Download
| Alert*
|
CVE-2020-1220
A spoofing vulnerability exists when theMicrosoft Edge (Chromium-based) in IE Mode improperly handles specific redirects, aka 'Microsoft Edge (Chromium-based) in IE Mode Spoofing Vulnerability'. CVE-2021-31960 Windows Bind Filter Driver Information Disclosure Vulnerability CVE-2021-33739 Microsoft DWM Core Library Elevation of Privilege Vulnerability CVE-2021-1726 Microsoft SharePoint Server Spoofing Vulnerability CVE-2021-24075 Microsoft Windows VMSwitch Denial of Service Vulnerability CVE-2021-28324 Windows SMB Information Disclosure Vulnerability CVE-2021-27090 Windows Secure Kernel Mode Elevation of Privilege Vulnerability CVE-2021-26877 Windows DNS Server Remote Code Execution Vulnerability CVE-2021-26887 <p>An elevation of privilege vulnerability exists in Microsoft Windows when Folder redirection has been enabled via Group Policy. When folder redirection file server is co-located with Terminal server, an attacker who successfully exploited the vulnerability would be able to begin redirecting anothe ... CVE-2020-16933 <p>A security feature bypass vulnerability exists in Microsoft Word software when it fails to properly handle .LNK files. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user. For example, the file ... CVE-2020-16938 <p>An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user���s system.</p> <p>To exploit this vulnerability, an attacker would have t ... CVE-2020-16949 <p>A denial of service vulnerability exists in Microsoft Outlook software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could cause a remote denial of service against a system.</p> <p>Exploitation of the vulnerability requires ... CVE-2020-16877 <p>An elevation of privilege vulnerability exists when Microsoft Windows improperly handles reparse points. An attacker who successfully exploited this vulnerability could overwrite or delete a targeted file that would normally require elevated permissions.</p> <p>To exploit this vulnerability, an a ... CVE-2021-24090 Windows Error Reporting Elevation of Privilege Vulnerability CVE-2021-26900 Windows Win32k Elevation of Privilege Vulnerability CVE-2021-27070 Windows 10 Update Assistant Elevation of Privilege Vulnerability CVE-2020-1571 An elevation of privilege vulnerability exists in Windows Setup in the way it handles permissions. A locally authenticated attacker could run arbitrary code with elevated system privileges. After successfully exploiting the vulnerability, an attacker could then install programs; view, change, or del ... CVE-2020-1574 A remote code execution vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code. Exploitation of the vulnerability requires that a program process a specially crafted image ... CVE-2020-17010 Win32k Elevation of Privilege Vulnerability CVE-2020-17076 Windows Update Orchestrator Service Elevation of Privilege Vulnerability CVE-2020-17073 Windows Update Orchestrator Service Elevation of Privilege Vulnerability CVE-2020-17074 Windows Update Orchestrator Service Elevation of Privilege Vulnerability CVE-2021-1722 Windows Fax Service Remote Code Execution Vulnerability CVE-2021-1727 Windows Installer Elevation of Privilege Vulnerability CVE-2021-1729 Windows Update Stack Setup Elevation of Privilege Vulnerability CVE-2021-1731 PFX Encryption Security Feature Bypass Vulnerability CVE-2021-1734 Windows Remote Procedure Call Information Disclosure Vulnerability CVE-2021-1640 Windows Print Spooler Elevation of Privilege Vulnerability CVE-2021-1698 Windows Win32k Elevation of Privilege Vulnerability CVE-2021-24074 Windows TCP/IP Remote Code Execution Vulnerability CVE-2021-24077 Windows Fax Service Remote Code Execution Vulnerability CVE-2021-24079 Windows Backup Engine Information Disclosure Vulnerability CVE-2021-24080 Windows Trust Verification API Denial of Service Vulnerability CVE-2021-24081 Microsoft Windows Codecs Library Remote Code Execution Vulnerability CVE-2021-24082 Microsoft.PowerShell.Utility Module WDAC Security Feature Bypass Vulnerability CVE-2021-24083 Windows Address Book Remote Code Execution Vulnerability CVE-2021-24084 Windows Mobile Device Management Information Disclosure Vulnerability CVE-2021-24086 Windows TCP/IP Denial of Service Vulnerability CVE-2021-24088 Windows Local Spooler Remote Code Execution Vulnerability CVE-2021-24091 Windows Camera Codec Pack Remote Code Execution Vulnerability CVE-2021-24092 Microsoft Defender Elevation of Privilege Vulnerability CVE-2021-24093 Windows Graphics Component Remote Code Execution Vulnerability CVE-2021-24094 Windows TCP/IP Remote Code Execution Vulnerability CVE-2021-24095 DirectX Elevation of Privilege Vulnerability CVE-2021-24096 Windows Kernel Elevation of Privilege Vulnerability CVE-2021-24098 Windows Console Driver Denial of Service Vulnerability CVE-2021-24103 Windows Event Tracing Elevation of Privilege Vulnerability CVE-2021-24102 Windows Event Tracing Elevation of Privilege Vulnerability CVE-2021-24107 Windows Event Tracing Information Disclosure Vulnerability CVE-2021-24106 Windows DirectX Information Disclosure Vulnerability CVE-2021-24111 .NET Framework Denial of Service Vulnerability CVE-2021-28309 Windows Kernel Information Disclosure Vulnerability CVE-2021-28313 Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability CVE-2021-28314 Windows Hyper-V Elevation of Privilege Vulnerability CVE-2021-28311 Windows Application Compatibility Cache Denial of Service Vulnerability CVE-2021-28312 Windows NTFS Denial of Service Vulnerability CVE-2021-28317 Microsoft Windows Codecs Library Information Disclosure Vulnerability CVE-2021-28318 Windows GDI+ Information Disclosure Vulnerability CVE-2021-28315 Windows Media Video Decoder Remote Code Execution Vulnerability CVE-2021-28316 Windows WLAN AutoConfig Service Security Feature Bypass Vulnerability CVE-2021-28319 Windows TCP/IP Driver Denial of Service Vulnerability CVE-2021-28320 Windows Resource Manager PSM Service Extension Elevation of Privilege Vulnerability CVE-2021-28321 Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability CVE-2021-28325 Windows SMB Information Disclosure Vulnerability CVE-2021-28322 Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability CVE-2021-28323 Windows DNS Information Disclosure Vulnerability CVE-2021-28328 Windows DNS Information Disclosure Vulnerability CVE-2021-28329 Remote Procedure Call Runtime Remote Code Execution Vulnerability CVE-2021-28326 Windows AppX Deployment Server Denial of Service Vulnerability CVE-2021-28327 Remote Procedure Call Runtime Remote Code Execution Vulnerability CVE-2021-28331 Remote Procedure Call Runtime Remote Code Execution Vulnerability CVE-2021-28332 Remote Procedure Call Runtime Remote Code Execution Vulnerability CVE-2021-28330 Remote Procedure Call Runtime Remote Code Execution Vulnerability CVE-2021-28335 Remote Procedure Call Runtime Remote Code Execution Vulnerability CVE-2021-28336 Remote Procedure Call Runtime Remote Code Execution Vulnerability CVE-2021-28333 Remote Procedure Call Runtime Remote Code Execution Vulnerability CVE-2021-28334 Remote Procedure Call Runtime Remote Code Execution Vulnerability CVE-2021-28339 Remote Procedure Call Runtime Remote Code Execution Vulnerability CVE-2021-28337 Remote Procedure Call Runtime Remote Code Execution Vulnerability CVE-2021-28338 Remote Procedure Call Runtime Remote Code Execution Vulnerability CVE-2021-28342 Remote Procedure Call Runtime Remote Code Execution Vulnerability CVE-2021-28343 Remote Procedure Call Runtime Remote Code Execution Vulnerability CVE-2021-28340 Remote Procedure Call Runtime Remote Code Execution Vulnerability CVE-2021-28341 Remote Procedure Call Runtime Remote Code Execution Vulnerability CVE-2021-28346 Remote Procedure Call Runtime Remote Code Execution Vulnerability CVE-2021-28347 Windows Speech Runtime Elevation of Privilege Vulnerability CVE-2021-28344 Remote Procedure Call Runtime Remote Code Execution Vulnerability CVE-2021-28345 Remote Procedure Call Runtime Remote Code Execution Vulnerability CVE-2021-28348 Windows GDI+ Remote Code Execution Vulnerability CVE-2021-28349 Windows GDI+ Remote Code Execution Vulnerability CVE-2021-28350 Windows GDI+ Remote Code Execution Vulnerability CVE-2021-28353 Remote Procedure Call Runtime Remote Code Execution Vulnerability CVE-2021-28354 Remote Procedure Call Runtime Remote Code Execution Vulnerability CVE-2021-28351 Windows Speech Runtime Elevation of Privilege Vulnerability CVE-2021-28352 Remote Procedure Call Runtime Remote Code Execution Vulnerability CVE-2021-28357 Remote Procedure Call Runtime Remote Code Execution Vulnerability CVE-2021-28358 Remote Procedure Call Runtime Remote Code Execution Vulnerability CVE-2021-28355 Remote Procedure Call Runtime Remote Code Execution Vulnerability CVE-2021-28356 Remote Procedure Call Runtime Remote Code Execution Vulnerability CVE-2021-27072 Win32k Elevation of Privilege Vulnerability CVE-2021-27077 Windows Win32k Elevation of Privilege Vulnerability CVE-2021-27079 Windows Media Photo Codec Information Disclosure Vulnerability CVE-2021-27088 Windows Event Tracing Elevation of Privilege Vulnerability CVE-2021-27089 Microsoft Internet Messaging API Remote Code Execution Vulnerability CVE-2021-27086 Windows Services and Controller App Elevation of Privilege Vulnerability CVE-2021-27092 Azure AD Web Sign-in Security Feature Bypass Vulnerability CVE-2021-27095 Windows Media Video Decoder Remote Code Execution Vulnerability CVE-2021-27096 NTFS Elevation of Privilege Vulnerability CVE-2021-27093 Windows Kernel Information Disclosure Vulnerability CVE-2021-27094 Windows Early Launch Antimalware Driver Security Feature Bypass Vulnerability CVE-2021-28434 Remote Procedure Call Runtime Remote Code Execution Vulnerability CVE-2021-28435 Windows Event Tracing Information Disclosure Vulnerability CVE-2021-28438 Windows Console Driver Denial of Service Vulnerability CVE-2021-28439 Windows TCP/IP Driver Denial of Service Vulnerability CVE-2021-28436 Windows Speech Runtime Elevation of Privilege Vulnerability CVE-2021-28437 Windows Installer Information Disclosure Vulnerability CVE-2021-28441 Windows Hyper-V Information Disclosure Vulnerability CVE-2021-28442 Windows TCP/IP Information Disclosure Vulnerability CVE-2021-28440 Windows Installer Elevation of Privilege Vulnerability CVE-2021-28445 Windows Network File System Remote Code Execution Vulnerability CVE-2021-28446 Windows Portmapping Information Disclosure Vulnerability CVE-2021-28443 Windows Console Driver Denial of Service Vulnerability CVE-2021-28447 Windows Early Launch Antimalware Driver Security Feature Bypass Vulnerability CVE-2021-26861 Windows Graphics Component Remote Code Execution Vulnerability CVE-2021-26862 Windows Installer Elevation of Privilege Vulnerability CVE-2021-26860 Windows App-V Overlay Filter Elevation of Privilege Vulnerability CVE-2021-26865 Windows Container Execution Agent Elevation of Privilege Vulnerability CVE-2021-26866 Windows Update Service Elevation of Privilege Vulnerability CVE-2021-26863 Windows Win32k Elevation of Privilege Vulnerability CVE-2021-26864 Windows Virtual Registry Provider Elevation of Privilege Vulnerability CVE-2021-26869 Windows ActiveX Installer Service Information Disclosure Vulnerability CVE-2021-26868 Windows Graphics Component Elevation of Privilege Vulnerability CVE-2021-26872 Windows Event Tracing Elevation of Privilege Vulnerability CVE-2021-26873 Windows User Profile Service Elevation of Privilege Vulnerability CVE-2021-26870 Windows Projected File System Elevation of Privilege Vulnerability CVE-2021-26871 Windows WalletService Elevation of Privilege Vulnerability CVE-2021-26876 OpenType Font Parsing Remote Code Execution Vulnerability CVE-2021-26874 Windows Overlay Filter Elevation of Privilege Vulnerability CVE-2021-26875 Windows Win32k Elevation of Privilege Vulnerability CVE-2021-25195 Windows PKU2U Elevation of Privilege Vulnerability CVE-2021-26878 Windows Print Spooler Elevation of Privilege Vulnerability CVE-2021-26880 Storage Spaces Controller Elevation of Privilege Vulnerability CVE-2021-26884 Windows Media Photo Codec Information Disclosure Vulnerability CVE-2021-26881 Microsoft Windows Media Foundation Remote Code Execution Vulnerability CVE-2021-26882 Remote Access API Elevation of Privilege Vulnerability CVE-2021-26885 Windows WalletService Elevation of Privilege Vulnerability CVE-2021-26886 User Profile Service Denial of Service Vulnerability CVE-2021-26889 Windows Update Stack Elevation of Privilege Vulnerability CVE-2021-26890 Application Virtualization Remote Code Execution Vulnerability CVE-2021-26891 Windows Container Execution Agent Elevation of Privilege Vulnerability CVE-2021-26892 Windows Extensible Firmware Interface Security Feature Bypass Vulnerability CVE-2021-26413 Windows Installer Spoofing Vulnerability CVE-2021-26415 Windows Installer Elevation of Privilege Vulnerability CVE-2021-26417 Windows Overlay Filter Information Disclosure Vulnerability CVE-2021-26416 Windows Hyper-V Denial of Service Vulnerability CVE-2021-31958 Windows NTLM Elevation of Privilege Vulnerability CVE-2021-31959 Scripting Engine Memory Corruption Vulnerability CVE-2021-31954 Windows Common Log File System Driver Elevation of Privilege Vulnerability CVE-2021-31952 Windows Kernel-Mode Driver Elevation of Privilege Vulnerability CVE-2021-31951 Windows Kernel Elevation of Privilege Vulnerability CVE-2021-31969 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability CVE-2021-31968 Windows Remote Desktop Services��Denial of Service Vulnerability CVE-2021-31962 Kerberos AppContainer Security Feature Bypass Vulnerability CVE-2021-31970 Windows TCP/IP Driver Security Feature Bypass Vulnerability CVE-2021-31976 Server for NFS Information Disclosure Vulnerability CVE-2021-31975 Server for NFS Information Disclosure Vulnerability CVE-2021-31977 Windows Hyper-V Denial of Service Vulnerability CVE-2021-31972 Event Tracing for Windows Information Disclosure Vulnerability CVE-2021-31971 Windows HTML Platforms Security Feature Bypass Vulnerability CVE-2021-31974 Server for NFS Denial of Service Vulnerability CVE-2021-31973 Windows GPSVC Elevation of Privilege Vulnerability CVE-2020-0764 <p>An elevation of privilege vulnerability exists when the Windows Storage Services improperly handle file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges.</p> <p>To exploit the vulnerability, an attacker would first need code execution on a victi ... CVE-2020-1457 A remote code execution vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory, aka 'Microsoft Windows Codecs Library Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1425. CVE-2020-1346 An elevation of privilege vulnerability exists when the Windows Modules Installer improperly handles file operations, aka 'Windows Modules Installer Elevation of Privilege Vulnerability'. CVE-2020-1425 A remoted code execution vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory, aka 'Microsoft Windows Codecs Library Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1457. CVE-2020-1167 <p>A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code on a target system.</p> <p>To exploit the vulnerability, a user would have to open a specially ... CVE-2020-16900 <p>An elevation of privilege vulnerability exists when the Windows Event System improperly handles objects in memory.</p> <p>To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privi ... CVE-2020-16907 <p>An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or de ... CVE-2020-16909 <p>An elevation of privilege vulnerability exists in Windows Error Reporting (WER) when WER handles and executes files. The vulnerability could allow elevation of privilege if an attacker can successfully exploit it.</p> <p>An attacker who successfully exploited the vulnerability could gain greater ... CVE-2020-16908 <p>An elevation of privilege vulnerability exists in Windows Setup in the way it handles directories.</p> <p>A locally authenticated attacker could run arbitrary code with elevated system privileges. After successfully exploiting the vulnerability, an attacker could then install programs; view, chan ... CVE-2020-16902 <p>An elevation of privilege vulnerability exists in the Windows Installer when the Windows Installer fails to properly sanitize input leading to an insecure library loading behavior.</p> <p>A locally authenticated attacker could run arbitrary code with elevated system privileges. An attacker could ... CVE-2020-16905 <p>An elevation of privilege vulnerability exists in Windows Error Reporting (WER) when WER handles and executes files. The vulnerability could allow elevation of privilege if an attacker can successfully exploit it.</p> <p>An attacker who successfully exploited the vulnerability could gain greater ... CVE-2020-16910 <p>A security feature bypass vulnerability exists when Microsoft Windows fails to handle file creation permissions, which could allow an attacker to create files in a protected Unified Extensible Firmware Interface (UEFI) location.</p> <p>To exploit this vulnerability, an attacker could run a specia ... CVE-2020-16912 <p>An elevation of privilege vulnerability exists when the Windows Backup Service improperly handles file operations.</p> <p>To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privi ... CVE-2020-16911 <p>A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or de ... CVE-2020-16919 <p>An information disclosure vulnerability exists when the Windows Enterprise App Management Service improperly handles certain file operations. An attacker who successfully exploited this vulnerability could read arbitrary files.</p> <p>An attacker with unprivileged access to a vulnerable system co ... CVE-2020-16914 <p>An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface Plus (GDI+) handles objects in memory, allowing an attacker to retrieve information from a targeted system. By itself, the information disclosure does not allow arbitrary code execution; however, ... CVE-2020-16913 <p>An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or de ... CVE-2020-16916 <p>An elevation of privilege vulnerability exists when Windows improperly handles COM object creation. An attacker who successfully exploited the vulnerability could run arbitrary code with elevated privileges.</p> <p>To exploit this vulnerability, an attacker would first have to log on to the syste ... CVE-2020-16915 <p>A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory. An attacker who successfully exploited the vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights.</p> <p>There are multiple ways ... CVE-2020-16921 <p>An information disclosure vulnerability exists in Text Services Framework when it fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could potentially read data that was not intended to be disclosed. Note that this vulnerability would not allow a ... CVE-2020-16920 <p>An elevation of privilege vulnerability exists when the Windows Application Compatibility Client Library improperly handles registry operations. An attacker who successfully exploited this vulnerability could gain elevated privileges.</p> <p>To exploit the vulnerability, an attacker would first n ... CVE-2020-16923 <p>A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code on a target system.</p> <p>To exploit the vulnerability, a user would have to open a specially ... CVE-2020-16922 <p>A spoofing vulnerability exists when Windows incorrectly validates file signatures. An attacker who successfully exploited this vulnerability could bypass security features and load improperly signed files.</p> <p>In an attack scenario, an attacker could bypass security features intended to preve ... CVE-2020-16924 <p>A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.</p> <p>An attacker could exploit this vulnerability by enticing a vict ... CVE-2020-16927 <p>A denial of service vulnerability exists in Remote Desktop Protocol (RDP) when an attacker connects to the target system using RDP and sends specially crafted requests. An attacker who successfully exploited this vulnerability could cause the RDP service on the target system to stop responding.</ ... CVE-2020-16939 <p>An elevation of privilege vulnerability exists when Group Policy improperly checks access. An attacker who successfully exploited this vulnerability could run processes in an elevated context.</p> <p>To exploit the vulnerability, an attacker would first have to log on to the system, and then run ... CVE-2020-16936 <p>An elevation of privilege vulnerability exists when the Windows Backup Service improperly handles file operations.</p> <p>To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privi ... CVE-2020-16935 <p>An elevation of privilege vulnerability exists when Windows improperly handles COM object creation. An attacker who successfully exploited the vulnerability could run arbitrary code with elevated privileges.</p> <p>To exploit this vulnerability, an attacker would first have to log on to the syste ... CVE-2020-16937 <p>An information disclosure vulnerability exists when the .NET Framework improperly handles objects in memory. An attacker who successfully exploited the vulnerability could disclose contents of an affected system's memory.</p> <p>To exploit the vulnerability, an authenticated attacker would need t ... CVE-2020-16940 <p>An elevation of privilege vulnerability exists when the Windows User Profile Service (ProfSvc) improperly handles junction points. An attacker who successfully exploited this vulnerability could delete files and folders in an elevated context.</p> <p>To exploit this vulnerability, an attacker wou ... CVE-2020-16958 Windows Backup Engine Elevation of Privilege Vulnerability CVE-2020-16959 Windows Backup Engine Elevation of Privilege Vulnerability CVE-2020-16964 Windows Backup Engine Elevation of Privilege Vulnerability CVE-2020-16967 <p>A remote code execution vulnerability exists when the Windows Camera Codec Pack improperly handles objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rig ... CVE-2020-16961 Windows Backup Engine Elevation of Privilege Vulnerability CVE-2020-16960 Windows Backup Engine Elevation of Privilege Vulnerability CVE-2020-16963 Windows Backup Engine Elevation of Privilege Vulnerability CVE-2020-16962 Windows Backup Engine Elevation of Privilege Vulnerability CVE-2020-16968 <p>A remote code execution vulnerability exists when the Windows Camera Codec Pack improperly handles objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rig ... CVE-2020-16976 <p>An elevation of privilege vulnerability exists when the Windows Backup Service improperly handles file operations.</p> <p>To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privi ... CVE-2020-16975 <p>An elevation of privilege vulnerability exists when the Windows Backup Service improperly handles file operations.</p> <p>To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privi ... CVE-2020-16972 <p>An elevation of privilege vulnerability exists when the Windows Backup Service improperly handles file operations.</p> <p>To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privi ... CVE-2020-16974 <p>An elevation of privilege vulnerability exists when the Windows Backup Service improperly handles file operations.</p> <p>To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privi ... CVE-2020-16973 <p>An elevation of privilege vulnerability exists when the Windows Backup Service improperly handles file operations.</p> <p>To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privi ... CVE-2020-16998 DirectX Elevation of Privilege Vulnerability CVE-2020-16997 Remote Desktop Protocol Server Information Disclosure Vulnerability CVE-2020-16999 Windows WalletService Information Disclosure Vulnerability CVE-2020-16876 <p>An elevation of privilege vulnerability exists when the Windows Application Compatibility Client Library improperly handles registry operations. An attacker who successfully exploited this vulnerability could gain elevated privileges.</p> <p>To exploit the vulnerability, an attacker would first n ... CVE-2020-16887 <p>An elevation of privilege vulnerability exists in the way that the Windows Network Connections Service handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.</p> <p>To exploit the vulnerability, a locally authenticated att ... CVE-2020-16889 <p>An information disclosure vulnerability exists when the Windows KernelStream improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user���s system.</p> <p>To exploit this vulnerability, an attacker would ... CVE-2020-16885 <p>An elevation of privilege vulnerability exists when the Windows Storage VSP Driver improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges.</p> <p>To exploit the vulnerability, an attacker would first need code execution on a vi ... CVE-2020-16899 <p>A denial of service vulnerability exists when the Windows TCP/IP stack improperly handles ICMPv6 Router Advertisement packets. An attacker who successfully exploited this vulnerability could cause a target system to stop responding.</p> <p>To exploit this vulnerability, an attacker would have to ... CVE-2020-16898 <p>A remote code execution vulnerability exists when the Windows TCP/IP stack improperly handles ICMPv6 Router Advertisement packets. An attacker who successfully exploited this vulnerability could gain the ability to execute code on the target server or client.</p> <p>To exploit this vulnerability, ... CVE-2020-16895 <p>An elevation of privilege vulnerability exists when Windows Error Reporting manager improperly handles a process crash. An attacker who successfully exploited this vulnerability could delete a targeted file leading to an elevated status.</p> <p>To exploit this vulnerability, an attacker would fir ... CVE-2020-16897 <p>An information disclosure vulnerability exists when NetBIOS over TCP (NBT) Extensions (NetBT) improperly handle objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user���s system.</p> <p>To exploit this vulnerability, an ... CVE-2020-16896 <p>An information disclosure vulnerability exists in Remote Desktop Protocol (RDP) when an attacker connects to the target system using RDP and sends specially crafted requests. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user���s syst ... CVE-2020-16890 <p>An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create ne ... CVE-2020-16892 <p>An elevation of privilege vulnerability exists in the way that the Windows kernel image handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.</p> <p>To exploit the vulnerability, a locally authenticated attacker could run ... CVE-2020-17103 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability CVE-2020-17113 Windows Camera Codec Information Disclosure Vulnerability CVE-2020-17007 Windows Error Reporting Elevation of Privilege Vulnerability CVE-2020-17004 Windows Graphics Component Information Disclosure Vulnerability CVE-2020-17000 Remote Desktop Protocol Client Information Disclosure Vulnerability CVE-2020-17001 Windows Print Spooler Elevation of Privilege Vulnerability CVE-2020-17013 Win32k Information Disclosure Vulnerability CVE-2020-17014 Windows Print Spooler Elevation of Privilege Vulnerability CVE-2020-17011 Windows Port Class Library Elevation of Privilege Vulnerability CVE-2020-17028 Windows Remote Access Elevation of Privilege Vulnerability CVE-2020-17029 Windows Canonical Display Driver Information Disclosure Vulnerability CVE-2020-17026 Windows Remote Access Elevation of Privilege Vulnerability CVE-2020-17027 Windows Remote Access Elevation of Privilege Vulnerability CVE-2020-17024 Windows Client Side Rendering Print Provider Elevation of Privilege Vulnerability CVE-2020-17025 Windows Remote Access Elevation of Privilege Vulnerability CVE-2020-17022 <p>A remote code execution vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code.