Microsoft Windows Server 2016

An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory

CVE-2020-1091 6.5 - Medium - September 11, 2020

An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows Graphics Component Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-1097.

CVE-2020-1091 can be explotited with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.

Improper Control of Dynamically-Managed Code Resources

An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory

CVE-2020-1097 6.5 - Medium - September 11, 2020

An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows Graphics Component Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-1091.

CVE-2020-1097 can be explotited with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.

Improper Control of Dynamically-Managed Code Resources

A remote code execution vulnerability exists when the Windows Text Service Module improperly handles memory

CVE-2020-0908 7.5 - High - September 11, 2020

A remote code execution vulnerability exists when the Windows Text Service Module improperly handles memory, aka 'Windows Text Service Module Remote Code Execution Vulnerability'.

CVE-2020-0908 is exploitable with network access, requires user interaction. This vulnerability is consided to have a high level of attack complexity. It has an exploitability score of 1.6 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Memory Corruption

An information disclosure vulnerability exists when the Windows State Repository Service improperly handles objects in memory

CVE-2020-0914 5.5 - Medium - September 11, 2020

An information disclosure vulnerability exists when the Windows State Repository Service improperly handles objects in memory, aka 'Windows State Repository Service Information Disclosure Vulnerability'.

CVE-2020-0914 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.

An information disclosure vulnerability exists when the win32k component improperly provides kernel information

CVE-2020-0941 5.5 - Medium - September 11, 2020

An information disclosure vulnerability exists when the win32k component improperly provides kernel information, aka 'Win32k Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-1250.

CVE-2020-0941 can be explotited with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.

Information Leak

A security feature bypass vulnerability exists in Windows Defender Application Control (WDAC) which could

CVE-2020-0951 6.7 - Medium - September 11, 2020

A security feature bypass vulnerability exists in Windows Defender Application Control (WDAC) which could allow an attacker to bypass WDAC enforcement, aka 'Windows Defender Application Control Security Feature Bypass Vulnerability'.

CVE-2020-0951 can be explotited with local system access, and requires user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 0.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Incorrect Permission Assignment for Critical Resource

An elevation of privilege vulnerability exists in the way

CVE-2020-1034 7.8 - High - September 11, 2020

An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'.

CVE-2020-1034 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Privilege Management

A denial of service vulnerability exists when Windows Routing Utilities improperly handles objects in memory

CVE-2020-1038 5.5 - Medium - September 11, 2020

A denial of service vulnerability exists when Windows Routing Utilities improperly handles objects in memory, aka 'Windows Routing Utilities Denial of Service'.

CVE-2020-1038 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality and integrity, and a high impact on availability.

A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory

CVE-2020-1039 7.8 - High - September 11, 2020

A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1074.

CVE-2020-1039 can be explotited with local system access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

An elevation of privilege vulnerability exists in the way

CVE-2020-1052 7.8 - High - September 11, 2020

An elevation of privilege vulnerability exists in the way that the ssdpsrv.dll handles objects in memory, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1159, CVE-2020-1376.

CVE-2020-1052 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Privilege Management

An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory

CVE-2020-1053 7.8 - High - September 11, 2020

An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory, aka 'DirectX Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1308.

CVE-2020-1053 can be explotited with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Privilege Management

An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory

CVE-2020-1115 7.8 - High - September 11, 2020

An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory, aka 'Windows Common Log File System Driver Elevation of Privilege Vulnerability'.

CVE-2020-1115 can be explotited with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Privilege Management

A remote code execution vulnerability exists in the way

CVE-2020-1129 8.8 - High - September 11, 2020

A remote code execution vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory, aka 'Microsoft Windows Codecs Library Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1319.

CVE-2020-1129 can be explotited with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory

CVE-2020-0998 7.8 - High - September 11, 2020

An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory, aka 'Windows Graphics Component Elevation of Privilege Vulnerability'.

CVE-2020-0998 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Privilege Management

A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory

CVE-2020-1074 7.8 - High - September 11, 2020

A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1039.

CVE-2020-1074 is exploitable with local system access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory

CVE-2020-1083 5.5 - Medium - September 11, 2020

An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory, aka 'Microsoft Graphics Component Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-0921.

