Msrc Windows Server 2019 vulnerabilities

CVE-2020-17140 [HIGH] Windows SMB Information Disclosure Vulnerability Windows SMB Information Disclosure Vulnerability FAQ: Does this security update target the Server or Client side? In this case the fix targets both sides. Specifically the smb2.srv binary is the primary fix target, which is housed on both sides of the connection. FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this

CVE-2020-17092 [HIGH] Windows Network Connections Service Elevation of Privilege Vulnerability Windows Network Connections Service Elevation of Privilege Vulnerability Microsoft Windows: Microsoft Windows Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Privilege Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely Reference: https://catalog.update.microsoft.com/v7/site/Sea

CVE-2020-16962 [HIGH] Windows Backup Engine Elevation of Privilege Vulnerability Windows Backup Engine Elevation of Privilege Vulnerability Windows Backup Engine: Windows Backup Engine Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Privilege Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4592438

CVE-2020-17136 [HIGH] Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability Microsoft Windows: Microsoft Windows Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Privilege Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely Reference: https://catalog.update.microsoft.com/v7/si

CVE-2020-17096 [HIGH] Windows NTFS Remote Code Execution Vulnerability Windows NTFS Remote Code Execution Vulnerability FAQ: How would an attacker exploit this vulnerability? A local attacker could run a specially crafted application that would elevate the attacker's privileges. A remote attacker with SMBv2 access to a vulnerable system could send specially crafted requests over a network to exploit this vulnerability and execute code on the target system. Windows SMB: Windows SMB Microsoft:

CVE-2020-16958 [HIGH] Windows Backup Engine Elevation of Privilege Vulnerability Windows Backup Engine Elevation of Privilege Vulnerability Windows Backup Engine: Windows Backup Engine Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Privilege Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4592438

CVE-2020-16964 [HIGH] Windows Backup Engine Elevation of Privilege Vulnerability Windows Backup Engine Elevation of Privilege Vulnerability Windows Backup Engine: Windows Backup Engine Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Privilege Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4592438

CVE-2020-17134 [HIGH] Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability Microsoft Windows: Microsoft Windows Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Privilege Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely Reference: https://catalog.update.microsoft.com/v7/si

CVE-2020-17095 [HIGH] Windows Hyper-V Remote Code Execution Vulnerability Windows Hyper-V Remote Code Execution Vulnerability FAQ: How could an attacker exploit this vulnerability? To exploit this vulnerability, an attacker could run a specially crafted application on a Hyper-V guest that could cause the Hyper-V host operating system to execute arbitrary code when it fails to properly validate vSMB packet data. Windows Hyper-V: Windows Hyper-V Microsoft: Microsoft Customer Action Required: Y

CVE-2020-16960 [HIGH] Windows Backup Engine Elevation of Privilege Vulnerability Windows Backup Engine Elevation of Privilege Vulnerability Windows Backup Engine: Windows Backup Engine Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Privilege Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4592438

CVE-2020-16959 [HIGH] Windows Backup Engine Elevation of Privilege Vulnerability Windows Backup Engine Elevation of Privilege Vulnerability Windows Backup Engine: Windows Backup Engine Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Privilege Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4592438

CVE-2020-16961 [HIGH] Windows Backup Engine Elevation of Privilege Vulnerability Windows Backup Engine Elevation of Privilege Vulnerability Windows Backup Engine: Windows Backup Engine Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Privilege Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4592438

CVE-2020-17139 [HIGH] Windows Overlay Filter Security Feature Bypass Vulnerability Windows Overlay Filter Security Feature Bypass Vulnerability Microsoft Windows: Microsoft Windows Microsoft: Microsoft Customer Action Required: Yes Impact: Security Feature Bypass Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4592438 R

CVE-2020-16963 [HIGH] Windows Backup Engine Elevation of Privilege Vulnerability Windows Backup Engine Elevation of Privilege Vulnerability Windows Backup Engine: Windows Backup Engine Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Privilege Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4592446

CVE-2020-17094 [MEDIUM] Windows Error Reporting Information Disclosure Vulnerability Windows Error Reporting Information Disclosure Vulnerability FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is unauthorized file system access - reading from the file system. Windows Error Reporting: Windows Error Reporting Microsoft: Microsoft Customer Action Required: Yes Impac

CVE-2020-17099 [MEDIUM] Windows Lock Screen Security Feature Bypass Vulnerability Windows Lock Screen Security Feature Bypass Vulnerability FAQ: How could an attacker exploit this vulnerability? An authenticated user would need to lock their active session. An attacker with physical access could then perform actions that would allow them to execute code from the Windows lock screen in the context of the active user session. NOTE: This can only be exploited if a user has already logged in and lo

CVE-2020-17098 [MEDIUM] Windows GDI+ Information Disclosure Vulnerability Windows GDI+ Information Disclosure Vulnerability FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is memory layout - the vulnerability allows an attacker to collect information that facilitates predicting addressing of the memory. Microsoft Graphics Component: Microsoft Graphics Component Micr

CVE-2020-16996 [MEDIUM] Kerberos Security Feature Bypass Vulnerability Kerberos Security Feature Bypass Vulnerability FAQ: Does this security fix require any additional steps in order to be protected from this issue? Yes, for guidelines on how to manage the changes required for this vulnerability and more information on the phased rollout, see Managing deployment of RBCD/Protected User changes for CVE-2020-16996. Microsoft Windows: Microsoft Windows Microsoft: Microsoft Customer Action Requi

CVE-2020-17097 [LOW] Windows Digital Media Receiver Elevation of Privilege Vulnerability Windows Digital Media Receiver Elevation of Privilege Vulnerability Windows Media: Windows Media Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Privilege Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB459243

CVE-2020-17051 [CRITICAL] Windows Network File System Remote Code Execution Vulnerability Windows Network File System Remote Code Execution Vulnerability FAQ: What is the attack vector for this vulnerability? In a network-based attack an attacker with write access to an NFS share could execute code remotely within the kernel. Is this CVE wormable? This CVE is wormable between machines hosting writable NFS shares. Where should the customer be applying the update? The vulnerability only exists in