Windows Server 2008 Microsoft Windows Server 2008

stack.watch can email you when security vulnerabilities are reported in Microsoft Windows Server 2008. You can add multiple products that you use with Windows Server 2008 to create your own personal software stack watcher.

@windowsserver Tweets

RT @Azure: Join Jason Zander at this March 23 digital event for demos, labs, and tips on shifting your #VMware assets to the cloud with #Az…
Thu Mar 04 20:12:55 +0000 2021

RT @Azure: Accelerate IT innovation with the latest announcements for Windows Server on #Azure, Windows Server 2022, and Windows Admin Cent…
Wed Mar 03 19:02:10 +0000 2021

We know you love #WindowsAdminCenter. Get ready for a whole new experience, because now it's available in preview… https://t.co/qVeZiPL0dw
Wed Mar 03 17:00:02 +0000 2021

Discover how we're unifying the experience of #Azure Sentinel and Microsoft 365 Defender: https://t.co/HuvL4nei0r
Wed Mar 03 15:00:01 +0000 2021

RT @Azure: Find out how to optimize and scale your #VMware workloads in the cloud with #AzureVMwareSolution. Join this free digital event o…
Sun Feb 28 19:26:44 +0000 2021

By the Year

In 2021 there have been 49 vulnerabilities in Microsoft Windows Server 2008 with an average score of 8.0 out of ten. Last year Windows Server 2008 had 382 security vulnerabilities published. Right now, Windows Server 2008 is on track to have less security vulnerabilities in 2021 than it did last year. However, the average CVE base score of the vulnerabilities in 2021 is greater by 0.57.

Year Vulnerabilities Average Score
2021 49 8.02
2020 382 7.45
2019 314 7.28
2018 156 6.47

It may take a day or so for new Windows Server 2008 vulnerabilities to show up. Additionally vulnerabilities may be tagged under a different product or component name.

Latest Microsoft Windows Server 2008 Security Vulnerabilities

Windows DNS Server Remote Code Execution Vulnerability

CVE-2021-24078 9.8 - Critical - February 25, 2021

Windows DNS Server Remote Code Execution Vulnerability

CVE-2021-24078 is exploitable with network access, and does not require authorization privledges or user interaction. This vulnerability is considered to have a low attack complexity. It has the highest possible exploitability rating (3.9). The potential impact of an exploit of this vulnerability is considered to be critical as this vulneraility has a high impact to the confidentiality, integrity and availability of this component.

Windows Address Book Remote Code Execution Vulnerability

CVE-2021-24083 7.8 - High - February 25, 2021

Windows Address Book Remote Code Execution Vulnerability

CVE-2021-24083 can be explotited with local system access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Out-of-bounds Write

Windows Local Spooler Remote Code Execution Vulnerability

CVE-2021-24088 8.8 - High - February 25, 2021

Windows Local Spooler Remote Code Execution Vulnerability

CVE-2021-24088 is exploitable with network access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Windows TCP/IP Denial of Service Vulnerability

CVE-2021-24086 7.5 - High - February 25, 2021

Windows TCP/IP Denial of Service Vulnerability

CVE-2021-24086 is exploitable with network access, and does not require authorization privledges or user interaction. This vulnerability is considered to have a low attack complexity. It has the highest possible exploitability rating (3.9). The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality and integrity, and a high impact on availability.

Windows Fax Service Remote Code Execution Vulnerability This CVE ID is unique

CVE-2021-24077 9.8 - Critical - February 25, 2021

Windows Fax Service Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-1722.

CVE-2021-24077 can be explotited with network access, and does not require authorization privledges or user interaction. This vulnerability is considered to have a low attack complexity. It has the highest possible exploitability rating (3.9). The potential impact of an exploit of this vulnerability is considered to be critical as this vulneraility has a high impact to the confidentiality, integrity and availability of this component.

Windows PKU2U Elevation of Privilege Vulnerability

CVE-2021-25195 7.8 - High - February 25, 2021

Windows PKU2U Elevation of Privilege Vulnerability

CVE-2021-25195 can be explotited with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Privilege Management

Microsoft SharePoint Spoofing Vulnerability

CVE-2021-1726 8 - High - February 25, 2021

Microsoft SharePoint Spoofing Vulnerability

CVE-2021-1726 is exploitable with network access, requires user interaction and a small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.1 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Windows Event Tracing Elevation of Privilege Vulnerability This CVE ID is unique

CVE-2021-24103 7.8 - High - February 25, 2021

Windows Event Tracing Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-24102.