CVE-2020-1083 can be explotited with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.

An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory

CVE-2020-16854 5.5 - Medium - September 11, 2020

An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-0928, CVE-2020-1033, CVE-2020-1589, CVE-2020-1592.

CVE-2020-16854 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.

A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate specific malicious data

CVE-2020-0904 6.5 - Medium - September 11, 2020

A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate specific malicious data from a user on a guest operating system.To exploit the vulnerability, an attacker who already has a privileged account on a guest operating system, running as a virtual machine, could run a specially crafted application.The security update addresses the vulnerability by resolving the conditions where Hyper-V would fail to handle these requests., aka 'Windows Hyper-V Denial of Service Vulnerability'. This CVE ID is unique from CVE-2020-0890.

CVE-2020-0904 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.0 out of four. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality and integrity, and a high impact on availability.

Incorrect Permission Assignment for Critical Resource

A remote code execution vulnerability exists when the Windows Camera Codec Pack improperly handles objects in memory

CVE-2020-0997 7.8 - High - September 11, 2020

A remote code execution vulnerability exists when the Windows Camera Codec Pack improperly handles objects in memory, aka 'Windows Camera Codec Pack Remote Code Execution Vulnerability'.

CVE-2020-0997 can be explotited with local system access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Out-of-bounds Write

An elevation of privilege vulnerability exists when the Windows Storage Services improperly handle file operations

CVE-2020-0886 7.8 - High - September 11, 2020

An elevation of privilege vulnerability exists when the Windows Storage Services improperly handle file operations, aka 'Windows Storage Services Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1559.

CVE-2020-0886 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Privilege Management

An information disclosure vulnerability exists in the way

CVE-2020-1031 7.5 - High - September 11, 2020

An information disclosure vulnerability exists in the way that the Windows Server DHCP service improperly discloses the contents of its memory.To exploit the vulnerability, an unauthenticated attacker could send a specially crafted packet to an affected DHCP server, aka 'Windows DHCP Server Information Disclosure Vulnerability'.

CVE-2020-1031 can be explotited with network access, and does not require authorization privledges or user interaction. This vulnerability is considered to have a low attack complexity. It has the highest possible exploitability rating (3.9). The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.

An elevation of privilege vulnerability exists when the Windows Cryptographic Catalog Services improperly handle objects in memory

CVE-2020-0782 7.8 - High - September 11, 2020

An elevation of privilege vulnerability exists when the Windows Cryptographic Catalog Services improperly handle objects in memory, aka 'Windows Cryptographic Catalog Services Elevation of Privilege Vulnerability'.

CVE-2020-0782 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Privilege Management

An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector improperly handles data operations

CVE-2020-1130 7.8 - High - September 11, 2020

An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector improperly handles data operations, aka 'Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1133.

CVE-2020-1130 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Privilege Management

An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector improperly handles file operations

CVE-2020-1133 7.8 - High - September 11, 2020

An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector improperly handles file operations, aka 'Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1130.

CVE-2020-1133 can be explotited with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Privilege Management

An elevation of privilege vulnerability exists when the Microsoft Store Runtime improperly handles memory.To exploit this vulnerability, an attacker

CVE-2020-1146 7.8 - High - September 11, 2020

An elevation of privilege vulnerability exists when the Microsoft Store Runtime improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Microsoft Store Runtime Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0766.

CVE-2020-1146 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Privilege Management

An elevation of privilege vulnerability exists when Windows improperly handles calls to Win32k.sys

CVE-2020-1152 7.8 - High - September 11, 2020

An elevation of privilege vulnerability exists when Windows improperly handles calls to Win32k.sys, aka 'Windows Win32k Elevation of Privilege Vulnerability'.

CVE-2020-1152 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Privilege Management

An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory

CVE-2020-1245 7.8 - High - September 11, 2020

An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'.

CVE-2020-1245 can be explotited with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Privilege Management

A remote code execution vulnerability exists when Active Directory integrated DNS (ADIDNS) mishandles objects in memory

CVE-2020-0718 8.8 - High - September 11, 2020

A remote code execution vulnerability exists when Active Directory integrated DNS (ADIDNS) mishandles objects in memory, aka 'Active Directory Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0761.

