May 2020 Security Updates Security Update secure@microsoft.com The Microsoft Security Response Center (MSRC) identifies, monitors, resolves, and responds to security incidents and Microsoft software security vulnerabilities. For more information, see http://www.microsoft.com/security/msrc. 2020-May 2020-May Final 1.0 12 2026-02-18T02:47:08 May 2020 Security Updates 2020-05-12T07:00:00Z 2026-02-18T02:47:08 <p>The May 2020 security release consists of security updates for the following software:</p> <ul> <li>Microsoft Windows</li> <li>Microsoft Edge (EdgeHTML-based)</li> <li>Microsoft Edge (Chromium-based)</li> <li>ChakraCore</li> <li>Internet Explorer</li> <li>Microsoft Office and Microsoft Office Services and Web Apps</li> <li>Windows Defender</li> <li>Visual Studio</li> <li>Microsoft Dynamics</li> <li>.NET Framework</li> <li>.NET Core</li> <li>Power BI</li> </ul> <p>Please note the following information regarding the security updates:</p> <ul> <li>For information regarding enabling Windows 10, version 1909 features, please see Windows 10, version 1909 delivery options. Note that Windows 10, versions 1903 and 1909 share a common core operating system with an identical set of system files. They will also share the same security update KBs.</li> <li>Windows 10 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10, in addition to non-security updates. The updates are available via the <a href="http://catalog.update.microsoft.com/v7/site/Home.aspx">Microsoft Update Catalog</a>.</li> <li>For information on lifecycle and support dates for Windows 10 operating systems, please see <a href="https://support.microsoft.com/en-us/help/13853/windows-lifecycle-fact-sheet">Windows Lifecycle Facts Sheet</a>.</li> <li>A list of the latest servicing stack updates for each operating system can be found in <a href="https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV990001">ADV990001</a>. This list will be updated whenever a new servicing stack update is released. It is important to install the latest servicing stack update.</li> <li>Updates for Windows RT 8.1 and Microsoft Office RT software are only available via <a href="http://go.microsoft.com/fwlink/?LinkId=21130">Windows Update</a>.</li> <li>In addition to security changes for the vulnerabilities, updates include defense-in-depth updates to help improve security-related features.</li> <li>Customers running Windows 7, Windows Server 2008 R2, or Windows Server 2008 need to purchase the Extended Security Update to continue receiving security updates. See <a href="https://support.microsoft.com/en-us/help/4522133/procedure-to-continue-receiving-security-updates">4522133</a> for more information.</li> </ul> <p><strong>The following CVEs have FAQs with additional information and may include * further steps to take after installing the updates. Please note that this is not a complete list of CVEs for this release.</strong></p> <ul> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0901">CVE-2020-0901</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0963">CVE-2020-0963</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1072">CVE-2020-1072</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1075">CVE-2020-1075</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1103">CVE-2020-1103</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1116">CVE-2020-1116</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1141">CVE-2020-1141</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1145">CVE-2020-1145</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1173">CVE-2020-1173</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1179">CVE-2020-1179</a></li> </ul> <p><strong>Known Issues</strong></p> <p>The following KBs contain information about known issues with the security updates. For a complete list of security update KBs, please see <a href="https://support.microsoft.com/help/20200512">20200512</a>. For more information about Windows Known Issues, please see <a href="https://docs.microsoft.com/en-us/windows/release-information/windows-message-center">Windows message center</a> (links to currently-supported versions of Windows are in the left pane).</p> <table> <thead> <tr> <th>KB Article</th> <th>Applies To</th> </tr> </thead> <tbody> <tr> <td><a href="https://support.microsoft.com/help/4551853">4551853</a></td> <td>Windows 10 Version 1809, Windows Server 2019</td> </tr> <tr> <td><a href="https://support.microsoft.com/help/4556813">4556813</a></td> <td>Windows 10, version 1607, Windows Server 2016</td> </tr> <tr> <td><a href="https://support.microsoft.com/help/4556836">4556836</a></td> <td>Windows 7, Windows Server 2008 R2 (Monthly Rollup)</td> </tr> <tr> <td><a href="https://support.microsoft.com/help/4556843">4556843</a></td> <td>Windows 7, Windows Server 2008 R2 (Security-only update)</td> </tr> <tr> <td><a href="https://support.microsoft.com/help/4556854">4556854</a></td> <td>Windows Server 2008 Service Pack 2 (Security-only update)</td> </tr> <tr> <td><a href="https://support.microsoft.com/help/4556860">4556860</a></td> <td>Windows Server 2008 Service Pack 2 (Monthly Rollup)</td> </tr> </tbody> </table> The information provided in the Microsoft Knowledge Base is provided "as is" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply. Microsoft 365 Apps for Enterprise for 64-bit Systems Microsoft Office 2019 for 32-bit editions Microsoft Office 2019 for 64-bit editions Microsoft Office 2019 for Mac Microsoft Excel 2016 (32-bit edition) Microsoft Excel 2016 (64-bit edition) Microsoft Office 2016 for Mac Microsoft Excel 2010 Service Pack 2 (32-bit editions) Microsoft Excel 2010 Service Pack 2 (64-bit editions) Microsoft Excel 2013 RT Service Pack 1 Microsoft Excel 2013 Service Pack 1 (32-bit editions) Microsoft Excel 2013 Service Pack 1 (64-bit editions) Microsoft 365 Apps for Enterprise for 32-bit Systems Microsoft SharePoint Enterprise Server 2016 Microsoft SharePoint Server 2019 Microsoft SharePoint Foundation 2013 Service Pack 1 Microsoft SharePoint Enterprise Server 2013 Service Pack 1 Microsoft SharePoint Server 2010 Service Pack 2 Windows 10 Version 1803 for x64-based Systems Windows Server, version 1803 (Server Core Installation) Windows 10 Version 1809 for x64-based Systems Windows Server 2019 Windows Server 2019 (Server Core installation) Windows 10 Version 1709 for x64-based Systems Windows 10 Version 1903 for x64-based Systems Windows Server, version 1903 (Server Core installation) Windows 10 for x64-based Systems Windows 10 Version 1607 for x64-based Systems Windows Server 2016 Windows Server 2016 (Server Core installation) Windows 8.1 for x64-based systems Windows Server 2012 Windows Server 2012 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 R2 (Server Core installation) Windows 10 Version 1909 for x64-based Systems Windows Server, version 1909 (Server Core installation) Windows 10 Version 1803 for 32-bit Systems Windows 10 Version 1803 for ARM64-based Systems Windows 10 Version 1809 for 32-bit Systems Windows 10 Version 1809 for ARM64-based Systems Windows 10 Version 1909 for 32-bit Systems Windows 10 Version 1909 for ARM64-based Systems Windows 10 Version 1709 for 32-bit Systems Windows 10 Version 1709 for ARM64-based Systems Windows 10 Version 1903 for 32-bit Systems Windows 10 Version 1903 for ARM64-based Systems Windows 10 for 32-bit Systems Windows 10 Version 1607 for 32-bit Systems None Available Windows 8.1 for 32-bit systems Windows RT 8.1 Windows 7 for x64-based Systems Service Pack 1 Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows 7 for 32-bit Systems Service Pack 1 Windows Server 2008 for 32-bit Systems Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Internet Explorer 9 on Windows Server 2008 for 32-bit Systems Service Pack 2 Internet Explorer 9 on Windows Server 2008 for x64-based Systems Service Pack 2 Visual Studio Code Microsoft .NET Framework 3.0 Service Pack 2 on Windows Server 2008 for 32-bit Systems Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 on Windows Server 2008 for x64-based Systems Service Pack 2 Microsoft .NET Framework 3.5.1 on Windows 7 for 32-bit Systems Service Pack 1 Microsoft .NET Framework 3.5.1 on Windows 7 for x64-based Systems Service Pack 1 Microsoft .NET Framework 3.5.1 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 Microsoft .NET Framework 3.5.1 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) .NET Core 3.1 .NET Core 2.1 Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8) Microsoft Visual Studio 2019 version 16.0 Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3) Microsoft Visual Studio 2019 version 16.5 .NET 5.0 PowerShell Core 6.2 PowerShell 7.0 Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 on Windows 7 for 32-bit Systems Service Pack 1 Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 on Windows 7 for x64-based Systems Service Pack 1 Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 on Windows 8.1 for 32-bit systems Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 on Windows 8.1 for x64-based systems Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 on Windows RT 8.1 Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2012 Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2012 (Server Core installation) Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2012 R2 Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2012 R2 (Server Core installation) Microsoft .NET Framework 4.8 on Windows 10 Version 1803 for 32-bit Systems Microsoft .NET Framework 4.8 on Windows 10 Version 1803 for x64-based Systems Microsoft .NET Framework 4.8 on Windows Server, version 1803 (Server Core Installation) Microsoft .NET Framework 4.8 on Windows 10 Version 1709 for 32-bit Systems Microsoft .NET Framework 4.8 on Windows 10 Version 1709 for x64-based Systems Microsoft .NET Framework 4.8 on Windows 10 Version 1607 for 32-bit Systems Microsoft .NET Framework 4.8 on Windows 10 Version 1607 for x64-based Systems Microsoft .NET Framework 4.8 on Windows Server 2016 Microsoft .NET Framework 4.8 on Windows Server 2016 (Server Core installation) Microsoft .NET Framework 4.8 on Windows 7 for 32-bit Systems Service Pack 1 Microsoft .NET Framework 4.8 on Windows 7 for x64-based Systems Service Pack 1 Microsoft .NET Framework 4.8 on Windows 8.1 for 32-bit systems Microsoft .NET Framework 4.8 on Windows 8.1 for x64-based systems Microsoft .NET Framework 4.8 on Windows RT 8.1 Microsoft .NET Framework 4.8 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 Microsoft .NET Framework 4.8 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Microsoft .NET Framework 4.8 on Windows Server 2012 Microsoft .NET Framework 4.8 on Windows Server 2012 (Server Core installation) Microsoft .NET Framework 4.8 on Windows Server 2012 R2 Microsoft .NET Framework 4.8 on Windows Server 2012 R2 (Server Core installation) Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1809 for 32-bit Systems Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1809 for x64-based Systems Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2019 Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2019 (Server Core installation) Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1909 for 32-bit Systems Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1909 for x64-based Systems Microsoft .NET Framework 3.5 AND 4.8 on Windows Server, version 1909 (Server Core installation) Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1903 for 32-bit Systems Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1903 for x64-based Systems Microsoft .NET Framework 3.5 AND 4.8 on Windows Server, version 1903 (Server Core installation) Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1803 for 32-bit Systems Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1803 for x64-based Systems Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server, version 1803 (Server Core Installation) Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1809 for 32-bit Systems Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1809 for x64-based Systems Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1809 for ARM64-based Systems Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server 2019 Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server 2019 (Server Core installation) Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows 10 Version 1607 for 32-bit Systems Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows 10 Version 1607 for x64-based Systems Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2016 Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2016 (Server Core installation) Microsoft .NET Framework 3.5 AND 4.7.1/4.7.2 on Windows 10 Version 1709 for 32-bit Systems Microsoft .NET Framework 3.5 AND 4.7.1/4.7.2 on Windows 10 Version 1709 for x64-based Systems Microsoft .NET Framework 4.6 on Windows Server 2008 for 32-bit Systems Service Pack 2 Microsoft .NET Framework 4.6 on Windows Server 2008 for x64-based Systems Service Pack 2 Microsoft .NET Framework 2.0 Service Pack 2 on Windows Server 2008 for 32-bit Systems Service Pack 2 Microsoft .NET Framework 2.0 Service Pack 2 on Windows Server 2008 for x64-based Systems Service Pack 2 Microsoft .NET Framework 3.5 on Windows 8.1 for 32-bit systems Microsoft .NET Framework 3.5 on Windows 8.1 for x64-based systems Microsoft .NET Framework 3.5 on Windows Server 2012 Microsoft .NET Framework 3.5 on Windows Server 2012 (Server Core installation) Microsoft .NET Framework 3.5 on Windows Server 2012 R2 Microsoft .NET Framework 3.5 on Windows Server 2012 R2 (Server Core installation) Microsoft .NET Framework 4.5.2 on Windows 7 for 32-bit Systems Service Pack 1 Microsoft .NET Framework 4.5.2 on Windows 7 for x64-based Systems Service Pack 1 Microsoft .NET Framework 4.5.2 on Windows 8.1 for 32-bit systems Microsoft .NET Framework 4.5.2 on Windows 8.1 for x64-based systems Microsoft .NET Framework 4.5.2 on Windows RT 8.1 Microsoft .NET Framework 4.5.2 on Windows Server 2008 for 32-bit Systems Service Pack 2 Microsoft .NET Framework 4.5.2 on Windows Server 2008 for x64-based Systems Service Pack 2 Microsoft .NET Framework 4.5.