</p> <p>Exploitation of the vulnerability requires that a program process a specially craf ... CVE-2020-17037 Windows WalletService Elevation of Privilege Vulnerability CVE-2020-17038 Win32k Elevation of Privilege Vulnerability CVE-2020-17035 Windows Kernel Elevation of Privilege Vulnerability CVE-2020-17036 Windows Function Discovery SSDP Provider Information Disclosure Vulnerability CVE-2020-17033 Windows Remote Access Elevation of Privilege Vulnerability CVE-2020-17034 Windows Remote Access Elevation of Privilege Vulnerability CVE-2020-17031 Windows Remote Access Elevation of Privilege Vulnerability CVE-2020-17032 Windows Remote Access Elevation of Privilege Vulnerability CVE-2020-17030 Windows MSCTF Server Information Disclosure Vulnerability CVE-2020-17048 Chakra Scripting Engine Memory Corruption Vulnerability CVE-2020-17046 Windows Error Reporting Denial of Service Vulnerability CVE-2020-17047 Windows Network File System Denial of Service Vulnerability CVE-2020-17044 Windows Remote Access Elevation of Privilege Vulnerability CVE-2020-17045 Windows KernelStream Information Disclosure Vulnerability CVE-2020-17042 Windows Print Spooler Remote Code Execution Vulnerability CVE-2020-17043 Windows Remote Access Elevation of Privilege Vulnerability CVE-2020-17040 Windows Hyper-V Security Feature Bypass Vulnerability CVE-2020-17041 Windows Print Configuration Elevation of Privilege Vulnerability CVE-2020-17057 Windows Win32k Elevation of Privilege Vulnerability CVE-2020-17058 Microsoft Browser Memory Corruption Vulnerability CVE-2020-17055 Windows Remote Access Elevation of Privilege Vulnerability CVE-2020-17056 Windows Network File System Information Disclosure Vulnerability CVE-2020-17053 Internet Explorer Memory Corruption Vulnerability CVE-2020-17054 Chakra Scripting Engine Memory Corruption Vulnerability CVE-2020-17052 Scripting Engine Memory Corruption Vulnerability CVE-2020-17068 Windows GDI+ Remote Code Execution Vulnerability CVE-2020-17069 Windows NDIS Information Disclosure Vulnerability CVE-2020-17071 Windows Delivery Optimization Information Disclosure Vulnerability CVE-2020-17070 Windows Update Medic Service Elevation of Privilege Vulnerability CVE-2020-17077 Windows Update Stack Elevation of Privilege Vulnerability CVE-2020-17075 Windows USO Core Worker Elevation of Privilege Vulnerability CVE-2020-1560 A remote code execution vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or crea ... CVE-2020-17088 Windows Common Log File System Driver Elevation of Privilege Vulnerability CVE-2020-17094 Windows Error Reporting Information Disclosure Vulnerability CVE-2020-17092 Windows Network Connections Service Elevation of Privilege Vulnerability CVE-2020-17090 Microsoft Defender for Endpoint Security Feature Bypass Vulnerability CVE-2020-17097 Windows Digital Media Receiver Elevation of Privilege Vulnerability CVE-2020-17098 Windows GDI+ Information Disclosure Vulnerability CVE-2020-17096 Windows NTFS Remote Code Execution Vulnerability CVE-2020-1585 A remote code execution vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or crea ... CVE-2021-27085 Internet Explorer Remote Code Execution Vulnerability CVE-2021-1732 Windows Win32k Elevation of Privilege Vulnerability CVE-2021-31956 Windows NTFS Elevation of Privilege Vulnerability CVE-2021-31955 Windows Kernel Information Disclosure Vulnerability CVE-2021-28310 Win32k Elevation of Privilege Vulnerability CVE-2021-1647 Microsoft Defender Remote Code Execution Vulnerability CVE-2021-33742 Windows MSHTML Platform Remote Code Execution Vulnerability CVE-2020-1599 Windows Spoofing Vulnerability CVE-2020-17087 Windows Kernel Local Elevation of Privilege Vulnerability CVE-2021-26411 Internet Explorer Memory Corruption Vulnerability CVE-2020-1085 An elevation of privilege vulnerability exists in the way that the Windows Function Discovery Service handles objects in memory, aka 'Windows Function Discovery Service Elevation of Privilege Vulnerability'. CVE-2020-0916 An elevation of privilege vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, aka 'Windows GDI Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0915. CVE-2020-0915 An elevation of privilege vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, aka 'Windows GDI Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0916. CVE-2020-1201 An elevation of privilege vulnerability exists in the way the Windows Now Playing Session Manager handles objects in memory, aka 'Windows Now Playing Session Manager Elevation of Privilege Vulnerability'. CVE-2020-1202 An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector or the Visual Studio Standard Collector fail to properly handle objects in memory, aka 'Diagnostic Hub Standard Collector Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1203. CVE-2020-1197 An elevation of privilege vulnerability exists when Windows Error Reporting manager improperly handles a process crash, aka 'Windows Error Reporting Manager Elevation of Privilege Vulnerability'. CVE-2020-1194 A denial of service vulnerability exists when Windows Registry improperly handles filesystem operations, aka 'Windows Registry Denial of Service Vulnerability'. CVE-2020-1196 An elevation of privilege vulnerability exists in the way that the printconfig.dll handles objects in memory, aka 'Windows Print Configuration Elevation of Privilege Vulnerability'. CVE-2020-1160 An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory, aka 'Microsoft Graphics Component Information Disclosure Vulnerability'. CVE-2020-1120 A denial of service vulnerability exists when Connected User Experiences and Telemetry Service improperly handles file operations, aka 'Connected User Experiences and Telemetry Service Denial of Service Vulnerability'. This CVE ID is unique from CVE-2020-1244. CVE-2020-1429 An elevation of privilege vulnerability exists when Windows Error Reporting manager improperly handles a process crash, aka 'Windows Error Reporting Manager Elevation of Privilege Vulnerability'. CVE-2020-1436 A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted fonts.For all systems except Windows 10, an attacker who successfully exploited the vulnerability could execute code remotely, aka 'Windows Font Library Remote Code Execution Vulnerability ... CVE-2020-1437 An elevation of privilege vulnerability exists in the way that the Windows Network Location Awareness Service handles objects in memory, aka 'Windows Network Location Awareness Service Elevation of Privilege Vulnerability'. CVE-2020-1438 An elevation of privilege vulnerability exists in the way that the Windows Network Connections Service handles objects in memory, aka 'Windows Network Connections Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1373, CVE-2020-1390, CVE-2020-1427, CVE-2020-1428. CVE-2020-1432 An information disclosure vulnerability exists when Skype for Business is accessed via Internet Explorer, aka 'Skype for Business via Internet Explorer Information Disclosure Vulnerability'. CVE-2020-1433 An information disclosure vulnerability exists when Microsoft Edge PDF Reader improperly handles objects in memory, aka 'Microsoft Edge PDF Information Disclosure Vulnerability'. CVE-2020-1434 An elevation of privilege vulnerability exists in the way that the Windows Sync Host Service handles objects in memory, aka 'Windows Sync Host Service Elevation of Privilege Vulnerability'. CVE-2020-1435 A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory, aka 'GDI+ Remote Code Execution Vulnerability'. CVE-2020-1430 An elevation of privilege vulnerability exists when the Windows UPnP Device Host improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows UPnP Device Host Elevation of Privilege Vulnerability'. This CVE ID is unique fr ... CVE-2020-1431 An elevation of privilege vulnerability exists when the Windows AppX Deployment Extensions improperly performs privilege management, resulting in access to system files.To exploit this vulnerability, an authenticated attacker would need to run a specially crafted application to elevate privileges.Th ... CVE-2020-1468 An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. CVE-2020-1462 An information disclosure vulnerability exists when Skype for Business is accessed via Microsoft Edge (EdgeHTML-based), aka 'Skype for Business via Microsoft Edge (EdgeHTML-based) Information Disclosure Vulnerability'. CVE-2020-1463 An elevation of privilege vulnerability exists in the way that the SharedStream Library handles objects in memory, aka 'Windows SharedStream Library Elevation of Privilege Vulnerability'. CVE-2020-1390 An elevation of privilege vulnerability exists in the way that the Windows Network Connections Service handles objects in memory, aka 'Windows Network Connections Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1373, CVE-2020-1427, CVE-2020-1428, CVE-2020-1438. CVE-2020-1399 An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka 'Windows Runtime Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1249, CVE-2020-1353, CVE-2020-1370, CVE-2020-1404, CVE-2020-1413, CVE-2020-1414, CVE-2020-1415 ... CVE-2020-1395 An elevation of privilege vulnerability exists in the way that the Windows Speech Brokered API handles objects in memory, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1388, CVE-2020-1392, CVE-2020-1394. CVE-2020-1396 An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC).An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system, aka 'Windows ALPC Elevation of Privilege Vulner ... CVE-2020-1397 An information disclosure vulnerability exists in Windows when the Windows Imaging Component fails to properly handle objects in memory, aka 'Windows Imaging Component Information Disclosure Vulnerability'. CVE-2020-1398 An elevation of privilege vulnerability exists when Windows Lockscreen fails to properly handle Ease of Access dialog.An attacker who successfully exploited the vulnerability could execute commands with elevated permissions.The security update addresses the vulnerability by ensuring that the Ease of ... CVE-2020-1391 An information disclosure vulnerability exists when the Windows Agent Activation Runtime (AarSvc) fails to properly handle objects in memory, aka 'Windows Agent Activation Runtime Information Disclosure Vulnerability'. CVE-2020-1392 An elevation of privilege vulnerability exists when the Windows Delivery Optimization service improperly handles objects in memory, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1388, CVE-2020-1394, CVE-2020-1395. CVE-2020-1393 An elevation of privilege vulnerability exists when the Windows Diagnostics Hub Standard Collector Service fails to properly sanitize input, leading to an unsecure library-loading behavior, aka 'Windows Diagnostics Hub Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1418. CVE-2020-1394 An elevation of privilege vulnerability exists in the way that the Windows Geolocation Framework handles objects in memory, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1388, CVE-2020-1392, CVE-2020-1395. CVE-2020-1359 An elevation of privilege vulnerability exists when the Windows Cryptography Next Generation (CNG) Key Isolation service improperly handles memory, aka 'Windows CNG Key Isolation Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1384. CVE-2020-1355 A remote code execution vulnerability exists when the Windows Font Driver Host improperly handles memory.An attacker who successfully exploited the vulnerability would gain execution on a victim system.The security update addresses the vulnerability by correcting how the Windows Font Driver Host han ... CVE-2020-1357 An elevation of privilege vulnerability exists when the Windows System Events Broker improperly handles file operations, aka 'Windows System Events Broker Elevation of Privilege Vulnerability'. CVE-2020-1358 An information disclosure vulnerability exists when the Windows Resource Policy component improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Resource Policy Information Disclosure Vulnerability'. CVE-2020-1351 An information disclosure vulnerability exists when the Windows Graphics component improperly handles objects in memory, aka 'Microsoft Graphics Component Information Disclosure Vulnerability'. CVE-2020-1352 An elevation of privilege vulnerability exists when the Windows USO Core Worker improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows USO Core Worker Elevation of Privilege Vulnerability'. CVE-2020-1353 An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka 'Windows Runtime Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1249, CVE-2020-1370, CVE-2020-1399, CVE-2020-1404, CVE-2020-1413, CVE-2020-1414, CVE-2020-1415 ... CVE-2020-1354 An elevation of privilege vulnerability exists when the Windows UPnP Device Host improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows UPnP Device Host Elevation of Privilege Vulnerability'. This CVE ID is unique fr ... CVE-2020-1366 An elevation of privilege vulnerability exists when the Windows Print Workflow Service improperly handles objects in memory, aka 'Windows Print Workflow Service Elevation of Privilege Vulnerability'. CVE-2020-1367 An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-1389, CVE-2020-1419, CVE-2020-1426. CVE-2020-1368 An elevation of privilege vulnerability exists in the way that the Credential Enrollment Manager service handles objects in