CVE-2021-24103 can be explotited with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Privilege Management

Windows Fax Service Remote Code Execution Vulnerability This CVE ID is unique

CVE-2021-1722 9.8 - Critical - February 25, 2021

Windows Fax Service Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-24077.

CVE-2021-1722 is exploitable with network access, and does not require authorization privledges or user interaction. This vulnerability is considered to have a low attack complexity. It has the highest possible exploitability rating (3.9). The potential impact of an exploit of this vulnerability is considered to be critical as this vulneraility has a high impact to the confidentiality, integrity and availability of this component.

Windows TCP/IP Remote Code Execution Vulnerability This CVE ID is unique

CVE-2021-24074 9.8 - Critical - February 25, 2021

Windows TCP/IP Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-24094.

CVE-2021-24074 is exploitable with network access, and does not require authorization privledges or user interaction. This vulnerability is considered to have a low attack complexity. It has the highest possible exploitability rating (3.9). The potential impact of an exploit of this vulnerability is considered to be critical as this vulneraility has a high impact to the confidentiality, integrity and availability of this component.

Windows Event Tracing Elevation of Privilege Vulnerability This CVE ID is unique

CVE-2021-24102 7.8 - High - February 25, 2021

Windows Event Tracing Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-24103.

CVE-2021-24102 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Privilege Management

Windows Remote Procedure Call Information Disclosure Vulnerability

CVE-2021-1734 7.5 - High - February 25, 2021

Windows Remote Procedure Call Information Disclosure Vulnerability

CVE-2021-1734 is exploitable with network access, and does not require authorization privledges or user interaction. This vulnerability is considered to have a low attack complexity. It has the highest possible exploitability rating (3.9). The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.

Information Leak

Windows TCP/IP Remote Code Execution Vulnerability This CVE ID is unique

CVE-2021-24094 9.8 - Critical - February 25, 2021

Windows TCP/IP Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-24074.

CVE-2021-24094 is exploitable with network access, and does not require authorization privledges or user interaction. This vulnerability is considered to have a low attack complexity. It has the highest possible exploitability rating (3.9). The potential impact of an exploit of this vulnerability is considered to be critical as this vulneraility has a high impact to the confidentiality, integrity and availability of this component.

Windows Installer Elevation of Privilege Vulnerability

CVE-2021-1727 7.8 - High - February 25, 2021

Windows Installer Elevation of Privilege Vulnerability

CVE-2021-1727 can be explotited with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Privilege Management

Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique

CVE-2021-1673 8.8 - High - January 12, 2021

Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-1658, CVE-2021-1660, CVE-2021-1664, CVE-2021-1666, CVE-2021-1667, CVE-2021-1671, CVE-2021-1700, CVE-2021-1701.

CVE-2021-1673 can be explotited with network access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Windows CSC Service Elevation of Privilege Vulnerability This CVE ID is unique

CVE-2021-1655 7.8 - High - January 12, 2021

Windows CSC Service Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-1652, CVE-2021-1653, CVE-2021-1654, CVE-2021-1659, CVE-2021-1688, CVE-2021-1693.

CVE-2021-1655 can be explotited with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Privilege Management

Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique

CVE-2021-1658 8.8 - High - January 12, 2021

Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-1660, CVE-2021-1664, CVE-2021-1666, CVE-2021-1667, CVE-2021-1671, CVE-2021-1673, CVE-2021-1700, CVE-2021-1701.

CVE-2021-1658 is exploitable with network access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Windows CSC Service Elevation of Privilege Vulnerability This CVE ID is unique

CVE-2021-1653 7.8 - High - January 12, 2021

Windows CSC Service Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-1652, CVE-2021-1654, CVE-2021-1655, CVE-2021-1659, CVE-2021-1688, CVE-2021-1693.

CVE-2021-1653 can be explotited with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Privilege Management

Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique

CVE-2021-1667 8.8 - High - January 12, 2021

Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-1658, CVE-2021-1660, CVE-2021-1664, CVE-2021-1666, CVE-2021-1671, CVE-2021-1673, CVE-2021-1700, CVE-2021-1701.

