CVE-2020-0775
published 2020-03-12CVE-2020-0775: An information disclosure vulnerability exists when Windows Error Reporting improperly handles file operations.To exploit this vulnerability, an attacker would…
medium5.5CVSS 3.1
AVLACLPRLUINSUCHINAN
An information disclosure vulnerability exists when Windows Error Reporting improperly handles file operations.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Error Reporting Information Disclosure Vulnerability'.
Affected
45 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10_version_1903_for_32-bit_systems | — | — |
| microsoft | windows_10_version_1903_for_arm64-based_systems | — | — |
| microsoft | windows_10_version_1903_for_x64-based_systems | — | — |
| microsoft | windows_10_version_1909_for_32-bit_systems | — | — |
| microsoft | windows_10_version_1909_for_arm64-based_systems | — | — |
| microsoft | windows_10_version_1909_for_x64-based_systems | — | — |
GHSA
GHSA-cr7j-93wj-f4w3: An information disclosure vulnerability exists when Windows Error Reporting improperly handles file operations
ghsa_unreviewed·2022-05-24
CVE-2020-0775 [LOW] CWE-200 GHSA-cr7j-93wj-f4w3: An information disclosure vulnerability exists when Windows Error Reporting improperly handles file operations
An information disclosure vulnerability exists when Windows Error Reporting improperly handles file operations.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Error Reporting Information Disclosure Vulnerability'.
Microsoft
Windows Error Reporting Information Disclosure Vulnerability
vendor_msrc·2020-03-10·CVSS 5.5
CVE-2020-0775 [MEDIUM] Windows Error Reporting Information Disclosure Vulnerability
Windows Error Reporting Information Disclosure Vulnerability
Description: An information disclosure vulnerability exists when Windows Error Reporting improperly handles file operations.
To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to disclose information.
The security update addresses the vulnerability by correcting how Windows Error Reporting handles file operations.
FAQ: What type of information could be disclosed by this vulnerability?
The type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized memory.
Microsoft Windows: Microsoft Windows
Issuing CNA: Microsoft
Impact: Information Disclosure
Exploit Status:
No detection rules found.
No public exploits indexed.
Unit42
Unit 42 Discovers 27 New Vulnerabilities Across Microsoft Products
blogs_unit42·2020-10-02·CVSS 7.8
[HIGH] Unit 42 Discovers 27 New Vulnerabilities Across Microsoft Products
## Overview
Palo Alto Networks Unit 42 threat researchers have been credited with discovering 27 new vulnerabilities addressed by the Microsoft Security Response Center (MSRC), as part of its last nine months of security update releases.
## Vulnerabilities
The Microsoft vulnerabilities discovered included 27 vulnerabilities rated “important,” including Remote Code Execution, Privilege Elevation, Information Disclosure and one Denial of Service vulnerability.
The Unit 42 researchers credited are Zhibin Zhang, Tao Yan, Bo Qu, Gal De Leon, Haozhe Zhang, Bar Lahav, Yaron Samuel and Nadav Markus. Zhibin Zhang was also recognized as the top vulnerability discoverer in Q1 from the MSRC and most recently ranked 7th for the MSRC 2020 Q2 Security Leaderboard.
The recently discovered vulnerabili
Unit42
Unit 42 Discovers 27 New Vulnerabilities Across Microsoft Products
blogs_unit42·2020-10-02·CVSS 7.8
[HIGH] Unit 42 Discovers 27 New Vulnerabilities Across Microsoft Products
Threat Research Center
Threat Research
Vulnerabilities
## Unit 42 Discovers 27 New Vulnerabilities Across Microsoft Products
John Harrison
Published: October 2, 2020
Threat Research
Vulnerabilities
Microsoft
Microsoft Security Response Center
Microsoft Security Response Center (MSRC)
Privilege escalation
Remote Code Execution
## Overview
Palo Alto Networks Unit 42 threat researchers have been credited with discovering 27 new vulnerabilities addressed by the Microsoft Security Response Center (MSRC) , as part of its last nine months of security update releases.
## Vulnerabilities
The Microsoft vulnerabilities discovered included 27 vulnerabilities rated “important,” including Remote Code Execution, Privilege Elevation, Information Disclosure and one Denial of Service v
Talos
Microsoft Patch Tuesday — March 2020: Vulnerability disclosures and Snort coverage
blogs_talos·2020-03-10·CVSS 8.8
CVE-2020-0796 [HIGH] Microsoft Patch Tuesday — March 2020: Vulnerability disclosures and Snort coverage
By Jon Munshaw and Vitor Ventura.
Update (March 12, 2020): Microsoft released an out-of-band patch for CVE-2020-0796, a code execution vulnerability SMB client and server for Windows. An unauthenticated attacker could exploit this vulnerability to execute remote code. Snort rules 53425 - 53428 protect against exploitation of CVE-2020-0796.
Microsoft released its monthly security update today, disclosing vulnerabilities across many of its products and releasing corresponding updates. This month's Patch Tuesday covers 117 vulnerabilities, 25 of which are considered critical. There is also one moderate vulnerability and 91 that are considered important.
This month's patches include updates to Microsoft Media Foundation, the GDI+ API and Windows Defender, among others.
Talos released a new
Talos
Microsoft Patch Tuesday — March 2020: Vulnerability disclosures and Snort coverage
blogs_talos·2020-03-10·CVSS 8.8
CVE-2020-0796 [HIGH] Microsoft Patch Tuesday — March 2020: Vulnerability disclosures and Snort coverage
## Microsoft Patch Tuesday — March 2020: Vulnerability disclosures and Snort coverage
By Jon Munshaw and Vitor Ventura.
Update (March 12, 2020): Microsoft released an out-of-band patch for CVE-2020-0796, a code execution vulnerability SMB client and server for Windows. An unauthenticated attacker could exploit this vulnerability to execute remote code. Snort rules 53425 - 53428 protect against exploitation of CVE-2020-0796.
Microsoft released its monthly security update today, disclosing vulnerabilities across many of its products and releasing corresponding updates. This month's Patch Tuesday covers 117 vulnerabilities, 25 of which are considered critical. There is also one moderate vulnerability and 91 that are considered important.
This month's patches include updates to Microsoft M
2020-03-12
Published