Microsoft Windows Server vulnerabilities

CVE-2020-0728 [MEDIUM] CVE-2020-0728: An information vulnerability exists when Windows Modules Installer Service improperly discloses file An information vulnerability exists when Windows Modules Installer Service improperly discloses file information, aka 'Windows Modules Installer Service Information Disclosure Vulnerability'.

CVE-2020-0716 [MEDIUM] CVE-2020-0716: An information disclosure vulnerability exists when the win32k component improperly provides kernel An information disclosure vulnerability exists when the win32k component improperly provides kernel information, aka 'Win32k Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-0717.

CVE-2020-0658 [MEDIUM] CVE-2020-0658: An information disclosure vulnerability exists in the Windows Common Log File System (CLFS) driver w An information disclosure vulnerability exists in the Windows Common Log File System (CLFS) driver when it fails to properly handle objects in memory, aka 'Windows Common Log File System Driver Information Disclosure Vulnerability'.

CVE-2020-0714 [MEDIUM] CVE-2020-0714: An information disclosure vulnerability exists when DirectX improperly handles objects in memory, ak An information disclosure vulnerability exists when DirectX improperly handles objects in memory, aka 'DirectX Information Disclosure Vulnerability'.

CVE-2020-0675 [MEDIUM] CVE-2020-0675: An information disclosure vulnerability exists in the Cryptography Next Generation (CNG) service whe An information disclosure vulnerability exists in the Cryptography Next Generation (CNG) service when it fails to properly handle objects in memory.To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application.The security update addresses the vulnerability by correcting how the service handles o

CVE-2020-0689 [MEDIUM] CVE-2020-0689: A security feature bypass vulnerability exists in secure boot, aka 'Microsoft Secure Boot Security F A security feature bypass vulnerability exists in secure boot, aka 'Microsoft Secure Boot Security Feature Bypass Vulnerability'.

CVE-2020-0705 [MEDIUM] CVE-2020-0705: An information disclosure vulnerability exists when the Windows Network Driver Interface Specificati An information disclosure vulnerability exists when the Windows Network Driver Interface Specification (NDIS) improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Network Driver Interface Specification (NDIS) Information Disclosure Vulnerability'.

CVE-2019-1454 [MEDIUM] CWE-269 CVE-2019-1454: An elevation of privilege vulnerability exists when the Windows User Profile Service (ProfSvc) impro An elevation of privilege vulnerability exists when the Windows User Profile Service (ProfSvc) improperly handles symlinks, aka 'Windows User Profile Service Elevation of Privilege Vulnerability'.

CVE-2019-9510 [HIGH] CWE-288 CVE-2019-9510: A vulnerability in Microsoft Windows 10 1803 and Windows Server 2019 and later systems can allow aut A vulnerability in Microsoft Windows 10 1803 and Windows Server 2019 and later systems can allow authenticated RDP-connected clients to gain access to user sessions without needing to interact with the Windows lock screen. Should a network anomaly trigger a temporary RDP disconnect, Automatic Reconnection of the RDP session will be restored to an unlock

CVE-2020-0609 [CRITICAL] CVE-2020-0609: A remote code execution vulnerability exists in Windows Remote Desktop Gateway (RD Gateway) when an A remote code execution vulnerability exists in Windows Remote Desktop Gateway (RD Gateway) when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests, aka 'Windows Remote Desktop Gateway (RD Gateway) Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0610.

CVE-2020-0611 [HIGH] CVE-2020-0611: A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connec A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server, aka 'Remote Desktop Client Remote Code Execution Vulnerability'.

CVE-2020-0624 [HIGH] CVE-2020-0624: An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properl An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0642.

CVE-2020-0638 [HIGH] CWE-59 CVE-2020-0638: An elevation of privilege vulnerability exists in the way the Update Notification Manager handles fi An elevation of privilege vulnerability exists in the way the Update Notification Manager handles files.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Update Notification Manager Elevation of Privilege Vulnerability'.

CVE-2020-0601 [HIGH] CWE-295 CVE-2020-0601: A spoofing vulnerability exists in the way Windows CryptoAPI (Crypt32.dll) validates Elliptic Curve A spoofing vulnerability exists in the way Windows CryptoAPI (Crypt32.dll) validates Elliptic Curve Cryptography (ECC) certificates.An attacker could exploit the vulnerability by using a spoofed code-signing certificate to sign a malicious executable, making it appear the file was from a trusted, legitimate source, aka 'Windows CryptoAPI Spoofing Vulnera

CVE-2020-0635 [HIGH] CWE-269 CVE-2020-0635: An elevation of privilege vulnerability exists in Microsoft Windows when Windows fails to properly h An elevation of privilege vulnerability exists in Microsoft Windows when Windows fails to properly handle certain symbolic links, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0644.

CVE-2020-0612 [HIGH] CVE-2020-0612: A denial of service vulnerability exists in Windows Remote Desktop Gateway (RD Gateway) when an atta A denial of service vulnerability exists in Windows Remote Desktop Gateway (RD Gateway) when an attacker connects to the target system using RDP and sends specially crafted requests, aka 'Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability'.

CVE-2020-0620 [HIGH] CVE-2020-0620: An elevation of privilege vulnerability exists when Microsoft Cryptographic Services improperly hand An elevation of privilege vulnerability exists when Microsoft Cryptographic Services improperly handles files, aka 'Microsoft Cryptographic Services Elevation of Privilege Vulnerability'.

CVE-2020-0634 [HIGH] CWE-416 CVE-2020-0634: An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory, aka 'Windows Common Log File System Driver Elevation of Privilege Vulnerability'.

CVE-2020-0613 [HIGH] CVE-2020-0613: An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles ob An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory, aka 'Windows Search Indexer Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0614, CVE-2020-0623, CVE-2020-0625, CVE-2020-0626, CVE-2020-0627, CVE-2020-0628, CVE-2020-0629, CVE-2020-0630, CVE-2020-0631, CVE-2020-0632, CV

CVE-2020-0641 [HIGH] CVE-2020-0641: An elevation of privilege vulnerability exists in Windows Media Service that allows file creation in An elevation of privilege vulnerability exists in Windows Media Service that allows file creation in arbitrary locations.To exploit the vulnerability, an attacker would first have to log on to the system, aka 'Microsoft Windows Elevation of Privilege Vulnerability'.