Microsoft Windows NtUserResolveDesktopForWOW Heap-based Buffer Overflow Privilege Escalation Vulnerability
2020-02-20T00:00:00
ID ZDI-20-259 Type zdi Reporter anch0vy@theori, kkokkokye@theori Modified 2020-06-22T00:00:00
Description
This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the function NtUserResolveDesktopForWOW. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of SYSTEM.
{"id": "ZDI-20-259", "bulletinFamily": "info", "title": "Microsoft Windows NtUserResolveDesktopForWOW Heap-based Buffer Overflow Privilege Escalation Vulnerability", "description": "This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the function NtUserResolveDesktopForWOW. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of SYSTEM.", "published": "2020-02-20T00:00:00", "modified": "2020-06-22T00:00:00", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "href": "https://www.zerodayinitiative.com/advisories/ZDI-20-259/", "reporter": "anch0vy@theori, kkokkokye@theori", "references": ["https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0792"], "cvelist": ["CVE-2020-0792"], "type": "zdi", "lastseen": "2020-06-22T11:42:34", "edition": 1, "viewCount": 3, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2020-0792"]}, {"type": "mscve", "idList": ["MS:CVE-2020-0792"]}, {"type": "nessus", "idList": ["SMB_NT_MS20_FEB_4532693.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310816562"]}], "modified": "2020-06-22T11:42:34", "rev": 2}, "score": {"value": 4.9, "vector": "NONE", "modified": "2020-06-22T11:42:34", "rev": 2}, "vulnersScore": 4.9}}
{"cve": [{"lastseen": "2020-10-03T12:55:46", "description": "An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory, aka 'Windows Graphics Component Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0715, CVE-2020-0745.", "edition": 5, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-02-11T22:15:00", "title": "CVE-2020-0792", "type": "cve", "cwe": ["CWE-269"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-0792"], "modified": "2020-02-20T17:15:00", "cpe": ["cpe:/o:microsoft:windows_10:1903", "cpe:/o:microsoft:windows_server_2016:1909", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_server_2016:1903"], "id": "CVE-2020-0792", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-0792", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*"]}], "mscve": [{"lastseen": "2020-08-07T11:48:32", "bulletinFamily": "microsoft", "cvelist": ["CVE-2020-0792"], "description": "An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context.\n\nIn a local attack scenario, an attacker could exploit this vulnerability by running a specially crafted application to take control over the affected system.\n\nThe update addresses the vulnerability by correcting the way in which the Microsoft Graphics Component handles objects in memory and preventing unintended elevation from user mode.\n", "edition": 2, "modified": "2020-02-13T08:00:00", "id": "MS:CVE-2020-0792", "href": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0792", "published": "2020-02-13T08:00:00", "title": "Windows Graphics Component Elevation of Privilege Vulnerability", "type": "mscve", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "kaspersky": [{"lastseen": "2020-09-02T11:42:54", "bulletinFamily": "info", "cvelist": ["CVE-2020-0737", "CVE-2020-0751", "CVE-2020-0743", "CVE-2020-0678", "CVE-2020-0720", "CVE-2020-0745", "CVE-2020-0738", "CVE-2020-0750", "CVE-2020-0731", "CVE-2020-0657", "CVE-2020-0675", "CVE-2020-0660", "CVE-2020-0721", "CVE-2020-0732", "CVE-2020-0672", "CVE-2020-0669", "CVE-2020-0658", "CVE-2020-0671", "CVE-2020-0818", "CVE-2020-0659", "CVE-2020-0704", "CVE-2020-0726", "CVE-2020-0724", "CVE-2020-0734", "CVE-2020-0723", "CVE-2020-0677", "CVE-2020-0683", "CVE-2020-0703", "CVE-2020-0680", "CVE-2020-0707", "CVE-2020-0755", "CVE-2020-0714", "CVE-2020-0725", "CVE-2020-0792", "CVE-2020-0701", "CVE-2020-0744", "CVE-2020-0698", "CVE-2020-0655", "CVE-2020-0757", "CVE-2020-0676", "CVE-2020-0681", "CVE-2020-0682", "CVE-2020-0708", "CVE-2020-0691", "CVE-2020-0722", "CVE-2020-0740", "CVE-2020-0754", "CVE-2020-0730", "CVE-2020-0735", "CVE-2020-0753", "CVE-2020-0689", "CVE-2020-0739", "CVE-2020-0727", "CVE-2020-0709", "CVE-2020-0752", "CVE-2020-0729", "CVE-2020-0749", "CVE-2020-0665", "CVE-2020-0667", "CVE-2020-0747", "CVE-2020-0746", "CVE-2020-0662", "CVE-2020-0742", "CVE-2020-0668", "CVE-2020-0686", "CVE-2020-0719", "CVE-2020-0705", "CVE-2020-0715", "CVE-2020-0661", "CVE-2020-0685", "CVE-2020-0716", "CVE-2020-0717", "CVE-2020-0679", "CVE-2020-0666", "CVE-2020-0756", "CVE-2020-0741", "CVE-2020-0670", "CVE-2020-0817", "CVE-2020-0748", "CVE-2020-0728"], "description": "### *Detect date*:\n02/11/2020\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to gain privileges, obtain sensitive information, execute arbitrary code, cause denial of service, bypass security restrictions.\n\n### *Exploitation*:\nMalware exists for this vulnerability. Usually such malware is classified as Exploit. [More details](<https://threats.kaspersky.com/en/class/Exploit/>).\n\n### *Affected products*:\nWindows 10 Version 1909 for ARM64-based Systems \nWindows Server 2008 for Itanium-Based Systems Service Pack 2 \nWindows Server 2008 R2 for Itanium-Based Systems Service Pack 1 \nWindows 10 Version 1809 for x64-based Systems \nWindows Server 2019 (Server Core installation) \nWindows 10 Version 1903 for x64-based Systems \nWindows 10 for 32-bit Systems \nWindows RT 8.1 \nWindows Server, version 1903 (Server Core installation) \nWindows 10 Version 1803 for 32-bit Systems \nWindows 7 for 32-bit Systems Service Pack 1 \nWindows Server 2008 R2 for x64-based Systems Service Pack 1 \nWindows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) \nWindows 10 Version 1809 for ARM64-based Systems \nWindows 10 Version 1903 for ARM64-based Systems \nWindows 10 Version 1607 for x64-based Systems \nWindows Server 2012 R2 \nWindows 10 Version 1803 for x64-based Systems \nWindows Server 2012 (Server Core installation) \nWindows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) \nWindows 10 Version 1809 for 32-bit Systems \nWindows 10 Version 1709 for x64-based Systems \nWindows Server 2008 for x64-based Systems Service Pack 2 \nWindows Server 2016 \nWindows Server 2019 \nWindows Server 2012 \nWindows 10 Version 1803 for ARM64-based Systems \nWindows 8.1 for x64-based systems \nWindows 10 Version 1607 for 32-bit Systems \nWindows Server, version 1909 (Server Core installation) \nWindows 7 for x64-based Systems Service Pack 1 \nWindows Server 2008 for 32-bit Systems Service Pack 2 \nWindows Server 2016 (Server Core installation) \nWindows 8.1 for 32-bit systems \nWindows 10 for x64-based Systems \nWindows 10 Version 1909 for 32-bit Systems \nWindows Server, version 1803 (Server Core Installation) \nWindows 10 Version 1709 for ARM64-based Systems \nWindows Server 2012 R2 (Server Core installation) \nWindows 10 Version 1909 for x64-based Systems \nWindows 10 Version 1709 for 32-bit Systems \nWindows 10 Version 1903 for 32-bit Systems \nWindows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)\n\n### *Solution*:\nInstall necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)\n\n### *Original