Msrc Windows 10 Version 1803 vulnerabilities

CVE-2020-1259 [MEDIUM] Windows Host Guardian Service Security Feature Bypass Vulnerability Windows Host Guardian Service Security Feature Bypass Vulnerability Description: A security feature bypass vulnerability exists when Windows Host Guardian Service improperly handles hashes recorded and logged. An attacker who successfully exploited the vulnerability could tamper with the log file. In an attack scenario, an attacker can change existing event log types to a type the parsers do not interpret

CVE-2020-1253 [MEDIUM] Win32k Elevation of Privilege Vulnerability Win32k Elevation of Privilege Vulnerability Description: An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulne

CVE-2020-1263 [MEDIUM] Windows Error Reporting Information Disclosure Vulnerability Windows Error Reporting Information Disclosure Vulnerability Description: An information disclosure vulnerability exists in the way Windows Error Reporting (WER) handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system. To exploit the vulnerability, an attacker would have to log on to an affected system and run a special

CVE-2020-1261 [MEDIUM] Windows Error Reporting Information Disclosure Vulnerability Windows Error Reporting Information Disclosure Vulnerability Description: An information disclosure vulnerability exists in the way Windows Error Reporting (WER) handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system. To exploit the vulnerability, an attacker would have to log on to an affected system and run a special

CVE-2020-1283 [MEDIUM] Windows Denial of Service Vulnerability Windows Denial of Service Vulnerability Description: A denial of service vulnerability exists when Windows improperly handles objects in memory. An attacker who successfully exploited the vulnerability could cause a target system to stop responding. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application or to convince a user to open a specific file on a network s

CVE-2020-1090 [HIGH] Windows Runtime Elevation of Privilege Vulnerability Windows Runtime Elevation of Privilege Vulnerability Description: An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The update addresses the vulnera

CVE-2020-1175 [HIGH] Jet Database Engine Remote Code Execution Vulnerability Jet Database Engine Remote Code Execution Vulnerability Description: A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the v

CVE-2020-1186 [HIGH] Windows State Repository Service Elevation of Privilege Vulnerability Windows State Repository Service Elevation of Privilege Vulnerability Description: An elevation of privilege vulnerability exists when the Windows State Repository Service improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on

CVE-2020-1086 [HIGH] Windows Runtime Elevation of Privilege Vulnerability Windows Runtime Elevation of Privilege Vulnerability Description: An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The update addresses the vulnera

CVE-2020-1189 [HIGH] Windows State Repository Service Elevation of Privilege Vulnerability Windows State Repository Service Elevation of Privilege Vulnerability Description: An elevation of privilege vulnerability exists when the Windows State Repository Service improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on

CVE-2020-1185 [HIGH] Windows State Repository Service Elevation of Privilege Vulnerability Windows State Repository Service Elevation of Privilege Vulnerability Description: An elevation of privilege vulnerability exists when the Windows State Repository Service improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on

CVE-2020-1188 [HIGH] Windows State Repository Service Elevation of Privilege Vulnerability Windows State Repository Service Elevation of Privilege Vulnerability Description: An elevation of privilege vulnerability exists when the Windows State Repository Service improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on

CVE-2020-1164 [HIGH] Windows Runtime Elevation of Privilege Vulnerability Windows Runtime Elevation of Privilege Vulnerability Description: An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The update addresses the vulnera

CVE-2020-1021 [HIGH] Windows Error Reporting Elevation of Privilege Vulnerability Windows Error Reporting Elevation of Privilege Vulnerability Description: An elevation of privilege vulnerability exists in Windows Error Reporting (WER) when WER handles and executes files. The vulnerability could allow elevation of privilege if an attacker can successfully exploit it. An attacker who successfully exploited the vulnerability could gain greater access to sensitive information and system functional

CVE-2020-1112 [CRITICAL] Windows Background Intelligent Transfer Service Elevation of Privilege Vulnerability Windows Background Intelligent Transfer Service Elevation of Privilege Vulnerability Description: An elevation of privilege vulnerability exists when the Windows Background Intelligent Transfer Service (BITS) IIS module improperly handles uploaded content. An attacker who successfully exploited this vulnerability could upload restricted file types to an IIS-hosted folder. To exploit thi

CVE-2020-0909 [HIGH] Windows Hyper-V Denial of Service Vulnerability Windows Hyper-V Denial of Service Vulnerability Description: A denial of service vulnerability exists when Hyper-V on a Windows Server fails to properly handle specially crafted network packets. To exploit the vulnerability, an attacker would send specially crafted network packets to the Hyper-V Server. The security update addresses the vulnerability by resolving the conditions where Hyper-V would fail to properly handle these

CVE-2020-1143 [HIGH] Win32k Elevation of Privilege Vulnerability Win32k Elevation of Privilege Vulnerability Description: An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnera

CVE-2020-1149 [HIGH] Windows Runtime Elevation of Privilege Vulnerability Windows Runtime Elevation of Privilege Vulnerability Description: An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The update addresses the vulnera

CVE-2020-1190 [HIGH] Windows State Repository Service Elevation of Privilege Vulnerability Windows State Repository Service Elevation of Privilege Vulnerability Description: An elevation of privilege vulnerability exists when the Windows State Repository Service improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on

CVE-2020-1070 [HIGH] Windows Print Spooler Elevation of Privilege Vulnerability Windows Print Spooler Elevation of Privilege Vulnerability Description: An elevation of privilege vulnerability exists when the Windows Print Spooler service improperly allows arbitrary writing to the file system. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new acco