Microsoft Windows 10 Version 1909 vulnerabilities
967 known vulnerabilities affecting microsoft/windows_10_version_1909.
Total CVEs
967
CISA KEV
33
actively exploited
Public exploits
13
Exploited in wild
40
Severity breakdown
CRITICAL31HIGH719MEDIUM214LOW3
Vulnerabilities
Page 46 of 49
CVE-2020-1571HIGHCVSS 7.8vN/A2020-08-17
CVE-2020-1571 [HIGH] CWE-276 CVE-2020-1571: An elevation of privilege vulnerability exists in Windows Setup in the way it handles permissions.
A
An elevation of privilege vulnerability exists in Windows Setup in the way it handles permissions.
A locally authenticated attacker could run arbitrary code with elevated system privileges. After successfully exploiting the vulnerability, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
nvd
CVE-2020-1554HIGHCVSS 7.8≥ 10.0.0, < publication2020-08-17
CVE-2020-1554 [HIGH] CWE-787 CVE-2020-1554: A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in
A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory. An attacker who successfully exploited the vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights.
There are multiple ways an attacker could exploit the vulnerability, such as by convincin
nvd
CVE-2020-1549HIGHCVSS 7.8≥ 10.0.0, < publication2020-08-17
CVE-2020-1549 [HIGH] CVE-2020-1549: An elevation of privilege vulnerability exists when the Windows CDP User Components improperly handl
An elevation of privilege vulnerability exists when the Windows CDP User Components improperly handle memory.
To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.
The security update addresses the vulnerability by correcting how the W
nvd
CVE-2020-1513HIGHCVSS 7.8≥ 10.0.0, < publication2020-08-17
CVE-2020-1513 [HIGH] CVE-2020-1513: An elevation of privilege vulnerability exists when the Windows CSC Service improperly handles memor
An elevation of privilege vulnerability exists when the Windows CSC Service improperly handles memory.
To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.
The security update addresses the vulnerability by correcting how the Windows
nvd
CVE-2020-1478HIGHCVSS 7.8≥ 10.0.0, < publication2020-08-17
CVE-2020-1478 [HIGH] CWE-787 CVE-2020-1478: A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in
A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory. An attacker who successfully exploited the vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights.
There are multiple ways an attacker could exploit the vulnerability, such as by convincin
nvd
CVE-2020-1522HIGHCVSS 7.8≥ 10.0.0, < publication2020-08-17
CVE-2020-1522 [HIGH] CVE-2020-1522: An elevation of privilege vulnerability exists when the Windows Speech Runtime improperly handles me
An elevation of privilege vulnerability exists when the Windows Speech Runtime improperly handles memory.
To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.
The security update addresses the vulnerability by correcting how the Windo
nvd
CVE-2020-1546HIGHCVSS 7.8≥ 10.0.0, < publication2020-08-17
CVE-2020-1546 [HIGH] CVE-2020-1546: An elevation of privilege vulnerability exists when the Windows Backup Engine improperly handles mem
An elevation of privilege vulnerability exists when the Windows Backup Engine improperly handles memory.
To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.
The security update addresses the vulnerability by correcting how the Window
nvd
CVE-2020-1417HIGHCVSS 7.8≥ 10.0.0, < publication2020-08-17
CVE-2020-1417 [HIGH] CVE-2020-1417: An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle obje
An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
To exploit this vulnerability, a
nvd
CVE-2020-1509HIGHCVSS 8.8≥ 10.0.0, < publication2020-08-17
CVE-2020-1509 [HIGH] CVE-2020-1509: An elevation of privilege vulnerability exists in the Local Security Authority Subsystem Service (LS
An elevation of privilege vulnerability exists in the Local Security Authority Subsystem Service (LSASS) when an authenticated attacker sends a specially crafted authentication request. A remote attacker who successfully exploited this vulnerability could cause an elevation of privilege on the target system's LSASS service.