advisories*:\n[CVE-2020-0739](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0739>) \n[CVE-2020-0727](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0727>) \n[CVE-2020-0742](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0742>) \n[CVE-2020-0659](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0659>) \n[CVE-2020-0730](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0730>) \n[CVE-2020-0703](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0703>) \n[CVE-2020-0701](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0701>) \n[CVE-2020-0728](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0728>) \n[CVE-2020-0729](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0729>) \n[CVE-2020-0704](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0704>) \n[CVE-2020-0705](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0705>) \n[CVE-2020-0707](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0707>) \n[CVE-2020-0722](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0722>) \n[CVE-2020-0723](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0723>) \n[CVE-2020-0720](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0720>) \n[CVE-2020-0721](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0721>) \n[CVE-2020-0726](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0726>) \n[CVE-2020-0746](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0746>) \n[CVE-2020-0724](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0724>) \n[CVE-2020-0725](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0725>) \n[CVE-2020-0662](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0662>) \n[CVE-2020-0661](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0661>) \n[CVE-2020-0747](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0747>) \n[CVE-2020-0667](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0667>) \n[CVE-2020-0666](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0666>) \n[CVE-2020-0665](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0665>) \n[CVE-2020-0740](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0740>) \n[CVE-2020-0669](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0669>) \n[CVE-2020-0668](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0668>) \n[CVE-2020-0734](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0734>) \n[CVE-2020-0681](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0681>) \n[CVE-2020-0680](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0680>) \n[CVE-2020-0683](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0683>) \n[CVE-2020-0682](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0682>) \n[CVE-2020-0685](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0685>) \n[CVE-2020-0672](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0672>) \n[CVE-2020-0686](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0686>) \n[CVE-2020-0689](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0689>) \n[CVE-2020-0743](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0743>) \n[CVE-2020-0708](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0708>) \n[CVE-2020-0709](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0709>) \n[CVE-2020-0657](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0657>) \n[CVE-2020-0719](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0719>) \n[CVE-2020-0732](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0732>) \n[CVE-2020-0750](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0750>) \n[CVE-2020-0717](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0717>) \n[CVE-2020-0716](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0716>) \n[CVE-2020-0715](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0715>) \n[CVE-2020-0660](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0660>) \n[CVE-2020-0678](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0678>) \n[CVE-2020-0679](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0679>) \n[CVE-2020-0731](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0731>) \n[CVE-2020-0675](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0675>) \n[CVE-2020-0676](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0676>) \n[CVE-2020-0677](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0677>) \n[CVE-2020-0670](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0670>) \n[CVE-2020-0671](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0671>) \n[CVE-2020-0737](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0737>) \n[CVE-2020-0753](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0753>) \n[CVE-2020-0752](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0752>) \n[CVE-2020-0751](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0751>) \n[CVE-2020-0655](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0655>) \n[CVE-2020-0757](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0757>) \n[CVE-2020-0756](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0756>) \n[CVE-2020-0755](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0755>) \n[CVE-2020-0738](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0738>) \n[CVE-2020-0735](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0735>) \n[CVE-2020-0754](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0754>) \n[CVE-2020-0792](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0792>) \n[CVE-2020-0658](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0658>) \n[CVE-2020-0744](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0744>) \n[CVE-2020-0691](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0691>) \n[CVE-2020-0741](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0741>) \n[CVE-2020-0748](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0748>) \n[CVE-2020-0698](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0698>) \n[CVE-2020-0745](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0745>) \n[CVE-2020-0714](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0714>) \n[CVE-2020-0749](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0749>) \n[CVE-2020-0818](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0818>) \n[CVE-2020-0817](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0817>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Microsoft Windows](<https://threats.kaspersky.com/en/product/Microsoft-Windows/>)\n\n### *CVE-IDS*:\n[CVE-2020-0739](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0739>)0.0Unknown \n[CVE-2020-0727](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0727>)0.0Unknown \n[CVE-2020-0742](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0742>)0.0Unknown \n[CVE-2020-0659](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0659>)0.0Unknown \n[CVE-2020-0730](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0730>)0.0Unknown \n[CVE-2020-0703](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0703>)0.0Unknown \n[CVE-2020-0701](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0701>)0.0Unknown \n[CVE-2020-0728](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0728>)0.0Unknown \n[CVE-2020-0729](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0729>)0.0Unknown \n[CVE-2020-0704](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0704>)0.0Unknown \n[CVE-2020-0705](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0705>)0.0Unknown \n[CVE-2020-0707](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0707>)0.0Unknown \n[CVE-2020-0722](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0722>)0.0Unknown \n[CVE-2020-0723](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0723>)0.0Unknown \n[CVE-2020-0720](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0720>)0.0Unknown \n[CVE-2020-0721](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0721>)0.0Unknown \n[CVE-2020-0726](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0726>)0.0Unknown \n[CVE-2020-0746](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0746>)0.0Unknown \n[CVE-2020-0724](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0724>)0.0Unknown \n[CVE-2020-0725](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0725>)0.0Unknown \n[CVE-2020-0662](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0662>)0.0Unknown \n[CVE-2020-0661](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0661>)0.0Unknown \n[CVE-2020-0747](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0747>)0.0Unknown \n[CVE-2020-0667](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0667>)0.0Unknown \n[CVE-2020-0666](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0666>)0.0Unknown \n[CVE-2020-0665](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0665>)0.0Unknown \n[CVE-2020-0740](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0740>)0.0Unknown \n[CVE-2020-0669](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0669>)0.0Unknown \n[CVE-2020-0668](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0668>)0.0Unknown \n[CVE-2020-0734](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0734>)0.0Unknown \n[CVE-2020-0681](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0681>)0.0Unknown \n[CVE-2020-0680](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0680>)0.0Unknown \n[CVE-2020-0683](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0683>)0.0Unknown \n[CVE-2020-0682](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0682>)0.0Unknown \n[CVE-2020-0685](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0685>)0.0Unknown \n[CVE-2020-0672](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0672>)0.0Unknown \n[CVE-2020-0686](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0686>)0.0Unknown \n[CVE-2020-0689](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0689>)0.0Unknown \n[CVE-2020-0743](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0743>)0.0Unknown \n[CVE-2020-0708](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0708>)0.0Unknown \n[CVE-2020-0709](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0709>)0.0Unknown \n[CVE-2020-0657](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0657>)0.0Unknown \n[CVE-2020-0719](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0719>)0.0Unknown \n[CVE-2020-0732](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0732>)0.0Unknown \n[CVE-2020-0750](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0750>)0.0Unknown \n[CVE-2020-0717](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0717>)0.0Unknown \n[CVE-2020-0716](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0716>)0.0Unknown \n[CVE-2020-0715](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0715>)0.0Unknown \n[CVE-2020-0660](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0660>)0.0Unknown \n[CVE-2020-0678](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0678>)0.0Unknown \n[CVE-2020-0679](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0679>)0.0Unknown \n[CVE-2020-0731](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0731>)0.0Unknown \n[CVE-2020-0675](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0675>)0.0Unknown \n[CVE-2020-0676](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0676>)0.0Unknown \n[CVE-2020-0677](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0677>)0.0Unknown \n[CVE-2020-0670](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0670>)0.0Unknown \n[CVE-2020-0671](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0671>)0.0Unknown \n[CVE-2020-0737](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0737>)0.0Unknown \n[CVE-2020-0753](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0753>)0.0Unknown \n[CVE-2020-0752](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0752>)0.0Unknown \n[CVE-2020-0751](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0751>)0.0Unknown \n[CVE-2020-0655](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0655>)0.0Unknown \n[CVE-2020-0757](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0757>)0.0Unknown \n[CVE-2020-0756](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0756>)0.0Unknown \n[CVE-2020-0755](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0755>)0.0Unknown \n[CVE-2020-0738](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0738>)0.0Unknown \n[CVE-2020-0735](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0735>)0.0Unknown \n[CVE-2020-0754](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0754>)0.0Unknown \n[CVE-2020-0792](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0792>)0.0Unknown \n[CVE-2020-0658](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0658>)0.0Unknown \n[CVE-2020-0744](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0744>)0.0Unknown \n[CVE-2020-0691](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0691>)0.0Unknown \n[CVE-2020-0741](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0741>)0.0Unknown \n[CVE-2020-0748](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0748>)0.0Unknown \n[CVE-2020-0698](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0698>)0.0Unknown \n[CVE-2020-0745](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0745>)0.0Unknown \n[CVE-2020-0714](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0714>)0.0Unknown \n[CVE-2020-0749](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0749>)0.0Unknown \n[CVE-2020-0818](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0818>)0.0Unknown \n[CVE-2020-0817](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0817>)0.0Unknown\n\n### *KB list*:\n[4537821](<http://support.microsoft.com/kb/4537821>) \n[4537776](<http://support.microsoft.com/kb/4537776>) \n[4537794](<http://support.microsoft.com/kb/4537794>) \n[4524244](<http://support.microsoft.com/kb/4524244>) \n[4532693](<http://support.microsoft.com/kb/4532693>) \n[4532691](<http://support.microsoft.com/kb/4532691>) \n[4502496](<http://support.microsoft.com/kb/4502496>) \n[4537762](<http://support.microsoft.com/kb/4537762>) \n[4537764](<http://support.microsoft.com/kb/4537764>) \n[4537789](<http://support.microsoft.com/kb/4537789>) \n[4537803](<http://support.microsoft.com/kb/4537803>) \n[4537814](<http://support.microsoft.com/kb/4537814>)\n\n### *Microsoft official advisories*:", "edition": 1, "modified": "2020-06-18T00:00:00", "published": "2020-02-11T00:00:00", "id": "KLA11662", "href": "https://threats.kaspersky.com/en/vulnerability/KLA11662", "title": "\r KLA11662Multiple vulnerabilities in Microsoft Windows ", "type": "kaspersky", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2020-07-21T19:50:55", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-0737", "CVE-2020-0751", "CVE-2020-0743", "CVE-2020-0678", "CVE-2020-0720", "CVE-2020-0745", "CVE-2020-0738", "CVE-2020-0750", "CVE-2020-0731", "CVE-2020-0767", "CVE-2020-0657", "CVE-2020-0675", "CVE-2020-0660", "CVE-2020-0721", "CVE-2020-0672", "CVE-2020-0669", "CVE-2020-0658", "CVE-2020-0663", "CVE-2020-0671", "CVE-2020-0818", "CVE-2020-0659", "CVE-2020-0704", "CVE-2020-0726", "CVE-2020-0724", "CVE-2020-0712", "CVE-2020-0734", "CVE-2020-0723", "CVE-2020-0710", "CVE-2020-0677", "CVE-2020-0683", "CVE-2020-0703", "CVE-2020-0680", "CVE-2020-0707", "CVE-2020-0755", "CVE-2020-0714", "CVE-2020-0725", "CVE-2020-0792", "CVE-2020-0701", "CVE-2020-0744", "CVE-2020-0698", "CVE-2020-0655", "CVE-2020-0757", "CVE-2020-0713", "CVE-2020-0673", "CVE-2020-0676", "CVE-2020-0681", "CVE-2020-0682", "CVE-2020-0708", "CVE-2020-0691", "CVE-2020-0722", "CVE-2020-0740", "CVE-2020-0754", "CVE-2020-0730", "CVE-2020-0735", "CVE-2020-0753", "CVE-2020-0739", "CVE-2020-0727", "CVE-2020-0752", "CVE-2020-0729", "CVE-2020-0749", "CVE-2020-0665", "CVE-2020-0667", "CVE-2020-0747", "CVE-2020-0746", "CVE-2018-8267", "CVE-2020-0662", "CVE-2020-0742", "CVE-2020-0668", "CVE-2020-0686", "CVE-2020-0706", "CVE-2020-0674", "CVE-2020-0719", "CVE-2020-0715", "CVE-2020-0661", "CVE-2020-0685", "CVE-2020-0717", "CVE-2020-0679", "CVE-2020-0711", "CVE-2020-0666", "CVE-2020-0756", "CVE-2020-0741", "CVE-2020-0670", "CVE-2020-0817", "CVE-2020-0748", "CVE-2020-0728"], "description": "This