Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTFR-2020-AVI-634
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été corrigées dans Microsoft Windows. Elles permettent à un attaquant de provoquer une élévation de privilèges, une atteinte à la confidentialité des données, un déni de service, une usurpation d'identité, un contournement de la fonctionnalité de sécurité et une exécution de code à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Microsoft | Windows | Windows Server 2012 | ||
| Microsoft | Windows | Windows 10 Version 2004 pour systèmes 32 bits | ||
| Microsoft | Windows | Windows 10 pour systèmes x64 | ||
| Microsoft | Windows | Windows 10 Version 1909 pour ARM64-based Systems | ||
| Microsoft | Windows | Windows 10 Version 1809 pour systèmes x64 | ||
| Microsoft | Windows | Windows 10 Version 1909 pour systèmes x64 | ||
| Microsoft | Windows | Windows 10 Version 1903 pour systèmes x64 | ||
| Microsoft | Windows | Windows Server 2019 (Server Core installation) | ||
| Microsoft | Windows | Windows Server, version 2004 (Server Core installation) | ||
| Microsoft | Windows | Windows Server 2019 | ||
| Microsoft | Windows | Windows Server 2012 R2 | ||
| Microsoft | Windows | Windows 10 Version 1803 pour systèmes 32 bits | ||
| Microsoft | Windows | Windows 10 Version 1607 pour systèmes 32 bits | ||
| Microsoft | Windows | Windows 10 Version 1803 pour systèmes x64 | ||
| Microsoft | Windows | Windows Server 2008 pour systèmes x64 Service Pack 2 | ||
| Microsoft | Windows | Windows 10 Version 1809 pour systèmes 32 bits | ||
| Microsoft | Windows | Windows 10 Version 1709 pour systèmes 32 bits | ||
| Microsoft | Windows | Windows Server 2016 (Server Core installation) | ||
| Microsoft | Windows | Windows 10 Version 1903 pour systèmes 32 bits | ||
| Microsoft | Windows | Windows RT 8.1 | ||
| Microsoft | Windows | Windows 7 pour systèmes x64 Service Pack 1 | ||
| Microsoft | Windows | Windows 10 Version 1809 pour ARM64-based Systems | ||
| Microsoft | Windows | Windows 10 Version 1709 pour ARM64-based Systems | ||
| Microsoft | Windows | Windows Server 2008 pour systèmes x64 Service Pack 2 (Server Core installation) | ||
| Microsoft | Windows | Windows 10 Version 2004 pour ARM64-based Systems | ||
| Microsoft | Windows | Windows 10 Version 1909 pour systèmes 32 bits | ||
| Microsoft | Windows | Windows Server 2008 pour systèmes 32 bits Service Pack 2 (Server Core installation) | ||
| Microsoft | Windows | Windows 10 Version 1607 pour systèmes x64 | ||
| Microsoft | Windows | Windows Server 2012 (Server Core installation) | ||
| Microsoft | Windows | Windows 10 Version 1803 pour ARM64-based Systems | ||
| Microsoft | Windows | Windows Server 2008 pour systèmes 32 bits Service Pack 2 | ||
| Microsoft | Windows | Windows Server 2008 R2 pour systèmes x64 Service Pack 1 | ||
| Microsoft | Windows | Windows Server, version 1909 (Server Core installation) | ||
| Microsoft | Windows | Windows 10 Version 2004 pour systèmes x64 | ||
| Microsoft | Windows | Windows 8.1 pour systèmes x64 | ||
| Microsoft | Windows | Windows Server 2016 | ||
| Microsoft | Windows | Windows 10 Version 1903 pour ARM64-based Systems | ||
| Microsoft | Windows | Windows 8.1 pour systèmes 32 bits | ||
| Microsoft | Windows | Windows Server 2008 R2 pour systèmes x64 Service Pack 1 (Server Core installation) | ||
| Microsoft | Windows | Windows Server 2012 R2 (Server Core installation) | ||
| Microsoft | Windows | Windows 10 pour systèmes 32 bits | ||
| Microsoft | Windows | Windows 7 pour systèmes 32 bits Service Pack 1 | ||
| Microsoft | Windows | Windows Server, version 1903 (Server Core installation) | ||
| Microsoft | Windows | Windows 10 Version 1709 pour systèmes x64 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Windows Server 2012",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 Version 2004 pour syst\u00e8mes 32 bits",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 pour syst\u00e8mes x64",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 Version 1909 pour ARM64-based Systems",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 Version 1809 pour syst\u00e8mes x64",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 Version 1909 pour syst\u00e8mes x64",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 Version 1903 pour syst\u00e8mes x64",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2019 (Server Core installation)",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server, version 2004 (Server Core installation)",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2019",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2012 R2",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 Version 1803 pour syst\u00e8mes 32 bits",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 Version 1607 pour syst\u00e8mes 32 bits",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 Version 1803 pour syst\u00e8mes x64",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2008 pour syst\u00e8mes x64 Service Pack 2",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 Version 1809 pour syst\u00e8mes 32 bits",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 Version 1709 pour syst\u00e8mes 32 bits",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2016 (Server Core installation)",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 Version 1903 pour syst\u00e8mes 32 bits",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows RT 8.1",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 7 pour syst\u00e8mes x64 Service Pack 1",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 Version 1809 pour ARM64-based Systems",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 Version 1709 pour ARM64-based Systems",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2008 pour syst\u00e8mes x64 Service Pack 2 (Server Core installation)",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 Version 2004 pour ARM64-based Systems",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 Version 1909 pour syst\u00e8mes 32 bits",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2008 pour syst\u00e8mes 32 bits Service Pack 2 (Server Core installation)",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 Version 1607 pour syst\u00e8mes x64",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2012 (Server Core installation)",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 Version 1803 pour ARM64-based Systems",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2008 pour syst\u00e8mes 32 bits Service Pack 2",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2008 R2 pour syst\u00e8mes x64 Service Pack 1",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server, version 1909 (Server Core installation)",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 Version 2004 pour syst\u00e8mes x64",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 8.1 pour syst\u00e8mes x64",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2016",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 Version 1903 pour ARM64-based Systems",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 8.1 pour syst\u00e8mes 32 bits",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2008 R2 pour syst\u00e8mes x64 Service Pack 1 (Server Core installation)",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2012 R2 (Server Core installation)",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 pour syst\u00e8mes 32 bits",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 7 pour syst\u00e8mes 32 bits Service Pack 1",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server, version 1903 (Server Core installation)",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 Version 1709 pour syst\u00e8mes x64",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2020-16914",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-16914"
},
{
"name": "CVE-2020-16898",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-16898"
},
{
"name": "CVE-2020-16967",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-16967"
},
{
"name": "CVE-2020-16927",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-16927"
},
{
"name": "CVE-2020-16924",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-16924"
},
{
"name": "CVE-2020-16877",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-16877"
},
{
"name": "CVE-2020-16900",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-16900"
},
{
"name": "CVE-2020-16892",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-16892"
},
{
"name": "CVE-2020-1243",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1243"
},
{
"name": "CVE-2020-16907",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-16907"
},
{
"name": "CVE-2020-16919",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-16919"
},
{
"name": "CVE-2020-16973",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-16973"
},
{
"name": "CVE-2020-16974",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-16974"
},
{
"name": "CVE-2020-16905",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-16905"
},
{
"name": "CVE-2020-16916",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-16916"
},
{
"name": "CVE-2020-16901",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-16901"
},
{
"name": "CVE-2020-16920",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-16920"
},
{
"name": "CVE-2020-16939",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-16939"
},
{
"name": "CVE-2020-16935",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-16935"
},
{
