Msrc Windows Server Version 2004 vulnerabilities

CVE-2020-1279 [HIGH] Windows Lockscreen Elevation of Privilege Vulnerability Windows Lockscreen Elevation of Privilege Vulnerability Description: An elevation of privilege vulnerability exists when Windows Lockscreen fails to properly load spotlight images from a secure location. An attacker who successfully exploited the vulnerability could execute commands with elevated permissions. An authenticated attacker could modify a registry value to exploit this vulnerability. The security update addr

CVE-2020-1276 [HIGH] Windows Kernel Elevation of Privilege Vulnerability Windows Kernel Elevation of Privilege Vulnerability Description: An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability,

CVE-2020-1120 [MEDIUM] Connected User Experiences and Telemetry Service Denial of Service Vulnerability Connected User Experiences and Telemetry Service Denial of Service Vulnerability Description: A denial of service vulnerability exists when Connected User Experiences and Telemetry Service improperly handles file operations. An attacker who successfully exploited this vulnerability could cause a system to stop responding. To exploit the vulnerability, an attacker would first have to log on to

CVE-2020-1292 [HIGH] OpenSSH for Windows Elevation of Privilege Vulnerability OpenSSH for Windows Elevation of Privilege Vulnerability Description: An elevation of privilege vulnerability exists in OpenSSH for Windows when it does not properly restrict access to configuration settings. An attacker who successfully exploited this vulnerability could replace the shell with a malicious binary. To exploit this vulnerability, an authenticated attacker would need to modify the OpenSSH for Windows con

CVE-2020-1268 [MEDIUM] Windows Service Information Disclosure Vulnerability Windows Service Information Disclosure Vulnerability Description: An information disclosure vulnerability exists when a Windows service improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application

CVE-2020-1241 [HIGH] Windows Kernel Security Feature Bypass Vulnerability Windows Kernel Security Feature Bypass Vulnerability Description: A security feature bypass vulnerability exists when Windows Kernel fails to properly sanitize certain parameters. To exploit the vulnerability, a locally-authenticated attacker could attempt to run a specially crafted application on a targeted system. The update addresses the vulnerability by correcting how Windows Kernel handles parameter sanitization. Mi

CVE-2020-1296 [MEDIUM] Windows Diagnostics & feedback Information Disclosure Vulnerability Windows Diagnostics & feedback Information Disclosure Vulnerability Description: A vulnerability exists in the way the Windows Diagnostics & feedback settings app handles objects in memory. An attacker who successfully exploited this vulnerability could cause additional diagnostic data from the affected device to be sent to Microsoft. To exploit the vulnerability, an attacker would have to log on to an af

CVE-2020-1232 [MEDIUM] Media Foundation Information Disclosure Vulnerability Media Foundation Information Disclosure Vulnerability Description: An information disclosure vulnerability exists when Media Foundation improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system. To exploit this vulnerability, an attacker would have to log onto an affected system and open a specially crafted file. In a

CVE-2020-1290 [MEDIUM] Win32k Information Disclosure Vulnerability Win32k Information Disclosure Vulnerability Description: An information disclosure vulnerability exists when the win32k component improperly provides kernel information. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The security

CVE-2020-1258 [MEDIUM] DirectX Elevation of Privilege Vulnerability DirectX Elevation of Privilege Vulnerability Description: An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would first have

CVE-2020-1197 [HIGH] Windows Error Reporting Manager Elevation of Privilege Vulnerability Windows Error Reporting Manager Elevation of Privilege Vulnerability Description: An elevation of privilege vulnerability exists when Windows Error Reporting manager improperly handles a process crash. An attacker who successfully exploited this vulnerability could delete a targeted file leading to an elevated status. To exploit this vulnerability, an attacker would first have to log on to the system. An a

CVE-2020-1259 [MEDIUM] Windows Host Guardian Service Security Feature Bypass Vulnerability Windows Host Guardian Service Security Feature Bypass Vulnerability Description: A security feature bypass vulnerability exists when Windows Host Guardian Service improperly handles hashes recorded and logged. An attacker who successfully exploited the vulnerability could tamper with the log file. In an attack scenario, an attacker can change existing event log types to a type the parsers do not interpret

CVE-2020-1204 [HIGH] Windows Mobile Device Management Diagnostics Elevation of Privilege Vulnerability Windows Mobile Device Management Diagnostics Elevation of Privilege Vulnerability Description: An elevation of privilege vulnerability exists when Windows Mobile Device Management (MDM) Diagnostics improperly handles junctions. An attacker who successfully exploited this vulnerability could bypass access restrictions to delete files. To exploit this vulnerability, an attacker would first have

CVE-2020-1244 [HIGH] Connected User Experiences and Telemetry Service Denial of Service Vulnerability Connected User Experiences and Telemetry Service Denial of Service Vulnerability Description: A denial of service vulnerability exists when Connected User Experiences and Telemetry Service improperly handles file operations. An attacker who successfully exploited this vulnerability could cause a system to stop responding. To exploit the vulnerability, an attacker would first have to log on to t

CVE-2020-1261 [MEDIUM] Windows Error Reporting Information Disclosure Vulnerability Windows Error Reporting Information Disclosure Vulnerability Description: An information disclosure vulnerability exists in the way Windows Error Reporting (WER) handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system. To exploit the vulnerability, an attacker would have to log on to an affected system and run a special

CVE-2020-1283 [MEDIUM] Windows Denial of Service Vulnerability Windows Denial of Service Vulnerability Description: A denial of service vulnerability exists when Windows improperly handles objects in memory. An attacker who successfully exploited the vulnerability could cause a target system to stop responding. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application or to convince a user to open a specific file on a network s

CVE-2020-0763 [HIGH] Windows Defender Security Center Elevation of Privilege Vulnerability Windows Defender Security Center Elevation of Privilege Vulnerability Description: An elevation of privilege vulnerability exists when Windows Defender Security Center handles certain objects in memory. To exploit the vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted command that could exploit the vulnerability to elevate privileges. The up

CVE-2020-0762 [HIGH] Windows Defender Security Center Elevation of Privilege Vulnerability Windows Defender Security Center Elevation of Privilege Vulnerability Description: An elevation of privilege vulnerability exists when Windows Defender Security Center handles certain objects in memory. To exploit the vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted command that could exploit the vulnerability to elevate privileges. The up

CVE-2019-1469 [MEDIUM] Win32k Information Disclosure Vulnerability Win32k Information Disclosure Vulnerability Description: An information disclosure vulnerability exists when the win32k component improperly provides kernel information. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The security