host is missing a critical security\n update according to Microsoft KB4532693", "modified": "2020-07-17T00:00:00", "published": "2020-02-12T00:00:00", "id": "OPENVAS:1361412562310816562", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310816562", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4532693)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.816562\");\n script_version(\"2020-07-17T05:57:41+0000\");\n script_cve_id(\"CVE-2018-8267\", \"CVE-2020-0655\", \"CVE-2020-0657\", \"CVE-2020-0658\",\n \"CVE-2020-0659\", \"CVE-2020-0660\", \"CVE-2020-0661\", \"CVE-2020-0662\",\n \"CVE-2020-0663\", \"CVE-2020-0665\", \"CVE-2020-0666\", \"CVE-2020-0667\",\n \"CVE-2020-0668\", \"CVE-2020-0669\", \"CVE-2020-0670\", \"CVE-2020-0671\",\n \"CVE-2020-0672\", \"CVE-2020-0673\", \"CVE-2020-0674\", \"CVE-2020-0675\",\n \"CVE-2020-0676\", \"CVE-2020-0677\", \"CVE-2020-0678\", \"CVE-2020-0679\",\n \"CVE-2020-0680\", \"CVE-2020-0681\", \"CVE-2020-0682\", \"CVE-2020-0683\",\n \"CVE-2020-0685\", \"CVE-2020-0686\", \"CVE-2020-0691\", \"CVE-2020-0698\",\n \"CVE-2020-0701\", \"CVE-2020-0703\", \"CVE-2020-0704\", \"CVE-2020-0706\",\n \"CVE-2020-0707\", \"CVE-2020-0708\", \"CVE-2020-0710\", \"CVE-2020-0711\",\n \"CVE-2020-0712\", \"CVE-2020-0713\", \"CVE-2020-0714\", \"CVE-2020-0715\",\n \"CVE-2020-0717\", \"CVE-2020-0719\", \"CVE-2020-0720\", \"CVE-2020-0721\",\n \"CVE-2020-0722\", \"CVE-2020-0723\", \"CVE-2020-0724\", \"CVE-2020-0725\",\n \"CVE-2020-0726\", \"CVE-2020-0727\", \"CVE-2020-0728\", \"CVE-2020-0729\",\n \"CVE-2020-0730\", \"CVE-2020-0731\", \"CVE-2020-0734\", \"CVE-2020-0735\",\n \"CVE-2020-0737\", \"CVE-2020-0738\", \"CVE-2020-0739\", \"CVE-2020-0740\",\n \"CVE-2020-0741\", \"CVE-2020-0742\", \"CVE-2020-0743\", \"CVE-2020-0744\",\n \"CVE-2020-0745\", \"CVE-2020-0746\", \"CVE-2020-0747\", \"CVE-2020-0748\",\n \"CVE-2020-0749\", \"CVE-2020-0750\", \"CVE-2020-0751\", \"CVE-2020-0752\",\n \"CVE-2020-0753\", \"CVE-2020-0754\", \"CVE-2020-0755\", \"CVE-2020-0756\",\n \"CVE-2020-0757\", \"CVE-2020-0767\", \"CVE-2020-0792\", \"CVE-2020-0817\",\n \"CVE-2020-0818\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-07-17 05:57:41 +0000 (Fri, 17 Jul 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-02-12 09:33:17 +0530 (Wed, 12 Feb 2020)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4532693)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4532693\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\n on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaw exists due to,\n\n - An error in Remote Desktop Services formerly known as Terminal Services,\n when an authenticated attacker abuses clipboard redirection.\n\n - Multiple errors in the Windows Common Log File System (CLFS) driver which improperly\n handles objects in memory.\n\n - An error in the Windows Data Sharing Service which improperly handles file operations.\n\n - An error in Remote Desktop Protocol (RDP) when an attacker connects to the target\n system using RDP and sends specially crafted requests.\n\n - An error in the way that Windows handles objects in memory.\n\n - An error when Microsoft Edge does not properly enforce cross-domain policies.\n\n Please see the references for more information about the vulnerabilities.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n to execute arbitrary code, elevate privilges, disclose sensitive information and\n conduct denial of service attacks.\");\n\n script_tag(name:\"affected\", value:\"- Microsoft Windows 10 Version 1903 for 32-bit Systems\n\n - Microsoft Windows 10 Version 1903 for x64-based Systems\n\n - Microsoft Windows 10 Version 1909 for 32-bit Systems\n\n - Microsoft Windows 10 Version 1909 for x64-based Systems\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see\n the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4532693\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win10:1, win10x64:1) <= 0){\n exit(0);\n}\n\nsysPath = smb_get_system32root();\nif(!sysPath)\n exit(0);\n\ndllVer = fetch_file_version(sysPath:sysPath, file_name:\"User32.dll\");\nif(!dllVer)\n exit(0);\n\nif(version_in_range(version:dllVer, test_version:\"10.0.18362.0\", test_version2:\"10.0.18362.656\")) {\n report = report_fixed_ver(file_checked:sysPath + \"\\User32.dll\",\n file_version:dllVer, vulnerable_range:\"10.0.18362.0 - 10.0.18362.656\");\n security_message(data:report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2020-11-07T09:28:40", "description": "The remote Windows host is missing security update 4532693.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A remote code execution vulnerability exists in the\n Windows Remote Desktop Client when a user connects to a\n malicious server. An attacker who successfully exploited\n this vulnerability could execute arbitrary code on the\n computer of the connecting client. An attacker could\n then install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2020-0681, CVE-2020-0734, CVE-2020-0817)\n\n - A memory corruption vulnerability exists when Windows\n Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited the vulnerability\n could install programs; view, change, or delete data; or\n create new accounts with full user rights. There are\n multiple ways an attacker could exploit the\n vulnerability, such as by convincing a user to open a\n specially crafted document, or by convincing a user to\n visit a malicious webpage. The security update addresses\n the vulnerability by correcting how Windows Media\n Foundation handles objects in memory. (CVE-2020-0738)\n\n - An information disclosure vulnerability exists in the\n way that affected Microsoft browsers handle cross-origin\n requests. An attacker who successfully exploited this\n vulnerability could determine the origin of all of the\n web pages in the affected browser. (CVE-2020-0706)\n\n - An information disclosure vulnerability exists when\n DirectX improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. An authenticated attacker could exploit this\n vulnerability by running a specially crafted\n application. The update addresses the vulnerability by\n correcting how DirectX handles objects in memory.