Microsoft Windows 7 vulnerabilities
881 known vulnerabilities affecting microsoft/windows_7.
Total CVEs
881
CISA KEV
35
actively exploited
Public exploits
31
Exploited in wild
43
Severity breakdown
CRITICAL25HIGH656MEDIUM198LOW2
Vulnerabilities
Page 35 of 45
CVE-2020-1564HIGHCVSS 7.8≥ 6.1.0, < publication2020-08-17
CVE-2020-1564 [HIGH] CVE-2020-1564: A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.
An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file.
The update addresses the vulnerabili
nvd
CVE-2020-1547HIGHCVSS 7.8≥ 6.1.0, < publication2020-08-17
CVE-2020-1547 [HIGH] CVE-2020-1547: An elevation of privilege vulnerability exists when the Windows Backup Engine improperly handles mem
An elevation of privilege vulnerability exists when the Windows Backup Engine improperly handles memory.
To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.
The security update addresses the vulnerability by correcting how the Window
nvd
CVE-2020-1378HIGHCVSS 7.8≥ 6.1.0, < publication2020-08-17
CVE-2020-1378 [HIGH] CWE-787 CVE-2020-1378: An elevation of privilege vulnerability exists when the Windows Kernel API improperly handles regist
An elevation of privilege vulnerability exists when the Windows Kernel API improperly handles registry objects in memory. An attacker who successfully exploited the vulnerability could gain elevated privileges on a targeted system.
A locally authenticated attacker could exploit this vulnerability by running a specially crafted application.
The security
nvd
CVE-2020-1538HIGHCVSS 7.8≥ 6.1.0, < publication2020-08-17
CVE-2020-1538 [HIGH] CVE-2020-1538: An elevation of privilege vulnerability exists when the Windows UPnP Device Host improperly handles
An elevation of privilege vulnerability exists when the Windows UPnP Device Host improperly handles memory.
To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.
The security update addresses the vulnerability by correcting how the Wind
nvd
CVE-2020-1518HIGHCVSS 7.8≥ 6.1.0, < publication2020-08-17
CVE-2020-1518 [HIGH] CVE-2020-1518: An elevation of privilege vulnerability exists when the Windows File Server Resource Management Serv
An elevation of privilege vulnerability exists when the Windows File Server Resource Management Service improperly handles memory.
To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.
The security update addresses the vulnerability by
nvd
CVE-2020-1534HIGHCVSS 7.8≥ 6.1.0, < publication2020-08-17
CVE-2020-1534 [HIGH] CVE-2020-1534: An elevation of privilege vulnerability exists when the Windows Backup Service improperly handles fi
An elevation of privilege vulnerability exists when the Windows Backup Service improperly handles file operations.
To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.
The security update addresses the vulnerability by correcting how
nvd
CVE-2020-1470HIGHCVSS 7.8≥ 6.1.0, < publication2020-08-17
CVE-2020-1470 [HIGH] CVE-2020-1470: An elevation of privilege vulnerability exists when the Windows Work Folders Service improperly hand
An elevation of privilege vulnerability exists when the Windows Work Folders Service improperly handles memory.
To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.
The security update addresses the vulnerability by correcting how the
nvd
CVE-2020-1543HIGHCVSS 7.8≥ 6.1.0, < publication2020-08-17
CVE-2020-1543 [HIGH] CVE-2020-1543: An elevation of privilege vulnerability exists when the Windows Backup Engine improperly handles mem
An elevation of privilege vulnerability exists when the Windows Backup Engine improperly handles memory.
To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.
The security update addresses the vulnerability by correcting how the Window
nvd
CVE-2020-1541HIGHCVSS 7.8≥ 6.1.0, < publication2020-08-17
CVE-2020-1541 [HIGH] CVE-2020-1541: An elevation of privilege vulnerability exists when the Windows Backup Engine improperly handles mem
An elevation of privilege vulnerability exists when the Windows Backup Engine improperly handles memory.
To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.
The security update addresses the vulnerability by correcting how the Window
nvd
CVE-2020-1540HIGHCVSS 7.8≥ 6.1.0, < publication2020-08-17
CVE-2020-1540 [HIGH] CVE-2020-1540: An elevation of privilege vulnerability exists when the Windows Backup Engine improperly handles mem
An elevation of privilege vulnerability exists when the Windows Backup Engine improperly handles memory.
To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.
The security update addresses the vulnerability by correcting how the Window
nvd
CVE-2020-1477HIGHCVSS 7.8≥ 6.1.0, < publication2020-08-17
CVE-2020-1477 [HIGH] CWE-787 CVE-2020-1477: A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in
A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory. An attacker who successfully exploited the vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights.
There are multiple ways an attacker could exploit the vulnerability, such as by convincin
nvd
CVE-2020-1536HIGHCVSS 7.8≥ 6.1.0, < publication2020-08-17
CVE-2020-1536 [HIGH] CVE-2020-1536: An elevation of privilege vulnerability exists when the Windows Backup Engine improperly handles mem
An elevation of privilege vulnerability exists when the Windows Backup Engine improperly handles memory.
To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.
The security update addresses the vulnerability by correcting how the Window
nvd
CVE-2020-1475HIGHCVSS 7.8≥ 6.1.0, < publication2020-08-17
CVE-2020-1475 [HIGH] CVE-2020-1475: An elevation of privilege vulnerability exists in the way that the srmsvc.dll handles objects in mem
An elevation of privilege vulnerability exists in the way that the srmsvc.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.
To exploit the vulnerability, a locally authenticated attacker could run a specially crafted application.
The security update addresses the vulnerability b
nvd
CVE-2020-1542HIGHCVSS 7.8≥ 6.1.0, < publication2020-08-17
CVE-2020-1542 [HIGH] CVE-2020-1542: An elevation of privilege vulnerability exists when the Windows Backup Engine improperly handles mem
An elevation of privilege vulnerability exists when the Windows Backup Engine improperly handles memory.
To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.
The security update addresses the vulnerability by correcting how the Window
nvd
CVE-2020-1554HIGHCVSS 7.8≥ 6.1.0, < publication2020-08-17
CVE-2020-1554 [HIGH] CWE-787 CVE-2020-1554: A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in
A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory. An attacker who successfully exploited the vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights.
There are multiple ways an attacker could exploit the vulnerability, such as by convincin
nvd
CVE-2020-1513HIGHCVSS 7.8≥ 6.1.0, < publication2020-08-17
CVE-2020-1513 [HIGH] CVE-2020-1513: An elevation of privilege vulnerability exists when the Windows CSC Service improperly handles memor
An elevation of privilege vulnerability exists when the Windows CSC Service improperly handles memory.
To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.
The security update addresses the vulnerability by correcting how the Windows
nvd
CVE-2020-1478HIGHCVSS 7.8≥ 6.1.0, < publication2020-08-17
CVE-2020-1478 [HIGH] CWE-787 CVE-2020-1478: A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in
A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory. An attacker who successfully exploited the vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights.
There are multiple ways an attacker could exploit the vulnerability, such as by convincin
nvd
CVE-2020-1546HIGHCVSS 7.8≥ 6.1.0, < publication2020-08-17
CVE-2020-1546 [HIGH] CVE-2020-1546: An elevation of privilege vulnerability exists when the Windows Backup Engine improperly handles mem
An elevation of privilege vulnerability exists when the Windows Backup Engine improperly handles memory.
To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.
The security update addresses the vulnerability by correcting how the Window
nvd
CVE-2020-1473HIGHCVSS 7.8≥ 6.1.0, < publication2020-08-17
CVE-2020-1473 [HIGH] CVE-2020-1473: A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.
An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file.
The update addresses the vulnerabili
nvd
CVE-2020-1584HIGHCVSS 7.8≥ 6.1.0, < publication2020-08-17
CVE-2020-1584 [HIGH] CVE-2020-1584: An elevation of privilege vulnerability exists in the way that the dnsrslvr.dll handles objects in m
An elevation of privilege vulnerability exists in the way that the dnsrslvr.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.
To exploit the vulnerability, a locally authenticated attacker could run a specially crafted application.
The security update addresses the vulnerability
nvd