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 Microsoft .NET Framework 4.5.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Microsoft .NET Framework 4.5.2 on Windows Server 2012 Microsoft .NET Framework 4.5.2 on Windows Server 2012 (Server Core installation) Microsoft .NET Framework 4.5.2 on Windows Server 2012 R2 Microsoft .NET Framework 4.5.2 on Windows Server 2012 R2 (Server Core installation) Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1903 for ARM64-based Systems Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1909 for ARM64-based Systems Microsoft .NET Framework 3.5 AND 4.7.1/4.7.2 on Windows 10 Version 1709 for ARM64-based Systems Microsoft .NET Framework 3.5 AND 4.6/4.6.1/4.6.2 on Windows 10 for 32-bit Systems Microsoft .NET Framework 3.5 AND 4.6/4.6.1/4.6.2 on Windows 10 for x64-based Systems Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1803 for ARM64-based Systems ASP.NET Core 3.1 Python extension for Visual Studio Code Microsoft Edge (Chromium-based) Internet Explorer 11 on Windows 10 Version 1803 for 32-bit Systems Internet Explorer 11 on Windows 10 Version 1803 for x64-based Systems Internet Explorer 11 on Windows 10 Version 1803 for ARM64-based Systems Internet Explorer 11 on Windows 10 Version 1809 for 32-bit Systems Internet Explorer 11 on Windows 10 Version 1809 for x64-based Systems Internet Explorer 11 on Windows 10 Version 1809 for ARM64-based Systems Internet Explorer 11 on Windows Server 2019 Internet Explorer 11 on Windows 10 Version 1909 for 32-bit Systems Internet Explorer 11 on Windows 10 Version 1909 for x64-based Systems Internet Explorer 11 on Windows 10 Version 1909 for ARM64-based Systems Internet Explorer 11 on Windows 10 Version 1709 for 32-bit Systems Internet Explorer 11 on Windows 10 Version 1709 for x64-based Systems Internet Explorer 11 on Windows 10 Version 1709 for ARM64-based Systems Internet Explorer 11 on Windows 10 Version 1903 for 32-bit Systems Internet Explorer 11 on Windows 10 Version 1903 for x64-based Systems Internet Explorer 11 on Windows 10 Version 1903 for ARM64-based Systems Internet Explorer 11 on Windows 10 for 32-bit Systems Internet Explorer 11 on Windows 10 for x64-based Systems Internet Explorer 11 on Windows 10 Version 1607 for 32-bit Systems Internet Explorer 11 on Windows 10 Version 1607 for x64-based Systems Internet Explorer 11 on Windows Server 2016 Internet Explorer 11 on Windows 7 for 32-bit Systems Service Pack 1 Internet Explorer 11 on Windows 7 for x64-based Systems Service Pack 1 Internet Explorer 11 on Windows 8.1 for 32-bit systems Internet Explorer 11 on Windows 8.1 for x64-based systems Internet Explorer 11 on Windows RT 8.1 Internet Explorer 11 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 Internet Explorer 11 on Windows Server 2012 Internet Explorer 11 on Windows Server 2012 R2 ChakraCore Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for 32-bit Systems Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for x64-based Systems Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for ARM64-based Systems Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for 32-bit Systems Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for x64-based Systems Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for ARM64-based Systems Microsoft Edge (EdgeHTML-based) on Windows Server 2019 Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1909 for 32-bit Systems Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1909 for x64-based Systems Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1909 for ARM64-based Systems Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1709 for 32-bit Systems Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1709 for x64-based Systems Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1709 for ARM64-based Systems Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1903 for 32-bit Systems Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1903 for x64-based Systems Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1903 for ARM64-based Systems Microsoft Edge (EdgeHTML-based) on Windows 10 for 32-bit Systems Microsoft Edge (EdgeHTML-based) on Windows 10 for x64-based Systems Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1607 for 32-bit Systems Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1607 for x64-based Systems Microsoft Edge (EdgeHTML-based) on Windows Server 2016 Microsoft Dynamics 365 (on-premises) version 8.2 Microsoft Dynamics 365 (on-premises) version 9.0 Power BI Report Server Windows 7 for 32-bit Systems Service Pack 1 Windows 7 for x64-based Systems Service Pack 1 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Internet Explorer 9 on Windows Server 2008 for 32-bit Systems Service Pack 2 Internet Explorer 9 on Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2012 Windows Server 2012 (Server Core installation) Windows 8.1 for 32-bit systems Windows 8.1 for x64-based systems Windows Server 2012 R2 Windows RT 8.1 Internet Explorer 11 on Windows 7 for 32-bit Systems Service Pack 1 Internet Explorer 11 on Windows 7 for x64-based Systems Service Pack 1 Internet Explorer 11 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 Internet Explorer 11 on Windows Server 2012 Internet Explorer 11 on Windows 8.1 for 32-bit systems Internet Explorer 11 on Windows 8.1 for x64-based systems Internet Explorer 11 on Windows Server 2012 R2 Internet Explorer 11 on Windows RT 8.1 Internet Explorer 11 on Windows 10 for 32-bit Systems Internet Explorer 11 on Windows 10 for x64-based Systems Internet Explorer 11 on Windows Server 2016 Internet Explorer 11 on Windows 10 Version 1607 for 32-bit Systems Internet Explorer 11 on Windows 10 Version 1607 for x64-based Systems Internet Explorer 11 on Windows 10 Version 1709 for 32-bit Systems Internet Explorer 11 on Windows 10 Version 1709 for x64-based Systems Internet Explorer 11 on Windows 10 Version 1803 for 32-bit Systems Internet Explorer 11 on Windows 10 Version 1803 for x64-based Systems Internet Explorer 11 on Windows 10 Version 1803 for ARM64-based Systems Internet Explorer 11 on Windows 10 Version 1809 for 32-bit Systems Internet Explorer 11 on Windows 10 Version 1809 for x64-based Systems Internet Explorer 11 on Windows 10 Version 1809 for ARM64-based Systems Internet Explorer 11 on Windows Server 2019 Internet Explorer 11 on Windows 10 Version 1709 for ARM64-based Systems Internet Explorer 11 on Windows 10 Version 1903 for 32-bit Systems Internet Explorer 11 on Windows 10 Version 1903 for x64-based Systems Internet Explorer 11 on Windows 10 Version 1903 for ARM64-based Systems Internet Explorer 11 on Windows 10 Version 1909 for 32-bit Systems Internet Explorer 11 on Windows 10 Version 1909 for x64-based Systems Internet Explorer 11 on Windows 10 Version 1909 for ARM64-based Systems Microsoft Excel 2010 Service Pack 2 (32-bit editions) Microsoft Excel 2010 Service Pack 2 (64-bit editions) Microsoft SharePoint Server 2010 Service Pack 2 Windows Server 2012 R2 (Server Core installation) Microsoft SharePoint Foundation 2013 Service Pack 1 Microsoft .NET Framework 4.5.2 on Windows 7 for 32-bit Systems Service Pack 1 Microsoft .NET Framework 4.5.2 on Windows 7 for x64-based Systems Service Pack 1 Microsoft .NET Framework 4.5.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Microsoft .NET Framework 4.5.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 Microsoft .NET Framework 4.5.2 on Windows Server 2012 Microsoft .NET Framework 4.5.2 on Windows Server 2012 (Server Core installation) Microsoft .NET Framework 4.5.2 on Windows 8.1 for 32-bit systems Microsoft .NET Framework 4.5.2 on Windows 8.1 for x64-based systems Microsoft .NET Framework 4.5.2 on Windows Server 2012 R2 Microsoft .NET Framework 4.5.2 on Windows RT 8.1 Microsoft .NET Framework 4.5.2 on Windows Server 2012 R2 (Server Core installation) Microsoft .NET Framework 4.5.2 on Windows Server 2008 for 32-bit Systems Service Pack 2 Microsoft .NET Framework 4.5.2 on Windows Server 2008 for x64-based Systems Service Pack 2 Microsoft Excel 2013 Service Pack 1 (32-bit editions) Microsoft Excel 2013 Service Pack 1 (64-bit editions) Microsoft Excel 2013 RT Service Pack 1 Microsoft Edge (EdgeHTML-based) on Windows 10 for 32-bit Systems Microsoft Edge (EdgeHTML-based) on Windows 10 for x64-based Systems Microsoft Edge (EdgeHTML-based) on Windows Server 2016 Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1607 for 32-bit Systems Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1607 for x64-based Systems Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1709 for 32-bit Systems Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1709 for x64-based Systems Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for 32-bit Systems Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for x64-based Systems Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for ARM64-based Systems Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for 32-bit Systems Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for x64-based Systems Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for ARM64-based Systems Microsoft Edge (EdgeHTML-based) on Windows Server 2019 Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1709 for ARM64-based Systems Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1903 for 32-bit Systems Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1903 for x64-based Systems Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1903 for ARM64-based Systems Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1909 for 32-bit Systems Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1909 for x64-based Systems Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1909 for ARM64-based Systems Microsoft .NET Framework 4.6 on Windows Server 2008 for 32-bit Systems Service Pack 2 Microsoft .NET Framework 4.6 on Windows Server 2008 for x64-based Systems Service Pack 2 Windows 10 for 32-bit Systems Microsoft Office 2016 for Mac Windows 10 for x64-based Systems Microsoft Excel 2016 (32-bit edition) Microsoft Excel 2016 (64-bit edition) Windows Server 2016 Windows 10 Version 1607 for 32-bit Systems Windows 10 Version 1607 for x64-based Systems Windows Server 2016 (Server Core installation) Microsoft SharePoint Enterprise Server 2016 Microsoft SharePoint Enterprise Server 2013 Service Pack 1 ChakraCore Windows 10 Version 1709 for 32-bit Systems Windows 10 Version 1709 for x64-based Systems Windows 10 Version 1803 for 32-bit Systems Windows 10 Version 1803 for x64-based Systems Windows Server, version 1803 (Server Core Installation) Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 on Windows 7 for 32-bit Systems Service Pack 1 Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 on Windows 7 for x64-based Systems Service Pack 1 Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2012 Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2012 (Server Core installation) Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 on Windows 8.1 for 32-bit systems Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 on Windows 8.1 for x64-based systems Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2012 R2 Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 on Windows RT 8.1 Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2012 R2 (Server Core installation) Windows 10 Version 1803 for ARM64-based Systems .NET Core 2.1 Windows 10 Version 1809 for 32-bit Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for ARM64-based Systems Windows Server 2019 Windows Server 2019 (Server Core installation) Microsoft Office 2019 for 32-bit editions Microsoft Office 2019 for 64-bit editions Microsoft Office 2019 for Mac Windows 10 Version 1709 for ARM64-based Systems Microsoft SharePoint Server 2019 Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8) PowerShell Core 6.2 Visual Studio Code Windows 10 Version 1903 for 32-bit Systems Windows 10 Version 1903 for x64-based Systems Windows 10 Version 1903 for ARM64-based Systems Windows Server, version 1903 (Server Core installation) Microsoft .NET Framework 4.8 on Windows 7 for 32-bit Systems Service Pack 1 Microsoft .NET Framework 4.8 on Windows 7 for x64-based Systems Service Pack 1 Microsoft .NET Framework 4.8 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Microsoft .NET Framework 4.8 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 Microsoft .NET Framework 4.8 on Windows Server 2012 Microsoft .NET Framework 4.8 on Windows Server 2012 (Server Core installation) Microsoft .NET Framework 4.8 on Windows 8.1 for 32-bit systems Microsoft .NET Framework 4.8 on Windows 8.1 for x64-based systems Microsoft .NET Framework 4.8 on Windows Server 2012 R2 Microsoft .NET Framework 4.8 on Windows RT 8.1 Microsoft .NET Framework 4.8 on Windows Server 2012 R2 (Server Core installation) Microsoft .NET Framework 4.8 on Windows Server 