\n (CVE-2020-0714)\n\n - An information disclosure vulnerability exists in the\n Windows Common Log File System (CLFS) driver when it\n fails to properly handle objects in memory. An attacker\n who successfully exploited this vulnerability could\n potentially read data that was not intended to be\n disclosed. Note that this vulnerability would not allow\n an attacker to execute code or to elevate their user\n rights directly, but it could be used to obtain\n information that could be used to try to further\n compromise the affected system. (CVE-2020-0658)\n\n - An elevation of privilege vulnerability exists when \n Microsoft Edge does not properly enforce cross-domain \n policies, which could allow an attacker to access \n information from one domain and inject it into another \n domain. (CVE-2020-0663)\n\n - An elevation of privilege vulnerability exists when\n Windows improperly handles Secure Socket Shell remote\n commands. An attacker who successfully exploited the\n vulnerability could run arbitrary code with elevated\n privileges. (CVE-2020-0757)\n\n - An elevation of privilege vulnerability exists in the\n way that the Connected Devices Platform Service handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2020-0740, CVE-2020-0741,\n CVE-2020-0742, CVE-2020-0743, CVE-2020-0749,\n CVE-2020-0750)\n\n - An information disclosure vulnerability exists in the\n Cryptography Next Generation (CNG) service when it fails\n to properly handle objects in memory. (CVE-2020-0675,\n CVE-2020-0676, CVE-2020-0677, CVE-2020-0748,\n CVE-2020-0755, CVE-2020-0756)\n\n - A security feature bypass vulnerability exists in secure\n boot. An attacker who successfully exploited the\n vulnerability can bypass secure boot and load untrusted\n software. (CVE-2020-0689)\n\n - An elevation of privilege vulnerability exists in the\n way that the dssvc.dll handles file creation allowing\n for a file overwrite or creation in a secured location.\n An attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2020-0739)\n\n - An elevation of privilege vulnerability exists when the\n Windows Wireless Network Manager improperly handles\n memory. (CVE-2020-0704)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Windows kernel-mode driver fails to\n properly handle objects in memory. An attacker who\n successfully exploited this vulnerability could run\n arbitrary code in kernel mode. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2020-0691)\n\n - An elevation of privilege vulnerability exists in Active\n Directory Forest trusts due to a default setting that\n lets an attacker in the trusting forest request\n delegation of a TGT for an identity from the trusted\n forest. (CVE-2020-0665)\n\n - An elevation of privilege vulnerability exists in\n Windows Error Reporting (WER) when WER handles and\n executes files. The vulnerability could allow elevation\n of privilege if an attacker can successfully exploit it.\n An attacker who successfully exploited the vulnerability\n could gain greater access to sensitive information and\n system functionality. (CVE-2020-0753, CVE-2020-0754)\n\n - An elevation of privilege vulnerability exists when the\n Windows Data Sharing Service improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could run processes in an elevated\n context. An attacker could exploit this vulnerability by\n running a specially crafted application on the victim\n system. The update addresses the vulnerability by\n correcting the way the Windows Data Sharing Service\n handles file operations. (CVE-2020-0659, CVE-2020-0747)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Kernel handles objects in memory.\n An attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2020-0668, CVE-2020-0669)\n\n - A denial of service vulnerability exists when Microsoft\n Hyper-V on a host server fails to properly validate\n input from a privileged user on a guest operating\n system. (CVE-2020-0661)\n\n - A denial of service vulnerability exists when Microsoft\n Hyper-V on a host server fails to properly validate\n specific malicious data from a user on a guest operating\n system. (CVE-2020-0751)\n\n - A remote code execution vulnerability exists in the way\n that Windows handles objects in memory. An attacker who\n successfully exploited the vulnerability could execute\n arbitrary code with elevated permissions on a target\n system. (CVE-2020-0662)\n\n - An elevation of privilege vulnerability exists when the\n Windows kernel fails to properly handle objects in\n memory. An attacker who successfully exploited this\n vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change,\n or delete data; or create new accounts with full user\n rights. (CVE-2020-0670, CVE-2020-0671, CVE-2020-0672)\n\n - An elevation of privilege vulnerability exists in the\n Windows Installer when MSI packages process symbolic\n links. An attacker who successfully exploited this\n vulnerability could bypass access restrictions to add or\n remove files. (CVE-2020-0683, CVE-2020-0686)\n\n - An elevation of privilege vulnerability exists when the\n Windows Backup Service improperly handles file\n operations. (CVE-2020-0703)\n\n - A remote code execution vulnerability exists in\n Microsoft Windows that could allow remote code execution\n if a .LNK file is processed. An attacker who\n successfully exploited this vulnerability could gain the\n same user rights as the local user. (CVE-2020-0729)\n\n - An information disclosure vulnerability exists in the\n way that Microsoft Graphics Components handle objects in\n memory. An attacker who successfully exploited the\n vulnerability could obtain information that could be\n useful for further exploitation. (CVE-2020-0746)\n\n - An information disclosure vulnerability exists when the\n win32k component improperly provides kernel information.\n An attacker who successfully exploited the vulnerability\n could obtain information to further compromise the users\n system. (CVE-2020-0717)\n\n - An elevation of privilege vulnerability exists when\n Windows improperly handles COM object creation. An\n attacker who successfully exploited the vulnerability\n could run arbitrary code with elevated privileges.\n (CVE-2020-0685)\n\n - An elevation of privilege vulnerability exists when the\n Windows Common Log File System (CLFS) driver improperly\n handles objects in memory. An attacker who successfully\n exploited this vulnerability could run processes in an\n elevated context. (CVE-2020-0657)\n\n - An elevation of privilege vulnerability exists when\n Windows Error Reporting manager improperly handles hard\n links. An attacker who successfully exploited this\n vulnerability could overwrite a targeted file leading to\n an elevated status. (CVE-2020-0678)\n\n - An elevation of privilege vulnerability exists when the\n Connected User Experiences and Telemetry Service\n improperly handles file operations. An attacker who\n successfully exploited this vulnerability could gain\n elevated privileges on the victim system.\n (CVE-2020-0727)\n\n - An elevation of privilege vulnerability exists when the\n Windows User Profile Service (ProfSvc) improperly\n handles symlinks. An attacker who successfully exploited\n this vulnerability could delete files and folders in an\n elevated context. (CVE-2020-0730)\n\n - An information vulnerability exists when Windows Modules\n Installer Service improperly discloses file information.\n Successful exploitation of the vulnerability could allow\n the attacker to read any file on the file system.\n (CVE-2020-0728)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Function Discovery Service handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2020-0679, CVE-2020-0680,\n CVE-2020-0682)\n\n - An elevation of privilege vulnerability exists in the\n way that the tapisrv.