CVE-2021-1667 can be explotited with network access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Windows Installer Elevation of Privilege Vulnerability

CVE-2021-1661 7.8 - High - January 12, 2021

Windows Installer Elevation of Privilege Vulnerability

CVE-2021-1661 can be explotited with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Privilege Management

GDI+ Remote Code Execution Vulnerability

CVE-2021-1665 7.8 - High - January 12, 2021

GDI+ Remote Code Execution Vulnerability

CVE-2021-1665 can be explotited with local system access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique

CVE-2021-1664 8.8 - High - January 12, 2021

Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-1658, CVE-2021-1660, CVE-2021-1666, CVE-2021-1667, CVE-2021-1671, CVE-2021-1673, CVE-2021-1700, CVE-2021-1701.

CVE-2021-1664 is exploitable with network access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique

CVE-2021-1660 8.8 - High - January 12, 2021

Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-1658, CVE-2021-1664, CVE-2021-1666, CVE-2021-1667, CVE-2021-1671, CVE-2021-1673, CVE-2021-1700, CVE-2021-1701.

CVE-2021-1660 is exploitable with network access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Windows Graphics Component Information Disclosure Vulnerability

CVE-2021-1696 5.5 - Medium - January 12, 2021

Windows Graphics Component Information Disclosure Vulnerability

CVE-2021-1696 is exploitable with local system access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.

Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique

CVE-2021-1671 8.8 - High - January 12, 2021

Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-1658, CVE-2021-1660, CVE-2021-1664, CVE-2021-1666, CVE-2021-1667, CVE-2021-1673, CVE-2021-1700, CVE-2021-1701.

CVE-2021-1671 can be explotited with network access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique

CVE-2021-1666 8.8 - High - January 12, 2021

Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-1658, CVE-2021-1660, CVE-2021-1664, CVE-2021-1667, CVE-2021-1671, CVE-2021-1673, CVE-2021-1700, CVE-2021-1701.

CVE-2021-1666 is exploitable with network access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Windows CSC Service Elevation of Privilege Vulnerability This CVE ID is unique

CVE-2021-1652 7.8 - High - January 12, 2021

Windows CSC Service Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-1653, CVE-2021-1654, CVE-2021-1655, CVE-2021-1659, CVE-2021-1688, CVE-2021-1693.

CVE-2021-1652 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Privilege Management

Windows Update Stack Elevation of Privilege Vulnerability

CVE-2021-1694 9.8 - Critical - January 12, 2021

Windows Update Stack Elevation of Privilege Vulnerability

CVE-2021-1694 is exploitable with network access, and does not require authorization privledges or user interaction. This vulnerability is considered to have a low attack complexity. It has the highest possible exploitability rating (3.9). The potential impact of an exploit of this vulnerability is considered to be critical as this vulneraility has a high impact to the confidentiality, integrity and availability of this component.

Improper Privilege Management

Windows Win32k Elevation of Privilege Vulnerability

CVE-2021-1709 7.8 - High - January 12, 2021

Windows Win32k Elevation of Privilege Vulnerability

CVE-2021-1709 can be explotited with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Privilege Management

Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique

CVE-2021-1700 8.8 - High - January 12, 2021

Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-1658, CVE-2021-1660, CVE-2021-1664, CVE-2021-1666, CVE-2021-1667, CVE-2021-1671, CVE-2021-1673, CVE-2021-1701.

CVE-2021-1700 is exploitable with network access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique

CVE-2021-1701 8.8 - High - January 12, 2021

Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-1658, CVE-2021-1660, CVE-2021-1664, CVE-2021-1666, CVE-2021-1667, CVE-2021-1671, CVE-2021-1673, CVE-2021-1700.

CVE-2021-1701 can be explotited with network access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Windows CSC Service Elevation of Privilege Vulnerability This CVE ID is unique

CVE-2021-1693 7.8 - High - January 12, 2021

Windows CSC Service Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-1652, CVE-2021-1653, CVE-2021-1654, CVE-2021-1655, CVE-2021-1659, CVE-2021-1688.

CVE-2021-1693 can be explotited with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Privilege Management

Windows CSC Service Elevation of Privilege Vulnerability This CVE ID is unique

CVE-2021-1688 7.8 - High - January 12, 2021

Windows CSC Service Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-1652, CVE-2021-1653, CVE-2021-1654, CVE-2021-1655, CVE-2021-1659, CVE-2021-1693.