2016 Microsoft .NET Framework 4.8 on Windows 10 Version 1607 for 32-bit Systems Microsoft .NET Framework 4.8 on Windows 10 Version 1607 for x64-based Systems Microsoft .NET Framework 4.8 on Windows Server 2016 (Server Core installation) Microsoft .NET Framework 4.8 on Windows 10 Version 1709 for 32-bit Systems Microsoft .NET Framework 4.8 on Windows 10 Version 1709 for x64-based Systems Microsoft .NET Framework 4.8 on Windows 10 Version 1803 for 32-bit Systems Microsoft .NET Framework 4.8 on Windows 10 Version 1803 for x64-based Systems Microsoft .NET Framework 4.8 on Windows Server, version 1803 (Server Core Installation) Microsoft Edge (Chromium-based) Microsoft Visual Studio 2019 version 16.0 Microsoft Dynamics 365 (on-premises) version 8.2 Microsoft Dynamics 365 (on-premises) version 9.0 Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1809 for 32-bit Systems Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1809 for x64-based Systems Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2019 Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2019 (Server Core installation) Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1903 for 32-bit Systems Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1903 for x64-based Systems Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1903 for ARM64-based Systems Microsoft .NET Framework 3.5 AND 4.8 on Windows Server, version 1903 (Server Core installation) Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1909 for 32-bit Systems Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1909 for x64-based Systems Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1909 for ARM64-based Systems Microsoft .NET Framework 3.5 AND 4.8 on Windows Server, version 1909 (Server Core installation) Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1803 for 32-bit Systems Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1803 for x64-based Systems Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server, version 1803 (Server Core Installation) Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1803 for ARM64-based Systems Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1809 for 32-bit Systems Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1809 for x64-based Systems Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1809 for ARM64-based Systems Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server 2019 Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server 2019 (Server Core installation) Windows 10 Version 1909 for 32-bit Systems Windows 10 Version 1909 for x64-based Systems Windows 10 Version 1909 for ARM64-based Systems Windows Server, version 1909 (Server Core installation) Power BI Report Server Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3) Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2016 Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows 10 Version 1607 for 32-bit Systems Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows 10 Version 1607 for x64-based Systems Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2016 (Server Core installation) Microsoft .NET Framework 3.5 AND 4.7.1/4.7.2 on Windows 10 Version 1709 for 32-bit Systems Microsoft .NET Framework 3.5 AND 4.7.1/4.7.2 on Windows 10 Version 1709 for x64-based Systems Microsoft .NET Framework 3.5 AND 4.7.1/4.7.2 on Windows 10 Version 1709 for ARM64-based Systems ASP.NET Core 3.1 .NET Core 3.1 PowerShell 7.0 Microsoft Visual Studio 2019 version 16.5 .NET 5.0 Microsoft 365 Apps for Enterprise for 32-bit Systems Microsoft 365 Apps for Enterprise for 64-bit Systems Microsoft .NET Framework 3.5 AND 4.6/4.6.1/4.6.2 on Windows 10 for 32-bit Systems Microsoft .NET Framework 3.5 AND 4.6/4.6.1/4.6.2 on Windows 10 for x64-based Systems Python extension for Visual Studio Code azl3 ceph 18.2.2-1 on Azure Linux 3.0 azl3 ceph 18.2.1-1 on Azure Linux 3.0 cm1 qemu-kvm 4.2.0-21 on CBL Mariner 1.0 cm1 python-pip 19.2-2 on CBL Mariner 1.0 cm1 ruby 2.6.7-1 on CBL Mariner 1.0 cm1 kernel 5.4.91-3 on CBL Mariner 1.0 cm1 vim 8.1.1667-1 on CBL Mariner 1.0 azl3 heimdal 7.8.0-3 on Azure Linux 3.0 azl3 mozjs 102.15.1-1 on Azure Linux 3.0 cm1 ansible 2.9.18-1 on CBL Mariner 1.0 cbl2 unbound 1.10.0-5 on CBL Mariner 2.0 cm1 kernel 5.4.91-11 on CBL Mariner 1.0 cm1 unbound 1.10.0-3 on CBL Mariner 1.0 cm1 json-c 0.14-2 on CBL Mariner 1.0 cbl2 json-c 0.15-2 on CBL Mariner 2.0 cm1 glib-networking 2.59.1-6 on CBL Mariner 1.0 cbl2 glib-networking 2.59.1-8 on CBL Mariner 2.0 cbl2 libcroco 0.6.13-6 on CBL Mariner 2.0 azl3 libdb 5.3.28-9 on Azure Linux 3.0 azl3 ceph 18.2.2-8 on Azure Linux 3.0 cbl2 ceph 16.2.10-7 on CBL Mariner 2.0 azl3 ceph 16.2.10-3 on Azure Linux 3.0 azl3 nss 3.96.1-3 on Azure Linux 3.0 cbl2 libdb 5.3.28-7 on CBL Mariner 2.0 Microsoft .NET Framework 3.5 on Windows Server 2012 Microsoft .NET Framework 3.5 on Windows Server 2012 (Server Core installation) Microsoft .NET Framework 3.5 on Windows 8.1 for 32-bit systems Microsoft .NET Framework 3.5 on Windows 8.1 for x64-based systems Microsoft .NET Framework 3.5 on Windows Server 2012 R2 Microsoft .NET Framework 3.5 on Windows Server 2012 R2 (Server Core installation) Microsoft .NET Framework 3.0 Service Pack 2 on Windows Server 2008 for 32-bit Systems Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 on Windows Server 2008 for x64-based Systems Service Pack 2 None Available Microsoft .NET Framework 2.0 Service Pack 2 on Windows Server 2008 for 32-bit Systems Service Pack 2 Microsoft .NET Framework 2.0 Service Pack 2 on Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2 Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Microsoft .NET Framework 3.5.1 on Windows 7 for 32-bit Systems Service Pack 1 Microsoft .NET Framework 3.5.1 on Windows 7 for x64-based Systems Service Pack 1 Microsoft .NET Framework 3.5.1 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Microsoft .NET Framework 3.5.1 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 There is a use-after-free in kernel versions before 5.5 due to a race condition between the release of ptp_clock and cdev while resource deallocation. When a (high privileged) process allocates a ptp device file (like /dev/ptpX) and voluntarily goes to sleep. During this time if the underlying device is removed it can cause an exploitable condition as the process wakes up to terminate and clean all attached files. The system crashes due to the cdev structure being invalid (as already freed) which is pointed to by the inode. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2020-10690 Use After Free 17036-16820 17036-16820 Moderate 17036-16820 6.4 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H 17036-16820 CBL-Mariner Releases 17036-16820 No Security Update 5.4.91-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17036-16820 CBL-Mariner Releases 1.0 2020-09-25T00:00:00 <p>Information published.</p> A NULL pointer dereference flaw was found in the Linux kernel's SELinux subsystem in versions before 5.7. This flaw occurs while importing the Commercial IP Security Option (CIPSO) protocol's category bitmap into the SELinux extensible bitmap via the' ebitmap_netlbl_import' routine. While processing the CIPSO restricted bitmap tag in the 'cipso_v4_parsetag_rbm' routine it sets the security attribute to indicate that the category bitmap is present even if it has not been allocated. This issue leads to a NULL pointer dereference issue while importing the same category bitmap into SELinux. This flaw allows a remote network user to crash the system kernel resulting in a denial of service. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2020-10711 NULL Pointer Dereference 17036-16820 17036-16820 Moderate 17036-16820 5.9 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H 17036-16820 CBL-Mariner Releases 17036-16820 No Security Update 5.4.91-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17036-16820 CBL-Mariner Releases 1.0 2020-09-25T00:00:00 <p>Information published.</p> An incomplete fix was found for the fix of the flaw CVE-2020-1733 ansible: insecure temporary directory when running become_user from become directive. The provided fix is insufficient to prevent the race condition on systems using ACLs and FUSE filesystems. Ansible Engine 2.7.18 2.8.12 and 2.9.9 as well as previous versions are affected and Ansible Tower 3.4.5 3.5.6 and 3.6.4 as well as previous versions are affected. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2020-10744 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') 19052-16820 19052-16820 Moderate 19052-16820 5.0 5.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L 19052-16820 CBL-Mariner Releases 19052-16820 No Security Update 2.9.18-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19052-16820 CBL-Mariner Releases 1.0 2020-08-18T00:00:00 <p>Information published.</p> An issue was discovered in xfs_agf_verify in fs/xfs/libxfs/xfs_alloc.c in the Linux kernel through 5.6.10. Attackers may trigger a sync of excessive duration via an XFS v5 image with crafted metadata aka CID-d0c7feaf8767. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2020-12655 Loop with Unreachable Exit Condition ('Infinite Loop') 19156-16820 19156-16820 Moderate 19156-16820 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19156-16820 CBL-Mariner Releases 19156-16820 No Security Update 5.4.91-11 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19156-16820 CBL-Mariner Releases 1.0 2020-08-18T00:00:00 <p>Information published.</p> gss_mech_free in net/sunrpc/auth_gss/gss_mech_switch.c in the rpcsec_gss_krb5 implementation in the Linux kernel through 5.6.10 lacks certain domain_release calls leading to a memory leak. Note: This was disputed with the assertion that the issue does not grant any access not already available. It is a problem that on unloading a specific kernel module some memory is leaked but loading kernel modules is a privileged operation. A user could also write a kernel module to consume any amount of memory they like and load that replicating the effect of this bug <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2020-12656 Missing Release of Memory after Effective Lifetime 17036-16820 17036-16820 Moderate 17036-16820 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17036-16820 CBL-Mariner Releases 17036-16820 No Security Update 5.4.91-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17036-16820 CBL-Mariner Releases 1.0 2020-08-18T00:00:00 <p>Information published.</p> An issue was discovered in the Linux kernel before 5.6.5. There is a use-after-free in block/bfq-iosched.c related to bfq_idle_slice_timer_body. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2020-12657 Use After Free 19156-16820 19156-16820 Important 19156-16820 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 19156-16820 CBL-Mariner Releases 19156-16820 No Security Update 5.4.91-11 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19156-16820 CBL-Mariner Releases 1.0 2020-09-25T00:00:00 <p>Information published.</p> Unbound before 1.10.1 has an infinite loop via malformed DNS answers received from upstream servers. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2020-12663 Loop with Unreachable Exit Condition ('Infinite Loop') 19164-16820 19149-16823 19164-16820 19149-16823 Important 19164-16820 Important 19149-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19164-16820 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19149-16823 CBL-Mariner Releases 19164-16820 No Security Update 1.10.0-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19164-16820 CBL-Mariner Releases CBL-Mariner Releases 19149-16823 No Security Update 1.10.0-5 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19149-16823 CBL-Mariner Releases 1.0 2020-09-25T00:00:00 <p>Information published.</p> 1.1 2021-12-16T00:00:00 <p>Added unbound to CBL-Mariner 2.0</p> json-c through 0.14 has an integer overflow and out-of-bounds write via a large JSON file as demonstrated by printbuf_memappend. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2020-12762 Out-of-bounds Write 19177-16820 19178-16823 19177-16820 19178-16823 Important 19177-16820 Important 19178-16823 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 19177-16820 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 19178-16823 CBL-Mariner Releases 19177-16820 No Security Update 0.14-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19177-16820 CBL-Mariner Releases CBL-Mariner Releases 19178-16823 No Security Update 0.15-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19178-16823 CBL-Mariner Releases 1.0 2020-08-18T00:00:00 <p>Information published.</p> 1.1 2021-12-16T00:00:00 <p>Added json-c to CBL-Mariner 2.0</p> An issue was discovered in the Linux kernel through 5.6.11. btree_gc_coalesce in drivers/md/bcache/btree.c has a deadlock if a coalescing operation fails. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2020-12771 Improper Locking 19156-16820 19156-16820 Moderate 19156-16820 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19156-16820 CBL-Mariner Releases 19156-16820 No Security Update 5.4.91-11 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19156-16820 CBL-Mariner Releases 1.0 2020-08-18T00:00:00 <p>Information published.</p> A signal access-control issue was discovered in the Linux kernel before 5.6.5 aka CID-7395ea4e65c2. Because exec_id in include/linux/sched.h is only 32 bits an integer overflow can interfere with a do_notify_parent protection mechanism. A child process can send an arbitrary signal to a parent process in a different security domain. Exploitation limitations include the amount of elapsed time before an integer overflow occurs and the lack of scenarios where signals to a parent process present a substantial operational threat. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2020-12826 Integer Overflow or Wraparound 17036-16820 17036-16820 Moderate 17036-16820 5.3 5.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L 17036-16820 CBL-Mariner Releases 17036-16820 No Security Update 5.4.91-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17036-16820 CBL-Mariner Releases 1.0 2020-09-25T00:00:00 <p>Information published.</p> gadget_dev_desc_UDC_store in drivers/usb/gadget/configfs.c in the Linux kernel 3.16 through 5.6.13 relies on kstrdup without considering the possibility of an internal '\0' value which allows attackers to trigger an out-of-bounds read aka CID-15753588bcd4. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2020-13143 Out-of-bounds Read 19156-16820 19156-16820 Moderate 19156-16820 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 19156-16820 CBL-Mariner Releases 19156-16820 No Security Update 5.4.91-11 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19156-16820 CBL-Mariner Releases 1.0 2020-11-10T00:00:00 <p>Information published.</p> sd_wp_addr in hw/sd/sd.c in QEMU 4.2.0 uses an unvalidated address which leads to an out-of-bounds read during sdhci_write() operations. A guest OS user can crash the QEMU process. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2020-13253 Out-of-bounds Read 16955-16820 16955-16820 Moderate 16955-16820 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 16955-16820 CBL-Mariner Releases 16955-16820 No Security Update 4.2.0-21 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 16955-16820 CBL-Mariner Releases 1.0 2020-08-18T00:00:00 <p>Information published.</p> In QEMU 5.0.0 and earlier es1370_transfer_audio in hw/audio/es1370.c does not properly validate the frame count which allows guest OS users to trigger an out-of-bounds access during an es1370_write() operation. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2020-13361 Out-of-bounds Write 16955-16820 16955-16820 Low 16955-16820 3.9 3.9 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:L/A:L 16955-16820 CBL-Mariner Releases 16955-16820 No Security Update 4.2.0-21 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 16955-16820 CBL-Mariner Releases 1.0 2020-08-18T00:00:00 <p>Information published.</p> SQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf in printf.c. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2020-13434 Integer Overflow or Wraparound 19814-17086 18431-17084 18469-17084 20070-17084 16939-17084 19856-17084 19814-17086 18431-17084 18469-17084 20070-17084 16939-17084 19856-17084 19814-17086 18431-17084 18469-17084 20070-17084 Moderate 16939-17084 19856-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19814-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 18431-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 18469-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20070-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 16939-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19856-17084 CBL-Mariner Releases 16939-17084 19856-17084 No Security Update 18.2.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 16939-17084 19856-17084 CBL-Mariner Releases 1.0 2024-06-30T07:00:00 <p>Information published.</p> SQLite through 3.32.0 has a segmentation fault in sqlite3ExprCodeTarget in expr.c. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2020-13435 NULL Pointer Dereference 19814-17086 18431-17084 19212-17084 16939-17084 19856-17084 20070-17084 18469-17084 20125-17086 19814-17086 18431-17084 19212-17084 16939-17084 19856-17084 20070-17084 18469-17084 20125-17086 19814-17086 18431-17084 Moderate 19212-17084 Moderate 16939-17084 19856-17084 20070-17084 18469-17084 20125-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19814-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 18431-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19212-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 16939-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19856-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20070-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 18469-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20125-17086 CBL-Mariner Releases 19212-17084 No Security Update 5.3.28-9 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19212-17084 CBL-Mariner Releases CBL-Mariner Releases 16939-17084 19856-17084 No Security Update 18.2.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 16939-17084 19856-17084 CBL-Mariner Releases 1.1 2025-03-14T00:00:00 <p>Added libdb to Azure Linux 3.0 Added ceph to Azure Linux 3.0</p> 1.0 2024-06-30T07:00:00 <p>Information published.</p> ext/fts3/fts3.c in SQLite before 3.32.0 has a use-after-free in fts3EvalNextRow related to the snippet feature. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2020-13630 Use After Free 19856-17084 19814-17086 18469-17084 16939-17084 18431-17084 20070-17084 19212-17084 19856-17084 19814-17086 18469-17084 16939-17084 18431-17084 20070-17084 19212-17084 Important 19856-17084 Important 19814-17086 Important 18469-17084 Important 16939-17084 Important 18431-17084 Important 20070-17084 Important 19212-17084 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 19856-17084 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 19814-17086 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 18469-17084 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 16939-17084 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 18431-17084 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 20070-17084 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 19212-17084 CBL-Mariner Releases 19856-17084 16939-17084 No Security Update 18.2.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19856-17084 16939-17084 CBL-Mariner Releases 1.0 2024-06-30T07:00:00 <p>Information published.</p> 1.1 2026-02-18T02:47:08 <p>Information published.</p> ext/fts3/fts3_snippet.c in SQLite before 3.32.0 has a NULL pointer dereference via a crafted matchinfo() query. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2020-13632 NULL Pointer Dereference 16939-17084 19856-17084 19814-17086 20070-17084 18431-17084 18469-17084 16939-17084 19856-17084 19814-17086 20070-17084 18431-17084 18469-17084 Moderate 16939-17084 19856-17084 19814-17086 20070-17084 18431-17084 18469-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 16939-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19856-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19814-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20070-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 18431-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 18469-17084 CBL-Mariner Releases 16939-17084 19856-17084 No Security Update 18.2.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 16939-17084 19856-17084 CBL-Mariner Releases 1.0 2024-06-30T07:00:00 <p>Information published.</p> In GNOME glib-networking through 2.64.2 the implementation of GTlsClientConnection skips hostname verification of the server's TLS certificate if the application fails to specify the expected server identity. This is in contrast to its intended documented behavior to fail the certificate verification. Applications that fail to provide the server identity including Balsa before 2.5.11 and 2.6.x before 2.6.1 accept a TLS certificate if the certificate is valid for any host. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2020-13645 Improper Certificate Validation 19179-16820 19180-16823 19179-16820 19180-16823 Moderate 19179-16820 Moderate 19180-16823 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N 19179-16820 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N 19180-16823 CBL-Mariner Releases 19179-16820 No Security Update 2.59.1-6 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19179-16820 CBL-Mariner Releases CBL-Mariner Releases 19180-16823 No Security Update 2.59.1-8 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19180-16823 CBL-Mariner Releases 1.0 2020-08-18T00:00:00 <p>Information published.</p> 1.1 2021-12-16T00:00:00 <p>Added glib-networking to CBL-Mariner 2.0</p> In Vim before 8.1.0881 users can circumvent the rvim restricted mode and execute arbitrary OS commands via scripting interfaces (e.g. Python Ruby or Lua). <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2019-20807 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') 17043-16820 17043-16820 Moderate 17043-16820 5.3 5.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L 17043-16820 CBL-Mariner Releases 17043-16820 No Security Update 8.1.1667-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17043-16820 CBL-Mariner Releases 1.0 2020-09-25T00:00:00 <p>Information published.</p> An issue was discovered in the Linux kernel 4.18 through 5.6.11 when unprivileged user namespaces are allowed. A user can create their own PID namespace and mount a FUSE filesystem. Upon interaction with this FUSE filesystem if the userspace component is terminated via a kill of the PID namespace's pid 1 it will result in a hung task and resources being permanently locked up until system reboot. This can result in resource exhaustion. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2019-20794 Missing Release of Resource after Effective Lifetime 17036-16820 17036-16820 Moderate 17036-16820 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 17036-16820 CBL-Mariner Releases 17036-16820 No Security Update 5.4.91-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17036-16820 CBL-Mariner Releases 1.0 2020-09-25T00:00:00 <p>Information published.</p> A vulnerability was found in DPDK versions 18.05 and above. A missing check for an integer overflow in vhost_user_set_log_base() could result in a smaller memory map than requested, possibly allowing memory corruption. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2020-10722 Integer Overflow or Wraparound 16855-17084 19666-17084 19814-17086 16855-17084 19666-17084 19814-17086 Moderate 16855-17084 19666-17084 19814-17086 5.1 5.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H 16855-17084 5.1 5.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H 19666-17084 5.1 5.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H 19814-17086 CBL-Mariner Releases 16855-17084 19666-17084 No Security Update 18.2.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 16855-17084 19666-17084 CBL-Mariner Releases 1.0 2025-09-03T20:43:23 <p>Information published.</p> An issue was discovered in Ruby 2.5.x through 2.5.7 2.6.x through 2.6.5 and 2.7.0. If a victim calls BasicSocket#read_nonblock(requested_size buffer exception: false) the method resizes the buffer to fit the requested size but no data is copied. Thus the buffer string provides the previous value of the heap. This may expose possibly sensitive data from the interpreter. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2020-10933 Use of Uninitialized Resource 17016-16820 17016-16820 Moderate 17016-16820 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 17016-16820 CBL-Mariner Releases 17016-16820 No Security Update 2.6.7-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17016-16820 CBL-Mariner Releases 1.0 2020-09-25T00:00:00 <p>Information published.</p> An issue was found in Linux kernel before 5.5.4. The mwifiex_cmd_append_vsie_tlv() function in drivers/net/wireless/marvell/mwifiex/scan.c allows local users to gain privileges or cause a denial of service because of an incorrect memcpy and buffer overflow aka CID-b70261a288ea. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2020-12653 Out-of-bounds Write 19156-16820 19156-16820 Important 19156-16820 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 19156-16820 CBL-Mariner Releases 19156-16820 No Security Update 5.4.91-11 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19156-16820 CBL-Mariner Releases 1.0 2020-09-25T00:00:00 <p>Information published.</p> An issue was found in Linux kernel before 5.5.4. mwifiex_ret_wmm_get_status() in drivers/net/wireless/marvell/mwifiex/wmm.c allows a remote AP to trigger a heap-based buffer overflow because of an incorrect memcpy aka CID-3a9b153c5591. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2020-12654 Out-of-bounds Write 19156-16820 19156-16820 Important 19156-16820 7.1 7.1 CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H 19156-16820 CBL-Mariner Releases 19156-16820 No Security Update 5.4.91-11 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19156-16820 CBL-Mariner Releases 1.0 2020-09-25T00:00:00 <p>Information published.</p> An issue was discovered in the Linux kernel before 5.6.7. xdp_umem_reg in net/xdp/xdp_umem.c has an out-of-bounds write (by a user with the CAP_NET_ADMIN capability) because of a lack of headroom validation. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2020-12659 Out-of-bounds Write 17036-16820 17036-16820 Moderate 17036-16820 6.7 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 17036-16820 CBL-Mariner Releases 17036-16820 No Security Update 5.4.91-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17036-16820 CBL-Mariner Releases 1.0 2020-09-25T00:00:00 <p>Information published.</p> Unbound before 1.10.1 has Insufficient Control of Network Message Volume aka an "NXNSAttack" issue. This is triggered by random subdomains in the NSDNAME in NS records. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2020-12662 Uncontrolled Resource Consumption 19164-16820 19149-16823 19164-16820 19149-16823 Important 19164-16820 Important 19149-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19164-16820 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19149-16823 CBL-Mariner Releases 19164-16820 No Security Update 1.10.0-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19164-16820 CBL-Mariner Releases CBL-Mariner Releases 19149-16823 No Security Update 1.10.0-5 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19149-16823 CBL-Mariner Releases 1.0 2020-09-25T00:00:00 <p>Information published.</p> 1.1 2021-12-16T00:00:00 <p>Added unbound to CBL-Mariner 2.0</p> An issue was discovered in the Linux kernel before 5.6. svm_cpu_uninit in arch/x86/kvm/svm.c has a memory leak aka CID-d80b64ff297e. NOTE: third parties dispute this issue because it's a one-time leak at the boot the size is negligible and it can't be triggered at will <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2020-12768 Missing Release of Memory after Effective Lifetime 17036-16820 17036-16820 Moderate 17036-16820 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17036-16820 CBL-Mariner Releases 17036-16820 No Security Update 5.4.91-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17036-16820 CBL-Mariner Releases 1.0 2020-09-25T00:00:00 <p>Information published.</p> An issue was discovered in the Linux kernel through 5.6.11. sg_write lacks an sg_remove_request call in a certain failure case aka CID-83c6f2390040. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2020-12770 19156-16820 19156-16820 Moderate 19156-16820 6.7 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 19156-16820 CBL-Mariner Releases 19156-16820 No Security Update 5.4.91-11 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19156-16820 CBL-Mariner Releases 1.0 2020-11-10T00:00:00 <p>Information published.</p> The VFIO PCI driver in the Linux kernel through 5.6.13 mishandles attempts to access disabled memory space. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2020-12888 Improper Handling of Exceptional Conditions 17036-16820 17036-16820 Moderate 17036-16820 5.3 5.3 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H 17036-16820 CBL-Mariner Releases 17036-16820 No Security Update 5.4.91-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17036-16820 CBL-Mariner Releases 1.0 2020-08-18T00:00:00 <p>Information published.</p> In QEMU 5.0.0 and earlier megasas_lookup_frame in hw/scsi/megasas.c has an out-of-bounds read via a crafted reply_queue_head field from a guest OS user. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2020-13362 Out-of-bounds Read 16955-16820 16955-16820 Low 16955-16820 3.2 3.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L 16955-16820 CBL-Mariner Releases 16955-16820 No Security Update 4.2.0-21 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 16955-16820 CBL-Mariner Releases 1.0 2020-08-18T00:00:00 <p>Information published.</p> SQLite before 3.32.0 allows a virtual table to be renamed to the name of one of its shadow tables related to alter.c and build.c. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2020-13631 19856-17084 16939-17084 19814-17086 19212-17084 18431-17084 18469-17084 20070-17084 19856-17084 16939-17084 19814-17086 19212-17084 18431-17084 18469-17084 20070-17084 19856-17084 Moderate 16939-17084 19814-17086 19212-17084 18431-17084 18469-17084 20070-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N 19856-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N 16939-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N 19814-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N 19212-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N 18431-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N 18469-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N 20070-17084 CBL-Mariner Releases 19856-17084 16939-17084 No Security Update 18.2.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19856-17084 16939-17084 CBL-Mariner Releases 1.0 2024-06-30T07:00:00 <p>Information published.</p> libcroco through 0.6.13 has excessive recursion in cr_parser_parse_any_core in cr-parser.c, leading to stack consumption. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2020-12825 Uncontrolled Recursion 19193-16823 19193-16823 Important 19193-16823 7.1 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H 19193-16823 CBL-Mariner Releases 19193-16823 No Security Update 0.6.13-6 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19193-16823 CBL-Mariner Releases 1.0 2025-10-01T23:11:04 <p>Information published.</p> An issue was discovered in pip (all versions) because it installs the version with the highest version number, even if the user had intended to obtain a private package from a private index. This only affects use of the --extra-index-url option, and exploitation requires that the package does not already exist in the public index (and thus the attacker can put the package there with an arbitrary version number). NOTE: it has been reported that this is intended functionality and the user is responsible for using --extra-index-url securely <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2018-20225 Improper Input Validation 16961-16820 16961-16820 Important 16961-16820 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 16961-16820 CBL-Mariner Releases 16961-16820 No Security Update 19.2-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 16961-16820 CBL-Mariner Releases 1.0 2025-10-01T23:11:01 <p>Information published.</p> A memory corruption issue was found in DPDK versions 17.05 and above <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2020-10723 19814-17086 16855-17084 19666-17084 19814-17086 16855-17084 19666-17084 19814-17086 Moderate 16855-17084 19666-17084 5.1 5.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H 19814-17086 5.1 5.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H 16855-17084 5.1 5.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H 19666-17084 CBL-Mariner Releases 16855-17084 19666-17084 No Security Update 18.2.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 16855-17084 19666-17084 CBL-Mariner Releases 1.0 2025-09-03T22:10:21 <p>Information published.</p> A vulnerability was found in DPDK versions 18.11 and above <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2020-10724 19666-17084 16855-17084 19814-17086 19666-17084 16855-17084 19814-17086 19666-17084 Moderate 16855-17084 19814-17086 5.1 5.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H 19666-17084 5.1 5.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H 16855-17084 5.1 5.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H 19814-17086 CBL-Mariner Releases 19666-17084 16855-17084 No Security Update 18.2.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19666-17084 16855-17084 CBL-Mariner Releases 1.0 2025-09-03T21:55:35 <p>Information published.</p> Microsoft Excel Remote Code Execution Vulnerability <p>A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.</p> <p>Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Excel. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability. An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.</p> <p>The security update addresses the vulnerability by correcting how Microsoft Excel handles objects in memory.</p> <p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p> <p>No, the Preview Pane is not an attack vector.</p> <p><strong>What is Microsoft 365 Apps for Enterprise?</strong></p> <p>Office 365 ProPlus has been renamed to Microsoft 365 Apps for Enterprise. Please see <a href="https://docs.microsoft.com/en-us/deployoffice/name-change">Name change for Office 365 ProPlus</a> for more information.</p> Microsoft Office Microsoft CVE-2020-0901 11763 11573 11574 11575 10739 10740 10734 10489 10490 10656 10654 10655 11762 Remote Code Execution 11763 Remote Code Execution 11573 Remote Code Execution 11574 Remote Code Execution 11575 Remote Code Execution 10739 Remote Code Execution 10740 Remote Code Execution 10734 Remote Code Execution 10489 Remote Code Execution 10490 Remote Code Execution 10656 Remote Code Execution 10654 Remote Code Execution 10655 Remote Code Execution 11762 Important 11763 Important 11573 Important 11574 Important 11575 Important 10739 Important 10740 Important 10734 Important 10489 Important 10490 Important 10656 Important 10654 Important 10655 Important 11762 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A Click to Run 11763 11573 11574 11762 No Security Update Release Notes https://go.microsoft.com/fwlink/p/?linkid=831049 11575 10734 No Security Update 4484338 https://www.microsoft.com/download/details.aspx?familyid=e51df156-dbfe-400f-b50a-e3f0fb99aa23 4484273 10739 10740 Maybe Security Update 4484384 https://www.microsoft.com/download/details.aspx?familyid=5a86e81b-d43b-4b9c-adda-0cb3407b22a6 4484285 10489 10490 Maybe Security Update 4484365 4484283 10656 10654 10655 Maybe Security Update Marcin 'Icewall' Noga of <a href="https://talosintelligence.com/vulnerability_reports">Cisco Talos</a> 1.0 2020-05-12T07:00:00Z <p>Information published.</p> Windows Hyper-V Denial of Service Vulnerability <p>A denial of service vulnerability exists when Hyper-V on a Windows Server fails to properly handle specially crafted network packets.</p> <p>To exploit the vulnerability, an attacker would send specially crafted network packets to the Hyper-V Server.</p> <p>The security update addresses the vulnerability by resolving the conditions where Hyper-V would fail to properly handle these network packets.</p> Windows Hyper-V Microsoft CVE-2020-0909 11498 11499 11569 11571 11572 11454 11645 11647 10735 10853 10816 10855 10048 10482 9318 9344 10051 10049 10378 10379 10483 10543 11713 11715 Denial of Service 11498 Denial of Service 11499 Denial of Service 11569 Denial of Service 11571 Denial of Service 11572 Denial of Service 11454 Denial of Service 11645 Denial of Service 11647 Denial of Service 10735 Denial of Service 10853 Denial of Service 10816 Denial of Service 10855 Denial of Service 10048 Denial of Service 10482 Denial of Service 9318 Denial of Service 9344 Denial of Service 10051 Denial of Service 10049 Denial of Service 10378 Denial of Service 10379 Denial of Service 10483 Denial of Service 10543 Denial of Service 11713 Denial of Service 11715 Important 11498 Important 11499 Important 11569 Important 11571 Important 11572 Important 11454 Important 11645 Important 11647 Important 10735 Important 10853 Important 10816 Important 10855 Important 10048 Important 10482 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Important 11713 Important 11715 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 7.5 6.7 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 11498 7.5 6.7 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 11499 7.5 6.7 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 11569 7.5 6.7 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 11571 7.5 6.7 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 11572 7.5 6.7 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 11454 7.5 6.7 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 11645 7.5 6.7 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 11647 7.5 6.7 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 10735 7.5 6.7 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 10853 7.5 6.7 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 10816 7.5 6.7 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 10855 7.5 6.7 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 10048 7.5 6.7 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 10482 7.5 6.7 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 9318 7.5 6.7 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 9344 7.5 6.7 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 10051 7.5 6.7 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 10049 7.5 6.7 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 10378 7.5 6.7 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 10379 7.5 6.7 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 10483 7.5 6.7 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 10543 7.5 6.7 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 11713 7.5 6.7 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 11715 4556807 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556807 4550922 11498 11499 Yes Security Update 4551853 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4551853 4549949 11569 11571 11572 Yes Security Update 4551853 https://support.microsoft.com/help/4551853 11569 11571 11572 4556812 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556812 4550927 11454 Yes Security Update 4556799 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556799 4549951 11645 11647 11713 11715 Yes Security Update 4556826 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556826 4550930 10735 Yes Security Update 4556813 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556813 4550929 10853 10816 10855 Yes Security Update 4556813 https://support.microsoft.com/help/4556813 10853 10816 10855 4556836 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556836 4550964 10048 10051 10049 Yes Monthly Rollup 4556836 https://support.microsoft.com/help/4556836 10048 10051 10049 4556843 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556843 10048 10051 10049 Yes Security Only 4556843 https://support.microsoft.com/help/4556843 10048 10051 10049 4556846 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556846 4550961 10482 10483 10543 Yes Monthly Rollup 4556853 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556853 10482 10483 10543 Yes Security Only 4556860 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556860 4550951 9318 9344 Yes Monthly Rollup 4556860 https://support.microsoft.com/help/4556860 9318 9344 4556854 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556854 9318 9344 Yes Security Only 4556854 https://support.microsoft.com/help/4556854 9318 9344 4556840 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556840 4550917 10378 10379 Yes Monthly Rollup 4556852 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556852 10378 10379 Yes Security Only Huichen Lin and Dong Seong Kim of <a href="https://www.itee.uq.edu.au/">School of Information Technology and Electrical Engineering - The University of Queensland</a> 1.0 2020-05-12T07:00:00Z <p>Information published.