CVE-2020-1362\",\n \"CVE-2020-1363\",\n \"CVE-2020-1364\",\n \"CVE-2020-1365\",\n \"CVE-2020-1366\",\n \"CVE-2020-1367\",\n \"CVE-2020-1368\",\n \"CVE-2020-1369\",\n \"CVE-2020-1370\",\n \"CVE-2020-1371\",\n \"CVE-2020-1372\",\n \"CVE-2020-1373\",\n \"CVE-2020-1374\",\n \"CVE-2020-1375\",\n \"CVE-2020-1381\",\n \"CVE-2020-1382\",\n \"CVE-2020-1384\",\n \"CVE-2020-1385\",\n \"CVE-2020-1386\",\n \"CVE-2020-1387\",\n \"CVE-2020-1388\",\n \"CVE-2020-1389\",\n \"CVE-2020-1390\",\n \"CVE-2020-1391\",\n \"CVE-2020-1392\",\n \"CVE-2020-1393\",\n \"CVE-2020-1394\",\n \"CVE-2020-1395\",\n \"CVE-2020-1396\",\n \"CVE-2020-1397\",\n \"CVE-2020-1398\",\n \"CVE-2020-1399\",\n \"CVE-2020-1400\",\n \"CVE-2020-1401\",\n \"CVE-2020-1402\",\n \"CVE-2020-1403\",\n \"CVE-2020-1404\",\n \"CVE-2020-1405\",\n \"CVE-2020-1406\",\n \"CVE-2020-1407\",\n \"CVE-2020-1408\",\n \"CVE-2020-1409\",\n \"CVE-2020-1410\",\n \"CVE-2020-1411\",\n \"CVE-2020-1412\",\n \"CVE-2020-1413\",\n \"CVE-2020-1414\",\n \"CVE-2020-1415\",\n \"CVE-2020-1418\",\n \"CVE-2020-1419\",\n \"CVE-2020-1420\",\n \"CVE-2020-1421\",\n \"CVE-2020-1422\",\n \"CVE-2020-1424\",\n \"CVE-2020-1426\",\n \"CVE-2020-1427\",\n \"CVE-2020-1428\",\n \"CVE-2020-1429\",\n \"CVE-2020-1430\",\n \"CVE-2020-1431\",\n \"CVE-2020-1432\",\n \"CVE-2020-1433\",\n \"CVE-2020-1434\",\n \"CVE-2020-1435\",\n \"CVE-2020-1436\",\n \"CVE-2020-1437\",\n \"CVE-2020-1438\",\n \"CVE-2020-1462\",\n \"CVE-2020-1463\",\n \"CVE-2020-1468\"\n );\n script_xref(name:\"MSKB\", value:\"4565483\");\n script_xref(name:\"MSFT\", value:\"MS20-4565483\");\n script_xref(name:\"IAVA\", value:\"2020-A-0300-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0302-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0313-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/03\");\n\n script_name(english:\"KB4565483: Windows 10 Version 1903 and Windows 10 Version 1909 July 2020 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4565483\nor 4565554. It is, therefore, affected by multiple\nvulnerabilities :\n\n - An elevation of privilege vulnerability exists when the\n Windows System Events Broker improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could gain elevated privileges.\n (CVE-2020-1357)\n\n - An elevation of privilege vulnerability exists when the\n Windows kernel fails to properly handle objects in\n memory. An attacker who successfully exploited this\n vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change,\n or delete data; or create new accounts with full user\n rights. (CVE-2020-1411)\n\n - An elevation of privilege vulnerability exists when the\n Windows Diagnostics Execution Service fails to properly\n sanitize input, leading to an unsecure library-loading\n behavior. An attacker who successfully exploited this\n vulnerability could run arbitrary code with elevated\n system privileges. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. (CVE-2020-1418)\n\n - An elevation of privilege vulnerability exists when the\n Windows USO Core Worker improperly handles memory.\n (CVE-2020-1352)\n\n - An elevation of privilege vulnerability exists when the\n Windows Modules Installer improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could gain elevated privileges.\n (CVE-2020-1346)\n\n - An elevation of privilege vulnerability exists when the\n Windows Diagnostics Hub Standard Collector Service fails\n to properly sanitize input, leading to an unsecure\n library-loading behavior. An attacker who successfully\n exploited this vulnerability could run arbitrary code\n with elevated system privileges. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2020-1393)\n\n - A remote code execution vulnerability exists in the way\n that DirectWrite handles objects in memory. An attacker\n who successfully exploited this vulnerability could take\n control of the affected system. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights. There are\n multiple ways an attacker could exploit the\n vulnerability, such as by convincing a user to open a\n specially crafted document, or by convincing a user to\n visit an untrusted webpage. The security update\n addresses the vulnerability by correcting how\n DirectWrite handles objects in memory. (CVE-2020-1409)\n\n - An elevation of privilege vulnerability exists when the\n Windows AppX Deployment Extensions improperly performs\n privilege management, resulting in access to system\n files. (CVE-2020-1431)\n\n - An elevation of privilege vulnerability exists when the\n Windows Profile Service improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could gain elevated privileges.\n (CVE-2020-1360)\n\n - An elevation of privilege vulnerability exists when\n Windows Mobile Device Management (MDM) Diagnostics\n improperly handles objects in memory. An attacker who\n successfully exploited this vulnerability could bypass\n access restrictions to delete files. (CVE-2020-1372)\n\n - An elevation of privilege vulnerability exists when the\n Windows Picker Platform improperly handles memory.\n (CVE-2020-1363)\n\n - An elevation of privilege vulnerability exists when\n Windows improperly handles calls to Advanced Local\n Procedure Call (ALPC). An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n the security context of the local system. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n (CVE-2020-1396)\n\n - An information disclosure vulnerability exists when\n Windows Mobile Device Management (MDM) Diagnostics\n improperly handles junctions. An attacker who\n successfully exploited this vulnerability could bypass\n access restrictions to read files. (CVE-2020-1330)\n\n - A remote code execution vulnerability exists in the\n Windows Remote Desktop Client when a user connects to a\n malicious server. An attacker who successfully exploited\n this vulnerability could execute arbitrary code on the\n computer of the connecting client. An attacker could\n then install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2020-1374)\n\n - A remote code execution vulnerability exists when the\n Windows font library improperly handles specially\n crafted fonts. For all systems except Windows 10, an\n attacker who successfully exploited the vulnerability\n could execute code remotely. For systems running Windows\n 10, an attacker who successfully exploited the\n vulnerability could execute code in an AppContainer\n sandbox context with limited privileges and\n capabilities. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. There are multiple ways an\n attacker could exploit the vulnerability:\n (CVE-2020-1436)\n\n - An elevation of privilege vulnerability exists in the\n way that the Credential Enrollment Manager service\n handles objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2020-1368)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Network List Service handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2020-1406)\n\n - An information disclosure vulnerability exists when the\n Windows Graphics component improperly handles objects in\n memory. An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. An authenticated attacker\n could exploit this vulnerability by running a specially\n crafted application. The update addresses the\n vulnerability by correcting how the Windows Graphics\n Component handles objects in memory. (CVE-2020-1351)\n\n - An information disclosure vulnerability exists when the\n Windows GDI component improperly discloses the contents\n of its memory. An attacker who successfully exploited\n the vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document,\n or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by\n correcting how the Windows GDI component handles objects\n in memory. (CVE-2020-1468)\n\n - An elevation of privilege vulnerability exists when the\n Windows Event Logging Service improperly handles memory.\n (CVE-2020-1365, CVE-2020-1371)\n\n - An information disclosure vulnerability exists when the\n Windows kernel fails to properly initialize a memory\n address. An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. (CVE-2020-1389,\n CVE-2020-1419)\n\n - An elevation of privilege vulnerability exists when the\n Windows Print Workflow Service improperly handles\n objects in memory. An attacker who successfully\n exploited this vulnerability could gain elevated\n privileges and break out of the AppContainer sandbox.\n (CVE-2020-1366)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows WalletService handles objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute code with elevated\n permissions. (CVE-2020-1344, CVE-2020-1362,\n CVE-2020-1369)\n\n - An elevation of privilege vulnerability exists when the\n Windows ActiveX Installer Service improperly handles\n memory. (CVE-2020-1402)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Geolocation Framework handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2020-1394)\n\n - An information vulnerability exists when Windows\n Connected User Experiences and Telemetry Service\n improperly discloses file information. Successful\n exploitation of the vulnerability could allow the\n attacker to read any file on the file system.\n (CVE-2020-1386)\n\n - This security update corrects a denial of service in the\n Local Security Authority Subsystem Service (LSASS)\n caused when an authenticated attacker sends a specially\n crafted authentication request. A remote attacker who\n successfully exploited this vulnerability could cause a\n denial of service on the target system's LSASS service,\n which triggers an automatic reboot of the system. The\n security update addresses the vulnerability by changing\n the way that LSASS handles specially crafted\n authentication requests. (CVE-2020-1267)\n\n - An elevation of privilege vulnerability exists when the\n Windows Delivery Optimization service improperly handles\n objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code\n with elevated system privileges. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2020-1392)\n\n - A remote code execution vulnerability exists when\n Windows Address Book (WAB) improperly processes vcard\n files. (CVE-2020-1410)\n\n - An elevation of privilege vulnerability exists when the\n Windows Runtime improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could run arbitrary code in an elevated context. An\n attacker could exploit this vulnerability by running a\n specially crafted application on the victim system. The\n update addresses the vulnerability by correcting the way\n the Windows Runtime handles objects in memory.\n (CVE-2020-1249, CVE-2020-1353, CVE-2020-1370,\n CVE-2020-1399, CVE-2020-1404, CVE-2020-1413,\n CVE-2020-1414, CVE-2020-1415, CVE-2020-1422)\n\n - A remote code execution vulnerability exists in the way\n that the Windows Graphics Device Interface (GDI) handles\n objects in the memory. An attacker who successfully\n exploited this vulnerability could take control of the\n affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. (CVE-2020-1435)\n\n - An elevation of privilege vulnerability exists when the\n Windows Update Stack fails to properly handle objects in\n memory. An attacker who successfully exploited this\n vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change,\n or delete data; or create new accounts with full user\n rights. (CVE-2020-1424)\n\n - An elevation of privilege vulnerability exists in the\n way that the SharedStream Library handles objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute code with elevated\n permissions. (CVE-2020-1463)\n\n - An elevation of privilege vulnerability exists when the\n Windows Graphics Component improperly handles objects in\n memory. An attacker who successfully exploited this\n vulnerability could run processes in an elevated\n context. (CVE-2020-1381, CVE-2020-1382)\n\n - An elevation of privilege vulnerability exists when\n Group Policy Services Policy Processing improperly\n handle reparse points. An attacker who successfully\n exploited this vulnerability could overwrite a targeted\n file that would normally require elevated permissions.\n (CVE-2020-1333)\n\n - An elevation of privilege vulnerability exists in the\n way the Windows Push Notification Service handles\n objects in memory. An attacker who successfully\n exploited this vulnerability could run processes in an\n elevated context. An attacker could then install\n programs; view, change or delete data. (CVE-2020-1387)\n\n - A remote code execution vulnerability exists when the\n Windows font library improperly handles specially\n crafted embedded fonts. An attacker who successfully\n exploited the vulnerability could take control of the\n affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. (CVE-2020-1408)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Kernel handles objects in memory.\n An attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2020-1336)\n\n - A remote code execution vulnerability exists in .NET\n Framework, Microsoft SharePoint, and Visual Studio when\n the software fails to check the source markup of XML\n file input. An attacker who successfully exploited the\n vulnerability could run arbitrary code in the context of\n the process responsible for deserialization of the XML\n content. (CVE-2020-1147)\n\n - An elevation of privilege vulnerability exists when the\n Windows Storage Services improperly handle file\n operations. An attacker who successfully exploited this\n vulnerability could gain elevated privileges.\n (CVE-2020-1347)\n\n - A denial of service vulnerability exists in the way that\n the WalletService handles files. An attacker who\n successfully exploited the vulnerability could corrupt\n system files. (CVE-2020-1364)\n\n - An elevation of privilege vulnerability exists when the\n Windows UPnP Device Host improperly handles memory.\n (CVE-2020-1430)\n\n - An information disclosure vulnerability exists when\n Skype for Business is accessed via Internet Explorer. An\n attacker who exploited the vulnerability could cause the\n user to place a call without additional consent, leading\n to information disclosure of the user profile. For the\n vulnerability to be exploited, a user must click a\n specially crafted URL that prompts the Skype app.