CVE-2020-0718 is exploitable with network access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

A remote code execution vulnerability exists when Active Directory integrated DNS (ADIDNS) mishandles objects in memory

CVE-2020-0761 8.8 - High - September 11, 2020

A remote code execution vulnerability exists when Active Directory integrated DNS (ADIDNS) mishandles objects in memory, aka 'Active Directory Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0718.

CVE-2020-0761 can be explotited with network access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

A spoofing vulnerability exists when Active Directory Federation Services (ADFS) improperly handles multi-factor authentication requests.To exploit this vulnerability

CVE-2020-0837 5.3 - Medium - September 11, 2020

A spoofing vulnerability exists when Active Directory Federation Services (ADFS) improperly handles multi-factor authentication requests.To exploit this vulnerability, an attacker could send a specially crafted authentication request, aka 'ADFS Spoofing Vulnerability'.

CVE-2020-0837 can be explotited with network access, and requires small amount of user privledges. This vulnerability is consided to have a high level of attack complexity. It has an exploitability score of 1.6 out of four. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality, a high impact on integrity, and no impact on availability.

authentification

A remote code execution vulnerability exists in the way

CVE-2020-0922 8.8 - High - September 11, 2020

A remote code execution vulnerability exists in the way that Microsoft COM for Windows handles objects in memory, aka 'Microsoft COM for Windows Remote Code Execution Vulnerability'.

CVE-2020-0922 is exploitable with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

An elevation of privilege vulnerability exists when Microsoft Windows processes group policy updates

CVE-2020-1013 8.1 - High - September 11, 2020

An elevation of privilege vulnerability exists when Microsoft Windows processes group policy updates, aka 'Group Policy Elevation of Privilege Vulnerability'.

CVE-2020-1013 can be explotited with network access, and does not require authorization privledges or user interaction. This vulnerability is consided to have a high level of attack complexity. It has an exploitability score of 2.2 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Privilege Management

An elevation of privilege vulnerability exists when the Windows Print Spooler service improperly

CVE-2020-1030 7.8 - High - September 11, 2020

An elevation of privilege vulnerability exists when the Windows Print Spooler service improperly allows arbitrary writing to the file system, aka 'Windows Print Spooler Elevation of Privilege Vulnerability'.

CVE-2020-1030 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Privilege Management

An elevation of privilege vulnerability exists when Microsoft Windows CloudExperienceHost fails to check COM objects

CVE-2020-1471 7.8 - High - September 11, 2020

An elevation of privilege vulnerability exists when Microsoft Windows CloudExperienceHost fails to check COM objects, aka 'Windows CloudExperienceHost Elevation of Privilege Vulnerability'.

CVE-2020-1471 can be explotited with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Privilege Management

An elevation of privilege vulnerability exists in the way

CVE-2020-1491 7.8 - High - September 11, 2020

An elevation of privilege vulnerability exists in the way that the Windows Function Discovery Service handles objects in memory, aka 'Windows Function Discovery Service Elevation of Privilege Vulnerability'.

CVE-2020-1491 can be explotited with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Privilege Management

A remote code execution vulnerability exists when Windows Media Audio Decoder improperly handles objects

CVE-2020-1508 8.8 - High - September 11, 2020

A remote code execution vulnerability exists when Windows Media Audio Decoder improperly handles objects, aka 'Windows Media Audio Decoder Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1593.

CVE-2020-1508 is exploitable with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Control of Generation of Code ('Code Injection')

An elevation of privilege vulnerability exists when the Windows RSoP Service Application improperly handles memory.To exploit this vulnerability, an attacker

CVE-2020-0648 7.8 - High - September 11, 2020

An elevation of privilege vulnerability exists when the Windows RSoP Service Application improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows RSoP Service Application Elevation of Privilege Vulnerability'.

CVE-2020-0648 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Privilege Management

An information disclosure vulnerability exists when Active Directory integrated DNS (ADIDNS) mishandles objects in memory

CVE-2020-0664 6.5 - Medium - September 11, 2020

An information disclosure vulnerability exists when Active Directory integrated DNS (ADIDNS) mishandles objects in memory, aka 'Active Directory Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-0856.

CVE-2020-0664 is exploitable with network access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.