</p> Windows Error Reporting Elevation of Privilege Vulnerability <p>An elevation of privilege vulnerability exists in Windows Error Reporting (WER) when WER handles and executes files. The vulnerability could allow elevation of privilege if an attacker can successfully exploit it.</p> <p>An attacker who successfully exploited the vulnerability could gain greater access to sensitive information and system functionality. To exploit the vulnerability, an attacker could run a specially crafted application.</p> <p>The security update addresses the vulnerability by correcting the way that WER handles and executes files.</p> Microsoft Windows Microsoft CVE-2020-1021 11497 11498 11499 11563 11568 11569 11570 11571 11572 11712 11713 11714 11715 11453 11454 11583 11644 11645 11646 11647 10729 10735 10852 10853 10816 10855 Elevation of Privilege 11497 Elevation of Privilege 11498 Elevation of Privilege 11499 Elevation of Privilege 11563 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11712 Elevation of Privilege 11713 Elevation of Privilege 11714 Elevation of Privilege 11715 Elevation of Privilege 11453 Elevation of Privilege 11454 Elevation of Privilege 11583 Elevation of Privilege 11644 Elevation of Privilege 11645 Elevation of Privilege 11646 Elevation of Privilege 11647 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Important 11497 Important 11498 Important 11499 Important 11563 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11712 Important 11713 Important 11714 Important 11715 Important 11453 Important 11454 Important 11583 Important 11644 Important 11645 Important 11646 Important 11647 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11497 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11498 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11499 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11563 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11568 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11569 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11570 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11571 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11572 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11712 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11713 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11714 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11715 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11453 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11454 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11583 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11644 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11645 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11646 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11647 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10729 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10735 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10852 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10853 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10816 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10855 4556807 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556807 4550922 11497 11498 11499 11563 Yes Security Update 4551853 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4551853 4549949 11568 11569 11570 11571 11572 Yes Security Update 4551853 https://support.microsoft.com/help/4551853 11568 11569 11570 11571 11572 4556799 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556799 4549951 11712 11713 11714 11715 11644 11645 11646 11647 Yes Security Update 4556812 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556812 4550927 11453 11454 11583 Yes Security Update 4556826 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556826 4550930 10729 10735 Yes Security Update 4556813 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556813 4550929 10852 10853 10816 10855 Yes Security Update 4556813 https://support.microsoft.com/help/4556813 10852 10853 10816 10855 <a href="https://twitter.com/galdeleon">Gal De Leon</a> of Palo Alto Networks Yuki Chen of <a href="https://www.360.com/">Qihoo 360 Vulcan Team</a> 1.0 2020-05-12T07:00:00Z <p>Information published.</p> Microsoft SharePoint Remote Code Execution Vulnerability <p>A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application pool and the SharePoint server farm account.</p> <p>Exploitation of this vulnerability requires that a user uploads a specially crafted SharePoint application package to an affected version of SharePoint.</p> <p>The security update addresses the vulnerability by correcting how SharePoint checks the source markup of application packages.</p> Microsoft Office SharePoint Microsoft CVE-2020-1023 10950 11585 10612 Remote Code Execution 10950 Remote Code Execution 11585 Remote Code Execution 10612 Critical 10950 Critical 11585 Critical 10612 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 4484336 https://www.microsoft.com/download/details.aspx?familyid=4943205b-b1fc-4faf-8a2f-3f35afdb3178 4484299 10950 Maybe Security Update 4484332 https://www.microsoft.com/download/details.aspx?familyid=74d91329-15bb-4cfb-9040-5860a4e27805 4484292 11585 Maybe Security Update 4484364 https://www.microsoft.com/download/details.aspx?familyid=2a44537d-f219-46f5-9c20-c5455b5ed61c 4484321 10612 Maybe Security Update <a href="https://twitter.com/ivagunin">Ivan Vagunin,</a> 1.0 2020-05-12T07:00:00Z <p>Information published.</p> Microsoft SharePoint Remote Code Execution Vulnerability <p>A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application pool and the SharePoint server farm account.</p> <p>Exploitation of this vulnerability requires that a user uploads a specially crafted SharePoint application package to an affected version of SharePoint.</p> <p>The security update addresses the vulnerability by correcting how SharePoint checks the source markup of application packages.</p> Microsoft Office SharePoint Microsoft CVE-2020-1024 10950 11585 10612 Remote Code Execution 10950 Remote Code Execution 11585 Remote Code Execution 10612 Critical 10950 Critical 11585 Critical 10612 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 4484336 https://www.microsoft.com/download/details.aspx?familyid=4943205b-b1fc-4faf-8a2f-3f35afdb3178 4484299 10950 Maybe Security Update 4484332 https://www.microsoft.com/download/details.aspx?familyid=74d91329-15bb-4cfb-9040-5860a4e27805 4484292 11585 Maybe Security Update 4484364 https://www.microsoft.com/download/details.aspx?familyid=2a44537d-f219-46f5-9c20-c5455b5ed61c 4484321 10612 Maybe Security Update <a href="https://twitter.com/ivagunin">Ivan Vagunin,</a> 1.0 2020-05-12T07:00:00Z <p>Information published.</p> Media Foundation Memory Corruption Vulnerability <p>A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory. An attacker who successfully exploited the vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights.</p> <p>There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit a malicious webpage.</p> <p>The security update addresses the vulnerability by correcting how Windows Media Foundation handles objects in memory.</p> Microsoft Windows Microsoft CVE-2020-1028 11497 11498 11499 11563 11568 11569 11570 11571 11572 11712 11713 11714 11715 11453 11454 11583 11644 11645 11646 11647 10852 10853 10816 10855 Remote Code Execution 11497 Remote Code Execution 11498 Remote Code Execution 11499 Remote Code Execution 11563 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11570 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11712 Remote Code Execution 11713 Remote Code Execution 11714 Remote Code Execution 11715 Remote Code Execution 11453 Remote Code Execution 11454 Remote Code Execution 11583 Remote Code Execution 11644 Remote Code Execution 11645 Remote Code Execution 11646 Remote Code Execution 11647 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Critical 11497 Critical 11498 Critical 11499 Critical 11563 Critical 11568 Critical 11569 Critical 11570 Critical 11571 Critical 11572 Critical 11712 Critical 11713 Critical 11714 Critical 11715 Critical 11453 Critical 11454 Critical 11583 Critical 11644 Critical 11645 Critical 11646 Critical 11647 Critical 10852 Critical 10853 Critical 10816 Critical 10855 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11497 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11498 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11499 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11563 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11568 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11569 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11570 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11571 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11572 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11712 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11713 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11714 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11715 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11453 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11454 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11583 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11644 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11645 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11646 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11647 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10852 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10853 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10816 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10855 4556807 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556807 4550922 11497 11498 11499 11563 Yes Security Update 4551853 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4551853 4549949 11568 11569 11570 11571 11572 Yes Security Update 4551853 https://support.microsoft.com/help/4551853 11568 11569 11570 11571 11572 4556799 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556799 4549951 11712 11713 11714 11715 11644 11645 11646 11647 Yes Security Update 4556812 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556812 4550927 11453 11454 11583 Yes Security Update 4556813 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556813 4550929 10852 10853 10816 10855 Yes Security Update 4556813 https://support.microsoft.com/help/4556813 10852 10853 10816 10855 Hossein Lotfi of Trend Micro Zero Day Initiative 1.0 2020-05-12T07:00:00Z <p>Information published.</p> Visual Studio Code Python Extension Remote Code Execution Vulnerability <p>A remote code execution vulnerability exists in Visual Studio Code when the Python extension loads workspace settings from a notebook file. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.</p> <p>To exploit this vulnerability, an attacker would need to convince a target to open a specially crafted file in Visual Studio Code with the Python extension installed.</p> <p>The update address the vulnerability by modifying the way Visual Studio Code Python extension enforces user settings.</p> Visual Studio Microsoft CVE-2020-1192 11622 Remote Code Execution 11622 Critical 11622 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A Release Notes https://marketplace.visualstudio.com/items?itemName=ms-python.python 11622 Maybe Security Update <a href="https://ronmasas.com/">Ron Masas</a> 1.0 2020-05-12T07:00:00Z <p>Information published.</p> Windows DNS Server Denial of Service Vulnerability <p>Microsoft is aware of a vulnerability involving packet amplification that affects Windows DNS servers.</p> <p>An attacker who successfully exploited this vulnerability could cause the DNS Server service to become nonresponsive.</p> <p>To exploit this vulnerability an attacker would need to have access to at least one client and a domain that replies with a large volume of referral records, without glue records, that point to external victim sub domains. While resolving a name from the attacker client, for each referral record found, the resolver contacts the victim domain. This action can generate a large number of communications between the recursive resolver and the victim's authoritative DNS server to cause a Distributed Denial of Service (DDoS) attack.</p> <p>For more information see the <strong>Mitigations</strong> and <strong>Workaround</strong> sections of this advisory.