\n (CVE-2020-1432)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Network Location Awareness Service\n handles objects in memory. An attacker who successfully\n exploited the vulnerability could allow an application\n with limited privileges on an affected system to execute\n code at a medium integrity level. (CVE-2020-1437)\n\n - An elevation of privilege vulnerability exists when\n Windows improperly handles COM object creation. An\n attacker who successfully exploited the vulnerability\n could run arbitrary code with elevated privileges.\n (CVE-2020-1375)\n\n - A remote code execution vulnerability exists when the\n Windows Font Driver Host improperly handles memory. An\n attacker who successfully exploited the vulnerability\n would gain execution on a victim system. The security\n update addresses the vulnerability by correcting how the\n Windows Font Driver Host handles memory. (CVE-2020-1355)\n\n - An information disclosure vulnerability exists when the\n Windows Agent Activation Runtime (AarSvc) fails to\n properly handle objects in memory. An attacker who\n successfully exploited the vulnerability could obtain\n information to further compromise the users system.\n (CVE-2020-1391)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Network Connections Service handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2020-1373, CVE-2020-1390,\n CVE-2020-1427, CVE-2020-1428, CVE-2020-1438)\n\n - An elevation of privilege vulnerability exists when the\n Windows Cryptography Next Generation (CNG) Key Isolation\n service improperly handles memory. An attacker who\n successfully exploited this vulnerability could run\n processes in an elevated context. (CVE-2020-1359,\n CVE-2020-1384)\n\n - An information disclosure vulnerability exists when the\n Windows Resource Policy component improperly handles\n memory. (CVE-2020-1358)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Speech Brokered API handles objects\n in memory. An attacker who successfully exploited the\n vulnerability could execute code with elevated\n permissions. (CVE-2020-1395)\n\n - An information disclosure vulnerability exists when\n Windows Error Reporting improperly handles file\n operations. (CVE-2020-1420)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft Graphics Components handle objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute arbitrary code on a target\n system. (CVE-2020-1412)\n\n - An information disclosure vulnerability exists when\n Microsoft Edge PDF Reader improperly handles objects in\n memory. An attacker who successfully exploited the\n vulnerability could obtain information to further\n compromise the users system. (CVE-2020-1433)\n\n - A remote code execution vulnerability exists when the\n Windows Jet Database Engine improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on a victim\n system. An attacker could exploit this vulnerability by\n enticing a victim to open a specially crafted file. The\n update addresses the vulnerability by correcting the way\n the Windows Jet Database Engine handles objects in\n memory. (CVE-2020-1400, CVE-2020-1401, CVE-2020-1407)\n\n - An elevation of privilege vulnerability exists when\n Windows Error Reporting manager improperly handles a\n process crash. An attacker who successfully exploited\n this vulnerability could delete a targeted file leading\n to an elevated status. (CVE-2020-1429)\n\n - An elevation of privilege vulnerability exists in the\n way that the psmsrv.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2020-1388)\n\n - An elevation of privilege vulnerability exists when\n Windows Mobile Device Management (MDM) Diagnostics\n improperly handles junctions. An attacker who\n successfully exploited this vulnerability could bypass\n access restrictions to delete files. (CVE-2020-1405)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Credential Picker handles objects\n in memory. An attacker who successfully exploited the\n vulnerability could allow an application with limited\n privileges on an affected system to execute code at a\n medium integrity level. (CVE-2020-1385)\n\n - A remote code execution vulnerability exists in\n Microsoft Windows that could allow remote code execution\n if a .LNK file is processed. An attacker who\n successfully exploited this vulnerability could gain the\n same user rights as the local user. (CVE-2020-1421)\n\n - An information disclosure vulnerability exists in\n Windows when the Windows Imaging Component fails to\n properly handle objects in memory. An attacker who\n successfully exploited this vulnerability could obtain\n information to further compromise the user's system.\n There are multiple ways an attacker could exploit this\n vulnerability: (CVE-2020-1397)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. An authenticated attacker could exploit this\n vulnerability by running a specially crafted\n application. The update addresses the vulnerability by\n correcting how the Windows kernel handles objects in\n memory. (CVE-2020-1367, CVE-2020-1426)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Function Discovery Service handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2020-1085)\n\n - An information disclosure vulnerability exists in the\n way that the WalletService handles memory.\n (CVE-2020-1361)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Sync Host Service handles objects\n in memory. An attacker who successfully exploited the\n vulnerability could allow an application with limited\n privileges on an affected system to execute code at a\n medium integrity level. (CVE-2020-1434)\n\n - An information disclosure vulnerability exists when\n Skype for Business is accessed via Microsoft Edge\n (EdgeHTML-based). An attacker who exploited the\n vulnerability could cause the user to place a call\n without additional consent, leading to information\n disclosure of the user profile. For the vulnerability to\n be exploited, a user must click a specially crafted URL\n that prompts the Skype app. (CVE-2020-1462)\n\n - An elevation of privilege vulnerability exists when\n Windows Lockscreen fails to properly handle Ease of\n Access dialog. An attacker who successfully exploited\n the vulnerability could execute commands with elevated\n permissions. The security update addresses the\n vulnerability by ensuring that the Ease of Access dialog\n is handled properly. (CVE-2020-1398)\n\n - A remote code execution vulnerability exists in the way\n that the VBScript engine handles objects in memory. The\n vulnerability could corrupt memory in such a way that an\n attacker could execute arbitrary code in the context of\n the current user. An attacker who successfully exploited\n the vulnerability could gain the same user rights as the\n current user. (CVE-2020-1403)\");\n # https://support.microsoft.com/en-us/help/4565483/windows-10-update-kb4565483\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?e066b7e3\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update KB4565483.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-1435\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-1436\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'SharePoint DataSet / DataTable Deserialization');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/07/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/07/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS20-07\";\nkbs = make_list('4565483');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:\"18362\",\n rollup_date:\"07_2020\",\n bulletin:bulletin,\n rollup_kb_list:[4565483])\n ||\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:\"18363\",\n rollup_date:\"07_2020\",\n bulletin:bulletin,\n rollup_kb_list:[4565483])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n\n\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:03:43", "description": "The Internet Explorer installation on the remote host is missing security updates. It is, therefore, affected by multiple vulnerabilities :\n\n - An information disclosure vulnerability exists when Skype for Business is accessed via Internet Explorer. An attacker who exploited the vulnerability could cause the user to place a call without additional consent, leading to information disclosure of the user profile. For the vulnerability to be exploited, a user must click a specially crafted URL that prompts the Skype app.\n (CVE-2020-1432)\n\n - A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2020-1403)", "cvss3": {}, "published": "2020-07-14T00:00:00", "type": "nessus", "title": "Security Updates for Internet Explorer (July 2020)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-1403", "CVE-2020-1432"], "modified": "2020-08-14T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS20_JUL_INTERNET_EXPLORER.NASL", "href": "https://www.tenable.com/plugins/nessus/138467", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(138467);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/08/14\");\n\n script_cve_id(\"CVE-2020-1403\", \"CVE-2020-1432\");\n script_xref(name:\"MSKB\", value:\"4565541\");\n script_xref(name:\"MSKB\", value:\"4565524\");\n script_xref(name:\"MSKB\", value:\"4565479\");\n script_xref(name:\"MSKB\", value:\"4565536\");\n script_xref(name:\"MSFT\", value:\"MS20-4565541\");\n script_xref(name:\"MSFT\", value:\"MS20-4565524\");\n script_xref(name:\"MSFT\", value:\"MS20-4565479\");\n script_xref(name:\"MSFT\", value:\"MS20-4565536\");\n script_xref(name:\"IAVA\", value:\"2020-A-0313-S\");\n\n script_name(english:\"Security Updates for Internet Explorer (July 2020)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The Internet Explorer installation on the remote host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The Internet Explorer installation on the remote host is\nmissing security updates. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - An information disclosure vulnerability exists when\n Skype for Business is accessed via Internet Explorer. An\n attacker who exploited the vulnerability could cause the\n user to place a call without additional consent, leading\n to information disclosure of the user profile. For the\n vulnerability to be exploited, a user must click a\n specially crafted URL that prompts the Skype app.\n (CVE-2020-1432)\n\n - A remote code execution vulnerability exists in the way\n that the VBScript engine handles objects in memory. The\n vulnerability could corrupt memory in such a way that an\n attacker could execute arbitrary code in the context of\n the current user. An attacker who successfully exploited\n the vulnerability could gain the same user rights as the\n current user. (CVE-2020-1403)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/help/4565541/windows-8-1-kb4565541\");\n # https://support.microsoft.com/en-us/help/4565524/windows-7-update-kb4565524\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d3552b4f\");\n # https://support.microsoft.com/en-us/help/4565479/cumulative-security-update-for-internet-explorer\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?542e5e22\");\n # https://support.microsoft.com/en-us/help/4565536/windows-server-2008-update-kb4565536\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?9e9e22c7\");\n script_set_attribute(attribute:\"solution\", value:\n\"Microsoft has released the following security updates to address this issue: \n -KB4565541\n -KB4565524\n -KB4565479\n -KB4565536\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-1403\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/07/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/07/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = 'MS20-07';\nkbs = make_list(\n'4565479',\n'4565537',\n'4565536',\n'4565541',\n'4565524'\n);\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nos = get_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(vista:'2', win7:'1', win8:'0', win81:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nproductname = get_kb_item_or_exit(\"SMB/ProductName\", exit_code:1);\nif (\"Windows 8\" >< productname && \"8.1\" >!< productname)\n audit(AUDIT_OS_SP_NOT_VULN);\nif (\"Vista\" >< productname) audit(AUDIT_OS_SP_NOT_VULN);\n\nif (hotfix_check_server_core() == 1) audit(AUDIT_WIN_SERVER_CORE);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n # Windows 8.1 / Windows Server 2012 R2\n # Internet Explorer 11\n hotfix_is_vulnerable(os:\"6.3\", sp:0, file:\"mshtml.dll\", version:\"11.0.9600.19750\", min_version:\"11.0.9600.16000\", dir:\"\\system32\", bulletin:bulletin, kb:\"4565479\") ||\n\n # Windows Server 2012\n# Internet Explorer 11\n hotfix_is_vulnerable(os:\"6.2\", sp:0, file:\"mshtml.dll\", version:\"11.0.9600.19750\", min_version:\"11.0.9600.16000\", dir:\"\\system32\", bulletin:bulletin, kb:\"4565479\") ||\n \n # Windows 7 / Server 2008 R2\n # Internet Explorer 11\n hotfix_is_vulnerable(os:\"6.1\", sp:1, file:\"mshtml.dll\", version:\"11.0.9600.19750\", min_version:\"11.0.9600.16000\", dir:\"\\system32\", bulletin:bulletin, kb:\"4565479\") ||\n\n # Windows Server 2008\n # Internet Explorer 9\n hotfix_is_vulnerable(os:\"6.0\", sp:2, file:\"mshtml.dll\", version:\"9.0.8112.21461\", min_version:\"9.0.8112.16000\", dir:\"\\system32\", bulletin:bulletin, kb:\"4565479\")\n)\n{\n report = '\\nNote: The fix for this issue is available in either of the following updates:\\n';\n report += ' - KB4565479 : Cumulative Security Update for Internet Explorer\\n';\n if(os == \"6.3\")\n {\n report += ' - KB4565541 : Windows 8.1 / Server 2012 R2 Monthly Rollup\\n';\n hotfix_add_report(bulletin:'MS20-07', kb:'4565541', report);\n }\n else if(os == \"6.2\")\n {\n report += ' - KB4565537 : Windows Server 2012 Monthly Rollup\\n';\n hotfix_add_report(bulletin:'MS20-07', kb:'4565537', report);\n }\n else if(os == \"6.1\")\n {\n report += ' - KB4565524 : Windows 7 / Server 2008 R2 Monthly Rollup\\n';\n hotfix_add_report(bulletin:'MS20-07', kb:'4565524', report);\n }\n else if(os == \"6.0\")\n {\n report += ' - KB4565536 : Windows Server 2008 Monthly Rollup\\n';\n hotfix_add_report(bulletin:'MS20-07', kb:'4565536', report);\n }\n set_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-05T14:29:54", "description": "The remote Windows host is missing a security update. It is, therefore, affected by a remote code execution vulnerability:\n\n - A remote code execution vulnerability exists in Windows Domain Name System servers when they fail to properly handle requests. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the Local System Account. Windows servers that are configured as DNS servers are at risk from this vulnerability. (CVE-2020-1350)\n\nNote: Tenable is testing for the presence of updates which address this issue, as well as Microsoft's recommended mitigation/workaround.\n\nThe registry key being checked for the mitigation is:\n - HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\DNS\\Parameters\\TcpReceivePacketSize and it is being checked for Microsoft's recommended value of 0xFF00.\n\nOnce in place, the DNS Service must be restarted for the change to take effect.\n\nFor more information, refer to the Microsoft advisory for CVE-2020-1350.", "cvss3": {}, "published": "2020-07-17T00:00:00", "type": "nessus", "title": "Windows DNS Server RCE (CVE-2020-1350)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-1350"], "modified": "2023-03-08T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS20_JUL_DNS_CHECK.NASL", "href": "https://www.tenable.com/plugins/nessus/138600", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(138600);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/08\");\n\n script_cve_id(\"CVE-2020-1350\");\n script_xref(name:\"MSKB\", value:\"4558998\");\n script_xref(name:\"MSKB\", value:\"4565483\");\n script_xref(name:\"MSKB\", value:\"4565503\");\n script_xref(name:\"MSKB\", value:\"4565511\");\n script_xref(name:\"MSKB\", value:\"4565524\");\n script_xref(name:\"MSKB\", value:\"4565529\");\n script_xref(name:\"MSKB\", value:\"4565535\");\n script_xref(name:\"MSKB\", value:\"4565536\");\n script_xref(name:\"MSKB\", value:\"4565537\");\n script_xref(name:\"MSKB\", value:\"4565539\");\n script_xref(name:\"MSKB\", value:\"4565540\");\n script_xref(name:\"MSKB\", value:\"4565541\");\n script_xref(name:\"MSFT\", value:\"MS20-4558998\");\n script_xref(name:\"MSFT\", value:\"MS20-4565483\");\n script_xref(name:\"MSFT\", value:\"MS20-4565503\");\n script_xref(name:\"MSFT\", value:\"MS20-4565511\");\n script_xref(name:\"MSFT\", value:\"MS20-4565524\");\n script_xref(name:\"MSFT\", value:\"MS20-4565529\");\n script_xref(name:\"MSFT\", value:\"MS20-4565535\");\n script_xref(name:\"MSFT\", value:\"MS20-4565536\");\n script_xref(name:\"MSFT\", value:\"MS20-4565537\");\n script_xref(name:\"MSFT\", value:\"MS20-4565539\");\n script_xref(name:\"MSFT\", value:\"MS20-4565540\");\n script_xref(name:\"MSFT\", value:\"MS20-4565541\");\n script_xref(name:\"IAVA\", value:\"2020-A-0299\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2020/07/24\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0129\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0059\");\n\n script_name(english:\"Windows DNS Server RCE (CVE-2020-1350)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing a security update. It is, \ntherefore, affected by a remote code execution vulnerability:\n\n - A remote code execution vulnerability exists in Windows\n Domain Name System servers when they fail to properly\n handle requests. An attacker who successfully exploited\n the vulnerability could run arbitrary code in the\n context of the Local System Account. Windows servers\n that are configured as DNS servers are at risk from this\n vulnerability. (CVE-2020-1350)\n\nNote: Tenable is testing for the presence of updates which address this issue, as well as Microsoft's recommended\nmitigation/workaround.\n\nThe registry key being checked for the mitigation is:\n - HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\DNS\\Parameters\\TcpReceivePacketSize\nand it is being checked for Microsoft's recommended value of 0xFF00.\n\nOnce in place, the DNS Service must be restarted for the change to take effect.\n\nFor more information, refer to the Microsoft advisory for CVE-2020-1350.\");\n # https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1350\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?6a916fa9\");\n # https://support.microsoft.com/en-us/help/4569509/windows-dns-server-remote-code-execution-vulnerability\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?f3307e60\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the appropriate security update or mitigation as described in the Microsoft advisory.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-1350\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/07/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/07/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\", \"wmi_enum_server_features.nbin\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\", \"SMB/WMI/Available\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_func.inc');\n\n\nfunction is_dns_server()\n{\n local_var server_features, feature;\n server_features = get_kb_list(\"WMI/server_feature/*\");\n foreach (feature in server_features)\n {\n if ('DNS Server' == feature) return 1;\n }\n return 0;\n}\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = 'MS20-07';\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nmy_os = get_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\nmy_os_build = get_kb_item('SMB/WindowsVersionBuild');\nmy_prod = get_kb_item_or_exit('SMB/ProductName');\nsp = 0;\nvuln = FALSE;\nmitigated = FALSE;\n\nif (hotfix_check_sp_range(vista:'2', win7:'1', win8:'0', win81:'0', win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\n## Set kbs and sp\nif(my_os == '6.0' && 'server' >< tolower(my_prod))\n{\n kbs = make_list('4565536','4565529');\n sp = 2;\n}\nelse if(my_os == '6.1' && 'server' >< tolower(my_prod))\n{\n kbs = make_list('4565524','4565539');\n sp = 1;\n}\nelse if(my_os == '6.2' && 'server' >< tolower(my_prod))\n{\n kbs = make_list('4565537','4565535');\n}\nelse if(my_os == '6.3' && 'server' >< tolower(my_prod))\n{\n kbs = make_list('4565541','4565540');\n}\nelse if(my_os == '10' && 'server' >< tolower(my_prod))\n{\n if(my_os_build == '14393') kbs = make_list('4565511');\n else if(my_os_build == '17763') kbs = make_list('4558998');\n else if(my_os_build == '18362') kbs = make_list('4565483');\n else if(my_os_build == '18363') kbs = make_list('4565483');\n else if(my_os_build == '19041') kbs = make_list('4565503');\n}\nelse\n audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif ( my_os == '10' )\n{ \n vuln = smb_check_rollup( os:'10',\n sp:0,\n os_build:my_os_build,\n rollup_date:'07_2020',\n bulletin:bulletin,\n rollup_kb_list:kbs\n );\n}\nelse\n{\n vuln = smb_check_rollup( os:my_os, \n sp:sp,\n rollup_date:'07_2020',\n bulletin:bulletin,\n rollup_kb_list:kbs\n );\n}\n\n## Check mitigation\nmitigation_key = 'SYSTEM\\\\CurrentControlSet\\\\Services\\\\DNS\\\\Parameters\\\\TcpReceivePacketSize';\nregistry_init();\nhklm = registry_hive_connect(hive:HKEY_LOCAL_MACHINE, exit_on_fail:TRUE);\npacketsize = get_registry_value(handle:hklm, item:mitigation_key);\nRegCloseKey(handle:hklm);\nclose_registry(close:TRUE);\n\nif (!isnull(packetsize) && (packetsize == 65280))\n mitigated = TRUE;\n\nif(vuln && is_dns_server() && !mitigated)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-05T14:28:58", "description": "According to its self-reported version number, the Microsoft DNS Server running on the remote host is affected by a remote code execution vulnerability. An unauthenticated, remote attacker who successfully exploited the vulnerability could run arbitrary code in the context of the Local System Account.\n\nNote that in order to get the full Microsoft DNS server version, the EnableVersionQuery DNS setting would need to be set to 1.", "cvss3": {}, "published": "2020-07-16T00:00:00", "type": "nessus", "title": "Microsoft DNS Server Remote Code Execution (SIGRed)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-1350"], "modified": "2023-03-08T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "MS_DNS_CVE-2020-1350.NASL", "href": "https://www.tenable.com/plugins/nessus/138554", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(138554);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/08\");\n\n script_cve_id(\"CVE-2020-1350\");\n script_xref(name:\"IAVA\", value:\"2020-A-0299\");\n script_xref(name:\"MSKB\", value:\"4558998\");\n script_xref(name:\"MSKB\", value:\"4565483\");\n script_xref(name:\"MSKB\", value:\"4565503\");\n script_xref(name:\"MSKB\", value:\"4565511\");\n script_xref(name:\"MSKB\", value:\"4565524\");\n script_xref(name:\"MSKB\", value:\"4565529\");\n script_xref(name:\"MSKB\", value:\"4565535\");\n script_xref(name:\"MSKB\", value:\"4565536\");\n script_xref(name:\"MSKB\", value:\"4565537\");\n script_xref(name:\"MSKB\", value:\"4565539\");\n script_xref(name:\"MSKB\", value:\"4565540\");\n script_xref(name:\"MSKB\", value:\"4565541\");\n script_xref(name:\"MSFT\", value:\"MS20-4558998\");\n script_xref(name:\"MSFT\", value:\"MS20-4565483\");\n script_xref(name:\"MSFT\", value:\"MS20-4565503\");\n script_xref(name:\"MSFT\", value:\"MS20-4565511\");\n script_xref(name:\"MSFT\", value:\"MS20-4565524\");\n script_xref(name:\"MSFT\", value:\"MS20-4565529\");\n script_xref(name:\"MSFT\", value:\"MS20-4565535\");\n script_xref(name:\"MSFT\", value:\"MS20-4565536\");\n script_xref(name:\"MSFT\", value:\"MS20-4565537\");\n script_xref(name:\"MSFT\", value:\"MS20-4565539\");\n script_xref(name:\"MSFT\", value:\"MS20-4565540\");\n script_xref(name:\"MSFT\", value:\"MS20-4565541\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2020/07/24\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0129\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0059\");\n\n script_name(english:\"Microsoft DNS Server Remote Code Execution (SIGRed)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The DNS server running on the remote host is affected by a\nremote code execution vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version number, the Microsoft DNS\nServer running on the remote host is affected by a remote code\nexecution vulnerability. An unauthenticated, remote attacker who\nsuccessfully exploited the vulnerability could run arbitrary code in\nthe context of the Local System Account.\n\nNote that in order to get the full Microsoft DNS server version, the\nEnableVersionQuery DNS setting would need to be set to 1.\");\n # https://research.checkpoint.com/2020/resolving-your-way-into-domain-admin-exploiting-a-17-year-old-bug-in-windows-dns-servers/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?22a53c13\");\n script_set_attribute(attribute:\"solution\", value:\n\"Microsoft has released a set of patches for Windows Server 2008, 2008 R2, 2012, 2012 R2, 2016, 2019, version 1903, 1909, and 2004.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-1350\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/07/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/07/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"DNS\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ms_dns_version.nasl\");\n script_require_keys(\"ms_dns/version\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\n\nkb_ver = 'ms_dns/version';\nversion = get_kb_item_or_exit(kb_ver);\nport = 53;\n\napp_info = vcf::get_app_info(app:'Microsoft DNS server', kb_ver:kb_ver, port:port);\n\nvcf::check_granularity(app_info:app_info, sig_segments:4);\n\nconstraints = [\n # Windows Server 2008\n { 'min_version': '6.0.6003.0', 'fixed_version': '6.0.6003.20885' },\n\n # Windows Server 2008 R2\n { 'min_version': '6.1.7601.0', 'fixed_version': '6.1.7601.24557' },\n\n # Windows Sever 2012\n { 'min_version': '6.2.9200.0', 'fixed_version': '6.2.9200.23084' },\n\n # Windows Sever 2012 R2\n { 'min_version': '6.3.9600.0', 'fixed_version': '6.3.9600.19759' },\n \n # Windows Server 2016\n { 'min_version': '10.0.14393.0', 'fixed_version': '10.0.14393.3808' },\n\n # Windows Server 2019\n { 'min_version': '10.0.17763.0', 'fixed_version': '10.0.17763.1339' },\n\n # Windows Server, version 1903/1909\n # 1903 and 1909 have the same KB\n { 'min_version': '10.0.18362.0', 'fixed_version': '10.0.18362.959' },\n\n # Windows Server, version 2004\n { 'min_version': '10.0.19041.0', 'fixed_version': '10.0.19041.388' }\n\n];\n\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);\n\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:25:28", "description": "The remote Fedora 33 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2021-5689072a7e advisory.\n\n - Nagios 4.4.5 allows an attacker, who already has administrative access to change the URL for JSON CGIs configuration setting, to modify the Alert Histogram and Trends code via crafted versions of the archivejson.cgi, objectjson.cgi, and statusjson.cgi files. NOTE: this vulnerability has been mistakenly associated with CVE-2020-1408. (CVE-2020-13977)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-03-08T00:00:00", "type": "nessus", "title": "Fedora 33 : nagios (2021-5689072a7e)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-13977", "CVE-2020-1408"], "modified": "2021-04-12T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:33", "p-cpe:/a:fedoraproject:fedora:nagios"], "id": "FEDORA_2021-5689072A7E.NASL", "href": "https://www.tenable.com/plugins/nessus/147186", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n##\n# The descriptive text and package checks in this plugin were\n# extracted from Fedora Security Advisory FEDORA-2021-5689072a7e\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(147186);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/04/12\");\n\n script_cve_id(\"CVE-2020-13977\");\n script_xref(name:\"FEDORA\", value:\"2021-5689072a7e\");\n\n script_name(english:\"Fedora 33 : nagios (2021-5689072a7e)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Fedora host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Fedora 33 host has a package installed that is affected by a vulnerability as referenced in the\nFEDORA-2021-5689072a7e advisory.