The security update addresses the vul
nvd
CVE-2020-1527HIGHCVSS 7.8≥ 10.0.0, < publication2020-08-17
CVE-2020-1527 [HIGH] CVE-2020-1527: An elevation of privilege vulnerability exists when the Windows Custom Protocol Engine improperly ha
An elevation of privilege vulnerability exists when the Windows Custom Protocol Engine improperly handles memory.
To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.
The security update addresses the vulnerability by correcting how t
nvd
CVE-2020-1473HIGHCVSS 7.8≥ 10.0.0, < publication2020-08-17
CVE-2020-1473 [HIGH] CVE-2020-1473: A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.
An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file.
The update addresses the vulnerabili
nvd
CVE-2020-1584HIGHCVSS 7.8≥ 10.0.0, < publication2020-08-17
CVE-2020-1584 [HIGH] CVE-2020-1584: An elevation of privilege vulnerability exists in the way that the dnsrslvr.dll handles objects in m
An elevation of privilege vulnerability exists in the way that the dnsrslvr.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.
To exploit the vulnerability, a locally authenticated attacker could run a specially crafted application.
The security update addresses the vulnerability
nvd
CVE-2020-1579HIGHCVSS 7.8≥ 10.0.0, < publication2020-08-17
CVE-2020-1579 [HIGH] CVE-2020-1579: An elevation of privilege vulnerability exists when the Windows Function Discovery SSDP Provider imp
An elevation of privilege vulnerability exists when the Windows Function Discovery SSDP Provider improperly handles memory.
To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.
The security update addresses the vulnerability by correc
nvd
CVE-2020-1529HIGHCVSS 7.8≥ 10.0.0, < publication2020-08-17
CVE-2020-1529 [HIGH] CVE-2020-1529: An elevation of privilege vulnerability exists in the way that the Windows Graphics Device Interface
An elevation of privilege vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
To exploit th
nvd
CVE-2020-1533HIGHCVSS 7.8≥ 10.0.0, < publication2020-08-17
CVE-2020-1533 [HIGH] CVE-2020-1533: An elevation of privilege vulnerability exists in the way that the Windows WalletService handles obj
An elevation of privilege vulnerability exists in the way that the Windows WalletService handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.
To exploit the vulnerability, a locally authenticated attacker could run a specially crafted application.
The security update addresses the vuln
nvd
CVE-2020-1545HIGHCVSS 7.8≥ 10.0.0, < publication2020-08-17
CVE-2020-1545 [HIGH] CVE-2020-1545: An elevation of privilege vulnerability exists when the Windows Backup Engine improperly handles mem
An elevation of privilege vulnerability exists when the Windows Backup Engine improperly handles memory.
To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.
The security update addresses the vulnerability by correcting how the Window
nvd
CVE-2020-1517HIGHCVSS 7.8≥ 10.0.0, < publication2020-08-17
CVE-2020-1517 [HIGH] CVE-2020-1517: An elevation of privilege vulnerability exists when the Windows File Server Resource Management Serv
An elevation of privilege vulnerability exists when the Windows File Server Resource Management Service improperly handles memory.
To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.
The security update addresses the vulnerability by
nvd
CVE-2020-1525HIGHCVSS 8.8≥ 10.0.0, < publication2020-08-17
CVE-2020-1525 [HIGH] CWE-787 CVE-2020-1525: A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in
A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory. An attacker who successfully exploited the vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights.
There are multiple ways an attacker could exploit the vulnerability, such as by convincin
nvd
CVE-2020-1566HIGHCVSS 7.8≥ 10.0.0, < publication2020-08-17
CVE-2020-1566 [HIGH] CVE-2020-1566: An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle obje
An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
To exploit this vulnerability, a
nvd
CVE-2020-1467HIGHCVSS 7.8≥ 10.0.0, < publication2020-08-17
CVE-2020-1467 [HIGH] CVE-2020-1467: An elevation of privilege vulnerability exists when Windows improperly handles hard links. An attack
An elevation of privilege vulnerability exists when Windows improperly handles hard links. An attacker who successfully exploited this vulnerability could overwrite a targeted file leading to an elevated status.
To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that co
nvd