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2020-0737)\n\n - A denial of service vulnerability exists in Remote\n Desktop Protocol (RDP) when an attacker connects to the\n target system using RDP and sends specially crafted\n requests. An attacker who successfully exploited this\n vulnerability could cause the RDP service on the target\n system to stop responding. (CVE-2020-0660)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Client License Service (ClipSVC)\n handles objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2020-0701)\n\n - An information disclosure vulnerability exists in the\n way that the Windows Graphics Device Interface (GDI)\n handles objects in memory, allowing an attacker to\n retrieve information from a targeted system. By itself,\n the information disclosure does not allow arbitrary code\n execution; however, it could allow arbitrary code to be\n run if the attacker uses it in combination with another\n vulnerability. (CVE-2020-0744)\n\n - An elevation of privilege vulnerability exists when the\n Windows IME improperly handles memory. (CVE-2020-0707)\n\n - A remote code execution vulnerability exists in Remote\n Desktop Services formerly known as Terminal Services\n when an authenticated attacker abuses clipboard\n redirection. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on the victim\n system. An attacker could then install programs; view,\n change, or delete data; or create new accounts with full\n user rights. (CVE-2020-0655)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Win32k component fails to properly\n handle objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2020-0719, CVE-2020-0720,\n CVE-2020-0721, CVE-2020-0722, CVE-2020-0723,\n CVE-2020-0724, CVE-2020-0725, CVE-2020-0726,\n CVE-2020-0731)\n\n - An elevation of privilege vulnerability exists when the\n Windows Graphics Component improperly handles objects in\n memory. An attacker who successfully exploited this\n vulnerability could run processes in an elevated\n context. (CVE-2020-0715, CVE-2020-0745, CVE-2020-0792)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Search Indexer handles objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute code with elevated\n permissions. (CVE-2020-0666, CVE-2020-0667,\n CVE-2020-0735, CVE-2020-0752)\n\n - An information disclosure vulnerability exists when the\n Telephony Service improperly discloses the contents of\n its memory. An attacker who successfully exploited the\n vulnerability could obtain information to further\n compromise a users system. (CVE-2020-0698)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Internet Explorer. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2020-0673, CVE-2020-0674)\n\n - A remote code execution vulnerability exists when the\n Windows Imaging Library improperly handles memory.\n (CVE-2020-0708)\n\n - A remote code execution vulnerability exists in the way \n that the ChakraCore scripting engine handles objects in \n memory. The vulnerability could corrupt memory in such a \n way that an attacker could execute arbitrary code in the \n context of the current user. An attacker who successfully \n exploited the vulnerability could gain the same user \n rights as the current user. If the current user is logged \n on with administrative user rights, an attacker who \n successfully exploited the vulnerability could take \n control of an affected system. An attacker could then \n install programs; view, change, or delete data; or create \n new accounts with full user rights. (CVE-2020-0710, \n CVE-2020-0711, CVE-2020-0712, CVE-2020-0713, \n CVE-2020-0767)\n\n - An elevation of privilege vulnerability exists in the\n way that the sysmain.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions. To exploit\n the vulnerability, a locally authenticated attacker\n could run a specially crafted application. The security\n update addresses the vulnerability by ensuring the\n sysmain.dll properly handles objects in memory.\n (CVE-2020-0818)", "edition": 10, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2020-02-11T00:00:00", "title": "KB4532693: Windows 10 Version 1903 and Windows 10 Version 1909 February 2020 Security Update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-0737", "CVE-2020-0751", "CVE-2020-0743", "CVE-2020-0678", "CVE-2020-0720", "CVE-2020-0745", "CVE-2020-0738", "CVE-2020-0750", "CVE-2020-0731", "CVE-2020-0767", "CVE-2020-0657", "CVE-2020-0675", "CVE-2020-0660", "CVE-2020-0721", "CVE-2020-0672", "CVE-2020-0669", "CVE-2020-0658", "CVE-2020-0663", "CVE-2020-0671", "CVE-2020-0818", "CVE-2020-0659", "CVE-2020-0704", "CVE-2020-0726", "CVE-2020-0724", "CVE-2020-0712", "CVE-2020-0734", "CVE-2020-0723", "CVE-2020-0710", "CVE-2020-0677", "CVE-2020-0683", "CVE-2020-0703", "CVE-2020-0680", "CVE-2020-0707", "CVE-2020-0755", "CVE-2020-0714", "CVE-2020-0725", "CVE-2020-0792", "CVE-2020-0701", "CVE-2020-0744", "CVE-2020-0698", "CVE-2020-0655", "CVE-2020-0757", "CVE-2020-0713", "CVE-2020-0673", "CVE-2020-0676", "CVE-2020-0681", "CVE-2020-0682", "CVE-2020-0708", "CVE-2020-0691", "CVE-2020-0722", "CVE-2020-0740", "CVE-2020-0754", "CVE-2020-0730", "CVE-2020-0735", "CVE-2020-0753", "CVE-2020-0689", "CVE-2020-0739", "CVE-2020-0727", "CVE-2020-0752", "CVE-2020-0729", "CVE-2020-0749", "CVE-2020-0665", "CVE-2020-0667", "CVE-2020-0747", "CVE-2020-0746", "CVE-2020-0662", "CVE-2020-0742", "CVE-2020-0668", "CVE-2020-0686", "CVE-2020-0706", "CVE-2020-0674", "CVE-2020-0719", "CVE-2020-0715", "CVE-2020-0661", "CVE-2020-0685", "CVE-2020-0717", "CVE-2020-0679", "CVE-2020-0711", "CVE-2020-0666", "CVE-2020-0756", "CVE-2020-0741", "CVE-2020-0670", "CVE-2020-0817", "CVE-2020-0748", "CVE-2020-0728"], "modified": "2020-02-11T00:00:00", "cpe": ["cpe:/o:microsoft:windows", "cpe:/a:microsoft:edge"], "id": "SMB_NT_MS20_FEB_4532693.NASL", "href": "https://www.tenable.com/plugins/nessus/133609", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\n\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\n\n\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(133609);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/11/06\");\n\n script_cve_id(\n \"CVE-2020-0655\",\n \"CVE-2020-0657\",\n \"CVE-2020-0658\",\n \"CVE-2020-0659\",\n \"CVE-2020-0660\",\n \"CVE-2020-0661\",\n \"CVE-2020-0662\",\n \"CVE-2020-0663\",\n \"CVE-2020-0665\",\n \"CVE-2020-0666\",\n \"CVE-2020-0667\",\n \"CVE-2020-0668\",\n \"CVE-2020-0669\",\n \"CVE-2020-0670\",\n \"CVE-2020-0671\",\n \"CVE-2020-0672\",\n \"CVE-2020-0673\",\n \"CVE-2020-0674\",\n \"CVE-2020-0675\",\n \"CVE-2020-0676\",\n \"CVE-2020-0677\",\n \"CVE-2020-0678\",\n \"CVE-2020-0679\",\n \"CVE-2020-0680\",\n \"CVE-2020-0681\",\n \"CVE-2020-0682\",\n \"CVE-2020-0683\",\n \"CVE-2020-0685\",\n \"CVE-2020-0686\",\n \"CVE-2020-0689\",\n \"CVE-2020-0691\",\n \"CVE-2020-0698\",\n \"CVE-2020-0701\",\n \"CVE-2020-0703\",\n \"CVE-2020-0704\",\n \"CVE-2020-0706\",\n \"CVE-2020-0707\",\n \"CVE-2020-0708\",\n \"CVE-2020-0710\",\n \"CVE-2020-0711\",\n \"CVE-2020-0712\",\n \"CVE-2020-0713\",\n \"CVE-2020-0714\",\n \"CVE-2020-0715\",\n \"CVE-2020-0717\",\n \"CVE-2020-0719\",\n \"CVE-2020-0720\",\n \"CVE-2020-0721\",\n \"CVE-2020-0722\",\n \"CVE-2020-0723\",\n \"CVE-2020-0724\",\n \"CVE-2020-0725\",\n \"CVE-2020-0726\",\n \"CVE-2020-0727\",\n \"CVE-2020-0728\",\n \"CVE-2020-0729\",\n \"CVE-2020-0730\",\n \"CVE-2020-0731\",\n \"CVE-2020-0734\",\n \"CVE-2020-0735\",\n \"CVE-2020-0737\",\n \"CVE-2020-0738\",\n \"CVE-2020-0739\",\n \"CVE-2020-0740\",\n \"CVE-2020-0741\",\n \"CVE-2020-0742\",\n \"CVE-2020-0743\",\n \"CVE-2020-0744\",\n \"CVE-2020-0745\",\n \"CVE-2020-0746\",\n \"CVE-2020-0747\",\n \"CVE-2020-0748\",\n \"CVE-2020-0749\",\n \"CVE-2020-0750\",\n \"CVE-2020-0751\",\n \"CVE-2020-0752\",\n \"CVE-2020-0753\",\n \"CVE-2020-0754\",\n \"CVE-2020-0755\",\n \"CVE-2020-0756\",\n \"CVE-2020-0757\",\n \"CVE-2020-0767\",\n \"CVE-2020-0792\",\n \"CVE-2020-0817\",\n \"CVE-2020-0818\"\n );\n script_xref(name:\"MSKB\", value:\"4532693\");\n script_xref(name:\"MSFT\", value:\"MS20-4532693\");\n\n script_name(english:\"KB4532693: Windows 10 Version 1903 and Windows 10 Version 1909 February 2020 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4532693.