Msrc Windows 7 vulnerabilities

CVE-2020-0877 [HIGH] Win32k Elevation of Privilege Vulnerability Win32k Elevation of Privilege Vulnerability Description: An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an

CVE-2020-0645 [HIGH] Microsoft IIS Server Tampering Vulnerability Microsoft IIS Server Tampering Vulnerability Description: A tampering vulnerability exists when Microsoft IIS Server improperly handles malformed request headers. An attacker who successfully exploited the vulnerability could cause a vulnerable server to improperly process HTTP headers and tamper with the responses returned to clients. To exploit the vulnerability, an attacker would need to send a malformed HTTP request to an aff

CVE-2020-0804 [HIGH] Windows Network Connections Service Elevation of Privilege Vulnerability Windows Network Connections Service Elevation of Privilege Vulnerability Description: An elevation of privilege vulnerability exists in the way that the Windows Network Connections Service handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. To exploit the vulnerability, a locally authenticated attacker could run a specially c

CVE-2020-0814 [HIGH] Windows Installer Elevation of Privilege Vulnerability Windows Installer Elevation of Privilege Vulnerability Description: An elevation of privilege vulnerability exists in Windows Installer because of the way Windows Installer handles certain filesystem operations. To exploit the vulnerability, an attacker would require unprivileged execution on the victim system. After successfully exploiting the vulnerability, an attacker could run arbitrary code with elevated privileges

CVE-2020-0844 [HIGH] Connected User Experiences and Telemetry Service Elevation of Privilege Vulnerability Connected User Experiences and Telemetry Service Elevation of Privilege Vulnerability Description: An elevation of privilege vulnerability exists when Connected User Experiences and Telemetry Service improperly handles file operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could exploit this vulnerability by runnin

CVE-2020-0772 [HIGH] Windows Error Reporting Elevation of Privilege Vulnerability Windows Error Reporting Elevation of Privilege Vulnerability Description: An elevation of privilege vulnerability exists when Windows Error Reporting improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges. The security update addresses the vulnerability by correct

CVE-2020-0860 [HIGH] Windows ActiveX Installer Service Elevation of Privilege Vulnerability Windows ActiveX Installer Service Elevation of Privilege Vulnerability Description: An elevation of privilege vulnerability exists when the Windows ActiveX Installer Service improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges. The security update addr

CVE-2020-0803 [HIGH] Windows Network Connections Service Elevation of Privilege Vulnerability Windows Network Connections Service Elevation of Privilege Vulnerability Description: An elevation of privilege vulnerability exists in the way that the Windows Network Connections Service handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. To exploit the vulnerability, a locally authenticated attacker could run a specially c

CVE-2020-0787 [HIGH] Windows Background Intelligent Transfer Service Elevation of Privilege Vulnerability Windows Background Intelligent Transfer Service Elevation of Privilege Vulnerability Description: An elevation of privilege vulnerability exists when the Windows Background Intelligent Transfer Service (BITS) improperly handles symbolic links. An attacker who successfully exploited this vulnerability could overwrite a targeted file leading to an elevated status. To exploit this vulnerabilit

CVE-2020-0842 [HIGH] Windows Installer Elevation of Privilege Vulnerability Windows Installer Elevation of Privilege Vulnerability Description: An elevation of privilege vulnerability exists in Windows Installer because of the way Windows Installer handles certain filesystem operations. To exploit the vulnerability, an attacker would require unprivileged execution on the victim system. After successfully exploiting the vulnerability, an attacker could run arbitrary code with elevated privileges

CVE-2020-0774 [MEDIUM] Windows GDI Information Disclosure Vulnerability Windows GDI Information Disclosure Vulnerability Description: An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a special

CVE-2020-0879 [MEDIUM] Windows GDI Information Disclosure Vulnerability Windows GDI Information Disclosure Vulnerability Description: An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system. By itself, the information disclosure does not allow arbitrary code execution; however, it could allow arbitrary code to be run if the attacker uses it in combina

CVE-2020-0883 [HIGH] GDI+ Remote Code Execution Vulnerability GDI+ Remote Code Execution Vulnerability Description: A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are conf

CVE-2020-0881 [HIGH] GDI+ Remote Code Execution Vulnerability GDI+ Remote Code Execution Vulnerability Description: A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are conf

CVE-2020-0871 [MEDIUM] Windows Network Connections Service Information Disclosure Vulnerability Windows Network Connections Service Information Disclosure Vulnerability Description: An information disclosure vulnerability exists when Windows Network Connections Service fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could potentially disclose memory contents of an elevated process. To exploit this vulnerability, an authenticated attacker coul

CVE-2020-0880 [MEDIUM] Windows GDI Information Disclosure Vulnerability Windows GDI Information Disclosure Vulnerability Description: An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a special

CVE-2020-0882 [MEDIUM] Windows GDI Information Disclosure Vulnerability Windows GDI Information Disclosure Vulnerability Description: An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a special

CVE-2020-0853 [MEDIUM] Windows Imaging Component Information Disclosure Vulnerability Windows Imaging Component Information Disclosure Vulnerability Description: An information disclosure vulnerability exists in Windows when the Windows Imaging Component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user's system. There are multiple ways an attacker could exploit this vulnerability: In a

CVE-2020-0885 [MEDIUM] Windows Graphics Component Information Disclosure Vulnerability Windows Graphics Component Information Disclosure Vulnerability Description: An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise a user’s system. There are multiple ways an attacker could exploit the vulnerability, such as by convinc

CVE-2020-0686 [HIGH] Windows Installer Elevation of Privilege Vulnerability Windows Installer Elevation of Privilege Vulnerability Description: An elevation of privilege vulnerability exists in the Windows Installer when MSI packages process symbolic links. An attacker who successfully exploited this vulnerability could bypass access restrictions to add or remove files. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially cr