Msrc Windows 10 Version 2004 vulnerabilities

CVE-2020-1589 [MEDIUM] Windows Kernel Information Disclosure Vulnerability Windows Kernel Information Disclosure Vulnerability Description: An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application.

CVE-2020-0989 [MEDIUM] Windows Mobile Device Management Diagnostics Information Disclosure Vulnerability Windows Mobile Device Management Diagnostics Information Disclosure Vulnerability Description: An information disclosure vulnerability exists when Windows Mobile Device Management (MDM) Diagnostics improperly handles junctions. An attacker who successfully exploited this vulnerability could bypass access restrictions to read files. To exploit this vulnerability, an attacker would first have

CVE-2020-0914 [MEDIUM] Windows State Repository Service Information Disclosure Vulnerability Windows State Repository Service Information Disclosure Vulnerability Description: An information disclosure vulnerability exists when the Windows State Repository Service improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system. An attacker could exploit this vulnerability by running a specially craf

CVE-2020-0875 [MEDIUM] Microsoft splwow64 Information Disclosure Vulnerability Microsoft splwow64 Information Disclosure Vulnerability Description: An information disclosure vulnerability exists in how splwow64.exe handles certain calls. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system (low-integrity to medium-integrity). This vulnerability by itself does not allow arbitrary code execution; however, it could allow arbitra

CVE-2020-1596 [MEDIUM] TLS Information Disclosure Vulnerability TLS Information Disclosure Vulnerability Description: A information disclosure vulnerability exists when TLS components use weak hash algorithms. An attacker who successfully exploited this vulnerability could obtain information to further compromise a users's encrypted transmission channel. To exploit the vulnerability, an attacker would have to conduct a man-in-the-middle attack. The update addresses the vulnerability by correcti

CVE-2020-1471 [HIGH] Windows CloudExperienceHost Elevation of Privilege Vulnerability Windows CloudExperienceHost Elevation of Privilege Vulnerability Description: An elevation of privilege vulnerability exists when Microsoft Windows CloudExperienceHost fails to check COM objects. An attacker who successfully exploited the vulnerability could gain elevated privileges on a targeted system. To exploit the vulnerability, an attacker would have to log on to an affected system and run a specially cr

CVE-2020-1554 [HIGH] Media Foundation Memory Corruption Vulnerability Media Foundation Memory Corruption Vulnerability Description: A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory. An attacker who successfully exploited the vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to

CVE-2020-1562 [HIGH] Microsoft Graphics Components Remote Code Execution Vulnerability Microsoft Graphics Components Remote Code Execution Vulnerability Description: A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code on a target system. To exploit the vulnerability, a user would have to open a specially crafted file. The security update addresse

CVE-2020-1515 [HIGH] Windows Telephony Server Elevation of Privilege Vulnerability Windows Telephony Server Elevation of Privilege Vulnerability Description: An elevation of privilege vulnerability exists when the Windows Telephony Server improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges. The security update addresses the vulnerability by

CVE-2020-1516 [HIGH] Windows Work Folders Service Elevation of Privilege Vulnerability Windows Work Folders Service Elevation of Privilege Vulnerability Description: An elevation of privilege vulnerability exists when the Windows Work Folders Service improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges. The security update addresses the vulne

CVE-2020-1526 [HIGH] Windows Network Connection Broker Elevation of Privilege Vulnerability Windows Network Connection Broker Elevation of Privilege Vulnerability Description: An elevation of privilege vulnerability exists when the Windows Network Connection Broker improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges. The security update addr

CVE-2020-1542 [HIGH] Windows Backup Engine Elevation of Privilege Vulnerability Windows Backup Engine Elevation of Privilege Vulnerability Description: An elevation of privilege vulnerability exists when the Windows Backup Engine improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges. The security update addresses the vulnerability by correctin

CVE-2020-1492 [HIGH] Media Foundation Memory Corruption Vulnerability Media Foundation Memory Corruption Vulnerability Description: A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory. An attacker who successfully exploited the vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to

CVE-2020-1478 [HIGH] Media Foundation Memory Corruption Vulnerability Media Foundation Memory Corruption Vulnerability Description: A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory. An attacker who successfully exploited the vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to

CVE-2020-1540 [HIGH] Windows Backup Engine Elevation of Privilege Vulnerability Windows Backup Engine Elevation of Privilege Vulnerability Description: An elevation of privilege vulnerability exists when the Windows Backup Engine improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges. The security update addresses the vulnerability by correctin

CVE-2020-1556 [HIGH] Windows WalletService Elevation of Privilege Vulnerability Windows WalletService Elevation of Privilege Vulnerability Description: An elevation of privilege vulnerability exists in the way that the Windows WalletService handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. To exploit the vulnerability, a locally authenticated attacker could run a specially crafted application. The security update ad

CVE-2020-1565 [HIGH] Windows Elevation of Privilege Vulnerability Windows Elevation of Privilege Vulnerability Description: An elevation of privilege vulnerability exists when the "Public Account Pictures" folder improperly handles junctions. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges. The security update addresses the vulnerability by correcting how Windows

CVE-2020-1553 [HIGH] Windows Runtime Elevation of Privilege Vulnerability Windows Runtime Elevation of Privilege Vulnerability Description: An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The update addresses the vulnera

CVE-2020-1551 [HIGH] Windows Backup Engine Elevation of Privilege Vulnerability Windows Backup Engine Elevation of Privilege Vulnerability Description: An elevation of privilege vulnerability exists when the Windows Backup Engine improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges. The security update addresses the vulnerability by correctin

CVE-2020-1533 [HIGH] Windows WalletService Elevation of Privilege Vulnerability Windows WalletService Elevation of Privilege Vulnerability Description: An elevation of privilege vulnerability exists in the way that the Windows WalletService handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. To exploit the vulnerability, a locally authenticated attacker could run a specially crafted application. The security update ad