CVE-2020-1027
published 2020-04-15CVE-2020-1027: An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory, aka 'Windows Kernel Elevation of Privilege…
PriorityP179high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
KEVITW
CISA Known Exploited Vulnerabilitydue 2022-06-13
Exploited in the wild
EPSS
4.48%
90.3th percentile
An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0913, CVE-2020-1000, CVE-2020-1003.
Affected
68 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10_version_1903_for_32-bit_systems | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →CVE-2020-1027 is actively exploited in the wild; hunt for locally authenticated users running specially crafted applications that interact with Windows Kernel object handling in memory to gain elevated permissions. ↗
- →Exploitation status confirmed as actively detected in the wild; treat any unexplained privilege escalation on Windows Kernel object handling as a high-priority incident. ↗
- →An attacker who successfully exploited the vulnerability could execute code with elevated permissions; monitor for processes spawning with unexpected elevated privileges on patched and unpatched Windows systems. ↗
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.2HIGHAV:L/AC:L/Au:N/C:C/I:C/A:C
vulncheck7.8HIGH
cisa7.8HIGH
vendor_msrc7.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-824c-87gg-824v: An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Pr
ghsa_unreviewed·2022-05-24·CVSS 7.8
CVE-2020-0913 [HIGH] CWE-269 GHSA-824c-87gg-824v: An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Pr
An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1000, CVE-2020-1003, CVE-2020-1027.
GHSA
GHSA-jmx9-mphw-fm82: An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Pr
ghsa_unreviewed·2022-05-24·CVSS 7.8
CVE-2020-1003 [HIGH] CWE-269 GHSA-jmx9-mphw-fm82: An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Pr
An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0913, CVE-2020-1000, CVE-2020-1027.
GHSA
GHSA-4425-fxh6-87fr: An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory, aka 'Windows Kernel Elevation of Privileg
ghsa_unreviewed·2022-05-24·CVSS 7.8
CVE-2020-1027 [HIGH] CWE-269 GHSA-4425-fxh6-87fr: An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory, aka 'Windows Kernel Elevation of Privileg
An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0913, CVE-2020-1000, CVE-2020-1003.
GHSA
GHSA-hjqq-v5qj-gf74: An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Pr
ghsa_unreviewed·2022-05-24·CVSS 7.8
CVE-2020-1000 [HIGH] CWE-269 GHSA-hjqq-v5qj-gf74: An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Pr
An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0913, CVE-2020-1003, CVE-2020-1027.
Project0
In-the-Wild Series: Windows Exploits - Project Zero
project_zero·2021-01-01·CVSS 7.8
CVE-2020-0938 [HIGH] In-the-Wild Series: Windows Exploits - Project Zero
This is part 6 of a 6-part series detailing a set of vulnerabilities found by Project Zero being exploited in the wild. To read the other parts of the series, see the introduction post.
Posted by Mateusz Jurczyk and Sergei Glazunov, Project Zero
In this post we'll discuss the exploits for vulnerabilities in Windows that have been used by the attacker to escape the Chrome renderer sandbox.
## 1. Font vulnerabilities on Windows ≤ 8.1 (CVE-2020-0938, CVE-2020-1020)
## Background
The Windows GDI interface supports an old format of fonts called Type 1, which was designed by Adobe around 1985 and was popular mostly in the 1990s and early 2000s. On Windows, these fonts are represented by a pair of .PFM (Printer Font Metric) and .PFB (Printer Font Binary) files, with the PFB being a mixture
Project0
Introducing the In-the-Wild Series - Project Zero
project_zero·2021-01-01
CVE-2020-0938 Introducing the In-the-Wild Series - Project Zero
This is part 1 of a 6-part series detailing a set of vulnerabilities found by Project Zero being exploited in the wild. To read the other parts of the series, head to the bottom of this post.
At Project Zero we often refer to our goal simply as “make 0-day hard”. Members of the team approach this challenge mainly through the lens of offensive security research. And while we experiment a lot with new targets and methodologies in order to remain at the forefront of the field, it is important that the team doesn’t stray too far from the current state of the art. One of our efforts in this regard is the tracking of publicly known cases of zero-day vulnerabilities. We use this information to guide the research. Unfortunately, public 0-day reports rarely include captured exploits, which could
VulnCheck
Microsoft Windows Kernel Privilege Escalation Vulnerability
vulncheck·2020·CVSS 7.8
CVE-2020-1027 [HIGH] CWE-787 Microsoft Windows Kernel Privilege Escalation Vulnerability
Microsoft Windows Kernel Privilege Escalation Vulnerability
An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.