"name": "CVE-2020-16910",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-16910"
},
{
"name": "CVE-2020-16895",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-16895"
},
{
"name": "CVE-2020-16922",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-16922"
},
{
"name": "CVE-2020-16915",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-16915"
},
{
"name": "CVE-2020-16938",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-16938"
},
{
"name": "CVE-2020-16913",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-16913"
},
{
"name": "CVE-2020-16980",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-16980"
},
{
"name": "CVE-2020-16912",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-16912"
},
{
"name": "CVE-2020-1167",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1167"
},
{
"name": "CVE-2020-16976",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-16976"
},
{
"name": "CVE-2020-16889",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-16889"
},
{
"name": "CVE-2020-16936",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-16936"
},
{
"name": "CVE-2020-16923",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-16923"
},
{
"name": "CVE-2020-1047",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1047"
},
{
"name": "CVE-2020-16899",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-16899"
},
{
"name": "CVE-2020-16921",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-16921"
},
{
"name": "CVE-2020-16896",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-16896"
},
{
"name": "CVE-2020-16940",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-16940"
},
{
"name": "CVE-2020-16908",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-16908"
},
{
"name": "CVE-2020-16863",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-16863"
},
{
"name": "CVE-2020-16909",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-16909"
},
{
"name": "CVE-2020-16911",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-16911"
},
{
"name": "CVE-2020-16894",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-16894"
},
{
"name": "CVE-2020-16975",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-16975"
},
{
"name": "CVE-2020-16902",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-16902"
},
{
"name": "CVE-2020-16887",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-16887"
},
{
"name": "CVE-2020-16885",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-16885"
},
{
"name": "CVE-2020-0764",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0764"
},
{
"name": "CVE-2020-16897",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-16897"
},
{
"name": "CVE-2020-16890",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-16890"
},
{
"name": "CVE-2020-16876",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-16876"
},
{
"name": "CVE-2020-16891",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-16891"
},
{
"name": "CVE-2020-16968",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-16968"
},
{
"name": "CVE-2020-16972",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-16972"
},
{
"name": "CVE-2020-1080",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1080"
}
],
"links": [],
"reference": "CERTFR-2020-AVI-634",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2020-10-14T00:00:00.000000"
}
],
"risks": [
{
"description": "Usurpation d\u0027identit\u00e9"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Contournement de la fonctionnalit\u00e9 de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eMicrosoft Windows\u003c/span\u003e. Elles permettent \u00e0 un attaquant\nde provoquer une \u00e9l\u00e9vation de privil\u00e8ges, une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es, un d\u00e9ni de service, une usurpation\nd\u0027identit\u00e9, un contournement de la fonctionnalit\u00e9 de s\u00e9curit\u00e9 et une\nex\u00e9cution de code \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft Windows",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft du 13 octobre 2020",
"url": "https://portal.msrc.microsoft.com/fr-FR/security-guidance"
}
]
}
CVE-2020-0764 (GCVE-0-2020-0764)
Vulnerability from cvelistv5 – Published: 2020-10-16 22:17 – Updated: 2024-08-04 06:11
VLAI
EPSS
Title
Windows Storage Services Elevation of Privilege Vulnerability
Summary
<p>An elevation of privilege vulnerability exists when the Windows Storage Services improperly handle file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges.</p>
<p>To exploit the vulnerability, an attacker would first need code execution on a victim system. An attacker could then run a specially crafted application.</p>
<p>The security update addresses the vulnerability by ensuring the Windows Storage Services properly handle file operations.</p>
Severity
CWE
- Elevation of Privilege
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://portal.msrc.microsoft.com/en-US/security-… | x_refsource_MISC |
Impacted products
18 products
| Vendor | Product | Version | |
|---|---|---|---|
| Microsoft | Windows 10 Version 1803 |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:* cpe:2.3:o:microsoft:windows_10_1803:*:*:*:*:*:*:x64:* cpe:2.3:o:microsoft:windows_10_1803:*:*:*:*:*:*:arm64:* |
|
| Microsoft | Windows 10 Version 1809 |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:* cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:* cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:arm64:* |
|
| Microsoft | Windows Server 2019 |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:* |
|
| Microsoft | Windows Server 2019 (Server Core installation) |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:* |
|
| Microsoft | Windows 10 Version 1909 |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_10_1909:*:*:*:*:*:*:x86:* cpe:2.3:o:microsoft:windows_10_1909:*:*:*:*:*:*:x64:* cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:* |
|
| Microsoft | Windows Server, version 1909 (Server Core installation) |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_server_1909:*:*:*:*:*:*:*:* |
|
| Microsoft | Windows 10 Version 1709 for 32-bit Systems |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:* |
|
| Microsoft | Windows 10 Version 1709 |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:* |
|
| Microsoft | Windows 10 Version 1903 for 32-bit Systems |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:* |
|
| Microsoft | Windows 10 Version 1903 for x64-based Systems |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:* |
|
| Microsoft | Windows 10 Version 1903 for ARM64-based Systems |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:* |
|
| Microsoft | Windows Server, version 1903 (Server Core installation) |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_server_1903:*:*:*:*:*:*:*:* |
|
| Microsoft | Windows 10 Version 2004 |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:* |
|
| Microsoft | Windows Server version 2004 |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_server_2004:*:*:*:*:*:*:*:* |
|
| Microsoft | Windows 10 Version 1507 |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:* cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:* |
|
| Microsoft | Windows 10 Version 1607 |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:* cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:* |
|
| Microsoft | Windows Server 2016 |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:* |
|
| Microsoft | Windows Server 2016 (Server Core installation) |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:* |
Date Public
2020-10-13 07:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T06:11:05.637Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0764"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
"cpe:2.3:o:microsoft:windows_10_1803:*:*:*:*:*:*:x64:*",
"cpe:2.3:o:microsoft:windows_10_1803:*:*:*:*:*:*:arm64:*"
],
"platforms": [
"32-bit Systems",
"x64-based Systems",
"ARM64-based Systems"
],
"product": "Windows 10 Version 1803",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
"cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:arm64:*"
],
"platforms": [
"32-bit Systems",
"x64-based Systems",
"ARM64-based Systems"
],
"product": "Windows 10 Version 1809",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2019",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2019 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_10_1909:*:*:*:*:*:*:x86:*",
"cpe:2.3:o:microsoft:windows_10_1909:*:*:*:*:*:*:x64:*",
"cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*"
],
"platforms": [
"32-bit Systems",
"x64-based Systems",
"ARM64-based Systems"
],
"product": "Windows 10 Version 1909",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_server_1909:*:*:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Windows Server, version 1909 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*"
],
"platforms": [
"32-bit Systems"
],
"product": "Windows 10 Version 1709 for 32-bit Systems",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems",
"ARM64-based Systems"
],
"product": "Windows 10 Version 1709",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Windows 10 Version 1903 for 32-bit Systems",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Windows 10 Version 1903 for x64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Windows 10 Version 1903 for ARM64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_server_1903:*:*:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Windows Server, version 1903 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*"
],
"platforms": [
"32-bit Systems",
"ARM64-based Systems",
"x64-based Systems"