CVE-2021-1688 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Privilege Management

Windows Hyper-V Elevation of Privilege Vulnerability

CVE-2021-1704 7.8 - High - January 12, 2021

Windows Hyper-V Elevation of Privilege Vulnerability

CVE-2021-1704 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Privilege Management

Windows Remote Procedure Call Runtime Elevation of Privilege Vulnerability

CVE-2021-1702 7.8 - High - January 12, 2021

Windows Remote Procedure Call Runtime Elevation of Privilege Vulnerability

CVE-2021-1702 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Privilege Management

Microsoft DTV-DVD Video Decoder Remote Code Execution Vulnerability

CVE-2021-1668 7.8 - High - January 12, 2021

Microsoft DTV-DVD Video Decoder Remote Code Execution Vulnerability

CVE-2021-1668 is exploitable with local system access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Windows CryptoAPI Denial of Service Vulnerability

CVE-2021-1679 6.5 - Medium - January 12, 2021

Windows CryptoAPI Denial of Service Vulnerability

CVE-2021-1679 can be explotited with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality and integrity, and a high impact on availability.

TPM Device Driver Information Disclosure Vulnerability

CVE-2021-1656 5.5 - Medium - January 12, 2021

TPM Device Driver Information Disclosure Vulnerability

CVE-2021-1656 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.

NTLM Security Feature Bypass Vulnerability

CVE-2021-1678 7.5 - High - January 12, 2021

NTLM Security Feature Bypass Vulnerability

CVE-2021-1678 is exploitable with network access, and does not require authorization privledges or user interaction. This vulnerability is considered to have a low attack complexity. It has the highest possible exploitability rating (3.9). The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.

Windows LUAFV Elevation of Privilege Vulnerability

CVE-2021-1706 8.8 - High - January 12, 2021

Windows LUAFV Elevation of Privilege Vulnerability

CVE-2021-1706 is exploitable with network access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Privilege Management

Windows Remote Desktop Protocol Core Security Feature Bypass Vulnerability

CVE-2021-1674 8.8 - High - January 12, 2021

Windows Remote Desktop Protocol Core Security Feature Bypass Vulnerability

CVE-2021-1674 is exploitable with network access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Windows (modem.sys) Information Disclosure Vulnerability

CVE-2021-1699 5.5 - Medium - January 12, 2021

Windows (modem.sys) Information Disclosure Vulnerability

CVE-2021-1699 can be explotited with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.

Windows Print Spooler Elevation of Privilege Vulnerability

CVE-2021-1695 7.8 - High - January 12, 2021

Windows Print Spooler Elevation of Privilege Vulnerability

CVE-2021-1695 can be explotited with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Privilege Management

Windows CSC Service Elevation of Privilege Vulnerability This CVE ID is unique

CVE-2021-1654 7.8 - High - January 12, 2021

Windows CSC Service Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-1652, CVE-2021-1653, CVE-2021-1655, CVE-2021-1659, CVE-2021-1688, CVE-2021-1693.

CVE-2021-1654 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Privilege Management

Windows CSC Service Elevation of Privilege Vulnerability This CVE ID is unique

CVE-2021-1659 7.8 - High - January 12, 2021

Windows CSC Service Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-1652, CVE-2021-1653, CVE-2021-1654, CVE-2021-1655, CVE-2021-1688, CVE-2021-1693.

CVE-2021-1659 can be explotited with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Privilege Management

Active Template Library Elevation of Privilege Vulnerability

CVE-2021-1649 7.8 - High - January 12, 2021

Active Template Library Elevation of Privilege Vulnerability

CVE-2021-1649 can be explotited with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Privilege Management

Windows NT Lan Manager Datagram Receiver Driver Information Disclosure Vulnerability

CVE-2021-1676 5.5 - Medium - January 12, 2021

Windows NT Lan Manager Datagram Receiver Driver Information Disclosure Vulnerability

CVE-2021-1676 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.

Windows Fax Compose Form Remote Code Execution Vulnerability

CVE-2021-1657 7.8 - High - January 12, 2021

Windows Fax Compose Form Remote Code Execution Vulnerability

CVE-2021-1657 can be explotited with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Privilege Management

Windows GDI+ Information Disclosure Vulnerability

CVE-2021-1708 5.7 - Medium - January 12, 2021

Windows GDI+ Information Disclosure Vulnerability

CVE-2021-1708 is exploitable with network access, requires user interaction and a small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.1 out of four. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.