Information Leak

An elevation of privilege vulnerability exists when the Microsoft Store Runtime improperly handles memory.To exploit this vulnerability, an attacker

CVE-2020-0766 7.8 - High - September 11, 2020

An elevation of privilege vulnerability exists when the Microsoft Store Runtime improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Microsoft Store Runtime Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1146.

CVE-2020-0766 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Privilege Management

A local elevation of privilege vulnerability exists in how splwow64.exe handles certain calls

CVE-2020-0790 7.8 - High - September 11, 2020

A local elevation of privilege vulnerability exists in how splwow64.exe handles certain calls, aka 'Microsoft splwow64 Elevation of Privilege Vulnerability'.

CVE-2020-0790 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Privilege Management

A denial of service vulnerability exists in Windows DNS when it fails to properly handle queries

CVE-2020-0836 7.5 - High - September 11, 2020

A denial of service vulnerability exists in Windows DNS when it fails to properly handle queries, aka 'Windows DNS Denial of Service Vulnerability'. This CVE ID is unique from CVE-2020-1228.

CVE-2020-0836 is exploitable with network access, and does not require authorization privledges or user interaction. This vulnerability is considered to have a low attack complexity. It has the highest possible exploitability rating (3.9). The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality and integrity, and a high impact on availability.

Improper Input Validation

An elevation of privilege vulnerability exists when NTFS improperly checks access

CVE-2020-0838 7.8 - High - September 11, 2020

An elevation of privilege vulnerability exists when NTFS improperly checks access, aka 'NTFS Elevation of Privilege Vulnerability'.

CVE-2020-0838 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Privilege Management

An elevation of privilege vulnerability exists in the way

CVE-2020-0839 7.8 - High - September 11, 2020

An elevation of privilege vulnerability exists in the way that the dnsrslvr.dll handles objects in memory, aka 'Windows dnsrslvr.dll Elevation of Privilege Vulnerability'.

CVE-2020-0839 can be explotited with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Memory Corruption

An information disclosure vulnerability exists when Active Directory integrated DNS (ADIDNS) mishandles objects in memory

CVE-2020-0856 6.5 - Medium - September 11, 2020

An information disclosure vulnerability exists when Active Directory integrated DNS (ADIDNS) mishandles objects in memory, aka 'Active Directory Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-0664.

CVE-2020-0856 is exploitable with network access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.

Information Leak

An elevation of privilege vulnerability exists when the Shell infrastructure component improperly handles objects in memory

CVE-2020-0870 7.8 - High - September 11, 2020

An elevation of privilege vulnerability exists when the Shell infrastructure component improperly handles objects in memory, aka 'Shell infrastructure component Elevation of Privilege Vulnerability'.

CVE-2020-0870 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

An information disclosure vulnerability exists in how splwow64.exe handles certain calls

CVE-2020-0875 5.5 - Medium - September 11, 2020

An information disclosure vulnerability exists in how splwow64.exe handles certain calls, aka 'Microsoft splwow64 Information Disclosure Vulnerability'.

CVE-2020-0875 can be explotited with local system access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.

Information Leak

An elevation of privilege vulnerability exists when Windows Modules Installer improperly handles objects in memory

CVE-2020-0911 7.8 - High - September 11, 2020

An elevation of privilege vulnerability exists when Windows Modules Installer improperly handles objects in memory, aka 'Windows Modules Installer Elevation of Privilege Vulnerability'.

CVE-2020-0911 can be explotited with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Privilege Management

An elevation of privilege vulnerability exists when the Windows Function Discovery SSDP Provider improperly handles memory.To exploit this vulnerability, an attacker

CVE-2020-0912 7.8 - High - September 11, 2020

An elevation of privilege vulnerability exists when the Windows Function Discovery SSDP Provider improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Function Discovery SSDP Provider Elevation of Privilege Vulnerability'.

CVE-2020-0912 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Privilege Management

An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory

CVE-2020-0921 5.5 - Medium - September 11, 2020

An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory, aka 'Microsoft Graphics Component Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-1083.

CVE-2020-0921 can be explotited with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.

Information Leak

A denial of service vulnerability exists in Windows DNS when it fails to properly handle queries

CVE-2020-1228 6.5 - Medium - September 11, 2020

A denial of service vulnerability exists in Windows DNS when it fails to properly handle queries, aka 'Windows DNS Denial of Service Vulnerability'. This CVE ID is unique from CVE-2020-0836.

