Microsoft Windows 10 Version 1909 vulnerabilities

CVE-2020-1510 [MEDIUM] CWE-200 CVE-2020-1510: An information disclosure vulnerability exists when the win32k component improperly provides kernel An information disclosure vulnerability exists when the win32k component improperly provides kernel information. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted appl

CVE-2020-1548 [MEDIUM] CVE-2020-1548: An information disclosure vulnerability exists when the Windows WaasMedic Service improperly handles An information disclosure vulnerability exists when the Windows WaasMedic Service improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to improperly disclose memory. The security update addresses the vulnerability by correcting

CVE-2020-1578 [MEDIUM] CVE-2020-1578: An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass. An attacker who successfully exploited the vulnerability could retrieve the memory address of a kernel object. To exploit the vulnerability, an attacker would ha

CVE-2020-1459 [MEDIUM] CWE-203 CVE-2020-1459: An information disclosure vulnerability exists on ARM implementations that use speculative execution An information disclosure vulnerability exists on ARM implementations that use speculative execution in control flow via a side-channel analysis, aka "straight-line speculation." To exploit this vulnerability, an attacker with local privileges would need to run a specially crafted application. The security update addresses the vulnerability by bypassi

CVE-2019-1226 [CRITICAL] CVE-2019-1226: A remote code execution vulnerability exists in Remote Desktop Services – formerly known as Terminal A remote code execution vulnerability exists in Remote Desktop Services – formerly known as Terminal Services – when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests. This vulnerability is pre-authentication and requires no user interaction. An attacker who successfully exploited this vulnerability cou

CVE-2019-1225 [HIGH] CWE-200 CVE-2019-1225: An information disclosure vulnerability exists when the Windows RDP server improperly discloses the An information disclosure vulnerability exists when the Windows RDP server improperly discloses the contents of its memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the system. To exploit this vulnerability, an attacker would have to connect remotely to an affected system and run a specially

CVE-2019-1224 [HIGH] CWE-200 CVE-2019-1224: An information disclosure vulnerability exists when the Windows RDP server improperly discloses the An information disclosure vulnerability exists when the Windows RDP server improperly discloses the contents of its memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the system. To exploit this vulnerability, an attacker would have to connect remotely to an affected system and run a specially