Msrc Windows Server Version 1909 vulnerabilities

CVE-2020-0896 [HIGH] Windows Hard Link Elevation of Privilege Vulnerability Windows Hard Link Elevation of Privilege Vulnerability Description: An elevation of privilege vulnerability exists when Windows improperly handles hard links. An attacker who successfully exploited this vulnerability could overwrite a targeted file leading to an elevated status. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application

CVE-2020-0897 [HIGH] Windows Work Folder Service Elevation of Privilege Vulnerability Windows Work Folder Service Elevation of Privilege Vulnerability Description: An elevation of privilege vulnerability exists when the Windows Work Folder Service improperly handles file operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The

CVE-2020-0810 [HIGH] Diagnostic Hub Standard Collector Elevation of Privilege Vulnerability Diagnostic Hub Standard Collector Elevation of Privilege Vulnerability Description: An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector or the Visual Studio Standard Collector allows file creation in arbitrary locations. To exploit the vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that

CVE-2020-0869 [HIGH] Media Foundation Memory Corruption Vulnerability Media Foundation Memory Corruption Vulnerability Description: A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory. An attacker who successfully exploited the vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to

CVE-2020-0866 [HIGH] Windows Work Folder Service Elevation of Privilege Vulnerability Windows Work Folder Service Elevation of Privilege Vulnerability Description: An elevation of privilege vulnerability exists when the Windows Work Folder Service improperly handles file operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The

CVE-2020-0857 [HIGH] Windows Search Indexer Elevation of Privilege Vulnerability Windows Search Indexer Elevation of Privilege Vulnerability Description: An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. To exploit the vulnerability, a locally authenticated attacker could run a specially crafted application. The security update

CVE-2020-0868 [HIGH] Windows Update Orchestrator Service Elevation of Privilege Vulnerability Windows Update Orchestrator Service Elevation of Privilege Vulnerability Description: An elevation of privilege vulnerability exists when the Windows Update Orchestrator Service improperly handles file operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application o

CVE-2020-0867 [HIGH] Windows Update Orchestrator Service Elevation of Privilege Vulnerability Windows Update Orchestrator Service Elevation of Privilege Vulnerability Description: An elevation of privilege vulnerability exists when the Windows Update Orchestrator Service improperly handles file operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application o

CVE-2020-0840 [HIGH] Windows Hard Link Elevation of Privilege Vulnerability Windows Hard Link Elevation of Privilege Vulnerability Description: An elevation of privilege vulnerability exists when Windows improperly handles hard links. An attacker who successfully exploited this vulnerability could overwrite a targeted file leading to an elevated status. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application

CVE-2020-0865 [HIGH] Windows Work Folder Service Elevation of Privilege Vulnerability Windows Work Folder Service Elevation of Privilege Vulnerability Description: An elevation of privilege vulnerability exists when the Windows Work Folder Service improperly handles file operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The

CVE-2020-0854 [HIGH] Windows Mobile Device Management Diagnostics Elevation of Privilege Vulnerability Windows Mobile Device Management Diagnostics Elevation of Privilege Vulnerability Description: An elevation of privilege vulnerability exists when Windows Mobile Device Management (MDM) Diagnostics improperly handles junctions. An attacker who successfully exploited this vulnerability could bypass access restrictions to delete files. To exploit this vulnerability, an attacker would first have

CVE-2020-0819 [HIGH] Windows Device Setup Manager Elevation of Privilege Vulnerability Windows Device Setup Manager Elevation of Privilege Vulnerability Description: An elevation of privilege vulnerability exists when the Windows Device Setup Manager improperly handles file operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on the victim system.

CVE-2020-0844 [HIGH] Connected User Experiences and Telemetry Service Elevation of Privilege Vulnerability Connected User Experiences and Telemetry Service Elevation of Privilege Vulnerability Description: An elevation of privilege vulnerability exists when Connected User Experiences and Telemetry Service improperly handles file operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could exploit this vulnerability by runnin

CVE-2020-0858 [HIGH] Windows Elevation of Privilege Vulnerability Windows Elevation of Privilege Vulnerability Description: An elevation of privilege vulnerability exists when the "Public Account Pictures" folder improperly handles junctions. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges. The security update addresses the vulnerability by correcting how Windows

CVE-2020-0809 [HIGH] Media Foundation Memory Corruption Vulnerability Media Foundation Memory Corruption Vulnerability Description: A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory. An attacker who successfully exploited the vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to

CVE-2020-0797 [HIGH] Windows Work Folder Service Elevation of Privilege Vulnerability Windows Work Folder Service Elevation of Privilege Vulnerability Description: An elevation of privilege vulnerability exists when the Windows Work Folder Service improperly handles file operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The

CVE-2020-0874 [MEDIUM] Windows GDI Information Disclosure Vulnerability Windows GDI Information Disclosure Vulnerability Description: An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system. By itself, the information disclosure does not allow arbitrary code execution; however, it could allow arbitrary code to be run if the attacker uses it in combina

CVE-2020-0879 [MEDIUM] Windows GDI Information Disclosure Vulnerability Windows GDI Information Disclosure Vulnerability Description: An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system. By itself, the information disclosure does not allow arbitrary code execution; however, it could allow arbitrary code to be run if the attacker uses it in combina

CVE-2020-0861 [HIGH] Windows Network Driver Interface Specification (NDIS) Information Disclosure Vulnerability Windows Network Driver Interface Specification (NDIS) Information Disclosure Vulnerability Description: An information disclosure vulnerability exists when the Windows Network Driver Interface Specification (NDIS) improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted

CVE-2020-0863 [MEDIUM] Connected User Experiences and Telemetry Service Information Disclosure Vulnerability Connected User Experiences and Telemetry Service Information Disclosure Vulnerability Description: An information vulnerability exists when Windows Connected User Experiences and Telemetry Service improperly discloses file information. Successful exploitation of the vulnerability could allow the attacker to read any file on the file system. To exploit the vulnerability, an attacker would