Affected: Microsoft Windows
Required Action: Apply updates per vendor instructions.
Exploitation References: https://docs.google.com/spreadsheets/d/1lkNJ0uQwbeC1ZTRrxdtuPLCIl7mlUreoKfSIgajnSyY/edit; https://api.msrc.microsoft.com/cvrf/v3.0/cvrf/2020-Apr; https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json
Remediation Due: 2022-06-13
Project0
Project Zero RCA: CVE-2020-6418: Chrome incorrect side-effect modelling issue in Turbofan leading to type confusions
project_zero·CVSS 8.8
CVE-2020-6418 [HIGH] Project Zero RCA: CVE-2020-6418: Chrome incorrect side-effect modelling issue in Turbofan leading to type confusions
# CVE-2020-6418: Chrome incorrect side-effect modelling issue in Turbofan leading to type confusions
*Samuel Groß and Sergei Glazunov, Project Zero (Originally posted on [Project Zero blog](https://googleprojectzero.blogspot.com/p/rca.html) 2020-08-05)*
## The Basics
**Disclosure or Patch Date:** 24 February 2020
**Product:** Google Chrome
**Advisory:** https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop_24.html
**Affected Versions:** Google Chrome 60 - 80
**First Patched Version:** 80.0.3987.122
**Issue/Bug Report:** https://bugs.chromium.org/p/chromium/issues/detail?id=1053604
**Patch CL:** https://chromium.googlesource.com/v8/v8.git/+/fb0a60e15695466621cf65932f9152935d859447
**Bug-Introducing CL:** https://chromium.googlesource.com/v8/v8.git/+/0f716a
Project0
Project Zero RCA: CVE-2020-1027: Windows buffer overflow in CSRSS
project_zero·CVSS 8.8
CVE-2020-1027 [HIGH] Project Zero RCA: CVE-2020-1027: Windows buffer overflow in CSRSS
# CVE-2020-1027: Windows buffer overflow in CSRSS
*Sergei Glazunov, Project Zero (Originally posted on [Project Zero blog](https://googleprojectzero.blogspot.com/p/rca.html) 2021-01-12)*
## The Basics
**Disclosure or Patch Date:**
* 23 March 2020 – advisory without technical details
* 14 April 2020 – security bulletin and patch release
**Product:** Microsoft Windows
**Advisory:**
* Initial advisory: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200006
* Security bulletin: https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-1020
**Affected Versions:** Windows 7 through 10, prior to the April 2020 patch
**First Patched Version:** Windows with April 2020 patch (e.g. for Windows 10 1909/1903, [KB4549951](https://support.microsoft.com/en-u
CISA
Microsoft Windows Kernel Privilege Escalation Vulnerability
cisa·2022-05-23·CVSS 7.8
CVE-2020-1027 [HIGH] CWE-787 Microsoft Windows Kernel Privilege Escalation Vulnerability
Vulnerability: Microsoft Windows Kernel Privilege Escalation Vulnerability
Affected: Microsoft Windows
An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.
Required Action: Apply updates per vendor instructions.
Notes: https://nvd.nist.gov/vuln/detail/CVE-2020-1027
Remediation Due Date: 2022-06-13
Microsoft
Windows Kernel Elevation of Privilege Vulnerability
vendor_msrc·2020-04-14·CVSS 7.8
CVE-2020-1027 [HIGH] Windows Kernel Elevation of Privilege Vulnerability
Windows Kernel Elevation of Privilege Vulnerability
Description: An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.
To exploit the vulnerability, a locally authenticated attacker could run a specially crafted application.
The security update addresses the vulnerability by ensuring the Windows Kernel properly handles objects in memory.
Windows Kernel: Windows Kernel
Issuing CNA: Microsoft
Impact: Elevation of Privilege
Exploit Status: Publicly Disclosed:No;Exploited:Yes;Latest Software Release:Exploitation Detected;Older Software Release:Exploitation More Likely;DOS:N/A
Reference: https://catalog.update.microsoft.com/v7/site/S
No detection rules found.
No public exploits indexed.