</p> <p>See also <a href="https://support.microsoft.com/help/4564355">Guidance for DNS Amplification discussed in ADV200009</a>.</p> <p><strong>Which versions of Windows are affected?</strong></p> <p>All supported versions of Windows Server are affected.</p> <p><strong>Do the mitigation and workaround summarized in this advisory apply to all versions of Windows Server?</strong></p> <p>No. The mitigation and workaround are not available for Windows Server 2012 or Windows Server 2012 R2. These earlier versions of Windows Server do not support the Response Rate Limit (RRL) feature, which reduces the amplification impact when a targeted DNS resolver queries your DNS Servers.</p> <p><strong>What should customers do if they have DNS Servers residing on edge networks that are running either Windows Server 2012 or Windows Server 2012 R2?</strong></p> <p>DNS Servers residing on edge networks that are running either Windows Server 2012 or Windows Server 2012 R2 should be upgraded to Windows Server 2016 or newer that support the RRL feature, which reduces the amplification impact when a targeted DNS resolver queries your DNS Servers.</p> Microsoft Windows DNS Microsoft ADV200009 9237 9237 9237 Publicly Disclosed:No;Exploited:No;DOS:N/A <p><strong>Enable Response Rate Limiting on a DNS server</strong></p> <p>Please see <a href="https://docs.microsoft.com/en-us/powershell/module/dnsserver/set-dnsserverresponseratelimiting?view=win10-ps">DNS Server Response Rate Limiting</a> for more information.</p> <p>Customers should determine if the DNS server is an intranet-facing or an edge-facing authoratative Microsoft DNS server, then refer to the applicable mitigation. Microsoft rates the risk of this exploit that targets DNS servers residing on corporate intranets as low. DNS Servers residing on edge networks are vulnerable to NXNSAttack.</p> <p><strong>For intranet facing MS DNS Servers:</strong></p> <p>The risk of this exploit is low. Monitor internal DNS Servers for unusual traffic. Disable internal NXNSAttackers residing on your corporate intranet as they are discovered.</p> <p><strong>For edge-facing authoritative DNS Servers:</strong></p> <p>Enable Response Rate Limit (RRL) supported by Windows Server 2016 and newer versions of Microsoft DNS. Using RRL on DNS resolvers minimizes the initial attack amplification. Using RRL on a public domain's authoritative DNS server reduces amplification back to the DNS resolver. Note that RRL is disabled by default.</p> <p>This mitigation is not available for Windows Server 2012 or Windows Server 2012 R2. These earlier versions of Windows Server do not support the RRL feature. DNS Servers residing on edge networks that are running either of these versions of Windows Server should be upgraded to Windows Server 2016 or newer that support the RRL feature.</p> <p>For more information on RRL, See the following:</p> <ul> <li><a href="https://docs.microsoft.com/en-us/windows-server/networking/dns/what-s-new-in-dns-server">What's New in DNS Server in Windows Server</a></li> <li><a href="https://docs.microsoft.com/en-us/powershell/module/dnsserver/set-dnsserverresponseratelimiting?view=win10-ps">SetDNSServerResponseRateLimiting</a> Powershell cmdlet</li> </ul> <p>Use the SetDNSServerResponseRateLimiting Powershell cmdlet to enable RRL using default values. If enabling RRL causes legitimate DNS queries to fail because they are being throttled too tightly, incrementally increase the values for the Response/Sec and Errors/Sec parameters only until the DNS Server responds to previously failing queries.</p> <p>Other parameters may also help administrators better manage RRL settings including RRL exceptions.</p> <p>For further information see <a href="https://support.microsoft.com/help/4564355">Guidance for DNS Amplification discussed in ADV200009</a>.</p> Prof. Yehuda Afek, Tel-Aviv University, Prof. Anat Bremler-Barr, The Interdisciplinary Center, Herzliya, Lior Shafir, Tel-Aviv University. 1.0 2020-05-19T07:00:00Z <p>Information published.</p> 1.1 2020-05-29T07:00:00Z <p>Added FAQs section and added clarifying information to the Mitigations section. This is an informational change only.</p> Windows GDI Information Disclosure Vulnerability <p>An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system.</p> <p>There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage.</p> <p>The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory.</p> <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>The type of information that could be disclosed if an attacker successfully exploited this vulnerability is memory layout - the vulnerability allows an attacker to collect information that facilitates predicting addressing of the memory.</p> Microsoft Graphics Component Microsoft CVE-2020-0963 11497 11498 11499 11563 11568 11569 11570 11571 11572 11712 11713 11714 11715 11453 11454 11583 11644 11645 11646 11647 10729 10735 10852 10853 10816 10855 10047 10048 10481 10482 10484 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Information Disclosure 11497 Information Disclosure 11498 Information Disclosure 11499 Information Disclosure 11563 Information Disclosure 11568 Information Disclosure 11569 Information Disclosure 11570 Information Disclosure 11571 Information Disclosure 11572 Information Disclosure 11712 Information Disclosure 11713 Information Disclosure 11714 Information Disclosure 11715 Information Disclosure 11453 Information Disclosure 11454 Information Disclosure 11583 Information Disclosure 11644 Information Disclosure 11645 Information Disclosure 11646 Information Disclosure 11647 Information Disclosure 10729 Information Disclosure 10735 Information Disclosure 10852 Information Disclosure 10853 Information Disclosure 10816 Information Disclosure 10855 Information Disclosure 10047 Information Disclosure 10048 Information Disclosure 10481 Information Disclosure 10482 Information Disclosure 10484 Information Disclosure 9312 Information Disclosure 10287 Information Disclosure 9318 Information Disclosure 9344 Information Disclosure 10051 Information Disclosure 10049 Information Disclosure 10378 Information Disclosure 10379 Information Disclosure 10483 Information Disclosure 10543 Important 11497 Important 11498 Important 11499 Important 11563 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11712 Important 11713 Important 11714 Important 11715 Important 11453 Important 11454 Important 11583 Important 11644 Important 11645 Important 11646 Important 11647 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10047 Important 10048 Important 10481 Important 10482 Important 10484 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 11497 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 11498 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 11499 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 11563 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 11568 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 11569 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 11570 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 11571 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 11572 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 11712 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 11713 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 11714 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 11715 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 11453 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 11454 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 11583 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 11644 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 11645 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 11646 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 11647 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 10729 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 10735 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 10852 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 10853 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 10816 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 10855 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 10047 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 10048 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 10481 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 10482 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 10484 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 9312 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 10287 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 9318 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 9344 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 10051 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 10049 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 10378 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 10379 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 10483 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 10543 4556807 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556807 4550922 11497 11498 11499 11563 Yes Security Update 4551853 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4551853 4549949 11568 11569 11570 11571 11572 Yes Security Update 4551853 https://support.microsoft.com/help/4551853 11568 11569 11570 11571 11572 4556799 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556799 4549951 11712 11713 11714 11715 11644 11645 11646 11647 Yes Security Update 4556812 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556812 4550927 11453 11454 11583 Yes Security Update 4556826 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556826 4550930 10729 10735 Yes Security Update 4556813 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556813 4550929 10852 10853 10816 10855 Yes Security Update 4556813 https://support.microsoft.com/help/4556813 10852 10853 10816 10855 4556836 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556836 4550964 10047 10048 10051 10049 Yes Monthly Rollup 4556836 https://support.microsoft.com/help/4556836 10047 10048 10051 10049 4556843 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556843 10047 10048 10051 10049 Yes Security Only 4556843 https://support.microsoft.com/help/4556843 10047 10048 10051 10049 4556846 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556846 4550961 10481 10482 10484 10483 10543 Yes Monthly Rollup 4556853 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556853 10481 10482 10483 10543 Yes Security Only 4556860 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556860 4550951 9312 10287 9318 9344 Yes Monthly Rollup 4556860 https://support.microsoft.com/help/4556860 9312 10287 9318 9344 4556854 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556854 9312 10287 9318 9344 Yes Security Only 4556854 https://support.microsoft.com/help/4556854 9312 10287 9318 9344 4556840 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556840 4550917 10378 10379 Yes Monthly Rollup 4556852 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556852 10378 10379 Yes Security Only <a href="https://twitter.com/klotxl404">Ke Liu</a> of <a href="https://xlab.tencent.com/en/">Tencent Security Xuanwu Lab</a> Jaanus Kääp of <a href="https://www.clarifiedsecurity.com/">Clarified Security</a> 1.0 2020-05-12T07:00:00Z <p>Information published.</p> Microsoft Windows Elevation of Privilege Vulnerability <p>An elevation of privilege vulnerability exists in Windows Block Level Backup Engine Service (wbengine) that allows file deletion in arbitrary locations.</p> <p>To exploit the vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system.</p> <p>The update addresses the vulnerability by correcting how the Windows Block Level Backup Engine Service handles file operations.