],
"product": "Windows 10 Version 2004",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_server_2004:*:*:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Windows Server version 2004",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*",
"cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*"
],
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"product": "Windows 10 Version 1507",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*"
],
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"product": "Windows 10 Version 1607",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2016",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2016 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-10-13T07:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "\u003cp\u003eAn elevation of privilege vulnerability exists when the Windows Storage Services improperly handle file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges.\u003c/p\u003e\n\u003cp\u003eTo exploit the vulnerability, an attacker would first need code execution on a victim system. An attacker could then run a specially crafted application.\u003c/p\u003e\n\u003cp\u003eThe security update addresses the vulnerability by ensuring the Windows Storage Services properly handle file operations.\u003c/p\u003e"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Elevation of Privilege",
"lang": "en-US",
"type": "Impact"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-31T19:20:03.371Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0764"
}
],
"title": "Windows Storage Services Elevation of Privilege Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2020-0764",
"datePublished": "2020-10-16T22:17:33.000Z",
"dateReserved": "2019-11-04T00:00:00.000Z",
"dateUpdated": "2024-08-04T06:11:05.637Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-1047 (GCVE-0-2020-1047)
Vulnerability from cvelistv5 – Published: 2020-10-16 22:18 – Updated: 2024-08-04 06:25
VLAI
EPSS
Title
Windows Hyper-V Elevation of Privilege Vulnerability
Summary
<p>An elevation of privilege vulnerability exists when Windows Hyper-V on a host server fails to properly handle objects in memory. An attacker who successfully exploited these vulnerabilities could gain elevated privileges on a target operating system.</p>
<p>This vulnerability by itself does not allow arbitrary code to be run. However, this vulnerability could be used in conjunction with one or more vulnerabilities (e.g. a remote code execution vulnerability and another elevation of privilege) that could take advantage of the elevated privileges when running.</p>
<p>The update addresses the vulnerabilities by correcting how Windows Hyper-V handles objects in memory.</p>
Severity
CWE
- Elevation of Privilege
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://portal.msrc.microsoft.com/en-US/security-… | x_refsource_MISC |
Impacted products
11 products
| Vendor | Product | Version | |
|---|---|---|---|
| Microsoft | Windows 10 Version 1803 |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_10_1803:*:*:*:*:*:*:x64:* |
|
| Microsoft | Windows 10 Version 1809 |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:* |
|
| Microsoft | Windows Server 2019 |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:* |
|
| Microsoft | Windows Server 2019 (Server Core installation) |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:* |
|
| Microsoft | Windows 10 Version 1909 |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_10_1909:*:*:*:*:*:*:x64:* |
|
| Microsoft | Windows Server, version 1909 (Server Core installation) |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_server_1909:*:*:*:*:*:*:*:* |
|
| Microsoft | Windows 10 Version 1709 |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:* |
|
| Microsoft | Windows 10 Version 1903 for x64-based Systems |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:* |
|
| Microsoft | Windows Server, version 1903 (Server Core installation) |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_server_1903:*:*:*:*:*:*:*:* |
|
| Microsoft | Windows 10 Version 2004 |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:* |
|
| Microsoft | Windows Server version 2004 |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_server_2004:*:*:*:*:*:*:*:* |
Date Public
2020-10-13 07:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T06:25:01.114Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1047"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:o:microsoft:windows_10_1803:*:*:*:*:*:*:x64:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Windows 10 Version 1803",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Windows 10 Version 1809",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2019",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2019 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_10_1909:*:*:*:*:*:*:x64:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Windows 10 Version 1909",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_server_1909:*:*:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Windows Server, version 1909 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Windows 10 Version 1709",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Windows 10 Version 1903 for x64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_server_1903:*:*:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Windows Server, version 1903 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Windows 10 Version 2004",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_server_2004:*:*:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Windows Server version 2004",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-10-13T07:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "\u003cp\u003eAn elevation of privilege vulnerability exists when Windows Hyper-V on a host server fails to properly handle objects in memory. An attacker who successfully exploited these vulnerabilities could gain elevated privileges on a target operating system.\u003c/p\u003e\n\u003cp\u003eThis vulnerability by itself does not allow arbitrary code to be run. However, this vulnerability could be used in conjunction with one or more vulnerabilities (e.g. a remote code execution vulnerability and another elevation of privilege) that could take advantage of the elevated privileges when running.\u003c/p\u003e\n\u003cp\u003eThe update addresses the vulnerabilities by correcting how Windows Hyper-V handles objects in memory.\u003c/p\u003e"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Elevation of Privilege",
"lang": "en-US",
"type": "Impact"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-31T19:20:03.922Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1047"
}
],
"title": "Windows Hyper-V Elevation of Privilege Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2020-1047",
"datePublished": "2020-10-16T22:18:13.000Z",
"dateReserved": "2019-11-04T00:00:00.000Z",
"dateUpdated": "2024-08-04T06:25:01.114Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-1080 (GCVE-0-2020-1080)
Vulnerability from cvelistv5 – Published: 2020-10-16 22:18 – Updated: 2024-08-04 06:25
VLAI
EPSS
Title
Windows Hyper-V Elevation of Privilege Vulnerability
Summary
<p>An elevation of privilege vulnerability exists when Windows Hyper-V on a host server fails to properly handle objects in memory. An attacker who successfully exploited these vulnerabilities could gain elevated privileges on a target operating system.</p>
<p>This vulnerability by itself does not allow arbitrary code to be run. However, this vulnerability could be used in conjunction with one or more vulnerabilities (e.g. a remote code execution vulnerability and another elevation of privilege) that could take advantage of the elevated privileges when running.</p>
<p>The update addresses the vulnerabilities by correcting how Windows Hyper-V handles objects in memory.</p>
Severity
CWE
- Elevation of Privilege
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://portal.msrc.microsoft.com/en-US/security-… | x_refsource_MISC |
Impacted products
10 products
| Vendor | Product | Version | |
|---|---|---|---|
| Microsoft | Windows 10 Version 1803 |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_10_1803:*:*:*:*:*:*:x64:* |
|
| Microsoft | Windows 10 Version 1809 |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:* |
|
| Microsoft | Windows Server 2019 |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:* |
|
| Microsoft | Windows Server 2019 (Server Core installation) |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:* |
|
| Microsoft | Windows 10 Version 1909 |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_10_1909:*:*:*:*:*:*:x64:* |
|
| Microsoft | Windows Server, version 1909 (Server Core installation) |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_server_1909:*:*:*:*:*:*:*:* |
|
| Microsoft | Windows 10 Version 1903 for x64-based Systems |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:* |
|
| Microsoft | Windows Server, version 1903 (Server Core installation) |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_server_1903:*:*:*:*:*:*:*:* |
|
| Microsoft | Windows 10 Version 2004 |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:* |
|
| Microsoft | Windows Server version 2004 |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_server_2004:*:*:*:*:*:*:*:* |
Date Public