CVE-2020-1228 is exploitable with network access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality and integrity, and a high impact on availability.

An information disclosure vulnerability exists when the win32k component improperly provides kernel information

CVE-2020-1250 5.5 - Medium - September 11, 2020

An information disclosure vulnerability exists when the win32k component improperly provides kernel information, aka 'Win32k Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-0941.

CVE-2020-1250 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.

Information Leak

A remote code execution vulnerability exists when Windows improperly handles objects in memory

CVE-2020-1252 7.8 - High - September 11, 2020

A remote code execution vulnerability exists when Windows improperly handles objects in memory, aka 'Windows Remote Code Execution Vulnerability'.

CVE-2020-1252 is exploitable with local system access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory

CVE-2020-1256 6.5 - Medium - September 11, 2020

An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'.

CVE-2020-1256 is exploitable with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.

Information Leak

A remote code execution vulnerability exists in the way

CVE-2020-1285 8.8 - High - September 11, 2020

A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory, aka 'GDI+ Remote Code Execution Vulnerability'.

CVE-2020-1285 can be explotited with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory

CVE-2020-1308 7.8 - High - September 11, 2020

An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory, aka 'DirectX Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1053.

CVE-2020-1308 is exploitable with local system access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Privilege Management

A remote code execution vulnerability exists in the way

CVE-2020-1319 7.8 - High - September 11, 2020

A remote code execution vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory, aka 'Microsoft Windows Codecs Library Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1129.

CVE-2020-1319 can be explotited with local system access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

An elevation of privilege vulnerability exists in the way

CVE-2020-1376 7.8 - High - September 11, 2020

An elevation of privilege vulnerability exists in the way that fdSSDP.dll handles objects in memory, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1052, CVE-2020-1159.

CVE-2020-1376 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Privilege Management

An elevation of privilege vulnerability exists when the Windows Storage Services improperly handle file operations

CVE-2020-1559 7.8 - High - September 11, 2020

An elevation of privilege vulnerability exists when the Windows Storage Services improperly handle file operations, aka 'Windows Storage Services Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0886.

CVE-2020-1559 can be explotited with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Privilege Management

An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory

CVE-2020-1589 5.5 - Medium - September 11, 2020

An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-0928, CVE-2020-1033, CVE-2020-1592, CVE-2020-16854.

CVE-2020-1589 can be explotited with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.

Information Leak

A remote code execution vulnerability exists when Windows Media Audio Decoder improperly handles objects

CVE-2020-1593 8.8 - High - September 11, 2020

A remote code execution vulnerability exists when Windows Media Audio Decoder improperly handles objects, aka 'Windows Media Audio Decoder Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1508.

CVE-2020-1593 can be explotited with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

An elevation of privilege vulnerability exists when the Windows Universal Plug and Play (UPnP) service improperly handles objects in memory

CVE-2020-1598 7.8 - High - September 11, 2020

An elevation of privilege vulnerability exists when the Windows Universal Plug and Play (UPnP) service improperly handles objects in memory, aka 'Windows UPnP Service Elevation of Privilege Vulnerability'.

CVE-2020-1598 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Privilege Management

A information disclosure vulnerability exists when TLS components use weak hash algorithms

CVE-2020-1596 5.3 - Medium - September 11, 2020

A information disclosure vulnerability exists when TLS components use weak hash algorithms, aka 'TLS Information Disclosure Vulnerability'.

Use of a Broken or Risky Cryptographic Algorithm

An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory

CVE-2020-0928 5.5 - Medium - September 11, 2020

An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-1033, CVE-2020-1589, CVE-2020-1592, CVE-2020-16854.

CVE-2020-0928 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.

An information disclosure vulnerability exists when Windows Mobile Device Management (MDM) Diagnostics improperly handles junctions

CVE-2020-0989 5.5 - Medium - September 11, 2020

An information disclosure vulnerability exists when Windows Mobile Device Management (MDM) Diagnostics improperly handles junctions, aka 'Windows Mobile Device Management Diagnostics Information Disclosure Vulnerability'.