\n\n - Nagios 4.4.5 allows an attacker, who already has administrative access to change the URL for JSON CGIs\n configuration setting, to modify the Alert Histogram and Trends code via crafted versions of the\n archivejson.cgi, objectjson.cgi, and statusjson.cgi files. NOTE: this vulnerability has been mistakenly\n associated with CVE-2020-1408. (CVE-2020-13977)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2021-5689072a7e\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected nagios package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-13977\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/06/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/02/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:33\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:nagios\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Fedora Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/RedHat/release');\nif (isnull(release) || 'Fedora' >!< release) audit(AUDIT_OS_NOT, 'Fedora');\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Fedora');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^33([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Fedora 33', 'Fedora ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Fedora', cpu);\n\npkgs = [\n {'reference':'nagios-4.4.6-3.fc33', 'release':'FC33', 'rpm_spec_vers_cmp':TRUE}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'nagios');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T15:06:18", "description": "The remote Fedora 32 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2021-b5e897a2e5 advisory.\n\n - Nagios 4.4.5 allows an attacker, who already has administrative access to change the URL for JSON CGIs configuration setting, to modify the Alert Histogram and Trends code via crafted versions of the archivejson.cgi, objectjson.cgi, and statusjson.cgi files. NOTE: this vulnerability has been mistakenly associated with CVE-2020-1408. (CVE-2020-13977)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-03-08T00:00:00", "type": "nessus", "title": "Fedora 32 : nagios (2021-b5e897a2e5)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-13977", "CVE-2020-1408"], "modified": "2021-04-12T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:32", "p-cpe:/a:fedoraproject:fedora:nagios"], "id": "FEDORA_2021-B5E897A2E5.NASL", "href": "https://www.tenable.com/plugins/nessus/147185", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n##\n# The descriptive text and package checks in this plugin were\n# extracted from Fedora Security Advisory FEDORA-2021-b5e897a2e5\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(147185);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/04/12\");\n\n script_cve_id(\"CVE-2020-13977\");\n script_xref(name:\"FEDORA\", value:\"2021-b5e897a2e5\");\n\n script_name(english:\"Fedora 32 : nagios (2021-b5e897a2e5)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Fedora host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Fedora 32 host has a package installed that is affected by a vulnerability as referenced in the\nFEDORA-2021-b5e897a2e5 advisory.\n\n - Nagios 4.4.5 allows an attacker, who already has administrative access to change the URL for JSON CGIs\n configuration setting, to modify the Alert Histogram and Trends code via crafted versions of the\n archivejson.cgi, objectjson.cgi, and statusjson.cgi files. NOTE: this vulnerability has been mistakenly\n associated with CVE-2020-1408. (CVE-2020-13977)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2021-b5e897a2e5\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected nagios package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-13977\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/06/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/02/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:32\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:nagios\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Fedora Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/RedHat/release');\nif (isnull(release) || 'Fedora' >!< release) audit(AUDIT_OS_NOT, 'Fedora');\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Fedora');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^32([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Fedora 32', 'Fedora ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Fedora', cpu);\n\npkgs = [\n {'reference':'nagios-4.4.6-3.fc32', 'release':'FC32', 'rpm_spec_vers_cmp':TRUE}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'nagios');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}], "kaspersky": [{"lastseen": "2023-06-06T15:24:16", "description": "### *Detect date*:\n07/14/2020\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple vulnerabilities were found in Microsoft Products (Extended Support Update). Malicious users can exploit these vulnerabilities to gain privileges, obtain sensitive information, execute arbitrary code, cause denial of service.\n\n### *Exploitation*:\nMalware exists for this vulnerability. Usually such malware is classified as Exploit. [More details](<https://threats.kaspersky.com/en/class/Exploit/>).\n\n### *Affected products*:\nWindows 10 Version 2004 for ARM64-based Systems \nWindows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) \nWindows 10 Version 1903 for 32-bit Systems \nWindows Server 2019 (Server Core installation) \nWindows 10 Version 1809 for x64-based Systems \nWindows 10 Version 1607 for x64-based Systems \nWindows Server 2012 R2 \nWindows Server 2012 \nWindows Server 2008 for x64-based Systems Service Pack 2 \nWindows 10 Version 1909 for 32-bit Systems \nWindows Server, version 2004 (Server Core installation) \nWindows 10 for x64-based Systems \nWindows Server 2016 (Server Core installation) \nWindows 8.1 for x64-based systems \nWindows Server 2012 (Server Core installation) \nWindows 10 Version 1709 for x64-based Systems \nWindows 7 for 32-bit Systems Service Pack 1 \nWindows 10 Version 1709 for ARM64-based Systems \nWindows 8.1 for 32-bit systems \nWindows 10 Version 1607 for 32-bit Systems \nWindows Server 2016 \nWindows 10 Version 1903 for ARM64-based Systems \nWindows 10 Version 1803 for 32-bit Systems \nWindows 7 for x64-based Systems Service Pack 1 \nWindows 10 Version 1909 for x64-based Systems \nWindows 10 Version 1903 for x64-based Systems \nInternet Explorer 11 \nWindows 10 Version 1909 for ARM64-based Systems \nWindows Server 2008 for 32-bit Systems Service Pack 2 \nWindows 10 Version 2004 for 32-bit Systems \nWindows 10 Version 1809 for 32-bit Systems \nWindows Server, version 1903 (Server Core installation) \nWindows 10 Version 1803 for x64-based Systems \nMicrosoft Office 2019 for Mac \nWindows RT 8.1 \nWindows 10 Version 2004 for x64-based Systems \nWindows Server 2008 R2 for x64-based Systems Service Pack 1 \nMicrosoft Office 2016 for Mac \nWindows Server 2019 \nInternet Explorer 9 \nWindows 10 Version 1803 for ARM64-based Systems \nWindows Server, version 1909 (Server Core installation) \nWindows 10 Version 1809 for ARM64-based Systems \nWindows Server 2012 R2 (Server Core installation) \nWindows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) \nWindows 10 for 32-bit Systems \nWindows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) \nWindows 10 Version 1709 for 32-bit Systems\n\n### *Solution*:\nInstall necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)\n\n### *Original advisories*:\n[CVE-2020-1333](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1333>) \n[CVE-2020-1384](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1384>) \n[CVE-2020-1346](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1346>) \n[CVE-2020-1389](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1389>) \n[CVE-2020-1032](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1032>) \n[CVE-2020-1036](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1036>) \n[CVE-2020-1360](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1360>) \n[CVE-2020-1267](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1267>) \n[CVE-2020-1365](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1365>) \n[CVE-2020-1354](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1354>) \n[CVE-2020-1419](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1419>) \n[CVE-2020-1438](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1438>) \n[CVE-2020-1435](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1435>) \n[CVE-2020-1412](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1412>) \n[CVE-2020-1437](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1437>) \n[CVE-2020-1436](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1436>) \n[CVE-2020-1430](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1430>) \n[CVE-2020-1428](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1428>) \n[CVE-2020-1396](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1396>) \n[CVE-2020-1397](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1397>) \n[CVE-2020-1390](<https://nvd.nist.gov/vuln/detail/CVE-2020-1390>) \n[CVE-2020-1359](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1359>) \n[CVE-2020-1371](<https://nvd.nist.gov/vuln/detail/CVE-2020-1371>) \n[CVE-2020-1350](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1350>) \n[CVE-2020-1351](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1351>) \n[CVE-2020-1040](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1040>) \n[CVE-2020-1041](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1041>) \n[CVE-2020-1042](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1042>) \n[CVE-2020-1043](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1043>) \n[CVE-2020-1373](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1373>) \n[CVE-2020-1410](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1410>) \n[CVE-2020-1374](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1374>) \n[CVE-2020-1085](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1085>) \n[CVE-2020-1407](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1407>) \n[CVE-2020-1400](<https://nvd.nist.gov/vuln/detail/CVE-2020-1400>) \n[CVE-2020-1401](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1401>) \n[CVE-2020-1402](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1402>) \n[CVE-2020-1403](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1403>) \n[CVE-2020-1427](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1427>) \n[CVE-2020-1468](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1468>) \n[CVE-2020-1408](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1408>) \n[CVE-2020-1409](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1409>) \n[CVE-2020-1421](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1421>) \n[ADV200008](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/ADV200008>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Microsoft Internet Explorer](<https://threats.kaspersky.com/en/product/Microsoft-Internet-Explorer/>)\n\n### *CVE-IDS*:\n[CVE-2020-1403](<https://vulners.com/cve/CVE-2020-1403>)7.6Critical \n[CVE-2020-1333](<https://vulners.com/cve/CVE-2020-1333>)3.7Warning \n[CVE-2020-1384](<https://vulners.com/cve/CVE-2020-1384>)4.6Warning \n[CVE-2020-1346](<https://vulners.com/cve/CVE-2020-1346>)4.6Warning \n[CVE-2020-1389](<https://vulners.com/cve/CVE-2020-1389>)2.1Warning \n[CVE-2020-1032](<https://vulners.com/cve/CVE-2020-1032>)7.7Critical \n[CVE-2020-1036](<https://vulners.com/cve/CVE-2020-1036>)7.7Critical \n[CVE-2020-1360](<https://vulners.com/cve/CVE-2020-1360>)4.6Warning \n[CVE-2020-1267](<https://vulners.com/cve/CVE-2020-1267>)4.0Warning \n[CVE-2020-1365](<https://vulners.com/cve/CVE-2020-1365>)4.6Warning \n[CVE-2020-1354](<https://vulners.com/cve/CVE-2020-1354>)4.6Warning \n[CVE-2020-1419](<https://vulners.com/cve/CVE-2020-1419>)2.1Warning \n[CVE-2020-1438](<https://vulners.com/cve/CVE-2020-1438>)4.6Warning \n[CVE-2020-1435](<https://vulners.com/cve/CVE-2020-1435>)9.3Critical \n[CVE-2020-1412](<https://vulners.com/cve/CVE-2020-1412>)9.3Critical \n[CVE-2020-1437](<https://vulners.com/cve/CVE-2020-1437>)4.6Warning \n[CVE-2020-1436](<https://vulners.com/cve/CVE-2020-1436>)6.8High \n[CVE-2020-1430](<https://vulners.com/cve/CVE-2020-1430>)4.6Warning \n[CVE-2020-1428](<https://vulners.com/cve/CVE-2020-1428>)4.6Warning \n[CVE-2020-1396](<https://vulners.com/cve/CVE-2020-1396>)4.6Warning \n[CVE-2020-1397](<https://vulners.com/cve/CVE-2020-1397>)4.3Warning \n[CVE-2020-1390](<https://vulners.com/cve/CVE-2020-1390>)4.6Warning \n[CVE-2020-1359](<https://vulners.com/cve/CVE-2020-1359>)4.6Warning \n[CVE-2020-1371](<https://vulners.com/cve/CVE-2020-1371>)4.6Warning \n[CVE-2020-1351](<https://vulners.com/cve/CVE-2020-1351>)2.1Warning \n[CVE-2020-1040](<https://vulners.com/cve/CVE-2020-1040>)7.7Critical \n[CVE-2020-1041](<https://vulners.com/cve/CVE-2020-1041>)7.7Critical \n[CVE-2020-1042](<https://vulners.com/cve/CVE-2020-1042>)7.7Critical \n[CVE-2020-1043](<https://vulners.com/cve/CVE-2020-1043>)7.7Critical \n[CVE-2020-1373](<https://vulners.com/cve/CVE-2020-1373>)4.6Warning \n[CVE-2020-1410](<https://vulners.com/cve/CVE-2020-1410>)9.3Critical \n[CVE-2020-1374](<https://vulners.com/cve/CVE-2020-1374>)5.1High \n[CVE-2020-1085](<https://vulners.com/cve/CVE-2020-1085>)4.6Warning \n[CVE-2020-1407](<https://vulners.com/cve/CVE-2020-1407>)9.3Critical \n[CVE-2020-1400](<https://vulners.com/cve/CVE-2020-1400>)9.3Critical \n[CVE-2020-1401](<https://vulners.com/cve/CVE-2020-1401>)9.3Critical \n[CVE-2020-1402](<https://vulners.com/cve/CVE-2020-1402>)7.2High \n[CVE-2020-1427](<https://vulners.com/cve/CVE-2020-1427>)4.6Warning \n[CVE-2020-1468](<https://vulners.com/cve/CVE-2020-1468>)4.3Warning \n[CVE-2020-1408](<https://vulners.com/cve/CVE-2020-1408>)9.3Critical \n[CVE-2020-1409](<https://vulners.com/cve/CVE-2020-1409>)9.3Critical \n[CVE-2020-1421](<https://vulners.com/cve/CVE-2020-1421>)9.3Critical\n\n### *KB list*:\n[4565524](<http://support.microsoft.com/kb/4565524>) \n[4565479](<http://support.microsoft.com/kb/4565479>) \n[4565529](<http://support.microsoft.com/kb/4565529>) \n[4565539](<http://support.microsoft.com/kb/4565539>) \n[4565353](<http://support.microsoft.com/kb/4565353>) \n[4565354](<http://support.microsoft.com/kb/4565354>) \n[4565536](<http://support.microsoft.com/kb/4565536>)\n\n### *Microsoft official advisories*:", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2020-07-14T00:00:00", "type": "kaspersky", "title": "KLA11863 Multiple vulnerabilities in Microsoft Products (ESU)", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1032", "CVE-2020-1036", "CVE-2020-1040", "CVE-2020-1041", "CVE-2020-1042", "CVE-2020-1043", "CVE-2020-1085", "CVE-2020-1267", "CVE-2020-1333", "CVE-2020-1346", "CVE-2020-1350", "CVE-2020-1351", "CVE-2020-1354", "CVE-2020-1359", "CVE-2020-1360", "CVE-2020-1365", "CVE-2020-1371", "CVE-2020-1373", "CVE-2020-1374", "CVE-2020-1384", "CVE-2020-1389", "CVE-2020-1390", "CVE-2020-1396", "CVE-2020-1397", "CVE-2020-1400", "CVE-2020-1401", "CVE-2020-1402", "CVE-2020-1403", "CVE-2020-1407", "CVE-2020-1408", "CVE-2020-1409", "CVE-2020-1410", "CVE-2020-1412", "CVE-2020-1419", "CVE-2020-1421", "CVE-2020-1427", "CVE-2020-1428", "CVE-2020-1430", "CVE-2020-1435", "CVE-2020-1436", "CVE-2020-1437", "CVE-2020-1438", "CVE-2020-1468"], "modified": "2020-07-22T00:00:00", "id": "KLA11863", "href": "https://threats.kaspersky.com/en/vulnerability/KLA11863/", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-06-06T15:24:15", "description": "### *Detect date*:\n07/14/2020\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to gain privileges, obtain sensitive information, execute arbitrary code, cause denial of service.