2020-10-13 07:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T06:25:01.083Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1080"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:o:microsoft:windows_10_1803:*:*:*:*:*:*:x64:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Windows 10 Version 1803",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Windows 10 Version 1809",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2019",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2019 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_10_1909:*:*:*:*:*:*:x64:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Windows 10 Version 1909",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_server_1909:*:*:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Windows Server, version 1909 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Windows 10 Version 1903 for x64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_server_1903:*:*:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Windows Server, version 1903 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Windows 10 Version 2004",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_server_2004:*:*:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Windows Server version 2004",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-10-13T07:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "\u003cp\u003eAn elevation of privilege vulnerability exists when Windows Hyper-V on a host server fails to properly handle objects in memory. An attacker who successfully exploited these vulnerabilities could gain elevated privileges on a target operating system.\u003c/p\u003e\n\u003cp\u003eThis vulnerability by itself does not allow arbitrary code to be run. However, this vulnerability could be used in conjunction with one or more vulnerabilities (e.g. a remote code execution vulnerability and another elevation of privilege) that could take advantage of the elevated privileges when running.\u003c/p\u003e\n\u003cp\u003eThe update addresses the vulnerabilities by correcting how Windows Hyper-V handles objects in memory.\u003c/p\u003e"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Elevation of Privilege",
"lang": "en-US",
"type": "Impact"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-31T19:20:04.433Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1080"
}
],
"title": "Windows Hyper-V Elevation of Privilege Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2020-1080",
"datePublished": "2020-10-16T22:18:13.000Z",
"dateReserved": "2019-11-04T00:00:00.000Z",
"dateUpdated": "2024-08-04T06:25:01.083Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-1167 (GCVE-0-2020-1167)
Vulnerability from cvelistv5 – Published: 2020-10-16 22:18 – Updated: 2024-11-15 16:54
VLAI
EPSS
Title
Microsoft Graphics Components Remote Code Execution Vulnerability
Summary
<p>A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code on a target system.</p>
<p>To exploit the vulnerability, a user would have to open a specially crafted file.</p>
<p>The security update addresses the vulnerability by correcting how Microsoft Graphics Components handle objects in memory.</p>
Severity
CWE
- Remote Code Execution
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://portal.msrc.microsoft.com/en-US/security-… | x_refsource_MISC |
| https://www.zerodayinitiative.com/advisories/ZDI-… | x_refsource_MISC |
Impacted products
13 products
| Vendor | Product | Version | |
|---|---|---|---|
| Microsoft | Windows 10 Version 1803 |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:* cpe:2.3:o:microsoft:windows_10_1803:*:*:*:*:*:*:x64:* cpe:2.3:o:microsoft:windows_10_1803:*:*:*:*:*:*:arm64:* |
|
| Microsoft | Windows 10 Version 1809 |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:* cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:* cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:arm64:* |
|
| Microsoft | Windows Server 2019 |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:* |
|
| Microsoft | Windows 10 Version 1909 |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_10_1909:*:*:*:*:*:*:x86:* cpe:2.3:o:microsoft:windows_10_1909:*:*:*:*:*:*:x64:* cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:* |
|
| Microsoft | Windows 10 Version 1709 for 32-bit Systems |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:* |
|
| Microsoft | Windows 10 Version 1709 |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:* |
|
| Microsoft | Windows 10 Version 1903 for 32-bit Systems |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:* |
|
| Microsoft | Windows 10 Version 1903 for x64-based Systems |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:* |
|
| Microsoft | Windows 10 Version 1903 for ARM64-based Systems |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:* |
|
| Microsoft | Windows 10 Version 2004 |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:* |
|
| Microsoft | Windows 10 Version 1507 |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:* cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:* |
|
| Microsoft | Windows 10 Version 1607 |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:* cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:* |
|
| Microsoft | Windows Server 2016 |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:* |
Date Public
2020-10-13 07:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T06:25:01.403Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1167"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1247/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-1167",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-01-10T18:18:04.211627Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-15T16:54:23.785Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
"cpe:2.3:o:microsoft:windows_10_1803:*:*:*:*:*:*:x64:*",
"cpe:2.3:o:microsoft:windows_10_1803:*:*:*:*:*:*:arm64:*"
],
"platforms": [
"32-bit Systems",
"x64-based Systems",
"ARM64-based Systems"
],
"product": "Windows 10 Version 1803",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
"cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:arm64:*"
],
"platforms": [
"32-bit Systems",
"x64-based Systems",
"ARM64-based Systems"
],
"product": "Windows 10 Version 1809",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2019",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_10_1909:*:*:*:*:*:*:x86:*",
"cpe:2.3:o:microsoft:windows_10_1909:*:*:*:*:*:*:x64:*",
"cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*"
],
"platforms": [
"32-bit Systems",
"x64-based Systems",
"ARM64-based Systems"
],
"product": "Windows 10 Version 1909",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*"
],
"platforms": [
"32-bit Systems"
],
"product": "Windows 10 Version 1709 for 32-bit Systems",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems",
"ARM64-based Systems"
],
"product": "Windows 10 Version 1709",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Windows 10 Version 1903 for 32-bit Systems",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Windows 10 Version 1903 for x64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Windows 10 Version 1903 for ARM64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*"
],
"platforms": [
"32-bit Systems",
"ARM64-based Systems",
"x64-based Systems"
],
"product": "Windows 10 Version 2004",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*",
"cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*"
],
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"product": "Windows 10 Version 1507",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*"
],
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"product": "Windows 10 Version 1607",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2016",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-10-13T07:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "\u003cp\u003eA remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code on a target system.\u003c/p\u003e\n\u003cp\u003eTo exploit the vulnerability, a user would have to open a specially crafted file.\u003c/p\u003e\n\u003cp\u003eThe security update addresses the vulnerability by correcting how Microsoft Graphics Components handle objects in memory.\u003c/p\u003e"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution",
"lang": "en-US",
"type": "Impact"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-31T19:20:04.933Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1167"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1247/"
}
],
"title": "Microsoft Graphics Components Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2020-1167",
"datePublished": "2020-10-16T22:18:14.000Z",
"dateReserved": "2019-11-04T00:00:00.000Z",
"dateUpdated": "2024-11-15T16:54:23.785Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-1243 (GCVE-0-2020-1243)
Vulnerability from cvelistv5 – Published: 2020-10-16 22:18 – Updated: 2024-08-04 06:31
VLAI
EPSS
Title
Windows Hyper-V Denial of Service Vulnerability
Summary
<p>A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate specific malicious data from a user on a guest operating system.</p>
<p>To exploit the vulnerability, an attacker who already has a privileged account on a guest operating system, running as a virtual machine, could run a specially crafted application.</p>
<p>The security update addresses the vulnerability by resolving the conditions where Hyper-V would fail to handle these requests.</p>
Severity
CWE
- Denial of Service
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://portal.msrc.microsoft.com/en-US/security-… | x_refsource_MISC |
Impacted products
14 products
| Vendor | Product | Version | |
|---|---|---|---|
