Microsoft Windows Server vulnerabilities

CVE-2020-1386 [MEDIUM] CVE-2020-1386: An information vulnerability exists when Windows Connected User Experiences and Telemetry Service im An information vulnerability exists when Windows Connected User Experiences and Telemetry Service improperly discloses file information, aka 'Connected User Experiences and Telemetry Service Information Disclosure Vulnerability'.

CVE-2020-1358 [MEDIUM] CVE-2020-1358: An information disclosure vulnerability exists when the Windows Resource Policy component improperly An information disclosure vulnerability exists when the Windows Resource Policy component improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Resource Policy Information Disclosure Vulnerability'.

CVE-2020-1361 [MEDIUM] CVE-2020-1361: An information disclosure vulnerability exists in the way that the WalletService handles memory.To e An information disclosure vulnerability exists in the way that the WalletService handles memory.To exploit the vulnerability, an attacker would first need code execution on a victim system, aka 'Windows WalletService Information Disclosure Vulnerability'.

CVE-2020-1419 [MEDIUM] CVE-2020-1419: An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address, aka 'Windows Kernel Information An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-1367, CVE-2020-1389, CVE-2020-1426.

CVE-2020-1267 [MEDIUM] CVE-2020-1267: This security update corrects a denial of service in the Local Security Authority Subsystem Service This security update corrects a denial of service in the Local Security Authority Subsystem Service (LSASS) caused when an authenticated attacker sends a specially crafted authentication request, aka 'Local Security Authority Subsystem Service Denial of Service Vulnerability'.

CVE-2020-1367 [MEDIUM] CVE-2020-1367: An information disclosure vulnerability exists when the Windows kernel improperly handles objects in An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-1389, CVE-2020-1419, CVE-2020-1426.

CVE-2020-1389 [MEDIUM] CVE-2020-1389: An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address, aka 'Windows Kernel Information An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-1367, CVE-2020-1419, CVE-2020-1426.

CVE-2020-1426 [MEDIUM] CVE-2020-1426: An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosur An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-1367, CVE-2020-1389, CVE-2020-1419.

CVE-2020-1207 [HIGH] CWE-416 CVE-2020-1207: An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1247, CVE-2020-1251, CVE-2020-1253, CVE-2020-1310.

CVE-2020-1197 [HIGH] CVE-2020-1197: An elevation of privilege vulnerability exists when Windows Error Reporting manager improperly handl An elevation of privilege vulnerability exists when Windows Error Reporting manager improperly handles a process crash, aka 'Windows Error Reporting Manager Elevation of Privilege Vulnerability'.

CVE-2020-1294 [HIGH] CVE-2020-1294: An elevation of privilege vulnerability exists in the way that the Windows WalletService handles objects in memory, aka 'Windows WalletService Elevati An elevation of privilege vulnerability exists in the way that the Windows WalletService handles objects in memory, aka 'Windows WalletService Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1287.

CVE-2020-1247 [HIGH] CVE-2020-1247: An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory, aka 'Win32k An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1207, CVE-2020-1251, CVE-2020-1253, CVE-2020-1310.

CVE-2020-1212 [HIGH] CVE-2020-1212: An elevation of privilege vulnerability exists when an OLE Automation component improperly handles m An elevation of privilege vulnerability exists when an OLE Automation component improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'OLE Automation Elevation of Privilege Vulnerability'.

CVE-2020-1291 [HIGH] CVE-2020-1291: An elevation of privilege vulnerability exists in the way that the Windows Network Connections Servi An elevation of privilege vulnerability exists in the way that the Windows Network Connections Service handles objects in memory, aka 'Windows Network Connections Service Elevation of Privilege Vulnerability'.

CVE-2020-1196 [HIGH] CVE-2020-1196: An elevation of privilege vulnerability exists in the way that the printconfig.dll handles objects i An elevation of privilege vulnerability exists in the way that the printconfig.dll handles objects in memory, aka 'Windows Print Configuration Elevation of Privilege Vulnerability'.

CVE-2020-1277 [HIGH] CVE-2020-1277: An elevation of privilege vulnerability exists in Windows Installer because of the way Windows Installer handles certain filesystem operations An elevation of privilege vulnerability exists in Windows Installer because of the way Windows Installer handles certain filesystem operations.To exploit the vulnerability, an attacker would require unprivileged execution on the victim system, aka 'Windows Installer Elevation of Privilege Vulnerability'. This CVE ID is

CVE-2020-1211 [HIGH] CVE-2020-1211: An elevation of privilege vulnerability exists in the way that the Connected Devices Platform Servic An elevation of privilege vulnerability exists in the way that the Connected Devices Platform Service handles objects in memory, aka 'Connected Devices Platform Service Elevation of Privilege Vulnerability'.

CVE-2020-1266 [HIGH] CVE-2020-1266: An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Pr An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0986, CVE-2020-1237, CVE-2020-1246, CVE-2020-1262, CVE-2020-1264, CVE-2020-1269, CVE-2020-1273, CVE-202

CVE-2020-1203 [HIGH] CVE-2020-1203: An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector or the Visual Studio Standard Collector fail to properly ha An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector or the Visual Studio Standard Collector fail to properly handle objects in memory, aka 'Diagnostic Hub Standard Collector Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1202.

CVE-2020-1255 [HIGH] CVE-2020-1255: An elevation of privilege vulnerability exists when the Windows Background Intelligent Transfer Serv An elevation of privilege vulnerability exists when the Windows Background Intelligent Transfer Service (BITS) IIS module improperly handles uploaded content, aka 'Windows Background Intelligent Transfer Service Elevation of Privilege Vulnerability'.