\n\n### *Exploitation*:\nMalware exists for this vulnerability. Usually such malware is classified as Exploit. [More details](<https://threats.kaspersky.com/en/class/Exploit/>).\n\n### *Affected products*:\nWindows 10 Version 2004 for ARM64-based Systems \nWindows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) \nWindows 10 Version 1903 for 32-bit Systems \nWindows Server 2019 (Server Core installation) \nWindows 10 Version 1809 for x64-based Systems \nWindows 10 Version 1607 for x64-based Systems \nWindows Server 2012 R2 \nWindows Server 2012 \nWindows Server 2008 for x64-based Systems Service Pack 2 \nWindows 10 Version 1909 for 32-bit Systems \nWindows Server, version 2004 (Server Core installation) \nWindows 10 for x64-based Systems \nWindows Server 2016 (Server Core installation) \nWindows 8.1 for x64-based systems \nWindows Server 2012 (Server Core installation) \nWindows 10 Version 1709 for x64-based Systems \nWindows 7 for 32-bit Systems Service Pack 1 \nWindows 10 Version 1709 for ARM64-based Systems \nWindows 8.1 for 32-bit systems \nWindows 10 Version 1607 for 32-bit Systems \nWindows Server 2016 \nWindows 10 Version 1903 for ARM64-based Systems \nWindows 10 Version 1803 for 32-bit Systems \nWindows 7 for x64-based Systems Service Pack 1 \nWindows 10 Version 1909 for x64-based Systems \nWindows 10 Version 1903 for x64-based Systems \nWindows 10 Version 1909 for ARM64-based Systems \nWindows Server 2008 for 32-bit Systems Service Pack 2 \nWindows 10 Version 2004 for 32-bit Systems \nWindows 10 Version 1809 for 32-bit Systems \nWindows Server, version 1903 (Server Core installation) \nWindows 10 Version 1803 for x64-based Systems \nWindows RT 8.1 \nWindows 10 Version 2004 for x64-based Systems \nWindows Server 2008 R2 for x64-based Systems Service Pack 1 \nWindows Server 2019 \nWindows 10 Version 1803 for ARM64-based Systems \nWindows Server, version 1909 (Server Core installation) \nWindows 10 Version 1809 for ARM64-based Systems \nWindows Server 2012 R2 (Server Core installation) \nWindows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) \nWindows 10 for 32-bit Systems \nWindows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) \nWindows 10 Version 1709 for 32-bit Systems\n\n### *Solution*:\nInstall necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)\n\n### *Original advisories*:\n[CVE-2020-1347](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1347>) \n[CVE-2020-1346](<https://nvd.nist.gov/vuln/detail/CVE-2020-1346>) \n[CVE-2020-1344](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1344>) \n[CVE-2020-1267](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1267>) \n[CVE-2020-1419](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1419>) \n[CVE-2020-1418](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1418>) \n[CVE-2020-1413](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1413>) \n[CVE-2020-1412](<https://nvd.nist.gov/vuln/detail/CVE-2020-1412>) \n[CVE-2020-1411](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1411>) \n[CVE-2020-1410](<https://nvd.nist.gov/vuln/detail/CVE-2020-1410>) \n[CVE-2020-1415](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1415>) \n[CVE-2020-1414](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1414>) \n[CVE-2020-1358](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1358>) \n[CVE-2020-1359](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1359>) \n[CVE-2020-1350](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1350>) \n[CVE-2020-1351](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1351>) \n[CVE-2020-1352](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1352>) \n[CVE-2020-1353](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1353>) \n[CVE-2020-1354](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1354>) \n[CVE-2020-1355](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1355>) \n[CVE-2020-1356](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1356>) \n[CVE-2020-1357](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1357>) \n[CVE-2020-1085](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1085>) \n[CVE-2020-1404](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1404>) \n[CVE-2020-1405](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1405>) \n[CVE-2020-1406](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1406>) \n[CVE-2020-1407](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1407>) \n[CVE-2020-1400](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1400>) \n[CVE-2020-1401](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1401>) \n[CVE-2020-1402](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1402>) \n[CVE-2020-1408](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1408>) \n[CVE-2020-1409](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1409>) \n[CVE-2020-1336](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1336>) \n[CVE-2020-1333](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1333>) \n[CVE-2020-1330](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1330>) \n[CVE-2020-1463](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1463>) \n[CVE-2020-1468](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1468>) \n[CVE-2020-1382](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1382>) \n[CVE-2020-1381](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1381>) \n[CVE-2020-1387](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1387>) \n[CVE-2020-1386](<https://nvd.nist.gov/vuln/detail/CVE-2020-1386>) \n[CVE-2020-1385](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1385>) \n[CVE-2020-1384](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1384>) \n[CVE-2020-1389](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1389>) \n[CVE-2020-1388](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1388>) \n[CVE-2020-1398](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1398>) \n[CVE-2020-1399](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1399>) \n[CVE-2020-1394](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1394>) \n[CVE-2020-1395](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1395>) \n[CVE-2020-1396](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1396>) \n[CVE-2020-1397](<https://nvd.nist.gov/vuln/detail/CVE-2020-1397>) \n[CVE-2020-1390](<https://nvd.nist.gov/vuln/detail/CVE-2020-1390>) \n[CVE-2020-1391](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1391>) \n[CVE-2020-1392](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1392>) \n[CVE-2020-1393](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1393>) \n[CVE-2020-1040](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1040>) \n[CVE-2020-1041](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1041>) \n[CVE-2020-1042](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1042>) \n[CVE-2020-1043](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1043>) \n[CVE-2020-1032](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1032>) \n[CVE-2020-1036](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1036>) \n[CVE-2020-1361](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1361>) \n[CVE-2020-1360](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1360>) \n[CVE-2020-1363](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1363>) \n[CVE-2020-1362](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1362>) \n[CVE-2020-1365](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1365>) \n[CVE-2020-1364](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1364>) \n[CVE-2020-1367](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1367>) \n[CVE-2020-1366](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1366>) \n[CVE-2020-1369](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1369>) \n[CVE-2020-1368](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1368>) \n[CVE-2020-1438](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1438>) \n[CVE-2020-1435](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1435>) \n[CVE-2020-1434](<https://nvd.nist.gov/vuln/detail/CVE-2020-1434>) \n[CVE-2020-1437](<https://nvd.nist.gov/vuln/detail/CVE-2020-1437>) \n[CVE-2020-1436](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1436>) \n[CVE-2020-1431](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1431>) \n[CVE-2020-1430](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1430>) \n[CVE-2020-1372](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1372>) \n[CVE-2020-1373](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1373>) \n[CVE-2020-1370](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1370>) \n[CVE-2020-1371](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1371>) \n[CVE-2020-1374](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1374>) \n[CVE-2020-1375](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1375>) \n[CVE-2020-1249](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1249>) \n[CVE-2020-1428](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1428>) \n[CVE-2020-1429](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1429>) \n[CVE-2020-1426](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1426>) \n[CVE-2020-1427](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1427>) \n[CVE-2020-1424](<https://nvd.nist.gov/vuln/detail/CVE-2020-1424>) \n[CVE-2020-1422](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1422>) \n[CVE-2020-1423](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1423>) \n[CVE-2020-1420](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1420>) \n[CVE-2020-1421](<https://nvd.nist.gov/vuln/detail/CVE-2020-1421>) \n[ADV200008](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200008>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Microsoft Windows](<https://threats.kaspersky.com/en/product/Microsoft-Windows/>)\n\n### *CVE-IDS*:\n[CVE-2020-1393](<https://vulners.com/cve/CVE-2020-1393>)4.6Warning \n[CVE-2020-1333](<https://vulners.com/cve/CVE-2020-1333>)3.7Warning \n[CVE-2020-1384](<https://vulners.com/cve/CVE-2020-1384>)4.6Warning \n[CVE-2020-1346](<https://vulners.com/cve/CVE-2020-1346>)4.6Warning \n[CVE-2020-1389](<https://vulners.com/cve/CVE-2020-1389>)2.1Warning \n[CVE-2020-1032](<https://vulners.com/cve/CVE-2020-1032>)7.7Critical \n[CVE-2020-1036](<https://vulners.com/cve/CVE-2020-1036>)7.7Critical \n[CVE-2020-1360](<https://vulners.com/cve/CVE-2020-1360>)4.6Warning \n[CVE-2020-1267](<https://vulners.com/cve/CVE-2020-1267>)4.0Warning \n[CVE-2020-1365](<https://vulners.com/cve/CVE-2020-1365>)4.6Warning \n[CVE-2020-1354](<https://vulners.com/cve/CVE-2020-1354>)4.6Warning \n[CVE-2020-1419](<https://vulners.com/cve/CVE-2020-1419>)2.1Warning \n[CVE-2020-1438](<https://vulners.com/cve/CVE-2020-1438>)4.6Warning \n[CVE-2020-1435](<https://vulners.com/cve/CVE-2020-1435>)9.3Critical \n[CVE-2020-1412](<https://vulners.com/cve/CVE-2020-1412>)9.3Critical \n[CVE-2020-1437](<https://vulners.com/cve/CVE-2020-1437>)4.6Warning \n[CVE-2020-1436](<https://vulners.com/cve/CVE-2020-1436>)6.8High \n[CVE-2020-1430](<https://vulners.com/cve/CVE-2020-1430>)4.6Warning \n[CVE-2020-1428](<https://vulners.com/cve/CVE-2020-1428>)4.6Warning \n[CVE-2020-1396](<https://vulners.com/cve/CVE-2020-1396>)4.6Warning \n[CVE-2020-1397](<https://vulners.com/cve/CVE-2020-1397>)4.3Warning \n[CVE-2020-1390](<https://vulners.com/cve/CVE-2020-1390>)4.6Warning \n[CVE-2020-1359](<https://vulners.com/cve/CVE-2020-1359>)4.6Warning \n[CVE-2020-1371](<https://vulners.com/cve/CVE-2020-1371>)4.6Warning \n[CVE-2020-1351](<https://vulners.com/cve/CVE-2020-1351>)2.1Warning \n[CVE-2020-1040](<https://vulners.com/cve/CVE-2020-1040>)7.7Critical \n[CVE-2020-1041](<https://vulners.com/cve/CVE-2020-1041>)7.7Critical \n[CVE-2020-1042](<https://vulners.com/cve/CVE-2020-1042>)7.7Critical \n[CVE-2020-1043](<https://vulners.com/cve/CVE-2020-1043>)7.7Critical \n[CVE-2020-1373](<https://vulners.com/cve/CVE-2020-1373>)4.6Warning \n[CVE-2020-1410](<https://vulners.com/cve/CVE-2020-1410>)9.3Critical \n[CVE-2020-1374](<https://vulners.com/cve/CVE-2020-1374>)5.1High \n[CVE-2020-1085](<https://vulners.com/cve/CVE-2020-1085>)4.6Warning \n[CVE-2020-1407](<https://vulners.com/cve/CVE-2020-1407>)9.3Critical \n[CVE-2020-1400](<https://vulners.com/cve/CVE-2020-1400>)9.3Critical \n[CVE-2020-1401](<https://vulners.com/cve/CVE-2020-1401>)9.3Critical \n[CVE-2020-1402](<https://vulners.com/cve/CVE-2020-1402>)7.2High \n[CVE-2020-1427](<https://vulners.com/cve/CVE-2020-1427>)4.6Warning \n[CVE-2020-1468](<https://vulners.com/cve/CVE-2020-1468>)4.3Warning \n[CVE-2020-1408](<https://vulners.com/cve/CVE-2020-1408>)9.3Critical \n[CVE-2020-1409](<https://vulners.com/cve/CVE-2020-1409>)9.3Critical \n[CVE-2020-1421](<https://vulners.com/cve/CVE-2020-1421>)9.3Critical \n[CVE-2020-1347](<https://vulners.com/cve/CVE-2020-1347>)4.6Warning \n[CVE-2020-1344](<https://vulners.com/cve/CVE-2020-1344>)4.6Warning \n[CVE-2020-1418](<https://vulners.com/cve/CVE-2020-1418>)7.2High \n[CVE-2020-1413](<https://vulners.com/cve/CVE-2020-1413>)4.6Warning \n[CVE-2020-1411](<https://vulners.com/cve/CVE-2020-1411>)7.2High \n[CVE-2020-1415](<https://vulners.com/cve/CVE-2020-1415>)4.6Warning \n[CVE-2020-1414](<https://vulners.com/cve/CVE-2020-1414>)4.6Warning \n[CVE-2020-1358](<https://vulners.com/cve/CVE-2020-1358>)2.1Warning \n[CVE-2020-1352](<https://vulners.com/cve/CVE-2020-1352>)4.6Warning \n[CVE-2020-1353](<https://vulners.com/cve/CVE-2020-1353>)4.6Warning \n[CVE-2020-1355](<https://vulners.com/cve/CVE-2020-1355>)4.6Warning \n[CVE-2020-1356](<https://vulners.com/cve/CVE-2020-1356>)4.6Warning \n[CVE-2020-1357](<https://vulners.com/cve/CVE-2020-1357>)4.6Warning \n[CVE-2020-1404](<https://vulners.com/cve/CVE-2020-1404>)4.6Warning \n[CVE-2020-1405](<https://vulners.com/cve/CVE-2020-1405>)3.6Warning \n[CVE-2020-1406](<https://vulners.com/cve/CVE-2020-1406>)7.2High \n[CVE-2020-1336](<https://vulners.com/cve/CVE-2020-1336>)4.6Warning \n[CVE-2020-1330](<https://vulners.com/cve/CVE-2020-1330>)2.1Warning \n[CVE-2020-1463](<https://vulners.com/cve/CVE-2020-1463>)4.6Warning \n[CVE-2020-1382](<https://vulners.com/cve/CVE-2020-1382>)4.6Warning \n[CVE-2020-1381](<https://vulners.com/cve/CVE-2020-1381>)4.6Warning \n[CVE-2020-1387](<https://vulners.com/cve/CVE-2020-1387>)4.6Warning \n[CVE-2020-1386](<https://vulners.com/cve/CVE-2020-1386>)2.1Warning \n[CVE-2020-1385](<https://vulners.com/cve/CVE-2020-1385>)4.6Warning \n[CVE-2020-1388](<https://vulners.com/cve/CVE-2020-1388>)4.6Warning \n[CVE-2020-1398](<https://vulners.com/cve/CVE-2020-1398>)4.6Warning \n[CVE-2020-1399](<https://vulners.com/cve/CVE-2020-1399>)4.6Warning \n[CVE-2020-1394](<https://vulners.com/cve/CVE-2020-1394>)4.6Warning \n[CVE-2020-1395](<https://vulners.com/cve/CVE-2020-1395>)4.6Warning \n[CVE-2020-1391](<https://vulners.com/cve/CVE-2020-1391>)2.1Warning \n[CVE-2020-1392](<https://vulners.com/cve/CVE-2020-1392>)4.6Warning \n[CVE-2020-1361](<https://vulners.com/cve/CVE-2020-1361>)2.1Warning \n[CVE-2020-1363](<https://vulners.com/cve/CVE-2020-1363>)4.6Warning \n[CVE-2020-1362](<https://vulners.com/cve/CVE-2020-1362>)4.6Warning \n[CVE-2020-1364](<https://vulners.com/cve/CVE-2020-1364>)3.6Warning \n[CVE-2020-1367](<https://vulners.com/cve/CVE-2020-1367>)2.1Warning \n[CVE-2020-1366](<https://vulners.com/cve/CVE-2020-1366>)4.6Warning \n[CVE-2020-1369](<https://vulners.com/cve/CVE-2020-1369>)4.6Warning \n[CVE-2020-1368](<https://vulners.com/cve/CVE-2020-1368>)4.6Warning \n[CVE-2020-1434](<https://vulners.com/cve/CVE-2020-1434>)4.6Warning \n[CVE-2020-1431](<https://vulners.com/cve/CVE-2020-1431>)4.6Warning \n[CVE-2020-1372](<https://vulners.com/cve/CVE-2020-1372>)4.6Warning \n[CVE-2020-1370](<https://vulners.com/cve/CVE-2020-1370>)4.6Warning \n[CVE-2020-1375](<https://vulners.com/cve/CVE-2020-1375>)4.6Warning \n[CVE-2020-1249](<https://vulners.com/cve/CVE-2020-1249>)4.6Warning \n[CVE-2020-1429](<https://vulners.com/cve/CVE-2020-1429>)7.2High \n[CVE-2020-1426](<https://vulners.com/cve/CVE-2020-1426>)2.1Warning \n[CVE-2020-1424](<https://vulners.com/cve/CVE-2020-1424>)7.2High \n[CVE-2020-1422](<https://vulners.com/cve/CVE-2020-1422>)4.6Warning \n[CVE-2020-1423](<https://vulners.com/cve/CVE-2020-1423>)4.6Warning \n[CVE-2020-1420](<https://vulners.com/cve/CVE-2020-1420>)2.1Warning\n\n### *KB list*:\n[4565541](<http://support.microsoft.com/kb/4565541>) \n[4558998](<http://support.microsoft.com/kb/4558998>) \n[4565489](<http://support.microsoft.com/kb/4565489>) \n[4565483](<http://support.microsoft.com/kb/4565483>) \n[4565508](<http://support.microsoft.com/kb/4565508>) \n[4565511](<http://support.microsoft.com/kb/4565511>) \n[4565513](<http://support.microsoft.com/kb/4565513>) \n[4565537](<http://support.microsoft.com/kb/4565537>) \n[4565503](<http://support.microsoft.com/kb/4565503>) \n[4565540](<http://support.microsoft.com/kb/4565540>) \n[4565554](<http://support.microsoft.com/kb/4565554>) \n[4565553](<http://support.microsoft.com/kb/4565553>) \n[4566425](<http://support.microsoft.com/kb/4566425>) \n[4558997](<http://support.microsoft.com/kb/4558997>) \n[4565911](<http://support.microsoft.com/kb/4565911>) \n[4565912](<http://support.microsoft.com/kb/4565912>) \n[4566785](<http://support.microsoft.com/kb/4566785>) \n[4566426](<http://support.microsoft.com/kb/4566426>) \n[4565535](<http://support.microsoft.com/kb/4565535>) \n[4565552](<http://support.microsoft.com/kb/4565552>) \n[4571692](<http://support.microsoft.com/kb/4571692>) \n[4571694](<http://support.microsoft.com/kb/4571694>)\n\n### *Microsoft official advisories*:", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2020-07-14T00:00:00", "type": "kaspersky", "title": "KLA11865 Multiple vulnerabilities in Microsoft Windows", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1032", "CVE-2020-1036", "CVE-2020-1040", "CVE-2020-1041", "CVE-2020-1042", "CVE-2020-1043", "CVE-2020-1085", "CVE-2020-1249", "CVE-2020-1267", "CVE-2020-1330", "CVE-2020-1333", "CVE-2020-1336", "CVE-2020-1344", "CVE-2020-1346", "CVE-2020-1347", "CVE-2020-1350", "CVE-2020-1351", "CVE-2020-1352", "CVE-2020-1353", "CVE-2020-1354", "CVE-2020-1355", "CVE-2020-1356", "CVE-2020-1357", "CVE-2020-1358", "CVE-2020-1359", "CVE-2020-1360", "CVE-2020-1361", "CVE-2020-1362", "CVE-2020-1363", "CVE-2020-1364", "CVE-2020-1365", "CVE-2020-1366", "CVE-2020-1367", "CVE-2020-1368", "CVE-2020-1369", "CVE-2020-1370", "CVE-2020-1371", "CVE-2020-1372", "CVE-2020-1373", "CVE-2020-1374", "CVE-2020-1375", "CVE-2020-1381", "CVE-2020-1382", "CVE-2020-1384", "CVE-2020-1385", "CVE-2020-1386", "CVE-2020-1387", "CVE-2020-1388", "CVE-2020-1389", "CVE-2020-1390", "CVE-2020-1391", "CVE-2020-1392", "CVE-2020-1393", "CVE-2020-1394", "CVE-2020-1395", "CVE-2020-1396", "CVE-2020-1397", "CVE-2020-1398", "CVE-2020-1399", "CVE-2020-1400", "CVE-2020-1401", "CVE-2020-1402", "CVE-2020-1404", "CVE-2020-1405", "CVE-2020-1406", "CVE-2020-1407", "CVE-2020-1408", "CVE-2020-1409", "CVE-2020-1410", "CVE-2020-1411", "CVE-2020-1412", "CVE-2020-1413", "CVE-2020-1414", "CVE-2020-1415", "CVE-2020-1418", "CVE-2020-1419", "CVE-2020-1420", "CVE-2020-1421", "CVE-2020-1422", "CVE-2020-1423", "CVE-2020-1424", "CVE-2020-1426", "CVE-2020-1427", "CVE-2020-1428", "CVE-2020-1429", "CVE-2020-1430", "CVE-2020-1431", "CVE-2020-1434", "CVE-2020-1435", "CVE-2020-1436", "CVE-2020-1437", "CVE-2020-1438", "CVE-2020-1463", "CVE-2020-1468"], "modified": "2020-09-10T00:00:00", "id": "KLA11865", "href": "https://threats.kaspersky.com/en/vulnerability/KLA11865/", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-06-06T15:24:19", "description": "### *Detect date*:\n07/14/2020\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple vulnerabilities were found in Microsoft Browser. Malicious users can exploit these vulnerabilities to obtain sensitive information, execute arbitrary code.\n\n### *Exploitation*:\nMalware exists for this vulnerability. Usually such malware is classified as Exploit. [More details](<https://threats.kaspersky.com/en/class/Exploit/>).\n\n### *Affected products*:\nInternet Explorer 9 \nInternet Explorer 11 \nMicrosoft Edge (EdgeHTML-based)\n\n### *Solution*:\nInstall necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)\n\n### *Original advisories*:\n[CVE-2020-1462](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1462>) \n[CVE-2020-1432](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1432>) \n[CVE-2020-1433](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1433>) \n[CVE-2020-1403](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1403>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Microsoft Internet Explorer](<https://threats.kaspersky.com/en/product/Microsoft-Internet-Explorer/>)\n\n### *CVE-IDS*:\n[CVE-2020-1462](<https://vulners.com/cve/CVE-2020-1462>)4.3Warning \n[CVE-2020-1432](<https://vulners.com/cve/CVE-2020-1432>)4.3Warning \n[CVE-2020-1433](<https://vulners.com/cve/CVE-2020-1433>)4.3Warning \n[CVE-2020-1403](<https://vulners.com/cve/CVE-2020-1403>)7.6Critical\n\n### *KB list*:\n[4565541](<http://support.microsoft.com/kb/4565541>) \n[4565524](<http://support.microsoft.com/kb/4565524>) \n[4558998](<http://support.microsoft.com/kb/4558998>) \n[4565489](<http://support.microsoft.com/kb/4565489>) \n[4565479](<http://support.microsoft.com/kb/4565479>) \n[4565483](<http://support.microsoft.com/kb/4565483>) \n[4565508](<http://support.microsoft.com/kb/4565508>) \n[4565511](<http://support.microsoft.com/kb/4565511>) \n[4565513](<http://support.microsoft.com/kb/4565513>) \n[4565537](<http://support.microsoft.com/kb/4565537>) \n[4565503](<http://support.microsoft.com/kb/4565503>)\n\n### *Microsoft official advisories*:", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-07-14T00:00:00", "type": "kaspersky", "title": "KLA11858 Multiple vulnerabilities in Microsoft Browser", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1403", "CVE-2020-1432", "CVE-2020-1433", "CVE-2020-1462"], "modified": "2020-07-22T00:00:00", "id": "KLA11858", "href": "https://threats.kaspersky.com/en/vulnerability/KLA11858/", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}], "cve": [{"lastseen": "2023-06-06T14:24:02", "description": "An elevation of privilege vulnerability exists in the way that the Windows Network Connections Service handles objects in memory, aka 'Windows Network Connections Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1373, CVE-2020-1390, CVE-2020-1427, CVE-2020-1428.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-07-14T23:15:00", "type": "cve", "title": "CVE-2020-1438", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1373", "CVE-2020-1390", "CVE-2020-1427", "CVE-2020-1428", "CVE-2020-1438"], "modified": "2021-07-21T11:39:00", "cpe": ["cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_server_2016:1909", "cpe:/o:microsoft:windows_10:1709", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_10:1903", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_server_2016:1903", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:1909"], "id": "CVE-2020-1438", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1438", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:itanium:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*"]}, {"lastseen": "2023-06-06T14:22:51", "description": "An elevation of privilege vulnerability exists in the way that the Windows Network Connections Service handles objects in memory, aka 'Windows Network Connections Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1373, CVE-2020-1427, CVE-2020-1428, CVE-2020-1438.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-07-14T23:15:00", "type": "cve", "title": "CVE-2020-1390", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1373", "CVE-2020-1390", "CVE-2020-1427", "CVE-2020-1428", "CVE-2020-1438"], "modified": "2021-07-21T11:39:00", "cpe": ["cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_server_2016:1909", "cpe:/o:microsoft:windows_10:1709", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_10:1903", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_server_2016:1903", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:1909"], "id": "CVE-2020-1390", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1390", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:itanium:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*"]}, {"lastseen": "2023-06-06T14:23:44", "description": "An elevation of privilege vulnerability exists in the way that the Windows Network Connections Service handles objects in memory, aka 'Windows Network Connections Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1373, CVE-2020-1390, CVE-2020-1428, CVE-2020-1438.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-07-14T23:15:00", "type": "cve", "title": "CVE-2020-1427", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1373", "CVE-2020-1390", "CVE-2020-1427", "CVE-2020-1428", "CVE-2020-1438"], "modified": "2021-07-21T11:39:00", "cpe": ["cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_server_2016:1909", "cpe:/o:microsoft:windows_10:1709", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_10:1903", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_server_2016:1903", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:1909"], "id": "CVE-2020-1427", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1427", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:itanium:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*"]}, {"lastseen": "2023-06-06T14:23:47", "description": "An elevation of privilege vulnerability exists in the way that the Windows Network Connections Service handles objects in memory, aka 'Windows Network Connections Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1373, CVE-2020-1390, CVE-2020-1427, CVE-2020-1438.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-07-14T23:15:00", "type": "cve", "title": "CVE-2020-1428", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1373", "CVE-2020-1390", "CVE-2020-1427", "CVE-2020-1428", "CVE-2020-1438"], "modified": "2021-07-21T11:39:00", "cpe": ["cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_server_2016:1909", "cpe:/o:microsoft:windows_10:1709", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_10:1903", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_server_2016:1903", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:1909"], "id": "CVE-2020-1428", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1428", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:itanium:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*"]}, {"lastseen": "2023-06-06T14:22:23", "description": "An elevation of privilege vulnerability exists in the way that the Windows Network Connections Service handles objects in memory, aka 'Windows Network Connections Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1390, CVE-2020-1427, CVE-2020-1428, CVE-2020-1438.