| Microsoft | Windows 10 Version 1803 |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_10_1803:*:*:*:*:*:*:x64:* |
|
| Microsoft | Windows 10 Version 1809 |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:* |
|
| Microsoft | Windows Server 2019 |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:* |
|
| Microsoft | Windows Server 2019 (Server Core installation) |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:* |
|
| Microsoft | Windows 10 Version 1909 |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_10_1909:*:*:*:*:*:*:x64:* |
|
| Microsoft | Windows Server, version 1909 (Server Core installation) |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_server_1909:*:*:*:*:*:*:*:* |
|
| Microsoft | Windows 10 Version 1709 |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:* |
|
| Microsoft | Windows 10 Version 1903 for x64-based Systems |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:* |
|
| Microsoft | Windows Server, version 1903 (Server Core installation) |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_server_1903:*:*:*:*:*:*:*:* |
|
| Microsoft | Windows 10 Version 2004 |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:* |
|
| Microsoft | Windows Server version 2004 |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_server_2004:*:*:*:*:*:*:*:* |
|
| Microsoft | Windows 10 Version 1607 |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:* |
|
| Microsoft | Windows Server 2016 |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:* |
|
| Microsoft | Windows Server 2016 (Server Core installation) |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:* |
Date Public
2020-10-13 07:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T06:31:59.966Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1243"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:o:microsoft:windows_10_1803:*:*:*:*:*:*:x64:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Windows 10 Version 1803",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Windows 10 Version 1809",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2019",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2019 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_10_1909:*:*:*:*:*:*:x64:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Windows 10 Version 1909",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_server_1909:*:*:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Windows Server, version 1909 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Windows 10 Version 1709",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Windows 10 Version 1903 for x64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_server_1903:*:*:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Windows Server, version 1903 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Windows 10 Version 2004",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_server_2004:*:*:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Windows Server version 2004",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Windows 10 Version 1607",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2016",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2016 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-10-13T07:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "\u003cp\u003eA denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate specific malicious data from a user on a guest operating system.\u003c/p\u003e\n\u003cp\u003eTo exploit the vulnerability, an attacker who already has a privileged account on a guest operating system, running as a virtual machine, could run a specially crafted application.\u003c/p\u003e\n\u003cp\u003eThe security update addresses the vulnerability by resolving the conditions where Hyper-V would fail to handle these requests.\u003c/p\u003e"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service",
"lang": "en-US",
"type": "Impact"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-31T19:20:05.441Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1243"
}
],
"title": "Windows Hyper-V Denial of Service Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2020-1243",
"datePublished": "2020-10-16T22:18:14.000Z",
"dateReserved": "2019-11-04T00:00:00.000Z",
"dateUpdated": "2024-08-04T06:31:59.966Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-16863 (GCVE-0-2020-16863)
Vulnerability from cvelistv5 – Published: 2020-10-16 22:17 – Updated: 2024-10-01 15:56
VLAI
EPSS
Title
Windows Remote Desktop Service Denial of Service Vulnerability
Summary
<p>A denial of service vulnerability exists in Windows Remote Desktop Service when an attacker connects to the target system using RDP and sends specially crafted requests. An attacker who successfully exploited this vulnerability could cause the Remote Desktop Service on the target system to stop responding.</p>
<p>To exploit this vulnerability, an attacker would need to run a specially crafted application against a server which provides Remote Desktop Service.</p>
<p>The update addresses the vulnerability by correcting how Remote Desktop Service handles connection requests.</p>
Severity
CWE
- Denial of Service
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://portal.msrc.microsoft.com/en-US/security-… | x_refsource_MISC |
Impacted products
4 products
| Vendor | Product | Version | |
|---|---|---|---|
| Microsoft | Windows 7 |
Affected:
6.1.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_7:*:sp1:*:*:*:*:x86:* |
|
| Microsoft | Windows 7 Service Pack 1 |
Affected:
6.1.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_7:*:sp1:*:*:*:*:x64:* |
|
| Microsoft | Windows Server 2008 R2 Service Pack 1 |
Affected:
6.1.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_server_2008_R2:*:*:*:*:*:*:x64:* |
|
| Microsoft | Windows Server 2008 R2 Service Pack 1 (Server Core installation) |
Affected:
6.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_server_2008_R2:*:*:*:*:*:*:x64:* |
Date Public
2020-10-13 07:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:45:33.953Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16863"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-16863",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-27T17:08:17.002089Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-01T15:56:57.820Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:o:microsoft:windows_7:*:sp1:*:*:*:*:x86:*"
],
"platforms": [
"32-bit Systems"
],
"product": "Windows 7",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "6.1.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_7:*:sp1:*:*:*:*:x64:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Windows 7 Service Pack 1",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "6.1.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_server_2008_R2:*:*:*:*:*:*:x64:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2008 R2 Service Pack 1",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "6.1.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_server_2008_R2:*:*:*:*:*:*:x64:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2008 R2 Service Pack 1 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "6.0.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-10-13T07:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "\u003cp\u003eA denial of service vulnerability exists in Windows Remote Desktop Service when an attacker connects to the target system using RDP and sends specially crafted requests. An attacker who successfully exploited this vulnerability could cause the Remote Desktop Service on the target system to stop responding.\u003c/p\u003e\n\u003cp\u003eTo exploit this vulnerability, an attacker would need to run a specially crafted application against a server which provides Remote Desktop Service.\u003c/p\u003e\n\u003cp\u003eThe update addresses the vulnerability by correcting how Remote Desktop Service handles connection requests.\u003c/p\u003e"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service",
"lang": "en-US",
"type": "Impact"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-31T19:19:41.759Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16863"
}
],
"title": "Windows Remote Desktop Service Denial of Service Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2020-16863",
"datePublished": "2020-10-16T22:17:33.000Z",
"dateReserved": "2020-08-04T00:00:00.000Z",
"dateUpdated": "2024-10-01T15:56:57.820Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-16876 (GCVE-0-2020-16876)
Vulnerability from cvelistv5 – Published: 2020-10-16 22:17 – Updated: 2024-08-04 13:45
VLAI
EPSS
Title
Windows Application Compatibility Client Library Elevation of Privilege Vulnerability
Summary
<p>An elevation of privilege vulnerability exists when the Windows Application Compatibility Client Library improperly handles registry operations. An attacker who successfully exploited this vulnerability could gain elevated privileges.</p>
<p>To exploit the vulnerability, an attacker would first need code execution on a victim system. An attacker could then run a specially crafted application.</p>
<p>The security update addresses the vulnerability by ensuring the Windows Application Compatibility Client Library properly handles registry operations.</p>
Severity
CWE
- Elevation of Privilege
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://portal.msrc.microsoft.com/en-US/security-… | x_refsource_MISC |
Impacted products
18 products
| Vendor | Product | Version | |
|---|---|---|---|
