Microsoft Windows 10 vulnerabilities

CVE-2020-1266 [HIGH] CVE-2020-1266: An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle obje An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0986, CVE-2020-1237, CVE-2020-1246, CVE-2020-1262, CVE-2020-1264, CVE-2020-1269, CVE-2020-1273, CVE-2020-1274, CVE-2020-1275, CVE-2020-1276, CVE-2020-130

CVE-2020-1301 [HIGH] CVE-2020-1301: A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 1.0 A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 1.0 (SMBv1) server handles certain requests, aka 'Windows SMB Remote Code Execution Vulnerability'.

CVE-2020-1248 [HIGH] CVE-2020-1248: A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface ( A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory, aka 'GDI+ Remote Code Execution Vulnerability'.

CVE-2020-1324 [HIGH] CVE-2020-1324: An elevation of privilege (user to user) vulnerability exists in Windows Security Health Service whe An elevation of privilege (user to user) vulnerability exists in Windows Security Health Service when handling certain objects in memory.To exploit the vulnerability, an attacker would first have to log on to the system, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1162.

CVE-2020-1286 [HIGH] CWE-20 CVE-2020-1286: A remote code execution vulnerability exists when the Windows Shell does not properly validate file A remote code execution vulnerability exists when the Windows Shell does not properly validate file paths.An attacker who successfully exploited this vulnerability could run arbitrary code in the context of the current user, aka 'Windows Shell Remote Code Execution Vulnerability'.

CVE-2020-0915 [HIGH] CVE-2020-0915: An elevation of privilege vulnerability exists in the way that the Windows Graphics Device Interface An elevation of privilege vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, aka 'Windows GDI Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0916.

CVE-2020-1206 [HIGH] CWE-908 CVE-2020-1206: An information disclosure vulnerability exists in the way that the Microsoft Server Message Block 3. An information disclosure vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests, aka 'Windows SMBv3 Client/Server Information Disclosure Vulnerability'.

CVE-2020-1275 [HIGH] CVE-2020-1275: An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle obje An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0986, CVE-2020-1237, CVE-2020-1246, CVE-2020-1262, CVE-2020-1264, CVE-2020-1266, CVE-2020-1269, CVE-2020-1273, CVE-2020-1274, CVE-2020-1276, CVE-2020-130

CVE-2020-1270 [HIGH] CVE-2020-1270: An elevation of privilege vulnerability exists in the way that the wlansvc.dll handles objects in me An elevation of privilege vulnerability exists in the way that the wlansvc.dll handles objects in memory, aka 'Windows WLAN Service Elevation of Privilege Vulnerability'.

CVE-2020-1233 [HIGH] CVE-2020-1233: An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects i An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka 'Windows Runtime Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1231, CVE-2020-1235, CVE-2020-1265, CVE-2020-1282, CVE-2020-1304, CVE-2020-1306, CVE-2020-1334.

CVE-2020-1222 [HIGH] CVE-2020-1222: An elevation of privilege vulnerability exists when the Microsoft Store Runtime improperly handles m An elevation of privilege vulnerability exists when the Microsoft Store Runtime improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Microsoft Store Runtime Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1309.

CVE-2020-1217 [HIGH] CVE-2020-1217: An information disclosure vulnerability exists when the Windows Runtime improperly handles objects i An information disclosure vulnerability exists when the Windows Runtime improperly handles objects in memory, aka 'Windows Runtime Information Disclosure Vulnerability'.

CVE-2020-1279 [HIGH] CVE-2020-1279: An elevation of privilege vulnerability exists when Windows Lockscreen fails to properly load spotli An elevation of privilege vulnerability exists when Windows Lockscreen fails to properly load spotlight images from a secure location, aka 'Windows Lockscreen Elevation of Privilege Vulnerability'.

CVE-2020-1278 [HIGH] CVE-2020-1278: An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service i An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly handles file operations, aka 'Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1257, CVE-2020-1293.

CVE-2020-1294 [HIGH] CVE-2020-1294: An elevation of privilege vulnerability exists in the way that the Windows WalletService handles obj An elevation of privilege vulnerability exists in the way that the Windows WalletService handles objects in memory, aka 'Windows WalletService Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1287.

CVE-2020-1313 [HIGH] CVE-2020-1313: An elevation of privilege vulnerability exists when the Windows Update Orchestrator Service improper An elevation of privilege vulnerability exists when the Windows Update Orchestrator Service improperly handles file operations, aka 'Windows Update Orchestrator Service Elevation of Privilege Vulnerability'.

CVE-2020-1348 [MEDIUM] CVE-2020-1348: An information disclosure vulnerability exists when the Windows GDI component improperly discloses t An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'.

CVE-2020-1268 [MEDIUM] CVE-2020-1268: An information disclosure vulnerability exists when a Windows service improperly handles objects in An information disclosure vulnerability exists when a Windows service improperly handles objects in memory, aka 'Windows Service Information Disclosure Vulnerability'.

CVE-2020-1290 [MEDIUM] CVE-2020-1290: An information disclosure vulnerability exists when the win32k component improperly provides kernel An information disclosure vulnerability exists when the win32k component improperly provides kernel information, aka 'Win32k Information Disclosure Vulnerability'.

CVE-2020-1261 [MEDIUM] CVE-2020-1261: An information disclosure vulnerability exists in the way Windows Error Reporting (WER) handles obje An information disclosure vulnerability exists in the way Windows Error Reporting (WER) handles objects in memory, aka 'Windows Error Reporting Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-1263.