Microsoft Windows 10 vulnerabilities

CVE-2020-1540 [HIGH] CVE-2020-1540: An elevation of privilege vulnerability exists when the Windows Backup Engine improperly handles mem An elevation of privilege vulnerability exists when the Windows Backup Engine improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges. The security update addresses the vulnerability by correcting how the Window

CVE-2020-1492 [HIGH] CWE-787 CVE-2020-1492: A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory. An attacker who successfully exploited the vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights. There are multiple ways an attacker could exploit the vulnerability, such as by convincin

CVE-2020-1531 [HIGH] CVE-2020-1531: An elevation of privilege vulnerability exists when the Windows Accounts Control improperly handles An elevation of privilege vulnerability exists when the Windows Accounts Control improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges. The security update addresses the vulnerability by correcting how the Wind

CVE-2020-1477 [HIGH] CWE-787 CVE-2020-1477: A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory. An attacker who successfully exploited the vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights. There are multiple ways an attacker could exploit the vulnerability, such as by convincin

CVE-2020-1536 [HIGH] CVE-2020-1536: An elevation of privilege vulnerability exists when the Windows Backup Engine improperly handles mem An elevation of privilege vulnerability exists when the Windows Backup Engine improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges. The security update addresses the vulnerability by correcting how the Window

CVE-2020-1475 [HIGH] CVE-2020-1475: An elevation of privilege vulnerability exists in the way that the srmsvc.dll handles objects in mem An elevation of privilege vulnerability exists in the way that the srmsvc.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. To exploit the vulnerability, a locally authenticated attacker could run a specially crafted application. The security update addresses the vulnerability b

CVE-2020-1542 [HIGH] CVE-2020-1542: An elevation of privilege vulnerability exists when the Windows Backup Engine improperly handles mem An elevation of privilege vulnerability exists when the Windows Backup Engine improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges. The security update addresses the vulnerability by correcting how the Window

CVE-2020-1571 [HIGH] CWE-276 CVE-2020-1571: An elevation of privilege vulnerability exists in Windows Setup in the way it handles permissions. A An elevation of privilege vulnerability exists in Windows Setup in the way it handles permissions. A locally authenticated attacker could run arbitrary code with elevated system privileges. After successfully exploiting the vulnerability, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

CVE-2020-1554 [HIGH] CWE-787 CVE-2020-1554: A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory. An attacker who successfully exploited the vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights. There are multiple ways an attacker could exploit the vulnerability, such as by convincin

CVE-2020-1549 [HIGH] CVE-2020-1549: An elevation of privilege vulnerability exists when the Windows CDP User Components improperly handl An elevation of privilege vulnerability exists when the Windows CDP User Components improperly handle memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges. The security update addresses the vulnerability by correcting how the W

CVE-2020-1513 [HIGH] CVE-2020-1513: An elevation of privilege vulnerability exists when the Windows CSC Service improperly handles memor An elevation of privilege vulnerability exists when the Windows CSC Service improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges. The security update addresses the vulnerability by correcting how the Windows

CVE-2020-1478 [HIGH] CWE-787 CVE-2020-1478: A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory. An attacker who successfully exploited the vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights. There are multiple ways an attacker could exploit the vulnerability, such as by convincin

CVE-2020-1522 [HIGH] CVE-2020-1522: An elevation of privilege vulnerability exists when the Windows Speech Runtime improperly handles me An elevation of privilege vulnerability exists when the Windows Speech Runtime improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges. The security update addresses the vulnerability by correcting how the Windo

CVE-2020-1546 [HIGH] CVE-2020-1546: An elevation of privilege vulnerability exists when the Windows Backup Engine improperly handles mem An elevation of privilege vulnerability exists when the Windows Backup Engine improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges. The security update addresses the vulnerability by correcting how the Window

CVE-2020-1417 [HIGH] CVE-2020-1417: An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle obje An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, a

CVE-2020-1509 [HIGH] CVE-2020-1509: An elevation of privilege vulnerability exists in the Local Security Authority Subsystem Service (LS An elevation of privilege vulnerability exists in the Local Security Authority Subsystem Service (LSASS) when an authenticated attacker sends a specially crafted authentication request. A remote attacker who successfully exploited this vulnerability could cause an elevation of privilege on the target system's LSASS service. The security update addresses the vul

CVE-2020-1527 [HIGH] CVE-2020-1527: An elevation of privilege vulnerability exists when the Windows Custom Protocol Engine improperly ha An elevation of privilege vulnerability exists when the Windows Custom Protocol Engine improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges. The security update addresses the vulnerability by correcting how t

CVE-2020-1473 [HIGH] CVE-2020-1473: A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerabili

CVE-2020-1584 [HIGH] CVE-2020-1584: An elevation of privilege vulnerability exists in the way that the dnsrslvr.dll handles objects in m An elevation of privilege vulnerability exists in the way that the dnsrslvr.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. To exploit the vulnerability, a locally authenticated attacker could run a specially crafted application. The security update addresses the vulnerability

CVE-2020-1579 [HIGH] CVE-2020-1579: An elevation of privilege vulnerability exists when the Windows Function Discovery SSDP Provider imp An elevation of privilege vulnerability exists when the Windows Function Discovery SSDP Provider improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges. The security update addresses the vulnerability by correc