CVE-2020-0728
published 2020-02-11CVE-2020-0728: An information vulnerability exists when Windows Modules Installer Service improperly discloses file information, aka 'Windows Modules Installer Service…
medium5.5CVSS 3.1
AVLACLPRLUINSUCHINAN
An information vulnerability exists when Windows Modules Installer Service improperly discloses file information, aka 'Windows Modules Installer Service Information Disclosure Vulnerability'.
Affected
42 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10_version_1903_for_32-bit_systems | — | — |
| microsoft | windows_10_version_1903_for_arm64-based_systems | — | — |
| microsoft | windows_10_version_1903_for_x64-based_systems | — | — |
| microsoft | windows_10_version_1909_for_32-bit_systems | — | — |
| microsoft | windows_10_version_1909_for_arm64-based_systems | — | — |
| microsoft | windows_10_version_1909_for_x64-based_systems | — | — |
| microsoft | windows_server | — | — |
| microsoft | windows_server | — | — |
GHSA
GHSA-235j-2p37-2vfq: An information vulnerability exists when Windows Modules Installer Service improperly discloses file information, aka 'Windows Modules Installer Servi
ghsa_unreviewed·2022-05-24
CVE-2020-0728 [MEDIUM] CWE-200 GHSA-235j-2p37-2vfq: An information vulnerability exists when Windows Modules Installer Service improperly discloses file information, aka 'Windows Modules Installer Servi
An information vulnerability exists when Windows Modules Installer Service improperly discloses file information, aka 'Windows Modules Installer Service Information Disclosure Vulnerability'.
Microsoft
Windows Modules Installer Service Information Disclosure Vulnerability
vendor_msrc·2020-02-11·CVSS 3.3
CVE-2020-0728 [MEDIUM] Windows Modules Installer Service Information Disclosure Vulnerability
Windows Modules Installer Service Information Disclosure Vulnerability
Description: An information vulnerability exists when Windows Modules Installer Service improperly discloses file information. Successful exploitation of the vulnerability could allow the attacker to read any file on the file system.
To exploit the vulnerability, an attacker would have to log onto an affected system and run a specially crafted application.
The update addresses the vulnerability by changing the way Windows Modules Installer Service discloses file information.
FAQ: What type of information could be disclosed by this vulnerability?
The type of information that could be disclosed if an attacker successfully exploited this vulnerability is unauthorized file system access - reading from the file system.
Wi
No detection rules found.
No public exploits indexed.
Talos
Microsoft Patch Tuesday — Feb. 2020: Vulnerability disclosures and Snort coverage
blogs_talos·2020-02-11·CVSS 8.8
[HIGH] Microsoft Patch Tuesday — Feb. 2020: Vulnerability disclosures and Snort coverage
By Jon Munshaw.
Microsoft released its monthly security update today, disclosing vulnerabilities across many of its products and releasing corresponding updates. This month's Patch Tuesday covers 98 vulnerabilities, 12 of which are considered critical and 84 that are considered important. There are also two bugs that were not assigned a severity.
This month's patches include updates to the Windows kernel, the Windows scripting engine and Remote Desktop Procol, among other software and features. Microsoft also provided a critical advisory covering updates to Adobe Flash Player.
Talos released a new set of SNORTⓇ rules today that provide coverage for some of these vulnerabilities, which you can see here.
### Critical vulnerabilities Microsoft disclosed 12 critical vulnerabilities this mo
Talos
Microsoft Patch Tuesday — Feb. 2020: Vulnerability disclosures and Snort coverage
blogs_talos·2020-02-11·CVSS 7.5
[HIGH] Microsoft Patch Tuesday — Feb. 2020: Vulnerability disclosures and Snort coverage
## Microsoft Patch Tuesday — Feb. 2020: Vulnerability disclosures and Snort coverage
By Jon Munshaw.
Microsoft released its monthly security update today, disclosing vulnerabilities across many of its products and releasing corresponding updates. This month's Patch Tuesday covers 98 vulnerabilities, 12 of which are considered critical and 84 that are considered important. There are also two bugs that were not assigned a severity.
This month's patches include updates to the Windows kernel, the Windows scripting engine and Remote Desktop Procol, among other software and features. Microsoft also provided a critical advisory covering updates to Adobe Flash Player.
Talos released a new set of SNORTⓇ rules today that provide coverage for some of these vulnerabilities, which you can see here
http://packetstormsecurity.com/files/156394/Microsoft-Windows-Modules-Installer-Service-Information-Disclosure.htmlhttp://seclists.org/fulldisclosure/2020/Feb/16https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0728https://seclists.org/bugtraq/2020/Feb/21http://packetstormsecurity.com/files/156394/Microsoft-Windows-Modules-Installer-Service-Information-Disclosure.htmlhttp://seclists.org/fulldisclosure/2020/Feb/16https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0728https://seclists.org/bugtraq/2020/Feb/21
2020-02-11
Published