Msrc Windows Server Version 1903 vulnerabilities

CVE-2020-1578 [MEDIUM] Windows Kernel Information Disclosure Vulnerability Windows Kernel Information Disclosure Vulnerability Description: An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass. An attacker who successfully exploited the vulnerability could retrieve the memory address of a kernel object. To exploit the vulnerability, an attacker would

CVE-2020-1512 [HIGH] Windows State Repository Service Information Disclosure Vulnerability Windows State Repository Service Information Disclosure Vulnerability Description: An information disclosure vulnerability exists when the Windows State Repository Service improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system. An attacker could exploit this vulnerability by running a specially crafte

CVE-2020-1350 [CRITICAL] Windows DNS Server Remote Code Execution Vulnerability Windows DNS Server Remote Code Execution Vulnerability Description: A remote code execution vulnerability exists in Windows Domain Name System servers when they fail to properly handle requests. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the Local System Account. Windows servers that are configured as DNS servers are at risk from this vulnerability. To exploit

CVE-2020-1353 [HIGH] Windows Runtime Elevation of Privilege Vulnerability Windows Runtime Elevation of Privilege Vulnerability Description: An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The update addresses the vulnera

CVE-2020-1422 [HIGH] Windows Runtime Elevation of Privilege Vulnerability Windows Runtime Elevation of Privilege Vulnerability Description: An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The update addresses the vulnera

CVE-2020-1394 [HIGH] Windows Elevation of Privilege Vulnerability Windows Elevation of Privilege Vulnerability Description: An elevation of privilege vulnerability exists in the way that the Windows Geolocation Framework handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. To exploit the vulnerability, a locally authenticated attacker could run a specially crafted application. The security update addresses the vulnerab

CVE-2020-1369 [HIGH] Windows WalletService Elevation of Privilege Vulnerability Windows WalletService Elevation of Privilege Vulnerability Description: An elevation of privilege vulnerability exists in the way that the Windows WalletService handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. To exploit the vulnerability, a locally authenticated attacker could run a specially crafted application. The security update ad

CVE-2020-1399 [HIGH] Windows Runtime Elevation of Privilege Vulnerability Windows Runtime Elevation of Privilege Vulnerability Description: An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The update addresses the vulnera

CVE-2020-1355 [HIGH] Windows Font Driver Host Remote Code Execution Vulnerability Windows Font Driver Host Remote Code Execution Vulnerability Description: A remote code execution vulnerability exists when the Windows Font Driver Host improperly handles memory. An attacker who successfully exploited the vulnerability would gain execution on a victim system. The security update addresses the vulnerability by correcting how the Windows Font Driver Host handles memory. Microsoft Graphics Componen

CVE-2020-1424 [HIGH] Windows Update Stack Elevation of Privilege Vulnerability Windows Update Stack Elevation of Privilege Vulnerability Description: An elevation of privilege vulnerability exists when the Windows Update Stack fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit t

CVE-2020-1429 [HIGH] Windows Error Reporting Manager Elevation of Privilege Vulnerability Windows Error Reporting Manager Elevation of Privilege Vulnerability Description: An elevation of privilege vulnerability exists when Windows Error Reporting manager improperly handles a process crash. An attacker who successfully exploited this vulnerability could delete a targeted file leading to an elevated status. To exploit this vulnerability, an attacker would first have to log on to the system. An a

CVE-2020-1415 [HIGH] Windows Runtime Elevation of Privilege Vulnerability Windows Runtime Elevation of Privilege Vulnerability Description: An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The update addresses the vulnera

CVE-2020-1381 [HIGH] Windows Graphics Component Elevation of Privilege Vulnerability Windows Graphics Component Elevation of Privilege Vulnerability Description: An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. In a local attack scenario, an attacker could exploit this vulnerability by running a specially crafted applicatio

CVE-2020-1368 [HIGH] Windows Credential Enrollment Manager Service Elevation of Privilege Vulnerability Windows Credential Enrollment Manager Service Elevation of Privilege Vulnerability Description: An elevation of privilege vulnerability exists in the way that the Credential Enrollment Manager service handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. To exploit the vulnerability, a locally authenticated attacker c

CVE-2020-1395 [HIGH] Windows Elevation of Privilege Vulnerability Windows Elevation of Privilege Vulnerability Description: An elevation of privilege vulnerability exists in the way that the Windows Speech Brokered API handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. To exploit the vulnerability, a locally authenticated attacker could run a specially crafted application. The security update addresses the vulnerabil

CVE-2020-1411 [HIGH] Windows Kernel Elevation of Privilege Vulnerability Windows Kernel Elevation of Privilege Vulnerability Description: An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability,

CVE-2020-1363 [HIGH] Windows Picker Platform Elevation of Privilege Vulnerability Windows Picker Platform Elevation of Privilege Vulnerability Description: An elevation of privilege vulnerability exists when the Windows Picker Platform improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges. The security update addresses the vulnerability by cor

CVE-2020-1406 [HIGH] Windows Network List Service Elevation of Privilege Vulnerability Windows Network List Service Elevation of Privilege Vulnerability Description: An elevation of privilege vulnerability exists in the way that the Windows Network List Service handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. To exploit the vulnerability, a locally authenticated attacker could run a specially crafted application. T

CVE-2020-1364 [HIGH] Windows WalletService Denial of Service Vulnerability Windows WalletService Denial of Service Vulnerability Description: A denial of service vulnerability exists in the way that the WalletService handles files. An attacker who successfully exploited the vulnerability could corrupt system files. To exploit the vulnerability, an attacker would first need code execution on a victim system. An attacker could then run a specially crafted application. The security update addresse

CVE-2020-1336 [HIGH] Windows Kernel Elevation of Privilege Vulnerability Windows Kernel Elevation of Privilege Vulnerability Description: An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. To exploit the vulnerability, a locally authenticated attacker could run a specially crafted application. The security update addresses the vulnerabi