Business

News

 
More...

Alerts

 
More...

Events

 
More...
 
     
 

Multiple Vulnerabilities in Windows

 

Systems Affected


Windows 10 for x64-based Systems
Windows 10 version 1607, 1709, 1803, 1809, 1903, 1909 for x64-based Systems
Windows 7 for x64-based Systems SP1
Windows 8.1 for x64-based Systems
Windows Server 2008 for x64-based Systems SP2 & Server Core installation
Windows Server 2008 R2 for x64-based Systems SP1 & Server Core installation
Windows Server 2012 & Server Core installation
Windows Server 2012 R2 & Server Core installation
Windows Server 2016 & Server Core installation
Windows Server 2019 & Server Core installation
Windows Server, version 1803 (Server Core Installation)
Windows Server, version 1903 (Server Core Installation)
Windows Server, version 1909 (Server Core Installation)

Threat Level


High


Overview


Multiple vulnerabilities have been identified by Microsoft Windows which could lead an attacker to bypass security restrictions, perform a denial of service (DoS) attack, access sensitive information, privilege escalation and finally executing arbitrary codes on the targeted system.


Description


1. Windows Hyper-V DoS Vulnerability (CVE 2020-0909)

   Denial of service vulnerability exists due to improperly handling the network packets. An attacker could send maliciously crafted network packets to the Hyper-V server and successful exploitation could lead to a DoS condition.

2. Information Disclosure Vulnerability (CVE 2020-0963, CVE 2020-1072, CVE 2020-1075, CVE 2020-1116, CVE 2020-1141, CVE 2020-1145, CVE 2020-1179)

  Multiple information disclosure vulnerability exists in Microsoft Windows due to the improper handling of memory objects.

3. Microsoft Windows Elevation of Privilege Vulnerability (CVE 2020-1010)

  The vulnerability resides in the Microsoft Windows Block Level Backup Engine Server due to improper handles of the file operations.

4. Windows Error Reporting Elevation of Privilege Vulnerability (CVE 2020-1021, CVE 2020- 1082, CVE 2020- 1086, CVE 2020- 1088, CVE 2020- 1132)

  Vulnerability resides in Microsoft Windows Error Reporting (WER) when WER handles and execute files. Successful exploitation could obtain information and take control of an affected system.

5. Elevation of Privilege Vulnerability (CVE 2020-1028, CVE 2020-1054, CVE 2020-1077, CVE 2020-1079, CVE 2020-1087, CVE 2020-1090, CVE 2020-1114, CVE 2020-1121, CVE 2020-1124, CVE 2020-1125, CVE 2020-1126, CVE 2020-1131, CVE 2020-1134, CVE 2020-1135, CVE 2020-1142, CVE 2020-1139, CVE 2020-1137, CVE 2020-1143, CVE 2020-1144, CVE 2020-1149, CVE 2020-1151, CVE 2020-1154, CVE 2020-1155, CVE 2020-1156, CVE 2020-1157, CVE 2020-1158, CVE 2020-1164, CVE 2020-1166, CVE 2020-1184, CVE 2020-1185, CVE 2020-1186, CVE 2020-1187, CVE 2020-1188, CVE 2020-1189, CVE 2020-1190, CVE 2020-1191)

6. Windows Print Spooler Elevation of Privilege Vulnerability (CVE 2020- 1048, CVE 2020-1070)

  Vulnerability resides in the Microsoft Windows Print Spooler service due to improperly allowing arbitrary writing to the files system.

7. Remote Code Execution Vulnerability (CVE 2020- 1051, CVE 2020-1061, CVE 2020-1174, CVE 2020-1175, CVE 2020-1176)

  Vulnerability exists in Microsoft Windows due to improper handling the objects in the memory.

8. Microsoft Active Directory Federation Service Cross-Site Scripting Vulnerability (CVE 2020-1055)

  Vulnerability exists in the Microsoft Active Directory Federation Service (ADFS) when user input does not properly sanitize by the affected ADFS.

9. Windows Remote Code Execution Vulnerability (CVE 2020- 1067, CVE 2020-1153)

  Vulnerability exist due to the improper handling of the objects in the memory.

10. Microsoft Windows Elevation of Privilege Vulnerability (CVE 2020-1068)

  Vulnerability resides in the Microsoft Windows Media Service.

11. Windows Remote Access Common Dialog Elevation of Privilege Vulnerability (CVE 2020-1071)

  Vulnerability exists due to the Microsoft Windows improperly handling errors tied to Remote Access Common Dialog.

12. Denial of Service Vulnerability (CVE 2020-1076, CVE 2020-1123)

  Vulnerability exists in Microsoft Windows due to improper handling of the objects in the memory.

13. Windows Installer Elevation of Privilege Vulnerability (CVE 2020-1078, CVE 2020-1138)

  Vulnerability resides in the Windows Installer due to improper handling the file operations by the affected system.

14. Windows Printer Serviceability Elevation of Privilege Vulnerability (CVE 2020-1081)

  Vulnerability resides in the Windows Printer Serviceability due to improper validation of file paths.

15. Connected User Experiences and Technology Service Denial of Service Vulnerability (CVE 2020-1084)

  An attacker could exploit this vulnerability just by sending a specially crafted document or convince user to visit a malicious web application.

16. Windows Update Stack Elevation of Privilege Vulnerability (CVE 2020-1109)

  Vulnerability exists in the Microsoft Windows Update Stack due to improperly handling the objects in the memory by the affected system.

17. Windows Clipboard Service Elevation of Privilege Vulnerability (CVE 2020-1110, CVE 2020-1140)

  Vulnerability exists in the Microsoft Windows Clipboard Service due to improper handling of the calls to Clipboard Service by the affected system. Successful exploitation will result in running arbitrary code in the security context of the local system.

18. Windows Background Intelligent Transfer Service Elevation of Privilege Vulnerability (CVE 2020-1111)

  This vulnerability exists in the Microsoft Windows Background Intelligent Transfer Service (BITS) IIS module due to improper handling of uploaded content by the affected system.

19. Windows Task Scheduler Security Feature Bypass Vulnerability (CVE 2020- 1165)

  This vulnerability exists in Microsoft Windows due to improper verification of client connections over RPC by the affected system. Successful exploitation of this vulnerability could result in arbitrary code being executed as an administrator of the system.

20. Remote Code Execution Vulnerability (CVE 2020-1112)

  This vulnerability exists in Microsoft Colour Management due to improper handling of the objects in the memory.

21. Microsoft Windows Transport Layer Security Denial of Service Vulnerability (CVE 2020-1113)

  Vulnerability resides in the Windows implementation of Transport Layer Security (TLS) due to improper handling of certain key exchanges.


Impact


  ✻  Disruption to your day to day activities
  ✻  Financial loss
  ✻  Expose of your personal and sensitive information


Solution/ Workarounds


  ✻  Apply the appropriate patches as mentioned in Microsoft Security Bulletin:
  https://portal.msrc.microsoft.com/en-us/


References


  ✻  https://www.cert-in.org.in
  ✻  https://portal.msrc.microsoft.com/en-us/


Disclaimer


The information provided herein is on "as is" basis, without warranty of any kind.


 
     

© Copyright Sri Lanka CERT|CC. All Rights Reserved.