CVE-2020-0989 can be explotited with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.

AuthZ

An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory

CVE-2020-1033 5.5 - Medium - September 11, 2020

An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-0928, CVE-2020-1589, CVE-2020-1592, CVE-2020-16854.

CVE-2020-1033 can be explotited with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.

An information disclosure vulnerability exists when StartTileData.dll improperly handles objects in memory

CVE-2020-1119 5.5 - Medium - September 11, 2020

An information disclosure vulnerability exists when StartTileData.dll improperly handles objects in memory, aka 'Windows Information Disclosure Vulnerability'.

CVE-2020-1119 can be explotited with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.

An elevation of privilege vulnerability exists when the Windows Language Pack Installer improperly handles file operations

CVE-2020-1122 7.8 - High - September 11, 2020

An elevation of privilege vulnerability exists when the Windows Language Pack Installer improperly handles file operations, aka 'Windows Language Pack Installer Elevation of Privilege Vulnerability'.

CVE-2020-1122 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Check for Unusual or Exceptional Conditions

A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate specific malicious data

CVE-2020-0890 6.5 - Medium - September 11, 2020

A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate specific malicious data from a user on a guest operating system.To exploit the vulnerability, an attacker who already has a privileged account on a guest operating system, running as a virtual machine, could run a specially crafted application.The security update addresses the vulnerability by resolving the conditions where Hyper-V would fail to handle these requests., aka 'Windows Hyper-V Denial of Service Vulnerability'. This CVE ID is unique from CVE-2020-0904.

CVE-2020-0890 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.0 out of four. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality and integrity, and a high impact on availability.

Improper Privilege Management

An elevation of privilege vulnerability exists in the way

CVE-2020-1159 7.8 - High - September 11, 2020

An elevation of privilege vulnerability exists in the way that the StartTileData.dll handles file creation in protected locations, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1052, CVE-2020-1376.

CVE-2020-1159 can be explotited with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Privilege Management

An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory

CVE-2020-1169 7.8 - High - September 11, 2020

An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka 'Windows Runtime Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1303.

CVE-2020-1169 can be explotited with local system access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Privilege Management

An elevation of privilege vulnerability exists in the way

CVE-2020-1507 7.8 - High - September 11, 2020

An elevation of privilege vulnerability exists in the way that Microsoft COM for Windows handles objects in memory, aka 'Microsoft COM for Windows Elevation of Privilege Vulnerability'.

CVE-2020-1507 can be explotited with local system access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Privilege Management

An information disclosure vulnerability exists when a Windows Projected Filesystem improperly handles file redirections

CVE-2020-16879 5.5 - Medium - September 11, 2020

An information disclosure vulnerability exists when a Windows Projected Filesystem improperly handles file redirections, aka 'Projected Filesystem Information Disclosure Vulnerability'.

CVE-2020-16879 can be explotited with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.

Improper Input Validation

An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory

CVE-2020-1303 7.8 - High - September 11, 2020

An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka 'Windows Runtime Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1169.

CVE-2020-1303 can be explotited with local system access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Privilege Management

An elevation of privilege vulnerability exists when the Windows InstallService improperly handles memory.To exploit this vulnerability, an attacker

CVE-2020-1532 7.8 - High - September 11, 2020

An elevation of privilege vulnerability exists when the Windows InstallService improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows InstallService Elevation of Privilege Vulnerability'.

CVE-2020-1532 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Privilege Management

An elevation of privilege vulnerability exists when the Connected User Experiences and Telemetry Service improperly handles file operations

CVE-2020-1590 7.8 - High - September 11, 2020

An elevation of privilege vulnerability exists when the Connected User Experiences and Telemetry Service improperly handles file operations, aka 'Connected User Experiences and Telemetry Service Elevation of Privilege Vulnerability'.

CVE-2020-1590 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Privilege Management

An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory.To exploit this vulnerability

CVE-2020-1592 3.3 - Low - September 11, 2020

An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory.To exploit this vulnerability, an authenticated attacker could run a specially crafted application, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-0928, CVE-2020-1033, CVE-2020-1589, CVE-2020-16854.

CVE-2020-1592 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality, a small impact on integrity and availability.