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-07-14T23:15:00", "type": "cve", "title": "CVE-2020-1373", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1373", "CVE-2020-1390", "CVE-2020-1427", "CVE-2020-1428", "CVE-2020-1438"], "modified": "2021-07-21T11:39:00", "cpe": ["cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_server_2016:1909", "cpe:/o:microsoft:windows_10:1709", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_10:1903", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_server_2016:1903", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:1909"], "id": "CVE-2020-1373", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1373", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:itanium:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*"]}, {"lastseen": "2023-06-06T14:23:11", "description": "A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1400, CVE-2020-1407.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-07-14T23:15:00", "type": "cve", "title": "CVE-2020-1401", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1400", "CVE-2020-1401", "CVE-2020-1407"], "modified": "2021-07-21T11:39:00", "cpe": ["cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_server_2016:1909", "cpe:/o:microsoft:windows_10:1709", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_10:1903", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_server_2016:1903", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:1909"], "id": "CVE-2020-1401", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1401", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*"]}, {"lastseen": "2023-06-06T14:23:18", "description": "A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1400, CVE-2020-1401.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-07-14T23:15:00", "type": "cve", "title": "CVE-2020-1407", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1400", "CVE-2020-1401", "CVE-2020-1407"], "modified": "2021-07-21T11:39:00", "cpe": ["cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_server_2016:1909", "cpe:/o:microsoft:windows_10:1709", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_10:1903", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_server_2016:1903", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:1909"], "id": "CVE-2020-1407", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1407", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*"]}, {"lastseen": "2023-06-06T14:23:09", "description": "A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1401, CVE-2020-1407.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-07-14T23:15:00", "type": "cve", "title": "CVE-2020-1400", "cwe": ["CWE-191"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1400", "CVE-2020-1401", "CVE-2020-1407"], "modified": "2022-04-27T15:35:00", "cpe": ["cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_server_2016:1909", "cpe:/o:microsoft:windows_10:1709", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_10:1903", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_server_2016:1903", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:1909"], "id": "CVE-2020-1400", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1400", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*"]}, {"lastseen": "2023-06-06T14:23:46", "description": "An elevation of privilege vulnerability exists when the Windows UPnP Device Host improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows UPnP Device Host Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1354.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-07-14T23:15:00", "type": "cve", "title": "CVE-2020-1430", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1354", "CVE-2020-1430"], "modified": "2021-07-21T11:39:00", "cpe": ["cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_server_2016:1909", "cpe:/o:microsoft:windows_10:1709", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_10:1903", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_server_2016:1903", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:1909"], "id": "CVE-2020-1430", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1430", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*"]}, {"lastseen": "2023-06-06T14:21:56", "description": "An elevation of privilege vulnerability exists when the Windows UPnP Device Host improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows UPnP Device Host Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1430.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-07-14T23:15:00", "type": "cve", "title": "CVE-2020-1354", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1354", "CVE-2020-1430"], "modified": "2021-07-21T11:39:00", "cpe": ["cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_10:1709", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_10:1903", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_server_2016:1903", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:1909"], "id": "CVE-2020-1354", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1354", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*"]}, {"lastseen": "2023-06-06T14:22:13", "description": "An elevation of privilege vulnerability exists when the Windows Event Logging Service improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Event Logging Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1371.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-07-14T23:15:00", "type": "cve", "title": "CVE-2020-1365", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1365", "CVE-2020-1371"], "modified": "2021-07-21T11:39:00", "cpe": ["cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_server_2016:1909", "cpe:/o:microsoft:windows_10:1709", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_10:1903", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_server_2016:1903", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:1909"], "id": "CVE-2020-1365", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1365", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*"]}, {"lastseen": "2023-06-06T14:22:20", "description": "An elevation of privilege vulnerability exists when the Windows Event Logging Service improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Event Logging Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1365.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-07-14T23:15:00", "type": "cve", "title": "CVE-2020-1371", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1365", "CVE-2020-1371"], "modified": "2021-07-21T11:39:00", "cpe": ["cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_server_2016:1909", "cpe:/o:microsoft:windows_10:1709", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_10:1903", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_server_2016:1903", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:1909"], "id": "CVE-2020-1371", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1371", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*"]}, {"lastseen": "2023-06-06T14:22:40", "description": "An elevation of privilege vulnerability exists when the Windows Cryptography Next Generation (CNG) Key Isolation service improperly handles memory, aka 'Windows CNG Key Isolation Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1359.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-07-14T23:15:00", "type": "cve", "title": "CVE-2020-1384", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1359", "CVE-2020-1384"], "modified": "2021-07-21T11:39:00", "cpe": ["cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_server_2016:1909", "cpe:/o:microsoft:windows_10:1709", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_10:1903", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_server_2016:1903", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:1909"], "id": "CVE-2020-1384", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1384", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*"]}, {"lastseen": "2023-06-06T14:22:04", "description": "An elevation of privilege vulnerability exists when the Windows Cryptography Next Generation (CNG) Key Isolation service improperly handles memory, aka 'Windows CNG Key Isolation Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1384.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-07-14T23:15:00", "type": "cve", "title": "CVE-2020-1359", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1359", "CVE-2020-1384"], "modified": "2021-07-21T11:39:00", "cpe": ["cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_server_2016:1909", "cpe:/o:microsoft:windows_10:1709", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_10:1903", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_server_2016:1903", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:1909"], "id": "CVE-2020-1359", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1359", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*"]}, {"lastseen": "2023-06-06T14:22:49", "description": "An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-1367, CVE-2020-1419, CVE-2020-1426.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-07-14T23:15:00", "type": "cve", "title": "CVE-2020-1389", "cwe": ["CWE-665"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1367", "CVE-2020-1389", "CVE-2020-1419", "CVE-2020-1426"], "modified": "2021-07-21T11:39:00", "cpe": ["cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_server_2016:1909", "cpe:/o:microsoft:windows_10:1709", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_10:1903", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_server_2016:1903", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:1909"], "id": "CVE-2020-1389", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1389", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*"]}, {"lastseen": "2023-06-06T14:23:43", "description": "An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-1367, CVE-2020-1389, CVE-2020-1419.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-07-14T23:15:00", "type": "cve", "title": "CVE-2020-1426", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1367", "CVE-2020-1389", "CVE-2020-1419", "CVE-2020-1426"], "modified": "2021-07-21T11:39:00", "cpe": ["cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_server_2016:1909", "cpe:/o:microsoft:windows_server_2016:1903", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_10:1903", "cpe:/o:microsoft:windows_10:1809"], "id": "CVE-2020-1426", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1426", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*"]}, {"lastseen": "2023-06-06T14:22:19", "description": "An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-1389, CVE-2020-1419, CVE-2020-1426.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-07-14T23:15:00", "type": "cve", "title": "CVE-2020-1367", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1367", "CVE-2020-1389", "CVE-2020-1419", "CVE-2020-1426"], "modified": "2021-07-21T11:39:00", "cpe": ["cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_server_2016:1909", "cpe:/o:microsoft:windows_server_2016:1903", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_10:1903", "cpe:/o:microsoft:windows_10:1809"], "id": "CVE-2020-1367", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1367", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*"]}, {"lastseen": "2023-06-06T14:23:36", "description": "An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-1367, CVE-2020-1389, CVE-2020-1426.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-07-14T23:15:00", "type": "cve", "title": "CVE-2020-1419", "cwe": ["CWE-909"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1367", "CVE-2020-1389", "CVE-2020-1419", "CVE-2020-1426"], "modified": "2021-07-21T11:39:00", "cpe": ["cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_server_2016:1909", "cpe:/o:microsoft:windows_10:1709", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_10:1903", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_server_2016:1903", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_10:1909"], "id": "CVE-2020-1419", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1419", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:x86:*"]}, {"lastseen": "2023-06-06T14:21:59", "description": "An elevation of privilege vulnerability exists when the Windows iSCSI Target Service improperly handles file operations, aka 'Windows iSCSI Target Service Elevation of Privilege Vulnerability'.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-07-14T23:15:00", "type": "cve", "title": "CVE-2020-1356", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1356"], "modified": "2021-07-21T11:39:00", "cpe": ["cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_server_2016:1909", "cpe:/o:microsoft:windows_server_2016:1903", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_server_2016:-"], "id": "CVE-2020-1356", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1356", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*"]}, {"lastseen": "2023-06-06T14:23:20", "description": "A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts, aka 'Microsoft Graphics Remote Code Execution Vulnerability'.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-07-14T23:15:00", "type": "cve", "title": "CVE-2020-1408", "cwe": ["CWE-346"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1408"], "modified": "2020-09-28T12:58:00", "cpe": ["cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_server_2016:1909", "cpe:/o:microsoft:windows_10:1709", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_10:1903", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_server_2016:1903", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_10:1909"], "id": "CVE-2020-1408", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1408", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:x86:*"]}, {"lastseen": "2023-06-06T14:22:06", "description": "An elevation of privilege vulnerability exists when the Windows Profile Service improperly handles file operations, aka 'Windows Profile Service Elevation of Privilege Vulnerability'.