Windows Backup Engine Elevation of Privilege Vulnerability This CVE ID is unique

CVE-2020-16958 7.8 - High - December 10, 2020

Windows Backup Engine Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-16959, CVE-2020-16960, CVE-2020-16961, CVE-2020-16962, CVE-2020-16963, CVE-2020-16964.

CVE-2020-16958 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Privilege Management

Windows Backup Engine Elevation of Privilege Vulnerability This CVE ID is unique

CVE-2020-16960 7.8 - High - December 10, 2020

Windows Backup Engine Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-16958, CVE-2020-16959, CVE-2020-16961, CVE-2020-16962, CVE-2020-16963, CVE-2020-16964.

CVE-2020-16960 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Privilege Management

Windows Backup Engine Elevation of Privilege Vulnerability This CVE ID is unique

CVE-2020-16963 7.8 - High - December 10, 2020

Windows Backup Engine Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-16958, CVE-2020-16959, CVE-2020-16960, CVE-2020-16961, CVE-2020-16962, CVE-2020-16964.

CVE-2020-16963 can be explotited with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Privilege Management

Windows SMB Information Disclosure Vulnerability

CVE-2020-17140 6.5 - Medium - December 10, 2020

Windows SMB Information Disclosure Vulnerability

CVE-2020-17140 is exploitable with network access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.

Information Leak

Windows Backup Engine Elevation of Privilege Vulnerability This CVE ID is unique

CVE-2020-16961 7.8 - High - December 10, 2020

Windows Backup Engine Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-16958, CVE-2020-16959, CVE-2020-16960, CVE-2020-16962, CVE-2020-16963, CVE-2020-16964.

CVE-2020-16961 can be explotited with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Privilege Management

Windows Backup Engine Elevation of Privilege Vulnerability This CVE ID is unique

CVE-2020-16964 7.8 - High - December 10, 2020

Windows Backup Engine Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-16958, CVE-2020-16959, CVE-2020-16960, CVE-2020-16961, CVE-2020-16962, CVE-2020-16963.

CVE-2020-16964 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Privilege Management

Windows Backup Engine Elevation of Privilege Vulnerability This CVE ID is unique

CVE-2020-16959 7.8 - High - December 10, 2020

Windows Backup Engine Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-16958, CVE-2020-16960, CVE-2020-16961, CVE-2020-16962, CVE-2020-16963, CVE-2020-16964.

CVE-2020-16959 can be explotited with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Privilege Management

Windows Backup Engine Elevation of Privilege Vulnerability This CVE ID is unique

CVE-2020-16962 7.8 - High - December 10, 2020

Windows Backup Engine Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-16958, CVE-2020-16959, CVE-2020-16960, CVE-2020-16961, CVE-2020-16963, CVE-2020-16964.

CVE-2020-16962 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Privilege Management

Windows GDI+ Information Disclosure Vulnerability

CVE-2020-17098 5.5 - Medium - December 10, 2020

Windows GDI+ Information Disclosure Vulnerability

CVE-2020-17098 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.

Windows Function Discovery SSDP Provider Information Disclosure Vulnerability

CVE-2020-17036 5.5 - Medium - November 11, 2020

Windows Function Discovery SSDP Provider Information Disclosure Vulnerability

CVE-2020-17036 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.

Information Leak

Windows Print Spooler Elevation of Privilege Vulnerability This CVE ID is unique

CVE-2020-17014 7.1 - High - November 11, 2020

Windows Print Spooler Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17001.

CVE-2020-17014 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality, a high impact on integrity and availability.

Improper Privilege Management

Windows Network File System Denial of Service Vulnerability

CVE-2020-17047 7.5 - High - November 11, 2020

Windows Network File System Denial of Service Vulnerability

CVE-2020-17047 can be explotited with network access, and does not require authorization privledges or user interaction. This vulnerability is considered to have a low attack complexity. It has the highest possible exploitability rating (3.9). The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality and integrity, and a high impact on availability.

Windows KernelStream Information Disclosure Vulnerability

CVE-2020-17045 5.5 - Medium - November 11, 2020

Windows KernelStream Information Disclosure Vulnerability

CVE-2020-17045 can be explotited with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.

Information Leak

Windows Kernel Local Elevation of Privilege Vulnerability

CVE-2020-17087 7.8 - High - November 11, 2020

Windows Kernel Local Elevation of Privilege Vulnerability

CVE-2020-17087 can be explotited with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Privilege Management

Win32k Elevation of Privilege Vulnerability This CVE ID is unique

CVE-2020-17038 7.8 - High - November 11, 2020

Win32k Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17010.