Improper Initialization

A remote code execution vulnerability exists in the way

CVE-2020-1561 8.8 - High - August 17, 2020

A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory, aka 'Microsoft Graphics Components Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1562.

CVE-2020-1561 can be explotited with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Memory Corruption

A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory

CVE-2020-1564 7.8 - High - August 17, 2020

A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1473, CVE-2020-1557, CVE-2020-1558.

CVE-2020-1564 is exploitable with local system access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Memory Corruption

A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory

CVE-2020-1379 7.8 - High - August 17, 2020

A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory, aka 'Media Foundation Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-1477, CVE-2020-1478, CVE-2020-1492, CVE-2020-1525, CVE-2020-1554.

CVE-2020-1379 can be explotited with local system access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Memory Corruption

A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory

CVE-2020-1477 7.8 - High - August 17, 2020

A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory, aka 'Media Foundation Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-1379, CVE-2020-1478, CVE-2020-1492, CVE-2020-1525, CVE-2020-1554.

CVE-2020-1477 can be explotited with local system access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Memory Corruption

A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory

CVE-2020-1478 7.8 - High - August 17, 2020

A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory, aka 'Media Foundation Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-1379, CVE-2020-1477, CVE-2020-1492, CVE-2020-1525, CVE-2020-1554.

CVE-2020-1478 is exploitable with local system access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Memory Corruption

A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory

CVE-2020-1492 7.8 - High - August 17, 2020

A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory, aka 'Media Foundation Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-1379, CVE-2020-1477, CVE-2020-1478, CVE-2020-1525, CVE-2020-1554.

CVE-2020-1492 is exploitable with local system access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Memory Corruption

A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory

CVE-2020-1525 8.8 - High - August 17, 2020

A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory, aka 'Media Foundation Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-1379, CVE-2020-1477, CVE-2020-1478, CVE-2020-1492, CVE-2020-1554.

CVE-2020-1525 can be explotited with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Memory Corruption

A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory

CVE-2020-1554 7.8 - High - August 17, 2020

A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory, aka 'Media Foundation Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-1379, CVE-2020-1477, CVE-2020-1478, CVE-2020-1492, CVE-2020-1525.

CVE-2020-1554 is exploitable with local system access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Memory Corruption

An elevation of privilege vulnerability exists when Connected User Experiences and Telemetry Service improperly handles file operations

CVE-2020-1511 7.8 - High - August 17, 2020

An elevation of privilege vulnerability exists when Connected User Experiences and Telemetry Service improperly handles file operations, aka 'Connected User Experiences and Telemetry Service Elevation of Privilege Vulnerability'.

CVE-2020-1511 can be explotited with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Privilege Management

An information disclosure vulnerability exists when the Windows State Repository Service improperly handles objects in memory

CVE-2020-1512 5.5 - Medium - August 17, 2020

An information disclosure vulnerability exists when the Windows State Repository Service improperly handles objects in memory, aka 'Windows State Repository Service Information Disclosure Vulnerability'.

CVE-2020-1512 is exploitable with local system access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.

Information Leak

An elevation of privilege vulnerability exists when the Windows CSC Service improperly handles memory.To exploit this vulnerability, an attacker

CVE-2020-1513 7.8 - High - August 17, 2020

An elevation of privilege vulnerability exists when the Windows CSC Service improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows CSC Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1489.

CVE-2020-1513 can be explotited with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Privilege Management

An elevation of privilege vulnerability exists when the Windows Telephony Server improperly handles memory.To exploit this vulnerability, an attacker

CVE-2020-1515 7.8 - High - August 17, 2020

An elevation of privilege vulnerability exists when the Windows Telephony Server improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Telephony Server Elevation of Privilege Vulnerability'.

CVE-2020-1515 can be explotited with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Privilege Management

An elevation of privilege vulnerability exists when the Windows Work Folders Service improperly handles memory.To exploit this vulnerability, an attacker

CVE-2020-1516 7.8 - High - August 17, 2020

An elevation of privilege vulnerability exists when the Windows Work Folders Service improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Work Folders Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1470, CVE-2020-1484.