memory, aka 'Windows Credential Enrollment Manager Service Elevation of Privilege Vulnerability'. CVE-2020-1369 An elevation of privilege vulnerability exists in the way that the Windows WalletService handles objects in memory, aka 'Windows WalletService Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1344, CVE-2020-1362. CVE-2020-1362 An elevation of privilege vulnerability exists in the way that the Windows WalletService handles objects in memory, aka 'Windows WalletService Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1344, CVE-2020-1369. CVE-2020-1363 An elevation of privilege vulnerability exists when the Windows Picker Platform improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Picker Platform Elevation of Privilege Vulnerability'. CVE-2020-1364 A denial of service vulnerability exists in the way that the WalletService handles files, aka 'Windows WalletService Denial of Service Vulnerability'. CVE-2020-1365 An elevation of privilege vulnerability exists when the Windows Event Logging Service improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Event Logging Service Elevation of Privilege Vulnerability'. This CVE ID is ... CVE-2020-1360 An elevation of privilege vulnerability exists when the Windows Profile Service improperly handles file operations, aka 'Windows Profile Service Elevation of Privilege Vulnerability'. CVE-2020-1361 An information disclosure vulnerability exists in the way that the WalletService handles memory.To exploit the vulnerability, an attacker would first need code execution on a victim system, aka 'Windows WalletService Information Disclosure Vulnerability'. CVE-2020-1373 An elevation of privilege vulnerability exists in the way that the Windows Network Connections Service handles objects in memory, aka 'Windows Network Connections Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1390, CVE-2020-1427, CVE-2020-1428, CVE-2020-1438. CVE-2020-1374 A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server, aka 'Remote Desktop Client Remote Code Execution Vulnerability'. CVE-2020-1375 An elevation of privilege vulnerability exists when Windows improperly handles COM object creation, aka 'Windows COM Server Elevation of Privilege Vulnerability'. CVE-2020-1370 An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka 'Windows Runtime Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1249, CVE-2020-1353, CVE-2020-1399, CVE-2020-1404, CVE-2020-1413, CVE-2020-1414, CVE-2020-1415 ... CVE-2020-1371 An elevation of privilege vulnerability exists when the Windows Event Logging Service improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Event Logging Service Elevation of Privilege Vulnerability'. This CVE ID is ... CVE-2020-1372 An elevation of privilege vulnerability exists when Windows Mobile Device Management (MDM) Diagnostics improperly handles objects in memory, aka 'Windows Mobile Device Management Diagnostics Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1405. CVE-2020-1388 An elevation of privilege vulnerability exists in the way that the psmsrv.dll handles objects in memory, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1392, CVE-2020-1394, CVE-2020-1395. CVE-2020-1389 An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-1367, CVE-2020-1419, CVE-2020-1426. CVE-2020-1384 An elevation of privilege vulnerability exists when the Windows Cryptography Next Generation (CNG) Key Isolation service improperly handles memory, aka 'Windows CNG Key Isolation Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1359. CVE-2020-1385 An elevation of privilege vulnerability exists in the way that the Windows Credential Picker handles objects in memory, aka 'Windows Credential Picker Elevation of Privilege Vulnerability'. CVE-2020-1386 An information vulnerability exists when Windows Connected User Experiences and Telemetry Service improperly discloses file information, aka 'Connected User Experiences and Telemetry Service Information Disclosure Vulnerability'. CVE-2020-1387 An elevation of privilege vulnerability exists in the way the Windows Push Notification Service handles objects in memory, aka 'Windows Push Notification Service Elevation of Privilege Vulnerability'. CVE-2020-1381 An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory, aka 'Windows Graphics Component Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1382. CVE-2020-1382 An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory, aka 'Windows Graphics Component Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1381. CVE-2020-1309 An elevation of privilege vulnerability exists when the Microsoft Store Runtime improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Microsoft Store Runtime Elevation of Privilege Vulnerability'. This CVE ID is unique from ... CVE-2020-1315 An information disclosure vulnerability exists when Internet Explorer improperly handles objects in memory, aka 'Internet Explorer Information Disclosure Vulnerability'. CVE-2020-1316 An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0986, CVE-2020-1237, CVE-2020-1246, CVE-2020-1262, CVE-2020-1264, CVE-2020-1266, CVE-2020- ... CVE-2020-1317 An elevation of privilege vulnerability exists when Group Policy improperly checks access, aka 'Group Policy Elevation of Privilege Vulnerability'. CVE-2020-1311 An elevation of privilege vulnerability exists when Component Object Model (COM) client uses special case IIDs, aka 'Component Object Model Elevation of Privilege Vulnerability'. CVE-2020-1312 An elevation of privilege vulnerability exists in Windows Installer because of the way Windows Installer handles certain filesystem operations.To exploit the vulnerability, an attacker would require unprivileged execution on the victim system, aka 'Windows Installer Elevation of Privilege Vulnerabil ... CVE-2020-1313 An elevation of privilege vulnerability exists when the Windows Update Orchestrator Service improperly handles file operations, aka 'Windows Update Orchestrator Service Elevation of Privilege Vulnerability'. CVE-2020-1314 An elevation of privilege vulnerability exists in Windows Text Service Framework (TSF) when the TSF server fails to properly handle messages sent from TSF clients, aka 'Windows Text Service Framework Elevation of Privilege Vulnerability'. CVE-2020-1324 An elevation of privilege (user to user) vulnerability exists in Windows Security Health Service when handling certain objects in memory.To exploit the vulnerability, an attacker would first have to log on to the system, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from ... CVE-2020-1333 An elevation of privilege vulnerability exists when Group Policy Services Policy Processing improperly handle reparse points, aka 'Group Policy Services Policy Processing Elevation of Privilege Vulnerability'. CVE-2020-1334 An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka 'Windows Runtime Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1231, CVE-2020-1233, CVE-2020-1235, CVE-2020-1265, CVE-2020-1282, CVE-2020-1304, CVE-2020-1306 ... CVE-2020-1336 <p>An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.</p> <p>To exploit the vulnerability, a locally authenticated attacker could run a spe ... CVE-2020-1330 An information disclosure vulnerability exists when Windows Mobile Device Management (MDM) Diagnostics improperly handles junctions, aka 'Windows Mobile Device Management Diagnostics Information Disclosure Vulnerability'. CVE-2020-1348 An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. CVE-2020-1344 An elevation of privilege vulnerability exists in the way that the Windows WalletService handles objects in memory, aka 'Windows WalletService Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1362, CVE-2020-1369. CVE-2020-1403 A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'VBScript Remote Code Execution Vulnerability'. CVE-2020-1404 An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka 'Windows Runtime Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1249, CVE-2020-1353, CVE-2020-1370, CVE-2020-1399, CVE-2020-1413, CVE-2020-1414, CVE-2020-1415 ... CVE-2020-1400 A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1401, CVE-2020-1407. CVE-2020-1401 A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1400, CVE-2020-1407. CVE-2020-1402 An elevation of privilege vulnerability exists when the Windows ActiveX Installer Service improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows ActiveX Installer Service Elevation of Privilege Vulnerability'. CVE-2020-1407 A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1400, CVE-2020-1401. CVE-2020-1414 An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka 'Windows Runtime Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1249, CVE-2020-1353, CVE-2020-1370, CVE-2020-1399, CVE-2020-1404, CVE-2020-1413, CVE-2020-1415 ... CVE-2020-1415 An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka 'Windows Runtime Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1249, CVE-2020-1353, CVE-2020-1370, CVE-2020-1399, CVE-2020-1404, CVE-2020-1413, CVE-2020-1414 ... CVE-2020-1413 An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka 'Windows Runtime Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1249, CVE-2020-1353, CVE-2020-1370, CVE-2020-1399, CVE-2020-1404, CVE-2020-1414, CVE-2020-1415 ... CVE-2020-1426 An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-1367, CVE-2020-1389, CVE-2020-1419. CVE-2020-1427 An elevation of privilege vulnerability exists in the way that the Windows Network Connections Service handles objects in memory, aka 'Windows Network Connections Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1373, CVE-2020-1390, CVE-2020-1428, CVE-2020-1438. CVE-2020-1428 An elevation of privilege vulnerability exists in the way that the Windows Network Connections Service handles objects in memory, aka 'Windows Network Connections Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1373, CVE-2020-1390, CVE-2020-1427, CVE-2020-1438. CVE-2020-1422 An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka 'Windows Runtime Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1249, CVE-2020-1353, CVE-2020-1370, CVE-2020-1399, CVE-2020-1404, CVE-2020-1413, CVE-2020-1414 ... CVE-2020-1424 An elevation of privilege vulnerability exists when the Windows Update Stack fails to properly handle objects in memory, aka 'Windows Update Stack Elevation of Privilege Vulnerability'. CVE-2020-1278 An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly handles file operations, aka 'Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1257, CVE-2020-1293. CVE-2020-1279 An elevation of privilege vulnerability exists when Windows Lockscreen fails to properly load spotlight images from a secure location, aka 'Windows Lockscreen Elevation of Privilege Vulnerability'. CVE-2020-1274 An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0986, CVE-2020-1237, CVE-2020-1246, CVE-2020-1262, CVE-2020-1264, CVE-2020-1266, CVE-2020- ... CVE-2020-1275 An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0986, CVE-2020-1237, CVE-2020-1246, CVE-2020-1262, CVE-2020-1264, CVE-2020-1266, CVE-2020- ... CVE-2020-1276 An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0986, CVE-2020-1237, CVE-2020-1246, CVE-2020-1262, CVE-2020-1264, CVE-2020-1266, CVE-2020- ... CVE-2020-1277 An elevation of privilege vulnerability exists in Windows Installer because of the way Windows Installer handles certain filesystem operations.To exploit the vulnerability, an attacker would require unprivileged execution on the victim system, aka 'Windows Installer Elevation of Privilege Vulnerabil ... CVE-2020-1270 An elevation of privilege vulnerability exists in the way that the wlansvc.dll handles objects in memory, aka 'Windows WLAN Service Elevation of Privilege Vulnerability'. CVE-2020-1271 An elevation of privilege vulnerability exists when the Windows Backup Service improperly handles file operations.