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A remote code execution vulnerability exists in the\n Windows Remote Desktop Client when a user connects to a\n malicious server. An attacker who successfully exploited\n this vulnerability could execute arbitrary code on the\n computer of the connecting client. An attacker could\n then install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2020-0681, CVE-2020-0734, CVE-2020-0817)\n\n - A memory corruption vulnerability exists when Windows\n Media Foundation improperly handles objects in memory.\n An attacker who successfully exploited the vulnerability\n could install programs; view, change, or delete data; or\n create new accounts with full user rights. There are\n multiple ways an attacker could exploit the\n vulnerability, such as by convincing a user to open a\n specially crafted document, or by convincing a user to\n visit a malicious webpage. The security update addresses\n the vulnerability by correcting how Windows Media\n Foundation handles objects in memory. (CVE-2020-0738)\n\n - An information disclosure vulnerability exists in the\n way that affected Microsoft browsers handle cross-origin\n requests. An attacker who successfully exploited this\n vulnerability could determine the origin of all of the\n web pages in the affected browser. (CVE-2020-0706)\n\n - An information disclosure vulnerability exists when\n DirectX improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. An authenticated attacker could exploit this\n vulnerability by running a specially crafted\n application. The update addresses the vulnerability by\n correcting how DirectX handles objects in memory.\n (CVE-2020-0714)\n\n - An information disclosure vulnerability exists in the\n Windows Common Log File System (CLFS) driver when it\n fails to properly handle objects in memory. An attacker\n who successfully exploited this vulnerability could\n potentially read data that was not intended to be\n disclosed. Note that this vulnerability would not allow\n an attacker to execute code or to elevate their user\n rights directly, but it could be used to obtain\n information that could be used to try to further\n compromise the affected system. (CVE-2020-0658)\n\n - An elevation of privilege vulnerability exists when \n Microsoft Edge does not properly enforce cross-domain \n policies, which could allow an attacker to access \n information from one domain and inject it into another \n domain. (CVE-2020-0663)\n\n - An elevation of privilege vulnerability exists when\n Windows improperly handles Secure Socket Shell remote\n commands. An attacker who successfully exploited the\n vulnerability could run arbitrary code with elevated\n privileges. (CVE-2020-0757)\n\n - An elevation of privilege vulnerability exists in the\n way that the Connected Devices Platform Service handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2020-0740, CVE-2020-0741,\n CVE-2020-0742, CVE-2020-0743, CVE-2020-0749,\n CVE-2020-0750)\n\n - An information disclosure vulnerability exists in the\n Cryptography Next Generation (CNG) service when it fails\n to properly handle objects in memory. (CVE-2020-0675,\n CVE-2020-0676, CVE-2020-0677, CVE-2020-0748,\n CVE-2020-0755, CVE-2020-0756)\n\n - A security feature bypass vulnerability exists in secure\n boot. An attacker who successfully exploited the\n vulnerability can bypass secure boot and load untrusted\n software. (CVE-2020-0689)\n\n - An elevation of privilege vulnerability exists in the\n way that the dssvc.dll handles file creation allowing\n for a file overwrite or creation in a secured location.\n An attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2020-0739)\n\n - An elevation of privilege vulnerability exists when the\n Windows Wireless Network Manager improperly handles\n memory. (CVE-2020-0704)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Windows kernel-mode driver fails to\n properly handle objects in memory. An attacker who\n successfully exploited this vulnerability could run\n arbitrary code in kernel mode. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2020-0691)\n\n - An elevation of privilege vulnerability exists in Active\n Directory Forest trusts due to a default setting that\n lets an attacker in the trusting forest request\n delegation of a TGT for an identity from the trusted\n forest. (CVE-2020-0665)\n\n - An elevation of privilege vulnerability exists in\n Windows Error Reporting (WER) when WER handles and\n executes files. The vulnerability could allow elevation\n of privilege if an attacker can successfully exploit it.\n An attacker who successfully exploited the vulnerability\n could gain greater access to sensitive information and\n system functionality. (CVE-2020-0753, CVE-2020-0754)\n\n - An elevation of privilege vulnerability exists when the\n Windows Data Sharing Service improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could run processes in an elevated\n context. An attacker could exploit this vulnerability by\n running a specially crafted application on the victim\n system. The update addresses the vulnerability by\n correcting the way the Windows Data Sharing Service\n handles file operations. (CVE-2020-0659, CVE-2020-0747)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Kernel handles objects in memory.\n An attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2020-0668, CVE-2020-0669)\n\n - A denial of service vulnerability exists when Microsoft\n Hyper-V on a host server fails to properly validate\n input from a privileged user on a guest operating\n system. (CVE-2020-0661)\n\n - A denial of service vulnerability exists when Microsoft\n Hyper-V on a host server fails to properly validate\n specific malicious data from a user on a guest operating\n system. (CVE-2020-0751)\n\n - A remote code execution vulnerability exists in the way\n that Windows handles objects in memory. An attacker who\n successfully exploited the vulnerability could execute\n arbitrary code with elevated permissions on a target\n system. (CVE-2020-0662)\n\n - An elevation of privilege vulnerability exists when the\n Windows kernel fails to properly handle objects in\n memory. An attacker who successfully exploited this\n vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change,\n or delete data; or create new accounts with full user\n rights. (CVE-2020-0670, CVE-2020-0671, CVE-2020-0672)\n\n - An elevation of privilege vulnerability exists in the\n Windows Installer when MSI packages process symbolic\n links. An attacker who successfully exploited this\n vulnerability could bypass access restrictions to add or\n remove files. (CVE-2020-0683, CVE-2020-0686)\n\n - An elevation of privilege vulnerability exists when the\n Windows Backup Service improperly handles file\n operations. (CVE-2020-0703)\n\n - A remote code execution vulnerability exists in\n Microsoft Windows that could allow remote code execution\n if a .LNK file is processed. An attacker who\n successfully exploited this vulnerability could gain the\n same user rights as the local user. (CVE-2020-0729)\n\n - An information disclosure vulnerability exists in the\n way that Microsoft Graphics Components handle objects in\n memory. An attacker who successfully exploited the\n vulnerability could obtain information that could be\n useful for further exploitation. (CVE-2020-0746)\n\n - An information disclosure vulnerability exists when the\n win32k component improperly provides kernel information.