CVE-2020-17038 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Privilege Management

Windows Print Spooler Remote Code Execution Vulnerability

CVE-2020-17042 8.8 - High - November 11, 2020

Windows Print Spooler Remote Code Execution Vulnerability

CVE-2020-17042 is exploitable with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Windows Graphics Component Information Disclosure Vulnerability

CVE-2020-17004 5.5 - Medium - November 11, 2020

Windows Graphics Component Information Disclosure Vulnerability

CVE-2020-17004 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.

Windows Spoofing Vulnerability

CVE-2020-1599 5.5 - Medium - November 11, 2020

Windows Spoofing Vulnerability

CVE-2020-1599 can be explotited with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality, a high impact on integrity, and no impact on availability.

Windows Remote Access Elevation of Privilege Vulnerability This CVE ID is unique

CVE-2020-17043 7.8 - High - November 11, 2020

Windows Remote Access Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17025, CVE-2020-17026, CVE-2020-17027, CVE-2020-17028, CVE-2020-17031, CVE-2020-17032, CVE-2020-17033, CVE-2020-17034, CVE-2020-17044, CVE-2020-17055.

CVE-2020-17043 can be explotited with local system access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Privilege Management

Windows Network File System Remote Code Execution Vulnerability

CVE-2020-17051 9.8 - Critical - November 11, 2020

Windows Network File System Remote Code Execution Vulnerability

CVE-2020-17051 can be explotited with network access, and does not require authorization privledges or user interaction. This vulnerability is considered to have a low attack complexity. It has the highest possible exploitability rating (3.9). The potential impact of an exploit of this vulnerability is considered to be critical as this vulneraility has a high impact to the confidentiality, integrity and availability of this component.

Remote Desktop Protocol Server Information Disclosure Vulnerability

CVE-2020-16997 6.5 - Medium - November 11, 2020

Remote Desktop Protocol Server Information Disclosure Vulnerability

CVE-2020-16997 can be explotited with network access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.

Windows Print Spooler Elevation of Privilege Vulnerability This CVE ID is unique

CVE-2020-17001 7.8 - High - November 11, 2020

Windows Print Spooler Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17014.

CVE-2020-17001 can be explotited with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Privilege Management

Windows Remote Access Elevation of Privilege Vulnerability This CVE ID is unique

CVE-2020-17055 7.8 - High - November 11, 2020

Windows Remote Access Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17025, CVE-2020-17026, CVE-2020-17027, CVE-2020-17028, CVE-2020-17031, CVE-2020-17032, CVE-2020-17033, CVE-2020-17034, CVE-2020-17043, CVE-2020-17044.

CVE-2020-17055 can be explotited with local system access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Privilege Management

Remote Desktop Protocol Client Information Disclosure Vulnerability

CVE-2020-17000 5.5 - Medium - November 11, 2020

Remote Desktop Protocol Client Information Disclosure Vulnerability

CVE-2020-17000 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.

Windows Port Class Library Elevation of Privilege Vulnerability

CVE-2020-17011 7.8 - High - November 11, 2020

Windows Port Class Library Elevation of Privilege Vulnerability

CVE-2020-17011 can be explotited with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Privilege Management

Windows Canonical Display Driver Information Disclosure Vulnerability

CVE-2020-17029 5.5 - Medium - November 11, 2020

Windows Canonical Display Driver Information Disclosure Vulnerability

CVE-2020-17029 can be explotited with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.

Information Leak

Windows GDI+ Remote Code Execution Vulnerability

CVE-2020-17068 7.8 - High - November 11, 2020

Windows GDI+ Remote Code Execution Vulnerability

CVE-2020-17068 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Windows Remote Access Elevation of Privilege Vulnerability This CVE ID is unique

CVE-2020-17044 7.8 - High - November 11, 2020

Windows Remote Access Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17025, CVE-2020-17026, CVE-2020-17027, CVE-2020-17028, CVE-2020-17031, CVE-2020-17032, CVE-2020-17033, CVE-2020-17034, CVE-2020-17043, CVE-2020-17055.

CVE-2020-17044 is exploitable with local system access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Privilege Management

Windows NDIS Information Disclosure Vulnerability

CVE-2020-17069 5.5 - Medium - November 11, 2020

Windows NDIS Information Disclosure Vulnerability

CVE-2020-17069 can be explotited with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.