Checkpoint
20th April – Threat Intelligence Bulletin
blogs_checkpoint·2020-04-20
CVE-2020-0888 20th April – Threat Intelligence Bulletin
Latest Publications
CPR Podcast Channel
AI Research
Web 3.0 Security
Intelligence Reports
ThreatCloud AI
Threat Intelligence & Research
Zero Day Protection
Sandblast File Analysis
About Us
SUBSCRIBE
2026
2025
2024
2023
2022
2021
2020
2019
2018
2017
2016
## 20th April – Threat Intelligence Bulletin
For the latest discoveries in cyber research for the week of 20th April 2020, please download our Threat Intelligence Bulletin .
Top Attacks and Breaches
Threat actors have employed the previously-unknown PoetRAT Trojan in a coronavirus-themed campaign aimed atthe Azerbaijan government and utility companies. Delivered via phishing, the malware infected ICS and SCADA systems used to control the wind turbines within the renewable energy sector.
Check Point Anti-Virus pro
Krebs
Microsoft Patch Tuesday, April 2020 Edition
blogs_krebs·2020-04-14·CVSS 10.0
CVE-2020-1020 [CRITICAL] Microsoft Patch Tuesday, April 2020 Edition
Microsoft today released updates to fix 113 security vulnerabilities in its various Windows operating systems and related software. Those include at least three flaws that are actively being exploited, as well as two others which were publicly detailed prior to today, potentially giving attackers a head start in figuring out how to exploit the bugs.
Near the top of the heap is CVE-2020-1020, a remotely exploitable bug in the Adobe Font Manager library that was first detailed in late March when Microsoft said it had seen the flaw being used in active attacks.
The Adobe Font Manager library is the source of yet another zero-day flaw — CVE-2020-0938 — although experts at security vendor Tenable say there is currently no confirmation that the two are related to the same set of in-the-wild at
Tenable
Microsoft’s April 2020 Patch Tuesday Addresses 113 CVEs Including Adobe Type Manager Library Zero-Day Flaws (CVE-2020-0938, CVE-2020-1020)
blogs_tenable·2020-04-14·CVSS 7.8
[HIGH] Microsoft’s April 2020 Patch Tuesday Addresses 113 CVEs Including Adobe Type Manager Library Zero-Day Flaws (CVE-2020-0938, CVE-2020-1020)
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Talos
Microsoft Patch Tuesday — April 2020: Vulnerability disclosures and Snort coverage
blogs_talos·2020-04-14·CVSS 8.8
[HIGH] Microsoft Patch Tuesday — April 2020: Vulnerability disclosures and Snort coverage
By Jon Munshaw.
Microsoft released its monthly security update today, disclosing vulnerabilities across many of its products and releasing corresponding updates. This month's Patch Tuesday covers 115 vulnerabilities. Nineteen of the flaws Microsoft disclosed are considered critical. The remainders are scored as being “important” updates.
This month’s security update covers security issues in a variety of Microsoft services and software, including SharePoint, the Windows font library and the Windows kernel. A Cisco Talos researcher discovered CVE-2020-0939, an information disclosure vulnerability in Microsoft Media Foundation. For more, check out Talos’ full Vulnerability Spotlight here.
Talos also released a new set of SNORTⓇ rules that provide coverage for some of these vulnerabilities
Trendmicro
April Patch Tuesday: Fixes for Font-Related, Microsoft SharePoint, Windows Components Vulnerabilities
blogs_trendmicro·2020-04-14·CVSS 8.8
[HIGH] April Patch Tuesday: Fixes for Font-Related, Microsoft SharePoint, Windows Components Vulnerabilities
## April Patch Tuesday: Fixes for Font-Related, Microsoft SharePoint, Windows Components Vulnerabilities
Microsoft’s Patch Tuesday for April released fixes for a couple of critical font-related vulnerabilities, like an earlier disclosed one found in Adobe Type Manager Library (atmfd.dll). It also featured patches for vulnerabilities in Microsoft SharePoint and Windows Components.
By: Trend Micro Apr 14, 2020 Read time: ( words)
Save to Folio
Microsoft fixed 113 vulnerabilities in this month’s Patch Tuesday , just two shy of last month’s 115. This continues the streak of longer-than-usual list of patches that began in January . In fact, compared to the same period in 2019, Microsoft fixed 44% more vulnerabilities between January to April of this year.