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Backup Service Elevation of Privilege Vulnerability'. CVE-2020-1272 An elevation of privilege vulnerability exists in the Windows Installer when the Windows Installer fails to properly sanitize input leading to an insecure library loading behavior.A locally authenticated attacker could run arbitrary code with elevated system privileges, aka 'Windows Installer Elevat ... CVE-2020-1273 An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0986, CVE-2020-1237, CVE-2020-1246, CVE-2020-1262, CVE-2020-1264, CVE-2020-1266, CVE-2020- ... CVE-2020-1280 An elevation of privilege vulnerability exists in the way that the Windows Bluetooth Service handles objects in memory, aka 'Windows Bluetooth Service Elevation of Privilege Vulnerability'. CVE-2020-1286 A remote code execution vulnerability exists when the Windows Shell does not properly validate file paths.An attacker who successfully exploited this vulnerability could run arbitrary code in the context of the current user, aka 'Windows Shell Remote Code Execution Vulnerability'. CVE-2020-1287 An elevation of privilege vulnerability exists in the way that the Windows WalletService handles objects in memory, aka 'Windows WalletService Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1294. CVE-2020-1281 A remote code execution vulnerability exists when Microsoft Windows OLE fails to properly validate user input, aka 'Windows OLE Remote Code Execution Vulnerability'. CVE-2020-1282 An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka 'Windows Runtime Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1231, CVE-2020-1233, CVE-2020-1235, CVE-2020-1265, CVE-2020-1304, CVE-2020-1306, CVE-2020-1334 ... CVE-2020-1283 A denial of service vulnerability exists when Windows improperly handles objects in memory, aka 'Windows Denial of Service Vulnerability'. CVE-2020-1284 A denial of service vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests, aka 'Windows SMBv3 Client/Server Denial of Service Vulnerability'. CVE-2020-1290 An information disclosure vulnerability exists when the win32k component improperly provides kernel information, aka 'Win32k Information Disclosure Vulnerability'. CVE-2020-1291 An elevation of privilege vulnerability exists in the way that the Windows Network Connections Service handles objects in memory, aka 'Windows Network Connections Service Elevation of Privilege Vulnerability'. CVE-2020-1296 A vulnerability exists in the way the Windows Diagnostics & feedback settings app handles objects in memory, aka 'Windows Diagnostics & feedback Information Disclosure Vulnerability'. CVE-2020-1299 A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed.An attacker who successfully exploited this vulnerability could gain the same user rights as the local user, aka 'LNK Remote Code Execution Vulnerability'. CVE-2020-1292 An elevation of privilege vulnerability exists in OpenSSH for Windows when it does not properly restrict access to configuration settings, aka 'OpenSSH for Windows Elevation of Privilege Vulnerability'. CVE-2020-1293 An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly handles file operations, aka 'Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1257, CVE-2020-1278. CVE-2020-1294 An elevation of privilege vulnerability exists in the way that the Windows WalletService handles objects in memory, aka 'Windows WalletService Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1287. CVE-2020-1238 A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory, aka 'Media Foundation Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-1239. CVE-2020-1239 A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory, aka 'Media Foundation Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-1238. CVE-2020-1234 An elevation of privilege vulnerability exists when Windows Error Reporting improperly handles objects in memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Error Reporting Elevation of Privilege Vulnerability'. CVE-2020-1235 An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka 'Windows Runtime Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1231, CVE-2020-1233, CVE-2020-1265, CVE-2020-1282, CVE-2020-1304, CVE-2020-1306, CVE-2020-1334 ... CVE-2020-1236 A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1208. CVE-2020-1237 An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0986, CVE-2020-1246, CVE-2020-1262, CVE-2020-1264, CVE-2020-1266, CVE-2020-1269, CVE-2020-1273, ... CVE-2020-1230 A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'VBScript Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1213, CVE-2020-1214, CVE-2020-1215, CVE-2020-1216, CVE-2020-1260. CVE-2020-1231 An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka 'Windows Runtime Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1233, CVE-2020-1235, CVE-2020-1265, CVE-2020-1282, CVE-2020-1304, CVE-2020-1306, CVE-2020-1334 ... CVE-2020-1232 An information disclosure vulnerability exists when Media Foundation improperly handles objects in memory, aka 'Media Foundation Information Disclosure Vulnerability'. CVE-2020-1233 An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka 'Windows Runtime Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1231, CVE-2020-1235, CVE-2020-1265, CVE-2020-1282, CVE-2020-1304, CVE-2020-1306, CVE-2020-1334 ... CVE-2020-1249 An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka 'Windows Runtime Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1353, CVE-2020-1370, CVE-2020-1399, CVE-2020-1404, CVE-2020-1413, CVE-2020-1414, CVE-2020-1415 ... CVE-2020-1246 An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0986, CVE-2020-1237, CVE-2020-1262, CVE-2020-1264, CVE-2020-1266, CVE-2020-1269, CVE-2020- ... CVE-2020-1247 An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1207, CVE-2020-1251, CVE-2020-1253, CVE-2020-1310. CVE-2020-1248 A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory, aka 'GDI+ Remote Code Execution Vulnerability'. CVE-2020-1241 A security feature bypass vulnerability exists when Windows Kernel fails to properly sanitize certain parameters.To exploit the vulnerability, a locally-authenticated attacker could attempt to run a specially crafted application on a targeted system.The update addresses the vulnerability by correcti ... CVE-2020-1242 An information disclosure vulnerability exists in the way that Microsoft Edge handles cross-origin requests, aka 'Microsoft Edge Information Disclosure Vulnerability'. CVE-2020-1244 A denial of service vulnerability exists when Connected User Experiences and Telemetry Service improperly handles file operations, aka 'Connected User Experiences and Telemetry Service Denial of Service Vulnerability'. This CVE ID is unique from CVE-2020-1120. CVE-2020-1257 An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly handles file operations, aka 'Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1278, CVE-2020-1293. CVE-2020-1258 An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory, aka 'DirectX Elevation of Privilege Vulnerability'. CVE-2020-1259 A security feature bypass vulnerability exists when Windows Host Guardian Service improperly handles hashes recorded and logged, aka 'Windows Host Guardian Service Security Feature Bypass Vulnerability'. CVE-2020-1253 An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1207, CVE-2020-1247, CVE-2020-1251, CVE-2020-1310. CVE-2020-1254 An elevation of privilege vulnerability exists when Windows Modules Installer Service improperly handles class object members.A locally authenticated attacker could run arbitrary code with elevated system privileges, aka 'Windows Modules Installer Service Elevation of Privilege Vulnerability'. CVE-2020-1255 An elevation of privilege vulnerability exists when the Windows Background Intelligent Transfer Service (BITS) IIS module improperly handles uploaded content, aka 'Windows Background Intelligent Transfer Service Elevation of Privilege Vulnerability'. CVE-2020-1251 An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1207, CVE-2020-1247, CVE-2020-1253, CVE-2020-1310. CVE-2020-1267 This security update corrects a denial of service in the Local Security Authority Subsystem Service (LSASS) caused when an authenticated attacker sends a specially crafted authentication request, aka 'Local Security Authority Subsystem Service Denial of Service Vulnerability'. CVE-2020-1268 An information disclosure vulnerability exists when a Windows service improperly handles objects in memory, aka 'Windows Service Information Disclosure Vulnerability'. CVE-2020-1269 An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0986, CVE-2020-1237, CVE-2020-1246, CVE-2020-1262, CVE-2020-1264, CVE-2020-1266, CVE-2020- ... CVE-2020-1263 An information disclosure vulnerability exists in the way Windows Error Reporting (WER) handles objects in memory, aka 'Windows Error Reporting Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-1261. CVE-2020-1264 An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0986, CVE-2020-1237, CVE-2020-1246, CVE-2020-1262, CVE-2020-1266, CVE-2020-1269, CVE-2020- ... CVE-2020-1266 An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0986, CVE-2020-1237, CVE-2020-1246, CVE-2020-1262, CVE-2020-1264, CVE-2020-1269, CVE-2020- ... CVE-2020-1261 An information disclosure vulnerability exists in the way Windows Error Reporting (WER) handles objects in memory, aka 'Windows Error Reporting Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-1263. CVE-2020-1262 An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0986, CVE-2020-1237, CVE-2020-1246, CVE-2020-1264, CVE-2020-1266, CVE-2020-1269, CVE-2020- ... CVE-2020-1206 An information disclosure vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests, aka 'Windows SMBv3 Client/Server Information Disclosure Vulnerability'. CVE-2020-1207 An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1247, CVE-2020-1251, CVE-2020-1253, CVE-2020-1310. CVE-2020-1208 A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1236. CVE-2020-1203 An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector or the Visual Studio Standard Collector fail to properly handle objects in memory, aka 'Diagnostic Hub Standard Collector Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1202. CVE-2020-1204 An elevation of privilege vulnerability exists when Windows Mobile Device Management (MDM) Diagnostics improperly handles junctions, aka 'Windows Mobile Device Management Diagnostics Elevation of Privilege Vulnerability'. CVE-2020-1209 An elevation of privilege vulnerability exists in the way that the Windows Network List Service handles objects in memory, aka 'Windows Network List Service Elevation of Privilege Vulnerability'. CVE-2020-1216 A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'VBScript Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1213, CVE-2020-1214, CVE-2020-1215, CVE-2020-1230, CVE-2020-1260. CVE-2020-1217 An information disclosure vulnerability exists when the Windows Runtime improperly handles objects in memory, aka 'Windows Runtime Information Disclosure Vulnerability'. CVE-2020-1219 A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory, aka 'Microsoft Browser Memory Corruption Vulnerability'. CVE-2020-1212 An elevation of privilege vulnerability exists when an OLE Automation component improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'OLE Automation Elevation of Privilege Vulnerability'. CVE-2020-1213 A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'VBScript Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1214, CVE-2020-1215, CVE-2020-1216, CVE-2020-1230, CVE-2020-1260. CVE-2020-1214 A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'VBScript Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1213, CVE-2020-1215, CVE-2020-1216, CVE-2020-1230, CVE-2020-1260. CVE-2020-1215 A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'VBScript Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1213, CVE-2020-1214, CVE-2020-1216, CVE-2020-1230, CVE-2020-1260. CVE-2020-1211 An elevation of privilege vulnerability exists in the way that the Connected Devices Platform Service handles objects in memory, aka 'Connected Devices Platform Service Elevation of Privilege Vulnerability'. CVE-2020-1222 An elevation of privilege vulnerability exists when the Microsoft Store Runtime improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Microsoft Store Runtime Elevation of Privilege Vulnerability'. This CVE ID is unique from ... CVE-2020-1304 An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka 'Windows Runtime Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1231, CVE-2020-1233, CVE-2020-1235, CVE-2020-1265, CVE-2020-1282, CVE-2020-1306, CVE-2020-1334 ... CVE-2020-1305 An elevation of privilege vulnerability exists when the Windows State Repository Service improperly handles objects in memory, aka 'Windows State Repository Service Elevation of Privilege Vulnerability'. CVE-2020-1306 An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka 'Windows Runtime Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1231, CVE-2020-1233, CVE-2020-1235, CVE-2020-1265, CVE-2020-1282, CVE-2020-1304, CVE-2020-1334 ... CVE-2020-1307 An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0986, CVE-2020-1237, CVE-2020-1246, CVE-2020-1262, CVE-2020-1264, CVE-2020-1266, CVE-2020- ... CVE-2020-1300 A remote code execution vulnerability exists when Microsoft Windows fails to properly handle cabinet files.To exploit the vulnerability, an attacker would have to convince a user to either open a specially crafted cabinet file or spoof a network printer and trick a user into installing a malicious c ... CVE-2020-1301 A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 1.0 (SMBv1) server handles certain requests, aka 'Windows SMB Remote Code Execution Vulnerability'. CVE-2020-1302 An elevation of privilege vulnerability exists in Windows Installer because of the way Windows Installer handles certain filesystem operations.To exploit the vulnerability, an attacker would require unprivileged execution on the victim system, aka 'Windows Installer Elevation of Privilege Vulnerabil ... CVE-2020-1147 A remote code execution vulnerability exists in .NET Framework, Microsoft SharePoint, and Visual Studio when the software fails to check the source markup of XML file input, aka '.NET Framework, SharePoint Server, and Visual Studio Remote Code Execution Vulnerability'. CVE-2020-0986 An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1237, CVE-2020-1246, CVE-2020-1262, CVE-2020-1264, CVE-2020-1266, CVE-2020-1269, CVE-2020- ... CVE-2020-1038 <p>A denial of service vulnerability exists when Windows Routing Utilities improperly handles objects in memory. An attacker who successfully exploited the vulnerability could cause a target system to stop responding.</p> <p>To exploit this vulnerability, an attacker would have to log on to an affec ... CVE-2020-1039 <p>A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.</p> <p>An attacker could exploit this vulnerability by enticing a vict ... CVE-2020-1033 <p>An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user���s system.</p> <p>An authenticated attacker could exploit this vulnerabil ... CVE-2020-1034 <p>An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.</p> <p>To exploit the vulnerability, a locally authenticated attacker could run a spe ... CVE-2020-1030 <p>An elevation of privilege vulnerability exists when the Windows Print Spooler service improperly allows arbitrary writing to the file system. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges. An attacker could then install programs ... CVE-2020-1031 <p>An information disclosure vulnerability exists in the way that the Windows Server DHCP service improperly discloses the contents of its memory.</p> <p>To exploit the vulnerability, an unauthenticated attacker could send a specially crafted packet to an affected DHCP server. An attacker who succe ... CVE-2020-1057 <p>A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the ... CVE-2020-1052 <p>An elevation of privilege vulnerability exists in the way that the ssdpsrv.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.</p> <p>To exploit the vulnerability, a locally authenticated attacker could run a specia ... CVE-2020-1053 <p>An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with f ... CVE-2020-1012 <p>An elevation of privilege vulnerability exists in the way that the Wininit.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.</p> <p>There are multiple ways an attacker could exploit the vulnerability:</p> <ul> <li ... CVE-2020-1013 <p>An elevation of privilege vulnerability exists when Microsoft Windows processes group policy updates. An attacker who successfully exploited this vulnerability could potentially escalate permissions or perform additional privileged actions on the target machine.</p> <p>To exploit this vulnerabili ... CVE-2020-0648 <p>An elevation of privilege vulnerability exists when the Windows RSoP Service Application improperly handles memory.</p> <p>To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate priv ... CVE-2020-0989 <p>An information disclosure vulnerability exists when Windows Mobile Device Management (MDM) Diagnostics improperly handles junctions. An attacker who successfully exploited this vulnerability could bypass access restrictions to read files.</p> <p>To exploit this vulnerability, an attacker would fi ... CVE-2020-0997 <p>A remote code execution vulnerability exists when the Windows Camera Codec Pack improperly handles objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rig ... CVE-2020-0998 <p>An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context.</p> <p>In a local attack scenario, an attacker could exploit this vulnerab ... CVE-2020-0941 <p>An information disclosure vulnerability exists when the win32k component improperly provides kernel information. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user���s system.</p> <p>To exploit the vulnerability, an attacker would have ... CVE-2020-0951 <p>A security feature bypass vulnerability exists in Windows Defender Application Control (WDAC) which could allow an attacker to bypass WDAC enforcement. An attacker who successfully exploited this vulnerability could execute PowerShell commands that would be blocked by WDAC.</p> <p>To exploit the ... CVE-2020-0908 <p>A remote code execution vulnerability exists when the Windows Text Service Module improperly handles memory. An attacker who successfully exploited the vulnerability could gain execution on a victim system.</p> <p>An attacker could host a specially crafted website that is designed to exploit the ... CVE-2020-0904 <p>A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate specific malicious data from a user on a guest operating system.</p> <p>To exploit the vulnerability, an attacker who already has a privileged account on a guest operating system, running a ... CVE-2020-0911 <p>An elevation of privilege vulnerability exists when Windows Modules Installer improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in an elevated context.</p> <p>An attacker could exploit this vulnerability by running a specially ... CVE-2020-0912 <p>An elevation of privilege vulnerability exists when the Windows Function Discovery SSDP Provider improperly handles memory.</p> <p>To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elev ... CVE-2020-0914 <p>An information disclosure vulnerability exists when the Windows State Repository Service improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user���s system.</p> <p>An attacker could exploit this vulner ... CVE-2020-0921 Microsoft Graphics Component Denial of Service Vulnerability CVE-2020-0922 <p>A remote code execution vulnerability exists in the way that Microsoft COM for Windows handles objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code on a target system.</p> <p>To exploit the vulnerability, a user would have to open a specially cr ... CVE-2020-0928 <p>An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user���s system.</p> <p>To exploit this vulnerability, an attacker would have t ... CVE-2020-0875 <p>An information disclosure vulnerability exists in how splwow64.exe handles certain calls. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user���s system (low-integrity to medium-integrity).</p> <p>This vulnerability by itself does not ... CVE-2020-0886 <p>An elevation of privilege vulnerability exists when the Windows Storage Services improperly handle file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges.</p> <p>To exploit the vulnerability, an attacker would first need code execution on a victi ... CVE-2020-0890 <p>A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate specific malicious data from a user on a guest operating system.</p> <p>To exploit the vulnerability, an attacker who already has a privileged account on a guest operating system, running a ... CVE-2020-0839 <p>An elevation of privilege vulnerability exists in the way that the dnsrslvr.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.</p> <p>To exploit the vulnerability, a locally authenticated attacker could run a speci ... CVE-2020-0837 <p>An elevation of privilege vulnerability exists when Active Directory Federation Services (ADFS) improperly handles multi-factor authentication requests. An attacker who successfully exploited this vulnerability could bypass some, but not all, of the authentication factors.</p> <p>To exploit this ... CVE-2020-0838 <p>An elevation of privilege vulnerability exists when NTFS improperly checks access. An attacker who successfully exploited this vulnerability could run processes in an elevated context.</p> <p>To exploit the vulnerability, an attacker would first have to log on to the system, and then run a specia ... CVE-2020-0805 <p>A security feature bypass vulnerability exists when a Windows Projected Filesystem improperly handles file redirections. An attacker who successfully exploited this vulnerability could delete a targeted file they would not have permissions to.</p> <p>To exploit this vulnerability, an attacker wou ... CVE-2020-0782 <p>An elevation of privilege vulnerability exists when the Windows Cryptographic Catalog Services improperly handle objects in memory. An attacker who successfully exploited this vulnerability could modify the cryptographic catalog.</p> <p>To exploit this vulnerability, an attacker would first have ... CVE-2020-0790 <p>A local elevation of privilege vulnerability exists in how splwow64.exe handles certain calls. An attacker who successfully exploited the vulnerability could elevate privileges on an affected system from low-integrity to medium-integrity.</p> <p>This vulnerability by itself does not allow arbitra ... CVE-2020-0766 <p>An elevation of privilege vulnerability exists when the Microsoft Store Runtime improperly handles memory.</p> <p>To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.</ ... CVE-2020-1074 <p>A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.</p> <p>An attacker could exploit this vulnerability by enticing a vict ... CVE-2020-1083 <p>An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user���s system.</p> <p>To exploit this vulnerability, an ... CVE-2020-1091 <p>An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise a user���s system.</p> <p>There are multiple ways an attacker coul ... CVE-2020-1098 <p>An elevation of privilege vulnerability exists when the Shell infrastructure component improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context.</p> <p>To exploit this vulnerability, an attacker would first have to ... CVE-2020-1097 <p>An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise a user���s system.</p> <p>There are multiple ways an attacker coul ... CVE-2020-1476 An elevation of privilege vulnerability exists when ASP.NET or .NET web applications running on IIS improperly allow access to cached files. An attacker who successfully exploited this vulnerability could gain access to restricted files. To exploit this vulnerability, an attacker would need to send ... CVE-2020-1477 A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory. An attacker who successfully exploited the vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights. There are multiple ways an attacke ... CVE-2020-1478 A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory. An attacker who successfully exploited the vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights. There are multiple ways an attacke ... CVE-2020-1479 An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full ... CVE-2020-1473 A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open ... CVE-2020-1474 An information disclosure vulnerability exists when the Windows Image Acquisition (WIA) Service improperly discloses contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user���s system. To exploit the vulnerability, an a ... CVE-2020-1475 An elevation of privilege vulnerability exists in the way that the srmsvc.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. To exploit the vulnerability, a locally authenticated attacker could run a specially crafted ... CVE-2020-1470 An elevation of privilege vulnerability exists when the Windows Work Folders Service improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges. The se ... CVE-2020-1471 <p>An elevation of privilege vulnerability exists when Microsoft Windows CloudExperienceHost fails to check COM objects. An attacker who successfully exploited the vulnerability could gain elevated privileges on a targeted system.</p> <p>To exploit the vulnerability, an attacker would have to log on ... CVE-2020-1487 An information disclosure vulnerability exists when Media Foundation improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user���s system. To exploit this vulnerability, an attacker would have to log onto a ... CVE-2020-1488 An elevation of privilege vulnerability exists when the Windows AppX Deployment Extensions improperly performs privilege management, resulting in access to system files. To exploit this vulnerability, an authenticated attacker would need to run a specially crafted application to elevate privileges. ... CVE-2020-1489 An elevation of privilege vulnerability exists when the Windows CSC Service improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges. The security up ... CVE-2020-1484 An elevation of privilege vulnerability exists when the Windows Work Folders Service improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges. The se ... CVE-2020-1485 An information disclosure vulnerability exists when the Windows Image Acquisition (WIA) Service improperly discloses contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user���s system. To exploit the vulnerability, an a ... CVE-2020-1486 An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new a ... CVE-2020-1480 An elevation of privilege vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete da ... CVE-2020-1490 An elevation of privilege vulnerability exists when the Storage Service improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges on the victim system. To exploit the vulnerability, an attacker would first have to gain execution on t ... CVE-2020-1491 <p>An elevation of privilege vulnerability exists in the way that the Windows Function Discovery Service handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.</p> <p>To exploit the vulnerability, a locally authenticated atta ... CVE-2020-1492 A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory. An attacker who successfully exploited the vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights. There are multiple ways an attacke ... CVE-2020-1459 An information disclosure vulnerability exists on ARM implementations that use speculative execution in control flow via a side-channel analysis, aka "straight-line speculation." To exploit this vulnerability, an attacker with local privileges would need to run a specially crafted applicat ... CVE-2020-1467 An elevation of privilege vulnerability exists when Windows improperly handles hard links. An attacker who successfully exploited this vulnerability could overwrite a targeted file leading to an elevated status. To exploit this vulnerability, an attacker would first have to log on to the system. An ... CVE-2020-1506 <p>An elevation of privilege vulnerability exists in the way that the Wininit.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.</p> <p>There are multiple ways an attacker could exploit the vulnerability:</p> <ul> <li ... CVE-2020-1507 <p>An elevation of privilege vulnerability exists in the way that Microsoft COM for Windows handles objects in memory. An attacker who successfully exploited the vulnerability could gain elevated privileges on a targeted system.</p> <p>To exploit the vulnerability, a user would have to open a specia ... CVE-2020-1508 <p>A remote code execution vulnerability exists when Windows Media Audio Decoder improperly handles objects. An attacker who successfully exploited the vulnerability could take control of an affected system.