Windows Common Log File System Driver Elevation of Privilege Vulnerability

CVE-2020-17088 7.8 - High - November 11, 2020

Windows Common Log File System Driver Elevation of Privilege Vulnerability

CVE-2020-17088 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Privilege Management

An elevation of privilege vulnerability exists when the Windows Backup Service improperly handles file operations.To exploit this vulnerability, an attacker

CVE-2020-16973 7.8 - High - October 16, 2020

An elevation of privilege vulnerability exists when the Windows Backup Service improperly handles file operations.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Backup Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-16912, CVE-2020-16936, CVE-2020-16972, CVE-2020-16974, CVE-2020-16975, CVE-2020-16976.

CVE-2020-16973 can be explotited with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Privilege Management

An elevation of privilege vulnerability exists in the Windows Installer when the Windows Installer fails to properly sanitize input leading to an insecure library loading behavior.A locally authenticated attacker could run arbitrary code with elevated system privileges

CVE-2020-16902 7.8 - High - October 16, 2020

An elevation of privilege vulnerability exists in the Windows Installer when the Windows Installer fails to properly sanitize input leading to an insecure library loading behavior.A locally authenticated attacker could run arbitrary code with elevated system privileges, aka 'Windows Installer Elevation of Privilege Vulnerability'.

CVE-2020-16902 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Privilege Management

An elevation of privilege vulnerability exists when the Windows Backup Service improperly handles file operations.To exploit this vulnerability, an attacker

CVE-2020-16972 7.8 - High - October 16, 2020

An elevation of privilege vulnerability exists when the Windows Backup Service improperly handles file operations.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Backup Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-16912, CVE-2020-16936, CVE-2020-16973, CVE-2020-16974, CVE-2020-16975, CVE-2020-16976.

CVE-2020-16972 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Privilege Management

An elevation of privilege vulnerability exists when Windows improperly handles COM object creation

CVE-2020-16935 7.8 - High - October 16, 2020

An elevation of privilege vulnerability exists when Windows improperly handles COM object creation, aka 'Windows COM Server Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-16916.

CVE-2020-16935 can be explotited with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Privilege Management

An elevation of privilege vulnerability exists when the Windows Backup Service improperly handles file operations.To exploit this vulnerability, an attacker

CVE-2020-16975 7.8 - High - October 16, 2020

An elevation of privilege vulnerability exists when the Windows Backup Service improperly handles file operations.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Backup Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-16912, CVE-2020-16936, CVE-2020-16972, CVE-2020-16973, CVE-2020-16974, CVE-2020-16976.

CVE-2020-16975 can be explotited with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Privilege Management

An elevation of privilege vulnerability exists in the way

CVE-2020-16887 7.8 - High - October 16, 2020

An elevation of privilege vulnerability exists in the way that the Windows Network Connections Service handles objects in memory, aka 'Windows Network Connections Service Elevation of Privilege Vulnerability'.

CVE-2020-16887 can be explotited with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Privilege Management

A denial of service vulnerability exists in Microsoft Outlook software when the software fails to properly handle objects in memory

CVE-2020-16949 7.5 - High - October 16, 2020

A denial of service vulnerability exists in Microsoft Outlook software when the software fails to properly handle objects in memory, aka 'Microsoft Outlook Denial of Service Vulnerability'.

CVE-2020-16949 can be explotited with network access, and does not require authorization privledges or user interaction. This vulnerability is considered to have a low attack complexity. It has the highest possible exploitability rating (3.9). The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality and integrity, and a high impact on availability.

Memory Leak

An elevation of privilege vulnerability exists when the Windows Backup Service improperly handles file operations.To exploit this vulnerability, an attacker

CVE-2020-16912 7.8 - High - October 16, 2020

An elevation of privilege vulnerability exists when the Windows Backup Service improperly handles file operations.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Backup Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-16936, CVE-2020-16972, CVE-2020-16973, CVE-2020-16974, CVE-2020-16975, CVE-2020-16976.

CVE-2020-16912 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Privilege Management

A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input

CVE-2020-16891 8.8 - High - October 16, 2020

A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system, aka 'Windows Hyper-V Remote Code Execution Vulnerability'.

CVE-2020-16891 can be explotited with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.0 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Input Validation

An elevation of privilege vulnerability exists when Windows improperly handles COM object creation

CVE-2020-16916 7.8 - High - October 16, 2020

An elevation of privilege vulnerability exists when Windows improperly handles COM object creation, aka 'Windows COM Server Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-16935.