In this month’s list, 17 were rate
Qualys
April 2020 Patch Tuesday – 113 Vulns, 19 Critical, Zero-Day Patches, SharePoint, Adobe ColdFusion
blogs_qualys·2020-04-14·CVSS 8.4
[HIGH] April 2020 Patch Tuesday – 113 Vulns, 19 Critical, Zero-Day Patches, SharePoint, Adobe ColdFusion
This month’s Microsoft Patch Tuesday addresses 113 vulnerabilities with 19 of them labeled as Critical. The 19 Critical vulnerabilities cover Adobe Font Manager Library (0-day), SharePoint, Hyper-V, Scripting Engines, Media Foundation, Microsoft Graphics, Windows Codecs, and Dynamics Business Central. Adobe released patches today for ColdFusion, After Effects, and Digital Editions.
## Workstation Patches
The Scripting Engine, Adobe Font Manager Library, Media Foundation, Microsoft Graphics, and Windows Codecs patches should be prioritized for workstation-type devices, meaning any system that is used for email or to access the internet via a browser. This includes multi-user servers that are used as remote desktops for users.
## Windows Kernel Privilege Escalation
While listed as Import
Krebs
Microsoft Patch Tuesday, April 2020 Edition
blogs_krebs·2020-04-14·CVSS 10.0
[CRITICAL] Microsoft Patch Tuesday, April 2020 Edition
Microsoft today released updates to fix 113 security vulnerabilities in its various Windows operating systems and related software. Those include at least three flaws that are actively being exploited, as well as two others which were publicly detailed prior to today, potentially giving attackers a head start in figuring out how to exploit the bugs.
Nineteen of the weaknesses fixed on this Patch Tuesday were assigned Microsoft’s most-dire “critical” rating, meaning malware or miscreants could exploit them to gain complete, remote control over vulnerable computers without any help from users.
Near the top of the heap is CVE-2020-1020 , a remotely exploitable bug in the Adobe Font Manager library that was first detailed in late March when Microsoft said it had seen the flaw being used in a
Trendmicro
April Patch Tuesday: Fixes for Font-Related, Microsoft SharePoint, Windows Components Vulnerabilities
blogs_trendmicro·2020-04-14·CVSS 8.8
[HIGH] April Patch Tuesday: Fixes for Font-Related, Microsoft SharePoint, Windows Components Vulnerabilities
# April Patch Tuesday: Fixes for Font-Related, Microsoft SharePoint, Windows Components Vulnerabilities
Microsoft’s Patch Tuesday for April released fixes for a couple of critical font-related vulnerabilities, like an earlier disclosed one found in Adobe Type Manager Library (atmfd.dll). It also featured patches for vulnerabilities in Microsoft SharePoint and Windows Components.
By: Trend Micro
2020/04/14
Read time: ( words)
Save to Folio
Microsoft fixed 113 vulnerabilities in this month’s Patch Tuesday, just two shy of last month’s 115. This continues the streak of longer-than-usual list of patches that began in January. In fact, compared to the same period in 2019, Microsoft fixed 44% more vulnerabilities between January to April of this year.
In this month’s list, 17 were rated as
Qualys
April 2020 Patch Tuesday – 113 Vulns, 19 Critical, Zero-Day Patches, SharePoint, Adobe ColdFusion | Qualys
blogs_qualys·2020-04-14·CVSS 8.4
[HIGH] April 2020 Patch Tuesday – 113 Vulns, 19 Critical, Zero-Day Patches, SharePoint, Adobe ColdFusion | Qualys
This month’s Microsoft Patch Tuesday addresses 113 vulnerabilities with 19 of them labeled as Critical. The 19 Critical vulnerabilities cover Adobe Font Manager Library (0-day), SharePoint, Hyper-V, Scripting Engines, Media Foundation, Microsoft Graphics, Windows Codecs, and Dynamics Business Central. Adobe released patches today for ColdFusion, After Effects, and Digital Editions.
### Workstation Patches
The Scripting Engine, Adobe Font Manager Library, Media Foundation, Microsoft Graphics, and Windows Codecs patches should be prioritized for workstation-type devices, meaning any system that is used for email or to access the internet via a browser. This includes multi-user servers that are used as remote desktops for users.
### Windows Kernel Privilege Escalation
While listed as Impo
Talos
Microsoft Patch Tuesday — April 2020: Vulnerability disclosures and Snort coverage
blogs_talos·2020-04-14·CVSS 8.8
[HIGH] Microsoft Patch Tuesday — April 2020: Vulnerability disclosures and Snort coverage
## Microsoft Patch Tuesday — April 2020: Vulnerability disclosures and Snort coverage
By Jon Munshaw.