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-07-14T23:15:00", "type": "cve", "title": "CVE-2020-1360", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1360"], "modified": "2021-07-21T11:39:00", "cpe": ["cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_server_2016:1909", "cpe:/o:microsoft:windows_10:1709", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_10:1903", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_server_2016:1903", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:1909"], "id": "CVE-2020-1360", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1360", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*"]}, {"lastseen": "2023-06-06T14:23:12", "description": "An elevation of privilege vulnerability exists when the Windows ActiveX Installer Service improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows ActiveX Installer Service Elevation of Privilege Vulnerability'.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-07-14T23:15:00", "type": "cve", "title": "CVE-2020-1402", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1402"], "modified": "2021-07-21T11:39:00", "cpe": ["cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_server_2016:1909", "cpe:/o:microsoft:windows_10:1709", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_10:1903", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_server_2016:1903", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:1909"], "id": "CVE-2020-1402", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1402", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*"]}, {"lastseen": "2023-06-06T14:23:14", "description": "A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'VBScript Remote Code Execution Vulnerability'.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-07-14T23:15:00", "type": "cve", "title": "CVE-2020-1403", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1403"], "modified": "2021-07-21T11:39:00", "cpe": ["cpe:/a:microsoft:internet_explorer:11", "cpe:/a:microsoft:internet_explorer:9"], "id": "CVE-2020-1403", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1403", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:microsoft:internet_explorer:11:-:*:*:*:*:*:*", "cpe:2.3:a:microsoft:internet_explorer:9:*:*:*:*:*:*:*"]}, {"lastseen": "2023-06-06T14:23:26", "description": "A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory, aka 'Microsoft Graphics Components Remote Code Execution Vulnerability'.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-07-14T23:15:00", "type": "cve", "title": "CVE-2020-1412", "cwe": ["CWE-269"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1412"], "modified": "2021-07-21T11:39:00", "cpe": ["cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_server_2016:1909", "cpe:/o:microsoft:windows_10:1709", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_10:1903", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_server_2016:1903", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_10:1909"], "id": "CVE-2020-1412", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1412", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:x86:*"]}, {"lastseen": "2023-06-06T14:23:02", "description": "An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC).An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system, aka 'Windows ALPC Elevation of Privilege Vulnerability'.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-07-14T23:15:00", "type": "cve", "title": "CVE-2020-1396", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1396"], "modified": "2021-07-21T11:39:00", "cpe": ["cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_server_2016:1909", "cpe:/o:microsoft:windows_10:1709", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_10:1903", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_server_2016:1903", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:1909"], "id": "CVE-2020-1396", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1396", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*"]}, {"lastseen": "2023-06-06T14:23:23", "description": "A remote code execution vulnerability exists when Windows Address Book (WAB) improperly processes vcard files.To exploit the vulnerability, an attacker could send a malicious vcard that a victim opens using Windows Address Book (WAB), aka 'Windows Address Book Remote Code Execution Vulnerability'.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-07-14T23:15:00", "type": "cve", "title": "CVE-2020-1410", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1410"], "modified": "2020-09-28T12:58:00", "cpe": ["cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_server_2016:1909", "cpe:/o:microsoft:windows_10:1709", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_10:1903", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_server_2016:1903", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_10:1909"], "id": "CVE-2020-1410", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1410", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:x86:*"]}, {"lastseen": "2023-06-06T14:23:59", "description": "An elevation of privilege vulnerability exists in the way that the Windows Network Location Awareness Service handles objects in memory, aka 'Windows Network Location Awareness Service Elevation of Privilege Vulnerability'.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-07-14T23:15:00", "type": "cve", "title": "CVE-2020-1437", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1437"], "modified": "2021-07-21T11:39:00", "cpe": ["cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_server_2016:1909", "cpe:/o:microsoft:windows_10:1709", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_10:1903", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_server_2016:1903", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:1909"], "id": "CVE-2020-1437", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1437", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*"]}, {"lastseen": "2023-06-06T14:22:19", "description": "An elevation of privilege vulnerability exists in the way that the Credential Enrollment Manager service handles objects in memory, aka 'Windows Credential Enrollment Manager Service Elevation of Privilege Vulnerability'.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-07-14T23:15:00", "type": "cve", "title": "CVE-2020-1368", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1368"], "modified": "2021-07-21T11:39:00", "cpe": ["cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_server_2016:1909", "cpe:/o:microsoft:windows_10:1709", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_server_2016:1903", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_10:1903", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_10:1607"], "id": "CVE-2020-1368", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1368", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*"]}, {"lastseen": "2023-06-06T14:23:16", "description": "An elevation of privilege vulnerability exists in the way that the Windows Network List Service handles objects in memory, aka 'Windows Network List Service Elevation of Privilege Vulnerability'.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-07-14T23:15:00", "type": "cve", "title": "CVE-2020-1406", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1406"], "modified": "2021-07-21T11:39:00", "cpe": ["cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_server_2016:1909", "cpe:/o:microsoft:windows_server_2016:1903", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_10:1903", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_server_2016:-"], "id": "CVE-2020-1406", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1406", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:x86:*"]}, {"lastseen": "2023-06-06T14:23:04", "description": "An information disclosure vulnerability exists in Windows when the Windows Imaging Component fails to properly handle objects in memory, aka 'Windows Imaging Component Information Disclosure Vulnerability'.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2020-07-14T23:15:00", "type": "cve", "title": "CVE-2020-1397", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1397"], "modified": "2021-07-21T11:39:00", "cpe": ["cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_server_2016:1909", "cpe:/o:microsoft:windows_10:1709", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_10:1903", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_server_2016:1903", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:1909"], "id": "CVE-2020-1397", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1397", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*"]}, {"lastseen": "2023-06-06T14:23:55", "description": "A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory, aka 'GDI+ Remote Code Execution Vulnerability'.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-07-14T23:15:00", "type": "cve", "title": "CVE-2020-1435", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1435"], "modified": "2021-07-21T11:39:00", "cpe": ["cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_server_2016:1909", "cpe:/o:microsoft:windows_10:1709", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_10:1903", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_server_2016:1903", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:1909"], "id": "CVE-2020-1435", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1435", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*"]}, {"lastseen": "2023-06-06T14:19:41", "description": "This security update corrects a denial of service in the Local Security Authority Subsystem Service (LSASS) caused when an authenticated attacker sends a specially crafted authentication request, aka 'Local Security Authority Subsystem Service Denial of Service Vulnerability'.", "cvss3": {"exploitabilityScore": 1.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "baseScore": 4.9, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-07-14T23:15:00", "type": "cve", "title": "CVE-2020-1267", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1267"], "modified": "2021-07-21T11:39:00", "cpe": ["cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_server_2016:1909", "cpe:/o:microsoft:windows_10:1709", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_10:1903", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_server_2016:1903", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:1909"], "id": "CVE-2020-1267", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1267", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*"]}, {"lastseen": "2023-06-06T14:23:51", "description": "An information disclosure vulnerability exists when Skype for Business is accessed via Internet Explorer, aka 'Skype for Business via Internet Explorer Information Disclosure Vulnerability'.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 1.4}, "published": "2020-07-14T23:15:00", "type": "cve", "title": "CVE-2020-1432", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1432"], "modified": "2021-07-21T11:39:00", "cpe": ["cpe:/a:microsoft:internet_explorer:11"], "id": "CVE-2020-1432", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1432", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:microsoft:internet_explorer:11:-:*:*:*:*:*:*"]}, {"lastseen": "2023-06-06T14:23:22", "description": "A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory, aka 'DirectWrite Remote Code Execution Vulnerability'.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-07-14T23:15:00", "type": "cve", "title": "CVE-2020-1409", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1409"], "modified": "2021-07-21T11:39:00", "cpe": ["cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_server_2016:1909", "cpe:/o:microsoft:windows_10:1709", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_10:1903", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_server_2016:1903", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_10:1909"], "id": "CVE-2020-1409", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1409", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:x86:*"]}, {"lastseen": "2023-06-06T14:22:24", "description": "A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server, aka 'Remote Desktop Client Remote Code Execution Vulnerability'.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-07-14T23:15:00", "type": "cve", "title": "CVE-2020-1374", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1374"], "modified": "2021-07-21T11:39:00", "cpe": ["cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_server_2016:1909", "cpe:/o:microsoft:windows_10:1709", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_10:1903", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_server_2016:1903", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:1909"], "id": "CVE-2020-1374", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1374", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*"]}, {"lastseen": "2023-06-06T14:23:59", "description": "A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted fonts.For all systems except Windows 10, an attacker who successfully exploited the vulnerability could execute code remotely, aka 'Windows Font Library Remote Code Execution Vulnerability'.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-07-14T23:15:00", "type": "cve", "title": "CVE-2020-1436", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1436"], "modified": "2022-05-03T13:00:00", "cpe": ["cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_server_2016:1909", "cpe:/o:microsoft:windows_10:1709", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_10:1903", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_server_2016:1903", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:1909"], "id": "CVE-2020-1436", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1436", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*: