Microsoft Windows Server vulnerabilities

CVE-2020-1257 [HIGH] CVE-2020-1257: An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service i An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly handles file operations, aka 'Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1278, CVE-2020-1293.

CVE-2020-1196 [HIGH] CVE-2020-1196: An elevation of privilege vulnerability exists in the way that the printconfig.dll handles objects i An elevation of privilege vulnerability exists in the way that the printconfig.dll handles objects in memory, aka 'Windows Print Configuration Elevation of Privilege Vulnerability'.

CVE-2020-1201 [HIGH] CVE-2020-1201: An elevation of privilege vulnerability exists in the way the Windows Now Playing Session Manager ha An elevation of privilege vulnerability exists in the way the Windows Now Playing Session Manager handles objects in memory, aka 'Windows Now Playing Session Manager Elevation of Privilege Vulnerability'.

CVE-2020-1231 [HIGH] CVE-2020-1231: An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects i An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka 'Windows Runtime Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1233, CVE-2020-1235, CVE-2020-1265, CVE-2020-1282, CVE-2020-1304, CVE-2020-1306, CVE-2020-1334.

CVE-2020-1280 [HIGH] CVE-2020-1280: An elevation of privilege vulnerability exists in the way that the Windows Bluetooth Service handles An elevation of privilege vulnerability exists in the way that the Windows Bluetooth Service handles objects in memory, aka 'Windows Bluetooth Service Elevation of Privilege Vulnerability'.

CVE-2020-1207 [HIGH] CWE-416 CVE-2020-1207: An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1247, CVE-2020-1251, CVE-2020-1253, CVE-2020-1310.

CVE-2020-1301 [HIGH] CVE-2020-1301: A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 1.0 A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 1.0 (SMBv1) server handles certain requests, aka 'Windows SMB Remote Code Execution Vulnerability'.

CVE-2020-1286 [HIGH] CWE-20 CVE-2020-1286: A remote code execution vulnerability exists when the Windows Shell does not properly validate file A remote code execution vulnerability exists when the Windows Shell does not properly validate file paths.An attacker who successfully exploited this vulnerability could run arbitrary code in the context of the current user, aka 'Windows Shell Remote Code Execution Vulnerability'.

CVE-2020-0915 [HIGH] CVE-2020-0915: An elevation of privilege vulnerability exists in the way that the Windows Graphics Device Interface An elevation of privilege vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, aka 'Windows GDI Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0916.

CVE-2020-1270 [HIGH] CVE-2020-1270: An elevation of privilege vulnerability exists in the way that the wlansvc.dll handles objects in me An elevation of privilege vulnerability exists in the way that the wlansvc.dll handles objects in memory, aka 'Windows WLAN Service Elevation of Privilege Vulnerability'.

CVE-2020-1222 [HIGH] CVE-2020-1222: An elevation of privilege vulnerability exists when the Microsoft Store Runtime improperly handles m An elevation of privilege vulnerability exists when the Microsoft Store Runtime improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Microsoft Store Runtime Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1309.

CVE-2020-1217 [HIGH] CVE-2020-1217: An information disclosure vulnerability exists when the Windows Runtime improperly handles objects i An information disclosure vulnerability exists when the Windows Runtime improperly handles objects in memory, aka 'Windows Runtime Information Disclosure Vulnerability'.

CVE-2020-1279 [HIGH] CVE-2020-1279: An elevation of privilege vulnerability exists when Windows Lockscreen fails to properly load spotli An elevation of privilege vulnerability exists when Windows Lockscreen fails to properly load spotlight images from a secure location, aka 'Windows Lockscreen Elevation of Privilege Vulnerability'.

CVE-2020-1348 [MEDIUM] CVE-2020-1348: An information disclosure vulnerability exists when the Windows GDI component improperly discloses t An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'.

CVE-2020-1290 [MEDIUM] CVE-2020-1290: An information disclosure vulnerability exists when the win32k component improperly provides kernel An information disclosure vulnerability exists when the win32k component improperly provides kernel information, aka 'Win32k Information Disclosure Vulnerability'.

CVE-2020-1261 [MEDIUM] CVE-2020-1261: An information disclosure vulnerability exists in the way Windows Error Reporting (WER) handles obje An information disclosure vulnerability exists in the way Windows Error Reporting (WER) handles objects in memory, aka 'Windows Error Reporting Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-1263.

CVE-2020-1120 [MEDIUM] CVE-2020-1120: A denial of service vulnerability exists when Connected User Experiences and Telemetry Service impro A denial of service vulnerability exists when Connected User Experiences and Telemetry Service improperly handles file operations, aka 'Connected User Experiences and Telemetry Service Denial of Service Vulnerability'. This CVE ID is unique from CVE-2020-1244.

CVE-2020-1258 [MEDIUM] CVE-2020-1258: An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory, ak An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory, aka 'DirectX Elevation of Privilege Vulnerability'.

CVE-2020-1259 [MEDIUM] CVE-2020-1259: A security feature bypass vulnerability exists when Windows Host Guardian Service improperly handles A security feature bypass vulnerability exists when Windows Host Guardian Service improperly handles hashes recorded and logged, aka 'Windows Host Guardian Service Security Feature Bypass Vulnerability'.

CVE-2020-1296 [MEDIUM] CVE-2020-1296: A vulnerability exists in the way the Windows Diagnostics & feedback settings app handles object A vulnerability exists in the way the Windows Diagnostics & feedback settings app handles objects in memory, aka 'Windows Diagnostics & feedback Information Disclosure Vulnerability'.