Microsoft released its monthly security update today, disclosing vulnerabilities across many of its products and releasing corresponding updates. This month's Patch Tuesday covers 115 vulnerabilities. Nineteen of the flaws Microsoft disclosed are considered critical. The remainders are scored as being “important” updates.
This month’s security update covers security issues in a variety of Microsoft services and software, including SharePoint, the Windows font library and the Windows kernel. A Cisco Talos researcher discovered CVE-2020-0939 , an information disclosure vulnerability in Microsoft Media Foundation. For more, check out Talos’ full Vulnerability Spotlight here .
Talos also r
Trendmicro
April Patch Tuesday: Fixes for Font-Related, Microsoft SharePoint, Windows Components Vulnerabilities
blogs_trendmicro·2020-04-14·CVSS 8.8
[HIGH] April Patch Tuesday: Fixes for Font-Related, Microsoft SharePoint, Windows Components Vulnerabilities
## April Patch Tuesday: Fixes for Font-Related, Microsoft SharePoint, Windows Components Vulnerabilities
Microsoft’s Patch Tuesday for April released fixes for a couple of critical font-related vulnerabilities, like an earlier disclosed one found in Adobe Type Manager Library (atmfd.dll). It also featured patches for vulnerabilities in Microsoft SharePoint and Windows Components.
By: Trend Micro Apr 14, 2020 Read time: ( words)
Save to Folio
Microsoft fixed 113 vulnerabilities in this month’s Patch Tuesday , just two shy of last month’s 115. This continues the streak of longer-than-usual list of patches that began in January . In fact, compared to the same period in 2019, Microsoft fixed 44% more vulnerabilities between January to April of this year.
In this month’s list, 17 were rate
Trendmicro
April Patch Tuesday: Fixes for Font-Related, Microsoft SharePoint, Windows Components Vulnerabilities
blogs_trendmicro·2020-04-14·CVSS 8.8
[HIGH] April Patch Tuesday: Fixes for Font-Related, Microsoft SharePoint, Windows Components Vulnerabilities
## April Patch Tuesday: Fixes for Font-Related, Microsoft SharePoint, Windows Components Vulnerabilities
Microsoft’s Patch Tuesday for April released fixes for a couple of critical font-related vulnerabilities, like an earlier disclosed one found in Adobe Type Manager Library (atmfd.dll). It also featured patches for vulnerabilities in Microsoft SharePoint and Windows Components.
By: Trend Micro 2020/04/14 Read time: ( words)
Save to Folio
Microsoft fixed 113 vulnerabilities in this month’s Patch Tuesday , just two shy of last month’s 115. This continues the streak of longer-than-usual list of patches that began in January . In fact, compared to the same period in 2019, Microsoft fixed 44% more vulnerabilities between January to April of this year.
In this month’s list, 17 were rated
Zscaler
Zscaler found New Security Vulnerabilities | 15-04-2020
blogs_zscaler·CVSS 7.8
[HIGH] Zscaler found New Security Vulnerabilities | 15-04-2020
Provide users with seamless, secure, reliable access to applications and data.
Build and run secure cloud apps, enable zero trust cloud connectivity, and protect workloads from data center to cloud.
Provide zero trust connectivity for IoT and OT devices and secure remote access to OT systems.
Provide zero trust site-to-site connectivity and reliable access to B2B apps for partners.
Industry Report
Zscaler: A Leader in the 2025 Gartner® Magic Quadrant™ for Security Service Edge (SSE)
USE CASES
INDUSTRY & MARKET SOLUTIONS
PARTNERS
TECHNOLOGY PARTNERS
Resource Center
Events & Trainings
Security Research & Services
Tools
Community & Support
CXO REVOLUTIONARIES
Amplifying the voices of real-world digital and zero trust pioneers
Discover how it began and where it’s going
Meet o
http://packetstormsecurity.com/files/168068/Windows-sxs-CNodeFactory-XMLParser_Element_doc_assembly_assemblyIdentity-Heap-Buffer-Overflow.htmlhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1027http://packetstormsecurity.com/files/168068/Windows-sxs-CNodeFactory-XMLParser_Element_doc_assembly_assemblyIdentity-Heap-Buffer-Overflow.htmlhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1027https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-1027
2020-04-15
Published
2022-05-23
Added to CISA KEV
Exploited in the wild