| Microsoft | Windows 10 Version 1803 |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:* cpe:2.3:o:microsoft:windows_10_1803:*:*:*:*:*:*:x64:* cpe:2.3:o:microsoft:windows_10_1803:*:*:*:*:*:*:arm64:* |
|
| Microsoft | Windows 10 Version 1809 |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:* cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:* cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:arm64:* |
|
| Microsoft | Windows Server 2019 |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:* |
|
| Microsoft | Windows Server 2019 (Server Core installation) |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:* |
|
| Microsoft | Windows 10 Version 1909 |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_10_1909:*:*:*:*:*:*:x86:* cpe:2.3:o:microsoft:windows_10_1909:*:*:*:*:*:*:x64:* cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:* |
|
| Microsoft | Windows Server, version 1909 (Server Core installation) |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_server_1909:*:*:*:*:*:*:*:* |
|
| Microsoft | Windows 10 Version 1709 for 32-bit Systems |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:* |
|
| Microsoft | Windows 10 Version 1709 |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:* |
|
| Microsoft | Windows 10 Version 1903 for 32-bit Systems |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:* |
|
| Microsoft | Windows 10 Version 1903 for x64-based Systems |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:* |
|
| Microsoft | Windows 10 Version 1903 for ARM64-based Systems |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:* |
|
| Microsoft | Windows Server, version 1903 (Server Core installation) |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_server_1903:*:*:*:*:*:*:*:* |
|
| Microsoft | Windows 10 Version 2004 |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:* |
|
| Microsoft | Windows Server version 2004 |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_server_2004:*:*:*:*:*:*:*:* |
|
| Microsoft | Windows 10 Version 1507 |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:* cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:* |
|
| Microsoft | Windows 10 Version 1607 |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:* cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:* |
|
| Microsoft | Windows Server 2016 |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:* |
|
| Microsoft | Windows Server 2016 (Server Core installation) |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:* |
Date Public
2020-10-13 07:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:45:34.171Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16876"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
"cpe:2.3:o:microsoft:windows_10_1803:*:*:*:*:*:*:x64:*",
"cpe:2.3:o:microsoft:windows_10_1803:*:*:*:*:*:*:arm64:*"
],
"platforms": [
"32-bit Systems",
"x64-based Systems",
"ARM64-based Systems"
],
"product": "Windows 10 Version 1803",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
"cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:arm64:*"
],
"platforms": [
"32-bit Systems",
"x64-based Systems",
"ARM64-based Systems"
],
"product": "Windows 10 Version 1809",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2019",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2019 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_10_1909:*:*:*:*:*:*:x86:*",
"cpe:2.3:o:microsoft:windows_10_1909:*:*:*:*:*:*:x64:*",
"cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*"
],
"platforms": [
"32-bit Systems",
"x64-based Systems",
"ARM64-based Systems"
],
"product": "Windows 10 Version 1909",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_server_1909:*:*:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Windows Server, version 1909 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*"
],
"platforms": [
"32-bit Systems"
],
"product": "Windows 10 Version 1709 for 32-bit Systems",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems",
"ARM64-based Systems"
],
"product": "Windows 10 Version 1709",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Windows 10 Version 1903 for 32-bit Systems",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Windows 10 Version 1903 for x64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Windows 10 Version 1903 for ARM64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_server_1903:*:*:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Windows Server, version 1903 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*"
],
"platforms": [
"32-bit Systems",
"ARM64-based Systems",
"x64-based Systems"
],
"product": "Windows 10 Version 2004",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_server_2004:*:*:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Windows Server version 2004",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*",
"cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*"
],
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"product": "Windows 10 Version 1507",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*"
],
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"product": "Windows 10 Version 1607",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2016",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2016 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-10-13T07:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "\u003cp\u003eAn elevation of privilege vulnerability exists when the Windows Application Compatibility Client Library improperly handles registry operations. An attacker who successfully exploited this vulnerability could gain elevated privileges.\u003c/p\u003e\n\u003cp\u003eTo exploit the vulnerability, an attacker would first need code execution on a victim system. An attacker could then run a specially crafted application.\u003c/p\u003e\n\u003cp\u003eThe security update addresses the vulnerability by ensuring the Windows Application Compatibility Client Library properly handles registry operations.\u003c/p\u003e"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Elevation of Privilege",
"lang": "en-US",
"type": "Impact"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-31T19:19:42.711Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16876"
}
],
"title": "Windows Application Compatibility Client Library Elevation of Privilege Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2020-16876",
"datePublished": "2020-10-16T22:17:34.000Z",
"dateReserved": "2020-08-04T00:00:00.000Z",
"dateUpdated": "2024-08-04T13:45:34.171Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-16877 (GCVE-0-2020-16877)
Vulnerability from cvelistv5 – Published: 2020-10-16 22:17 – Updated: 2024-11-18 16:01
VLAI
EPSS
Title
Windows Elevation of Privilege Vulnerability
Summary
<p>An elevation of privilege vulnerability exists when Microsoft Windows improperly handles reparse points. An attacker who successfully exploited this vulnerability could overwrite or delete a targeted file that would normally require elevated permissions.</p>
<p>To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and overwrite or delete files.</p>
<p>The security update addresses the vulnerability by correcting how Windows handles reparse points.</p>
Severity
CWE
- Elevation of Privilege
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://portal.msrc.microsoft.com/en-US/security-… | x_refsource_MISC |
Impacted products
8 products
| Vendor | Product | Version | |
|---|---|---|---|
| Microsoft | Windows 10 Version 1909 |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_10_1909:*:*:*:*:*:*:x86:* cpe:2.3:o:microsoft:windows_10_1909:*:*:*:*:*:*:x64:* cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:* |
|
| Microsoft | Windows Server, version 1909 (Server Core installation) |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_server_1909:*:*:*:*:*:*:*:* |
|
| Microsoft | Windows 10 Version 1903 for 32-bit Systems |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:* |
|
| Microsoft | Windows 10 Version 1903 for x64-based Systems |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:* |
|
| Microsoft | Windows 10 Version 1903 for ARM64-based Systems |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:* |
|
| Microsoft | Windows Server, version 1903 (Server Core installation) |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_server_1903:*:*:*:*:*:*:*:* |
|
| Microsoft | Windows 10 Version 2004 |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:* |
|
| Microsoft | Windows Server version 2004 |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_server_2004:*:*:*:*:*:*:*:* |
Date Public
2020-10-13 07:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:45:34.679Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16877"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-16877",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-01-10T16:46:45.630550Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-18T16:01:34.987Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:o:microsoft:windows_10_1909:*:*:*:*:*:*:x86:*",
"cpe:2.3:o:microsoft:windows_10_1909:*:*:*:*:*:*:x64:*",
"cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*"
],
"platforms": [
"32-bit Systems",
"x64-based Systems",
"ARM64-based Systems"
],
"product": "Windows 10 Version 1909",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_server_1909:*:*:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Windows Server, version 1909 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Windows 10 Version 1903 for 32-bit Systems",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Windows 10 Version 1903 for x64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Windows 10 Version 1903 for ARM64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_server_1903:*:*:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Windows Server, version 1903 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*"
],
"platforms": [
"32-bit Systems",
"ARM64-based Systems",
"x64-based Systems"
],
"product": "Windows 10 Version 2004",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_server_2004:*:*:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Windows Server version 2004",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-10-13T07:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "\u003cp\u003eAn elevation of privilege vulnerability exists when Microsoft Windows improperly handles reparse points. An attacker who successfully exploited this vulnerability could overwrite or delete a targeted file that would normally require elevated permissions.\u003c/p\u003e\n\u003cp\u003eTo exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and overwrite or delete files.\u003c/p\u003e\n\u003cp\u003eThe security update addresses the vulnerability by correcting how Windows handles reparse points.\u003c/p\u003e"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Elevation of Privilege",
"lang": "en-US",
"type": "Impact"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-31T19:19:43.262Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16877"
}
],
"title": "Windows Elevation of Privilege Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2020-16877",
"datePublished": "2020-10-16T22:17:34.000Z",
"dateReserved": "2020-08-04T00:00:00.000Z",
"dateUpdated": "2024-11-18T16:01:34.987Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-16885 (GCVE-0-2020-16885)
Vulnerability from cvelistv5 – Published: 2020-10-16 22:17 – Updated: 2024-08-04 13:45
VLAI
EPSS
Title
Windows Storage VSP Driver Elevation of Privilege Vulnerability
Summary
<p>An elevation of privilege vulnerability exists when the Windows Storage VSP Driver improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges.</p>
<p>To exploit the vulnerability, an attacker would first need code execution on a victim system. An attacker could then run a specially crafted application.</p>
<p>The security update addresses the vulnerability by ensuring the Windows Storage VSP Driver properly handles file operations.</p>
Severity
CWE
- Elevation of Privilege
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://portal.msrc.microsoft.com/en-US/security-… | x_refsource_MISC |
Impacted products
13 products
| Vendor | Product | Version | |
|---|---|---|---|
| Microsoft | Windows 10 Version 1803 |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_10_1803:*:*:*:*:*:*:x64:* cpe:2.3:o:microsoft:windows_10_1803:*:*:*:*:*:*:arm64:* |
|
| Microsoft | Windows 10 Version 1809 |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:* cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:arm64:* |
|
| Microsoft | Windows Server 2019 |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:* |
|
| Microsoft | Windows Server 2019 (Server Core installation) |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:* |
|
| Microsoft | Windows 10 Version 1709 |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:* |
|
| Microsoft | Windows 10 Version 1903 for x64-based Systems |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:* |
|
| Microsoft | Windows 10 Version 1903 for ARM64-based Systems |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:* |
|
| Microsoft | Windows Server, version 1903 (Server Core installation) |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_server_1903:*:*:*:*:*:*:*:* |
|
| Microsoft | Windows 10 Version 2004 |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:* |
|
| Microsoft | Windows Server version 2004 |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_server_2004:*:*:*:*:*:*:*:* |
|
| Microsoft | Windows 10 Version 1607 |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:* |
|
| Microsoft | Windows Server 2016 |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:* |
|
| Microsoft | Windows Server 2016 (Server Core installation) |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:* |
Date Public
2020-10-13 07:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:45:34.425Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16885"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:o:microsoft:windows_10_1803:*:*:*:*:*:*:x64:*",
"cpe:2.3:o:microsoft:windows_10_1803:*:*:*:*:*:*:arm64:*"
],
"platforms": [
"x64-based Systems",
"ARM64-based Systems"
],
"product": "Windows 10 Version 1803",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
"cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:arm64:*"
],
"platforms": [
"x64-based Systems",
"ARM64-based Systems"
],
"product": "Windows 10 Version 1809",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2019",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2019 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems",
"ARM64-based Systems"
],
"product": "Windows 10 Version 1709",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Windows 10 Version 1903 for x64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Windows 10 Version 1903 for ARM64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_server_1903:*:*:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Windows Server, version 1903 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*"
],
"platforms": [
"ARM64-based Systems",
"x64-based Systems"
],
"product": "Windows 10 Version 2004",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_server_2004:*:*:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Windows Server version 2004",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Windows 10 Version 1607",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2016",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2016 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-10-13T07:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "\u003cp\u003eAn elevation of privilege vulnerability exists when the Windows Storage VSP Driver improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges.\u003c/p\u003e\n\u003cp\u003eTo exploit the vulnerability, an attacker would first need code execution on a victim system. An attacker could then run a specially crafted application.\u003c/p\u003e\n\u003cp\u003eThe security update addresses the vulnerability by ensuring the Windows Storage VSP Driver properly handles file operations.\u003c/p\u003e"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Elevation of Privilege",
"lang": "en-US",
"type": "Impact"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-31T19:20:05.934Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16885"
}
],
"title": "Windows Storage VSP Driver Elevation of Privilege Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2020-16885",
"datePublished": "2020-10-16T22:17:35.000Z",
"dateReserved": "2020-08-04T00:00:00.000Z",
"dateUpdated": "2024-08-04T13:45:34.425Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-16887 (GCVE-0-2020-16887)
Vulnerability from cvelistv5 – Published: 2020-10-16 22:17 – Updated: 2024-08-04 13:45
VLAI
EPSS
Title
Windows Network Connections Service Elevation of Privilege Vulnerability
Summary
<p>An elevation of privilege vulnerability exists in the way that the Windows Network Connections Service handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.</p>
<p>To exploit the vulnerability, a locally authenticated attacker could run a specially crafted application.</p>
<p>The security update addresses the vulnerability by ensuring the Windows Network Connections Service properly handles objects in memory.</p>
Severity
CWE
- Elevation of Privilege
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://portal.msrc.microsoft.com/en-US/security-… | x_refsource_MISC |
Impacted products
30 products
| Vendor | Product | Version | |
|---|---|---|---|
| Microsoft | Windows 10 Version 1803 |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:* cpe:2.3:o:microsoft:windows_10_1803:*:*:*:*:*:*:x64:* cpe:2.3:o:microsoft:windows_10_1803:*:*:*:*:*:*:arm64:* |
|
| Microsoft | Windows 10 Version 1809 |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:* cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:* cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:arm64:* |
|
| Microsoft | Windows Server 2019 |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:* |
|
| Microsoft | Windows Server 2019 (Server Core installation) |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:* |
|
| Microsoft | Windows 10 Version 1909 |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_10_1909:*:*:*:*:*:*:x86:* cpe:2.3:o:microsoft:windows_10_1909:*:*:*:*:*:*:x64:* cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:* |
|
| Microsoft | Windows Server, version 1909 (Server Core installation) |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_server_1909:*:*:*:*:*:*:*:* |
|
| Microsoft | Windows 10 Version 1709 for 32-bit Systems |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:* |
|
| Microsoft | Windows 10 Version 1709 |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:* |
|
| Microsoft | Windows 10 Version 1903 for 32-bit Systems |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:* |
|
| Microsoft | Windows 10 Version 1903 for x64-based Systems |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:* |
|