\n An attacker who successfully exploited the vulnerability\n could obtain information to further compromise the users\n system. (CVE-2020-0717)\n\n - An elevation of privilege vulnerability exists when\n Windows improperly handles COM object creation. An\n attacker who successfully exploited the vulnerability\n could run arbitrary code with elevated privileges.\n (CVE-2020-0685)\n\n - An elevation of privilege vulnerability exists when the\n Windows Common Log File System (CLFS) driver improperly\n handles objects in memory. An attacker who successfully\n exploited this vulnerability could run processes in an\n elevated context. (CVE-2020-0657)\n\n - An elevation of privilege vulnerability exists when\n Windows Error Reporting manager improperly handles hard\n links. An attacker who successfully exploited this\n vulnerability could overwrite a targeted file leading to\n an elevated status. (CVE-2020-0678)\n\n - An elevation of privilege vulnerability exists when the\n Connected User Experiences and Telemetry Service\n improperly handles file operations. An attacker who\n successfully exploited this vulnerability could gain\n elevated privileges on the victim system.\n (CVE-2020-0727)\n\n - An elevation of privilege vulnerability exists when the\n Windows User Profile Service (ProfSvc) improperly\n handles symlinks. An attacker who successfully exploited\n this vulnerability could delete files and folders in an\n elevated context. (CVE-2020-0730)\n\n - An information vulnerability exists when Windows Modules\n Installer Service improperly discloses file information.\n Successful exploitation of the vulnerability could allow\n the attacker to read any file on the file system.\n (CVE-2020-0728)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Function Discovery Service handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2020-0679, CVE-2020-0680,\n CVE-2020-0682)\n\n - An elevation of privilege vulnerability exists in the\n way that the tapisrv.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2020-0737)\n\n - A denial of service vulnerability exists in Remote\n Desktop Protocol (RDP) when an attacker connects to the\n target system using RDP and sends specially crafted\n requests. An attacker who successfully exploited this\n vulnerability could cause the RDP service on the target\n system to stop responding. (CVE-2020-0660)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Client License Service (ClipSVC)\n handles objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2020-0701)\n\n - An information disclosure vulnerability exists in the\n way that the Windows Graphics Device Interface (GDI)\n handles objects in memory, allowing an attacker to\n retrieve information from a targeted system. By itself,\n the information disclosure does not allow arbitrary code\n execution; however, it could allow arbitrary code to be\n run if the attacker uses it in combination with another\n vulnerability. (CVE-2020-0744)\n\n - An elevation of privilege vulnerability exists when the\n Windows IME improperly handles memory. (CVE-2020-0707)\n\n - A remote code execution vulnerability exists in Remote\n Desktop Services formerly known as Terminal Services\n when an authenticated attacker abuses clipboard\n redirection. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on the victim\n system. An attacker could then install programs; view,\n change, or delete data; or create new accounts with full\n user rights. (CVE-2020-0655)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Win32k component fails to properly\n handle objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2020-0719, CVE-2020-0720,\n CVE-2020-0721, CVE-2020-0722, CVE-2020-0723,\n CVE-2020-0724, CVE-2020-0725, CVE-2020-0726,\n CVE-2020-0731)\n\n - An elevation of privilege vulnerability exists when the\n Windows Graphics Component improperly handles objects in\n memory. An attacker who successfully exploited this\n vulnerability could run processes in an elevated\n context. (CVE-2020-0715, CVE-2020-0745, CVE-2020-0792)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Search Indexer handles objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute code with elevated\n permissions. (CVE-2020-0666, CVE-2020-0667,\n CVE-2020-0735, CVE-2020-0752)\n\n - An information disclosure vulnerability exists when the\n Telephony Service improperly discloses the contents of\n its memory. An attacker who successfully exploited the\n vulnerability could obtain information to further\n compromise a users system. (CVE-2020-0698)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Internet Explorer. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2020-0673, CVE-2020-0674)\n\n - A remote code execution vulnerability exists when the\n Windows Imaging Library improperly handles memory.\n (CVE-2020-0708)\n\n - A remote code execution vulnerability exists in the way \n that the ChakraCore scripting engine handles objects in \n memory. The vulnerability could corrupt memory in such a \n way that an attacker could execute arbitrary code in the \n context of the current user. An attacker who successfully \n exploited the vulnerability could gain the same user \n rights as the current user. If the current user is logged \n on with administrative user rights, an attacker who \n successfully exploited the vulnerability could take \n control of an affected system. An attacker could then \n install programs; view, change, or delete data; or create \n new accounts with full user rights. (CVE-2020-0710, \n CVE-2020-0711, CVE-2020-0712, CVE-2020-0713, \n CVE-2020-0767)\n\n - An elevation of privilege vulnerability exists in the\n way that the sysmain.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions. To exploit\n the vulnerability, a locally authenticated attacker\n could run a specially crafted application. The security\n update addresses the vulnerability by ensuring the\n sysmain.dll properly handles objects in memory.\n (CVE-2020-0818)\");\n # https://support.microsoft.com/en-us/help/4532693/windows-10-update-kb4532693\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?ebd73de2\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update KB4532693.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-0738\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Service Tracing Privilege Elevation Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/02/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/02/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/02/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS20-02\";\nkbs = make_list('4532693');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:\"18362\",\n rollup_date:\"02_2020\",\n bulletin:bulletin,\n rollup_kb_list:[4532693])\n ||\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:\"18363\",\n rollup_date:\"02_2020\",\n bulletin:bulletin,\n rollup_kb_list:[4532693])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}]}