CVE-2020-16916 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Privilege Management

An information disclosure vulnerability exists when the Windows KernelStream improperly handles objects in memory

CVE-2020-16889 5.5 - Medium - October 16, 2020

An information disclosure vulnerability exists when the Windows KernelStream improperly handles objects in memory, aka 'Windows KernelStream Information Disclosure Vulnerability'.

CVE-2020-16889 can be explotited with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.

Information Leak

A security feature bypass vulnerability exists in Microsoft Word software when it fails to properly handle .LNK files

CVE-2020-16933 8.8 - High - October 16, 2020

A security feature bypass vulnerability exists in Microsoft Word software when it fails to properly handle .LNK files, aka 'Microsoft Word Security Feature Bypass Vulnerability'.

CVE-2020-16933 can be explotited with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Handling of Exceptional Conditions

An elevation of privilege vulnerability exists when the Windows Application Compatibility Client Library improperly handles registry operations

CVE-2020-16920 7.8 - High - October 16, 2020

An elevation of privilege vulnerability exists when the Windows Application Compatibility Client Library improperly handles registry operations, aka 'Windows Application Compatibility Client Library Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-16876.

CVE-2020-16920 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Privilege Management

A denial of service vulnerability exists in Windows Remote Desktop Service when an attacker connects to the target system using RDP and sends specially crafted requests

CVE-2020-16863 7.5 - High - October 16, 2020

A denial of service vulnerability exists in Windows Remote Desktop Service when an attacker connects to the target system using RDP and sends specially crafted requests, aka 'Windows Remote Desktop Service Denial of Service Vulnerability'.

CVE-2020-16863 can be explotited with network access, and does not require authorization privledges or user interaction. This vulnerability is considered to have a low attack complexity. It has the highest possible exploitability rating (3.9). The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality and integrity, and a high impact on availability.

An elevation of privilege vulnerability exists when the Windows User Profile Service (ProfSvc) improperly handles junction points

CVE-2020-16940 5.5 - Medium - October 16, 2020

An elevation of privilege vulnerability exists when the Windows User Profile Service (ProfSvc) improperly handles junction points, aka 'Windows - User Profile Service Elevation of Privilege Vulnerability'.

CVE-2020-16940 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality and integrity, and a high impact on availability.

Improper Privilege Management

An elevation of privilege vulnerability exists when the Windows Event System improperly handles objects in memory.To exploit this vulnerability, an attacker

CVE-2020-16900 7.8 - High - October 16, 2020

An elevation of privilege vulnerability exists when the Windows Event System improperly handles objects in memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Event System Elevation of Privilege Vulnerability'.

CVE-2020-16900 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Privilege Management

An elevation of privilege vulnerability exists when the Windows Backup Service improperly handles file operations.To exploit this vulnerability, an attacker

CVE-2020-16974 7.8 - High - October 16, 2020

An elevation of privilege vulnerability exists when the Windows Backup Service improperly handles file operations.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Backup Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-16912, CVE-2020-16936, CVE-2020-16972, CVE-2020-16973, CVE-2020-16975, CVE-2020-16976.

CVE-2020-16974 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Privilege Management

A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory

CVE-2020-16924 7.8 - High - October 16, 2020

A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'.

CVE-2020-16924 is exploitable with local system access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Memory Corruption

An information disclosure vulnerability exists when NetBIOS over TCP (NBT) Extensions (NetBT) improperly handle objects in memory

CVE-2020-16897 5.5 - Medium - October 16, 2020

An information disclosure vulnerability exists when NetBIOS over TCP (NBT) Extensions (NetBT) improperly handle objects in memory, aka 'NetBT Information Disclosure Vulnerability'.

CVE-2020-16897 can be explotited with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.

A spoofing vulnerability exists when Windows incorrectly validates file signatures

CVE-2020-16922 5.5 - Medium - October 16, 2020

A spoofing vulnerability exists when Windows incorrectly validates file signatures, aka 'Windows Spoofing Vulnerability'.

CVE-2020-16922 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality, a high impact on integrity, and no impact on availability.

Improper Verification of Cryptographic Signature

A remote code execution vulnerability exists in the way

CVE-2020-16923 7.8 - High - October 16, 2020

A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory, aka 'Microsoft Graphics Components Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1167.

CVE-2020-16923 can be explotited with local system access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.