| Microsoft | Windows 10 Version 1903 for ARM64-based Systems |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:* |
|
| Microsoft | Windows Server, version 1903 (Server Core installation) |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_server_1903:*:*:*:*:*:*:*:* |
|
| Microsoft | Windows 10 Version 2004 |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:* |
|
| Microsoft | Windows Server version 2004 |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_server_2004:*:*:*:*:*:*:*:* |
|
| Microsoft | Windows 10 Version 1507 |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:* cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:* |
|
| Microsoft | Windows 10 Version 1607 |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:* cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:* |
|
| Microsoft | Windows Server 2016 |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:* |
|
| Microsoft | Windows Server 2016 (Server Core installation) |
Affected:
10.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:* |
|
| Microsoft | Windows 7 |
Affected:
6.1.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_7:*:sp1:*:*:*:*:x86:* |
|
| Microsoft | Windows 7 Service Pack 1 |
Affected:
6.1.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_7:*:sp1:*:*:*:*:x64:* |
|
| Microsoft | Windows 8.1 |
Affected:
6.3.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:x86:* cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:x64:* cpe:2.3:o:microsoft:windows_rt_8.1:*:*:*:*:*:*:*:* |
|
| Microsoft | Windows Server 2008 Service Pack 2 |
Affected:
6.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_server_2008_sp2:*:*:*:*:*:*:x64:* |
|
| Microsoft | Windows Server 2008 Service Pack 2 (Server Core installation) |
Affected:
6.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_server_2008_sp2:*:*:*:*:*:*:x64:* cpe:2.3:o:microsoft:windows_server_2008_sp2:*:*:*:*:*:*:x86:* |
|
| Microsoft | Windows Server 2008 Service Pack 2 |
Affected:
6.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_server_2008_sp2:*:*:*:*:*:*:x86:* |
|
| Microsoft | Windows Server 2008 R2 Service Pack 1 |
Affected:
6.1.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_server_2008_R2:*:*:*:*:*:*:x64:* |
|
| Microsoft | Windows Server 2008 R2 Service Pack 1 (Server Core installation) |
Affected:
6.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_server_2008_R2:*:*:*:*:*:*:x64:* |
|
| Microsoft | Windows Server 2012 |
Affected:
6.2.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:x64:* |
|
| Microsoft | Windows Server 2012 (Server Core installation) |
Affected:
6.2.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:x64:* |
|
| Microsoft | Windows Server 2012 R2 |
Affected:
6.3.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_server_2012_R2:*:*:*:*:*:*:x64:* |
|
| Microsoft | Windows Server 2012 R2 (Server Core installation) |
Affected:
6.3.0 , < publication
(custom)
cpe:2.3:o:microsoft:windows_server_2012_R2:*:*:*:*:*:*:x64:* |
Date Public
2020-10-13 07:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:45:34.376Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16887"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
"cpe:2.3:o:microsoft:windows_10_1803:*:*:*:*:*:*:x64:*",
"cpe:2.3:o:microsoft:windows_10_1803:*:*:*:*:*:*:arm64:*"
],
"platforms": [
"32-bit Systems",
"x64-based Systems",
"ARM64-based Systems"
],
"product": "Windows 10 Version 1803",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
"cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:arm64:*"
],
"platforms": [
"32-bit Systems",
"x64-based Systems",
"ARM64-based Systems"
],
"product": "Windows 10 Version 1809",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2019",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2019 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_10_1909:*:*:*:*:*:*:x86:*",
"cpe:2.3:o:microsoft:windows_10_1909:*:*:*:*:*:*:x64:*",
"cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*"
],
"platforms": [
"32-bit Systems",
"x64-based Systems",
"ARM64-based Systems"
],
"product": "Windows 10 Version 1909",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_server_1909:*:*:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Windows Server, version 1909 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*"
],
"platforms": [
"32-bit Systems"
],
"product": "Windows 10 Version 1709 for 32-bit Systems",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems",
"ARM64-based Systems"
],
"product": "Windows 10 Version 1709",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Windows 10 Version 1903 for 32-bit Systems",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Windows 10 Version 1903 for x64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Windows 10 Version 1903 for ARM64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_server_1903:*:*:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Windows Server, version 1903 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*"
],
"platforms": [
"32-bit Systems",
"ARM64-based Systems",
"x64-based Systems"
],
"product": "Windows 10 Version 2004",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_server_2004:*:*:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Windows Server version 2004",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*",
"cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*"
],
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"product": "Windows 10 Version 1507",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*"
],
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"product": "Windows 10 Version 1607",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2016",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2016 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_7:*:sp1:*:*:*:*:x86:*"
],
"platforms": [
"32-bit Systems"
],
"product": "Windows 7",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "6.1.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_7:*:sp1:*:*:*:*:x64:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Windows 7 Service Pack 1",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "6.1.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:x86:*",
"cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:x64:*",
"cpe:2.3:o:microsoft:windows_rt_8.1:*:*:*:*:*:*:*:*"
],
"platforms": [
"32-bit Systems",
"x64-based Systems",
"ARM64-based Systems"
],
"product": "Windows 8.1",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "6.3.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_server_2008_sp2:*:*:*:*:*:*:x64:*"
],
"platforms": [
"32-bit Systems"
],
"product": "Windows Server 2008 Service Pack 2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "6.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_server_2008_sp2:*:*:*:*:*:*:x64:*",
"cpe:2.3:o:microsoft:windows_server_2008_sp2:*:*:*:*:*:*:x86:*"
],
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"product": "Windows Server 2008 Service Pack 2 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "6.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_server_2008_sp2:*:*:*:*:*:*:x86:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2008 Service Pack 2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "6.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_server_2008_R2:*:*:*:*:*:*:x64:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2008 R2 Service Pack 1",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "6.1.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_server_2008_R2:*:*:*:*:*:*:x64:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2008 R2 Service Pack 1 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "6.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:x64:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2012",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "6.2.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:x64:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2012 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "6.2.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_server_2012_R2:*:*:*:*:*:*:x64:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2012 R2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "6.3.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_server_2012_R2:*:*:*:*:*:*:x64:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2012 R2 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "6.3.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-10-13T07:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "\u003cp\u003eAn elevation of privilege vulnerability exists in the way that the Windows Network Connections Service handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.\u003c/p\u003e\n\u003cp\u003eTo exploit the vulnerability, a locally authenticated attacker could run a specially crafted application.\u003c/p\u003e\n\u003cp\u003eThe security update addresses the vulnerability by ensuring the Windows Network Connections Service properly handles objects in memory.\u003c/p\u003e"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Elevation of Privilege",
"lang": "en-US",
"type": "Impact"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-31T19:20:07.015Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16887"
}
],
"title": "Windows Network Connections Service Elevation of Privilege Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2020-16887",
"datePublished": "2020-10-16T22:17:36.000Z",
"dateReserved": "2020-08-04T00:00:00.000Z",
"dateUpdated": "2024-08-04T13:45:34.376Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…