</p> <p>There are multiple ways an attacker could exploit the vulnerability, such as by convi ... CVE-2020-1509 An elevation of privilege vulnerability exists in the Local Security Authority Subsystem Service (LSASS) when an authenticated attacker sends a specially crafted authentication request. A remote attacker who successfully exploited this vulnerability could cause an elevation of privilege on the targe ... CVE-2020-1513 An elevation of privilege vulnerability exists when the Windows CSC Service improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges. The security up ... CVE-2020-1515 An elevation of privilege vulnerability exists when the Windows Telephony Server improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges. The securi ... CVE-2020-1516 An elevation of privilege vulnerability exists when the Windows Work Folders Service improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges. The se ... CVE-2020-1510 An information disclosure vulnerability exists when the win32k component improperly provides kernel information. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user���s system. To exploit this vulnerability, an attacker would have to log o ... CVE-2020-1511 An elevation of privilege vulnerability exists when Connected User Experiences and Telemetry Service improperly handles file operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could exploit this vulnerability by running a spe ... CVE-2020-1512 An information disclosure vulnerability exists when the Windows State Repository Service improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user���s system. An attacker could exploit this vulnerability by ... CVE-2020-1517 An elevation of privilege vulnerability exists when the Windows File Server Resource Management Service improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate ... CVE-2020-1518 An elevation of privilege vulnerability exists when the Windows File Server Resource Management Service improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate ... CVE-2020-1519 An elevation of privilege vulnerability exists when the Windows UPnP Device Host improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges. The securi ... CVE-2020-1524 An elevation of privilege vulnerability exists when the Windows Speech Shell Components improperly handle memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges. The ... CVE-2020-1525 A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory. An attacker who successfully exploited the vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights. There are multiple ways an attacke ... CVE-2020-1526 An elevation of privilege vulnerability exists when the Windows Network Connection Broker improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges. T ... CVE-2020-1527 An elevation of privilege vulnerability exists when the Windows Custom Protocol Engine improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges. The ... CVE-2020-1520 A remote code execution vulnerability exists when the Windows Font Driver Host improperly handles memory. An attacker who successfully exploited the vulnerability would gain execution on a victim system. The security update addresses the vulnerability by correcting how the Windows Font Driver Host h ... CVE-2020-1521 An elevation of privilege vulnerability exists when the Windows Speech Runtime improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges. The security ... CVE-2020-1522 An elevation of privilege vulnerability exists when the Windows Speech Runtime improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges. The security ... CVE-2020-1528 An elevation of privilege vulnerability exists when the Windows Radio Manager API improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges. The secur ... CVE-2020-1529 An elevation of privilege vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete da ... CVE-2020-1535 An elevation of privilege vulnerability exists when the Windows Backup Engine improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges. The security ... CVE-2020-1536 An elevation of privilege vulnerability exists when the Windows Backup Engine improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges. The security ... CVE-2020-1537 An elevation of privilege vulnerability exists when the Windows Remote Access improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges. To exploit the vulnerability, an attacker would first need code execution on a victim system. An ... CVE-2020-1538 An elevation of privilege vulnerability exists when the Windows UPnP Device Host improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges. The securi ... CVE-2020-1531 An elevation of privilege vulnerability exists when the Windows Accounts Control improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges. The securi ... CVE-2020-1532 <p>An elevation of privilege vulnerability exists when the Windows InstallService improperly handles memory.</p> <p>To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.</p ... CVE-2020-1533 An elevation of privilege vulnerability exists in the way that the Windows WalletService handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. To exploit the vulnerability, a locally authenticated attacker could run a specia ... CVE-2020-1534 An elevation of privilege vulnerability exists when the Windows Backup Service improperly handles file operations. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges. The ... CVE-2020-1530 An elevation of privilege vulnerability exists when Windows Remote Access improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges. The security upda ... CVE-2020-1539 An elevation of privilege vulnerability exists when the Windows Backup Engine improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges. The security ... CVE-2020-1546 An elevation of privilege vulnerability exists when the Windows Backup Engine improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges. The security ... CVE-2020-1547 An elevation of privilege vulnerability exists when the Windows Backup Engine improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges. The security ... CVE-2020-1548 An information disclosure vulnerability exists when the Windows WaasMedic Service improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to improperly disclose memory. T ... CVE-2020-1549 An elevation of privilege vulnerability exists when the Windows CDP User Components improperly handle memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges. The secu ... CVE-2020-1542 An elevation of privilege vulnerability exists when the Windows Backup Engine improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges. The security ... CVE-2020-1543 An elevation of privilege vulnerability exists when the Windows Backup Engine improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges. The security ... CVE-2020-1544 An elevation of privilege vulnerability exists when the Windows Backup Engine improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges. The security ... CVE-2020-1545 An elevation of privilege vulnerability exists when the Windows Backup Engine improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges. The security ... CVE-2020-1540 An elevation of privilege vulnerability exists when the Windows Backup Engine improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges. The security ... CVE-2020-1541 An elevation of privilege vulnerability exists when the Windows Backup Engine improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges. The security ... CVE-2020-1377 An elevation of privilege vulnerability exists when the Windows Kernel API improperly handles registry objects in memory. An attacker who successfully exploited the vulnerability could gain elevated privileges on a targeted system. A locally authenticated attacker could exploit this vulnerability by ... CVE-2020-1378 An elevation of privilege vulnerability exists when the Windows Kernel API improperly handles registry objects in memory. An attacker who successfully exploited the vulnerability could gain elevated privileges on a targeted system. A locally authenticated attacker could exploit this vulnerability by ... CVE-2020-1379 A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory. An attacker who successfully exploited the vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights. There are multiple ways an attacke ... CVE-2020-1376 <p>An elevation of privilege vulnerability exists in the way that fdSSDP.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.</p> <p>To exploit the vulnerability, a locally authenticated attacker could run a specially c ... CVE-2020-1383 An information disclosure vulnerability exists in RPC if the server has Routing and Remote Access enabled. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user���s system To exploit this vulnerability, an attacker would need to run a speci ... CVE-2020-1308 <p>An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with f ... CVE-2020-1319 <p>A remote code execution vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or c ... CVE-2020-1337 An elevation of privilege vulnerability exists when the Windows Print Spooler service improperly allows arbitrary writing to the file system. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges. An attacker could then install programs; v ... CVE-2020-1339 A remote code execution vulnerability exists when Windows Media Audio Codec improperly handles objects. An attacker who successfully exploited the vulnerability could take control of an affected system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user ... CVE-2020-1347 An elevation of privilege vulnerability exists when the Windows Storage Services improperly handle file operations, aka 'Windows Storage Services Elevation of Privilege Vulnerability'. CVE-2020-1417 An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new a ... CVE-2020-1285 <p>A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or de ... CVE-2020-1245 <p>An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; ... CVE-2020-1256 <p>An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user���s system.</p> <p>There are multiple ways an attacker co ... CVE-2020-1252 <p>A remote code execution vulnerability exists when Windows improperly handles objects in memory. To exploit the vulnerability an attacker would have to convince a user to run a specially crafted application.</p> <p>An attacker who successfully exploited this vulnerability could execute arbitrary c ... CVE-2020-1250 <p>An information disclosure vulnerability exists when the win32k component improperly provides kernel information. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user���s system.</p> <p>To exploit this vulnerability, an attacker would hav ... CVE-2020-1303 <p>An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in an elevated context.</p> <p>An attacker could exploit this vulnerability by running a specially craft ... CVE-2020-1159 <p>An elevation of privilege vulnerability exists in the way that the StartTileData.dll handles file creation in protected locations. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.</p> <p>To exploit the vulnerability, a locally authenticated at ... CVE-2020-1152 <p>An elevation of privilege vulnerability exists when Windows improperly handles calls to Win32k.sys. An attacker who successfully exploited the vulnerability could gain elevated privileges on a targeted system.</p> <p>To exploit the vulnerability, an attacker would have to log on to an affected sy ... CVE-2020-1169 <p>An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in an elevated context.</p> <p>An attacker could exploit this vulnerability by running a specially craft ... CVE-2020-1162 An elevation of privilege (user to user) vulnerability exists in Windows Security Health Service when handling certain objects in memory.To exploit the vulnerability, an attacker would first have to log on to the system, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from ... CVE-2020-1172 <p>A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the ... CVE-2020-1180 <p>A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the ... CVE-2020-1119 <p>An information disclosure vulnerability exists when StartTileData.dll improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user���s system.</p> <p>To exploit this vulnerability, an attacker would have to ... CVE-2020-1115 <p>An elevation of privilege vulnerability exists when the <a href="https://technet.microsoft.com/library/security/dn848375.aspx#CLFS">Windows Common Log File System (CLFS)</a> driver improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes ... CVE-2020-1129 <p>A remote code execution vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or c ... CVE-2020-1122 <p>An elevation of privilege vulnerability exists when the Windows Language Pack Installer improperly handles file operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context.</p> <p>An attacker could exploit this vulnerability by running a specia ... CVE-2020-1133 <p>An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector improperly handles file operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context.</p> <p>An attacker could exploit this vulnerability by running a spe ... CVE-2020-1130 <p>An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector improperly handles data operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context.</p> <p>An attacker could exploit this vulnerability by running a spe ... CVE-2020-1146 <p>An elevation of privilege vulnerability exists when the Microsoft Store Runtime improperly handles memory.</p> <p>To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.</ ... CVE-2020-1557 A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open ... CVE-2020-1558 A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open ... CVE-2020-1559 <p>An elevation of privilege vulnerability exists when the Windows Storage Services improperly handle file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges.</p> <p>To exploit the vulnerability, an attacker would first need code execution on a victi ... CVE-2020-1553 An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in an elevated context. An attacker could exploit this vulnerability by running a specially crafted applica ... CVE-2020-1554 A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory. An attacker who successfully exploited the vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights. There are multiple ways an attacke ... CVE-2020-1555 A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge (HTML-based). The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfu ... CVE-2020-1556 An elevation of privilege vulnerability exists in the way that the Windows WalletService handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. To exploit the vulnerability, a locally authenticated attacker could run a specia ... CVE-2020-1550 An elevation of privilege vulnerability exists when the Windows CDP User Components improperly handle memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges. The secu ... CVE-2020-1551 An elevation of privilege vulnerability exists when the Windows Backup Engine improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges. The security ... CVE-2020-1552 An elevation of privilege vulnerability exists when the Windows Work Folder Service improperly handles file operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could exploit this vulnerability by running a specially crafted ap ... CVE-2020-1568 A remote code execution vulnerability exists when Microsoft Edge PDF Reader improperly handles objects in memory. The vulnerability could corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vul ... CVE-2020-1569 A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability ... CVE-2020-1564 A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open ... CVE-2020-1565 An elevation of privilege vulnerability exists when the "Public Account Pictures" folder improperly handles junctions. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate p ... CVE-2020-1566 An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new a ... CVE-2020-1561 A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code on a target system. To exploit the vulnerability, a user would have to open a specially crafted f ... CVE-2020-1562 A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code on a target system. To exploit the vulnerability, a user would have to open a specially crafted f ... CVE-2020-16854 <p>An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user���s system.</p> <p>To exploit this vulnerability, an attacker would have t ... CVE-2020-16879 <p>An information disclosure vulnerability exists when a Windows Projected Filesystem improperly handles file redirections. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user's system</p> <p>To exploit this vulnerability, an attacker wou ... CVE-2020-17162 Microsoft Windows Security Feature Bypass Vulnerability CVE-2020-1598 <p>An elevation of privilege vulnerability exists when the Windows Universal Plug and Play (UPnP) service improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges. An attacker could then install programs; ... CVE-2020-1593 <p>A remote code execution vulnerability exists when Windows Media Audio Decoder improperly handles objects. An attacker who successfully exploited the vulnerability could take control of an affected system.</p> <p>There are multiple ways an attacker could exploit the vulnerability, such as by convi ... CVE-2020-1596 <p>A information disclosure vulnerability exists when TLS components use weak hash algorithms. An attacker who successfully exploited this vulnerability could obtain information to further compromise a users's encrypted transmission channel.</p> <p>To exploit the vulnerability, an attacker would hav ... CVE-2020-1590 <p>An elevation of privilege vulnerability exists when the Connected User Experiences and Telemetry Service improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges on the victim system.</p> <p>To exploit the vulnerability, an attac ... CVE-2020-1592 <p>An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory.</p> <p>To exploit this vulnerability, an authenticated attacker could run a specially crafted application. An attacker who successfully exploited this vulnerability could obtain inform ... CVE-2020-1579 An elevation of privilege vulnerability exists when the Windows Function Discovery SSDP Provider improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privil ... CVE-2020-1577 An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user���s system. There are multiple ways an attacker could exploit the vulnerab ... CVE-2020-1578 An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass. An attacker who successfully exploited the vulnerability could retrieve the memory address of a kern ... CVE-2020-1587 An elevation of privilege vulnerability exists when the Windows Ancillary Function Driver for WinSock improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate p ... CVE-2020-1589 <p>An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user���s system.</p> <p>To exploit this vulnerability, an attacker would have t ... CVE-2020-1584 An elevation of privilege vulnerability exists in the way that the dnsrslvr.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. To exploit the vulnerability, a locally authenticated attacker could run a specially craft ... CVE-2020-1464 A spoofing vulnerability exists when Windows incorrectly validates file signatures. An attacker who successfully exploited this vulnerability could bypass security features and load improperly signed files. In an attack scenario, an attacker could bypass security features intended to prevent imprope ... CVE-2020-1380 A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploi ... CVE-2020-1567 A remote code execution vulnerability exists in the way that the MSHTML engine improperly validates input. An attacker could execute arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnera ... CVE-2020-1570 A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploi ... CVE-2020-0878 <p>A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory. The vulnerability could corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerabi ... CVE-2021-26419 Scripting Engine Memory Corruption Vulnerability CVE-2021-31165 Windows Container Manager Service Elevation of Privilege Vulnerability CVE-2021-31167 Windows Container Manager Service Elevation of Privilege Vulnerability CVE-2021-31169 Windows Container Manager Service Elevation of Privilege Vulnerability CVE-2021-31168 Windows Container Manager Service Elevation of Privilege Vulnerability CVE-2021-31170 Windows Graphics Component Elevation of Privilege Vulnerability CVE-2021-31187 Windows WalletService Elevation of Privilege Vulnerability CVE-2021-31186 Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability CVE-2021-31188 Windows Graphics Component Elevation of Privilege Vulnerability CVE-2021-31182 Microsoft Bluetooth Driver Spoofing Vulnerability CVE-2021-31185 Windows Desktop Bridge Denial of Service Vulnerability CVE-2021-31184 Microsoft Windows Infrared Data Association (IrDA) Information Disclosure Vulnerability CVE-2021-31194 OLE Automation Remote Code Execution Vulnerability CVE-2021-31193 Windows SSDP Service Elevation of Privilege Vulnerability CVE-2021-31192 Windows Media Foundation Core Remote Code Execution Vulnerability CVE-2021-31191 Windows Projected File System FS Filter Driver Information Disclosure Vulnerability CVE-2021-28455 Microsoft Jet Red Database Engine and Access Connectivity Engine Remote Code Execution Vulnerability CVE-2021-28479 Windows CSC Service Information Disclosure Vulnerability CVE-2021-31205 Windows SMB Client Security Feature Bypass Vulnerability CVE-2021-31208 Windows Container Manager Service Elevation of Privilege Vulnerability CVE-2021-31166 HTTP Protocol Stack Remote Code Execution Vulnerability CVE-2020-15705 GRUB2 fails to validate kernel signature when booted directly without shim, allowing secure boot to be bypassed. This only affects systems where the kernel signing certificate has been imported directly into the secure boot database and the GRUB image is booted directly without the use of shim. This ... CVE-2021-1700 Remote Procedure Call Runtime Remote Code Execution Vulnerability CVE-2021-1702 Windows Remote Procedure Call Runtime Elevation of Privilege Vulnerability CVE-2021-1701 Remote Procedure Call Runtime Remote Code Execution Vulnerability CVE-2021-1703 Windows Event Logging Service Elevation of Privilege Vulnerability CVE-2021-1706 Windows LUAFV Elevation of Privilege Vulnerability CVE-2021-1705 Microsoft Edge (HTML-based) Memory Corruption Vulnerability CVE-2021-1708 Windows GDI+ Information Disclosure Vulnerability CVE-2021-1709 Windows Win32k Elevation of Privilege Vulnerability CVE-2021-1710 Microsoft Windows Media Foundation Remote Code Execution Vulnerability CVE-2021-1642 Windows AppX Deployment Extensions Elevation of Privilege Vulnerability CVE-2021-1645 Windows Docker Information Disclosure Vulnerability CVE-2021-1646 Windows WLAN Service Elevation of Privilege Vulnerability CVE-2021-1649 Active Template Library Elevation of Privilege Vulnerability CVE-2021-1650 Windows Runtime C++ Template Library Elevation of Privilege Vulnerability CVE-2021-1652 Windows CSC Service Elevation of Privilege Vulnerability CVE-2021-1651 Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability CVE-2021-1654 Windows CSC Service Elevation of Privilege Vulnerability CVE-2021-1653 Windows CSC Service Elevation of Privilege Vulnerability CVE-2021-1656 TPM Device Driver Information Disclosure Vulnerability CVE-2021-1655 Windows CSC Service Elevation of Privilege Vulnerability CVE-2021-1658 Remote Procedure Call Runtime Remote Code Execution Vulnerability CVE-2021-1657 Windows Fax Compose Form Remote Code Execution Vulnerability CVE-2021-1659 Windows CSC Service Elevation of Privilege Vulnerability CVE-2021-1638 Windows Bluetooth Security Feature Bypass Vulnerability CVE-2021-1637 Windows DNS Query Information Disclosure Vulnerability CVE-2021-1681 Windows WalletService Elevation of Privilege Vulnerability CVE-2021-1680 Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability CVE-2021-1683 Windows Bluetooth Security Feature Bypass Vulnerability CVE-2021-1682 Windows Kernel Elevation of Privilege Vulnerability CVE-2021-1685 Windows AppX Deployment Extensions Elevation of Privilege Vulnerability CVE-2021-1684 Windows Bluetooth Security Feature Bypass Vulnerability CVE-2021-1687 Windows WalletService Elevation of Privilege Vulnerability CVE-2021-1686 Windows WalletService Elevation of Privilege Vulnerability CVE-2021-1689 Windows Multipoint Management Elevation of Privilege Vulnerability CVE-2021-1688 Windows CSC Service Elevation of Privilege Vulnerability CVE-2021-1690 Windows WalletService Elevation of Privilege Vulnerability CVE-2021-1691 Windows Hyper-V Denial of Service Vulnerability CVE-2021-1694 Windows Update Stack Elevation of Privilege Vulnerability CVE-2021-1693 Windows CSC Service Elevation of Privilege Vulnerability CVE-2021-1696 Windows Graphics Component Information Disclosure Vulnerability CVE-2021-1695 Windows Print Spooler Elevation of Privilege Vulnerability CVE-2021-1697 Windows InstallService Elevation of Privilege Vulnerability CVE-2021-1699 Windows (modem.sys) Information Disclosure Vulnerability CVE-2021-1661 Windows Installer Elevation of Privilege Vulnerability CVE-2021-1660 Remote Procedure Call Runtime Remote Code Execution Vulnerability CVE-2021-1663 Windows Projected File System FS Filter Driver Information Disclosure Vulnerability CVE-2021-1662 Windows Event Tracing Elevation of Privilege Vulnerability CVE-2021-1665 GDI+ Remote Code Execution Vulnerability CVE-2021-1664 Remote Procedure Call Runtime Remote Code Execution Vulnerability CVE-2021-1667 Remote Procedure Call Runtime Remote Code Execution Vulnerability CVE-2021-1666 Remote Procedure Call Runtime Remote Code Execution Vulnerability CVE-2021-1669 Windows Remote Desktop Security Feature Bypass Vulnerability CVE-2021-1668 Microsoft DTV-DVD Video Decoder Remote Code Execution Vulnerability CVE-2021-1670 Windows Projected File System FS Filter Driver Information Disclosure Vulnerability CVE-2021-1672 Windows Projected File System FS Filter Driver Information Disclosure Vulnerability CVE-2021-1671 Remote Procedure Call Runtime Remote Code Execution Vulnerability CVE-2021-1674 Windows Remote Desktop Protocol Core Security Feature Bypass Vulnerability CVE-2021-1673 Remote Procedure Call Runtime Remote Code Execution Vulnerability CVE-2021-1676 Windows NT Lan Manager Datagram Receiver Driver Information Disclosure Vulnerability CVE-2021-1678 Windows Print Spooler Spoofing Vulnerability CVE-2021-1679 Windows CryptoAPI Denial of Service Vulnerability CVE-2021-1648 Microsoft splwow64 Elevation of Privilege Vulnerability CVE-2020-15707 Integer overflows were discovered in the functions grub_cmd_initrd and grub_initrd_init in the efilinux component of GRUB2, as shipped in Debian, Red Hat, and Ubuntu (the functionality is not included in GRUB2 upstream), leading to a heap-based buffer overflow. These could be triggered by an extreme ... CVE-2020-15706 GRUB2 contains a race condition in grub_script_function_create() leading to a use-after-free vulnerability which can be triggered by redefining a function whilst the same function is already executing, leading to arbitrary code execution and secure boot restriction bypass. This issue affects GRUB2 v ... |