CVE-2020-1516 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Privilege Management

An elevation of privilege vulnerability exists when the Windows File Server Resource Management Service improperly handles memory.To exploit this vulnerability, an attacker

CVE-2020-1517 7.8 - High - August 17, 2020

An elevation of privilege vulnerability exists when the Windows File Server Resource Management Service improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows File Server Resource Management Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1518.

CVE-2020-1517 can be explotited with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Privilege Management

An elevation of privilege vulnerability exists when the Windows File Server Resource Management Service improperly handles memory.To exploit this vulnerability, an attacker

CVE-2020-1518 7.8 - High - August 17, 2020

An elevation of privilege vulnerability exists when the Windows File Server Resource Management Service improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows File Server Resource Management Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1517.

CVE-2020-1518 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Privilege Management

An elevation of privilege vulnerability exists when the Windows UPnP Device Host improperly handles memory.To exploit this vulnerability, an attacker

CVE-2020-1519 7.8 - High - August 17, 2020

An elevation of privilege vulnerability exists when the Windows UPnP Device Host improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows UPnP Device Host Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1538.

CVE-2020-1519 can be explotited with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Privilege Management

A remote code execution vulnerability exists when the Windows Font Driver Host improperly handles memory.An attacker who successfully exploited the vulnerability

CVE-2020-1520 7.8 - High - August 17, 2020

A remote code execution vulnerability exists when the Windows Font Driver Host improperly handles memory.An attacker who successfully exploited the vulnerability would gain execution on a victim system.The security update addresses the vulnerability by correcting how the Windows Font Driver Host handles memory., aka 'Windows Font Driver Host Remote Code Execution Vulnerability'.

CVE-2020-1520 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Memory Corruption

An elevation of privilege vulnerability exists when the Windows Speech Runtime improperly handles memory.To exploit this vulnerability, an attacker

CVE-2020-1521 7.8 - High - August 17, 2020

An elevation of privilege vulnerability exists when the Windows Speech Runtime improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Speech Runtime Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1522.

CVE-2020-1521 can be explotited with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Privilege Management

An elevation of privilege vulnerability exists when the Windows Speech Runtime improperly handles memory.To exploit this vulnerability, an attacker

CVE-2020-1522 7.8 - High - August 17, 2020

An elevation of privilege vulnerability exists when the Windows Speech Runtime improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Speech Runtime Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1521.

CVE-2020-1522 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Privilege Management

A remote code execution vulnerability exists when Windows Media Audio Codec improperly handles objects

CVE-2020-1339 8.8 - High - August 17, 2020

A remote code execution vulnerability exists when Windows Media Audio Codec improperly handles objects, aka 'Windows Media Remote Code Execution Vulnerability'.

CVE-2020-1339 can be explotited with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Memory Corruption

An information disclosure vulnerability exists in RPC if the server has Routing and Remote Access enabled

CVE-2020-1383 5.5 - Medium - August 17, 2020

An information disclosure vulnerability exists in RPC if the server has Routing and Remote Access enabled, aka 'Windows RRAS Service Information Disclosure Vulnerability'.

CVE-2020-1383 can be explotited with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.

Information Leak

A spoofing vulnerability exists when Windows incorrectly validates file signatures

CVE-2020-1464 5.5 - Medium - August 17, 2020

A spoofing vulnerability exists when Windows incorrectly validates file signatures, aka 'Windows Spoofing Vulnerability'.

CVE-2020-1464 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality, a high impact on integrity, and no impact on availability.

Improper Verification of Cryptographic Signature

An elevation of privilege vulnerability exists when Windows improperly handles hard links

CVE-2020-1467 7.8 - High - August 17, 2020

An elevation of privilege vulnerability exists when Windows improperly handles hard links, aka 'Windows Hard Link Elevation of Privilege Vulnerability'.

CVE-2020-1467 can be explotited with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Privilege Management

An elevation of privilege vulnerability exists in the Local Security Authority Subsystem Service (LSASS) when an authenticated attacker sends a specially crafted authentication request

CVE-2020-1509 8.8 - High - August 17, 2020

An elevation of privilege vulnerability exists in the Local Security Authority Subsystem Service (LSASS) when an authenticated attacker sends a specially crafted authentication request, aka 'Local Security Authority Subsystem Service Elevation of Privilege Vulnerability'.

CVE-2020-1509 can be explotited with network access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Privilege Management