</p> Microsoft Windows Microsoft CVE-2020-1010 11497 11498 11499 11563 11568 11569 11570 11571 11572 11712 11713 11714 11715 11453 11454 11583 11644 11645 11646 11647 10729 10735 10852 10853 10816 10855 10047 10048 10481 10482 10484 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11497 Elevation of Privilege 11498 Elevation of Privilege 11499 Elevation of Privilege 11563 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11712 Elevation of Privilege 11713 Elevation of Privilege 11714 Elevation of Privilege 11715 Elevation of Privilege 11453 Elevation of Privilege 11454 Elevation of Privilege 11583 Elevation of Privilege 11644 Elevation of Privilege 11645 Elevation of Privilege 11646 Elevation of Privilege 11647 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 10047 Elevation of Privilege 10048 Elevation of Privilege 10481 Elevation of Privilege 10482 Elevation of Privilege 10484 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11497 Important 11498 Important 11499 Important 11563 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11712 Important 11713 Important 11714 Important 11715 Important 11453 Important 11454 Important 11583 Important 11644 Important 11645 Important 11646 Important 11647 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10047 Important 10048 Important 10481 Important 10482 Important 10484 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11497 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11498 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11499 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11563 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11568 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11569 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11570 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11571 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11572 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11712 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11713 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11714 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11715 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11453 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11454 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11583 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11644 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11645 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11646 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11647 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10729 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10735 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10852 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10853 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10816 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10855 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10047 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10048 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10481 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10482 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10484 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10051 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10049 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10378 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10379 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10483 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10543 4556807 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556807 4550922 11497 11498 11499 11563 Yes Security Update 4551853 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4551853 4549949 11568 11569 11570 11571 11572 Yes Security Update 4551853 https://support.microsoft.com/help/4551853 11568 11569 11570 11571 11572 4556799 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556799 4549951 11712 11713 11714 11715 11644 11645 11646 11647 Yes Security Update 4556812 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556812 4550927 11453 11454 11583 Yes Security Update 4556826 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556826 4550930 10729 10735 Yes Security Update 4556813 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556813 4550929 10852 10853 10816 10855 Yes Security Update 4556813 https://support.microsoft.com/help/4556813 10852 10853 10816 10855 4556836 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556836 4550964 10047 10048 10051 10049 Yes Monthly Rollup 4556836 https://support.microsoft.com/help/4556836 10047 10048 10051 10049 4556843 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556843 10047 10048 10051 10049 Yes Security Only 4556843 https://support.microsoft.com/help/4556843 10047 10048 10051 10049 4556846 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556846 4550961 10481 10482 10484 10483 10543 Yes Monthly Rollup 4556853 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556853 10481 10482 10483 10543 Yes Security Only 4556840 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556840 4550917 10378 10379 Yes Monthly Rollup 4556852 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556852 10378 10379 Yes Security Only Zhiniang Peng (<a href="https://twitter.com/edwardzpeng">@edwardzpeng</a>) of Qihoo 360 Core Security & Jiadong Lu 1.0 2020-05-12T07:00:00Z <p>Information published.</p> 1.1 2020-05-19T07:00:00Z <p>Updated acknowledgment. This is an informational change only.</p> Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability <p>An elevation of privilege vulnerability exists in Microsoft Edge (Chromium-based) when the Feedback extension improperly validates input. An attacker who successfully exploited this vulnerability could write files to arbitrary locations and gain elevated privileges.</p> <p>The vulnerability by itself does not allow arbitrary code to run. However, this vulnerability could be used in conjunction with one or more vulnerabilities (for example a remote code execution vulnerability and another elevation of privilege vulnerability) to take advantage of the elevated privileges when running.</p> <p>The security update addresses the vulnerability by modifying how Microsoft Edge (Chromium-based) Feedback extension validates files.</p> <p><strong>What version of Microsoft Edge (Chromium-base) contains the fix for this vulnerability?</strong></p> <p>The version that contains the update is 83.0.478.37.</p> Microsoft Edge on Chromium Microsoft CVE-2020-1195 11655 Elevation of Privilege 11655 Moderate 11655 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:N/A;DOS:N/A 3.1 2.8 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C 11655 <a href="https://www.daviderceg.com/">David Erceg</a> 1.0 2020-05-21T07:00:00Z <p>Information published.</p> VBScript Remote Code Execution Vulnerability <p>A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.</p> <p>In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website. An attacker could also embed an ActiveX control marked &quot;safe for initialization&quot; in an application or Microsoft Office document that hosts the IE rendering engine. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability.</p> <p>The security update addresses the vulnerability by modifying how the scripting engine handles objects in memory.</p> Microsoft Scripting Engine Microsoft CVE-2020-1035 10336-9312 10336-9318 10486-11497 10486-11498 10486-11563 10486-11568 10486-11569 10486-11570 10486-11571 10486-11712 10486-11713 10486-11714 10486-11453 10486-11454 10486-11583 10486-11644 10486-11645 10486-11646 10486-10729 10486-10735 10486-10852 10486-10853 10486-10816 10486-10047 10486-10048 10486-10481 10486-10482 10486-10484 10486-10051 10486-10378 10486-10483 Remote Code Execution 10336-9312 Remote Code Execution 10336-9318 Remote Code Execution 10486-11497 Remote Code Execution 10486-11498 Remote Code Execution 10486-11563 Remote Code Execution 10486-11568 Remote Code Execution 10486-11569 Remote Code Execution 10486-11570 Remote Code Execution 10486-11571 Remote Code Execution 10486-11712 Remote Code Execution 10486-11713 Remote Code Execution 10486-11714 Remote Code Execution 10486-11453 Remote Code Execution 10486-11454 Remote Code Execution 10486-11583 Remote Code Execution 10486-11644 Remote Code Execution 10486-11645 Remote Code Execution 10486-11646 Remote Code Execution 10486-10729 Remote Code Execution 10486-10735 Remote Code Execution 10486-10852 Remote Code Execution 10486-10853 Remote Code Execution 10486-10816 Remote Code Execution 10486-10047 Remote Code Execution 10486-10048 Remote Code Execution 10486-10481 Remote Code Execution 10486-10482 Remote Code Execution 10486-10484 Remote Code Execution 10486-10051 Remote Code Execution 10486-10378 Remote Code Execution 10486-10483 Low 10336-9312 Low 10336-9318 Important 10486-11497 Important 10486-11498 Important 10486-11563 Important 10486-11568 Important 10486-11569 Important 10486-11570 Low 10486-11571 Important 10486-11712 Important 10486-11713 Important 10486-11714 Important 10486-11453 Important 10486-11454 Important 10486-11583 Important 10486-11644 Important 10486-11645 Important 10486-11646 Important 10486-10729 Important 10486-10735 Important 10486-10852 Important 10486-10853 Low 10486-10816 Important 10486-10047 Important 10486-10048 Important 10486-10481 Important 10486-10482 Important 10486-10484 Low 10486-10051 Low 10486-10378 Low 10486-10483 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;Older Software Release:Exploitation More Likely;DOS:N/A 6.4 5.8 CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10336-9312 6.4 5.8 CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10336-9318 7.5 6.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10486-11497 7.5 6.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10486-11498 7.5 6.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10486-11563 7.5 6.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10486-11568 7.5 6.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10486-11569 7.5 6.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10486-11570 6.4 5.8 CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10486-11571 7.5 6.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10486-11712 7.5 6.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10486-11713 7.5 6.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10486-11714 7.5 6.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10486-11453 7.5 6.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10486-11454 7.5 6.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10486-11583 7.5 6.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10486-11644 7.5 6.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10486-11645 7.5 6.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10486-11646 7.5 6.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10486-10729 7.5 6.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10486-10735 7.5 6.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10486-10852 7.5 6.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10486-10853 6.4 5.8 CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10486-10816 7.5 6.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10486-10047 7.5 6.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10486-10048 7.5 6.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10486-10481 7.5 6.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10486-10482 7.5 6.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10486-10484 6.4 5.8 CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10486-10051 6.4 5.8 CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10486-10378 6.4 5.8 CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10486-10483 4556860 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556860 4550951 10336-9312 10336-9318 Yes Monthly Rollup 4556860 https://support.microsoft.com/help/4556860 10336-9312 10336-9318 4556798 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556798 4550905 10336-9312 10336-9318 10486-10047 10486-10048 10486-10481 10486-10482 10486-10051 10486-10378 10486-10483 Yes IE Cumulative 4556807 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556807 4550922 10486-11497 10486-11498 10486-11563 Yes Security Update 4551853 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4551853 4549949 10486-11568 10486-11569 10486-11570 10486-11571 Yes Security Update 4551853 https://support.microsoft.com/help/4551853 10486-11568 10486-11569 10486-11570 10486-11571 4556799 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556799 4549951 10486-11712 10486-11713 10486-11714 10486-11644 10486-11645 10486-11646 Yes Security Update 4556812 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556812 4550927 10486-11453 10486-11454 10486-11583 Yes Security Update 4556826 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556826 4550930 10486-10729 10486-10735 Yes Security Update 4556813 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556813 4550929 10486-10852 10486-10853 10486-10816 Yes Security Update 4556813 https://support.microsoft.com/help/4556813 10486-10852 10486-10853 10486-10816 4556836 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556836 4550964 10486-10047 10486-10048 10486-10051 Yes Monthly Rollup 4556836 https://support.microsoft.com/help/4556836 10486-10047 10486-10048 10486-10051 4556846 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556846 4550961 10486-10481 10486-10482 10486-10484 10486-10483 Yes Monthly Rollup 4556840 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556840 4550917 10486-10378 Yes Monthly Rollup Yuki Chen of <a href="https://www.360.com/">Qihoo 360 Vulcan Team</a> 1.0 2020-05-12T07:00:00Z <p>Information published.</p> Chakra Scripting Engine Memory Corruption Vulnerability <p>A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge (HTML-based). The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.</p> <p>In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft Edge (HTML-based) and then convince a user to view the website. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability.</p> <p>The security update addresses the vulnerability by modifying how the Chakra scripting engine handles objects in memory.</p> Microsoft Scripting Engine Microsoft CVE-2020-1037 11447 10724-11497 10724-11498 10724-11563 10724-11568 10724-11569 10724-11570 10724-11571 10724-11712 10724-11713 10724-11714 10724-11453 10724-11454 10724-11583 10724-11644 10724-11645 10724-11646 10724-10729 10724-10735 10724-10852 10724-10853 10724-10816 Remote Code Execution 11447 Remote Code Execution 10724-11497 Remote Code Execution 10724-11498 Remote Code Execution 10724-11563 Remote Code Execution 10724-11568 Remote Code Execution 10724-11569 Remote Code Execution 10724-11570 Remote Code Execution 10724-11571 Remote Code Execution 10724-11712 Remote Code Execution 10724-11713 Remote Code Execution 10724-11714 Remote Code Execution 10724-11453 Remote Code Execution 10724-11454 Remote Code Execution 10724-11583 Remote Code Execution 10724-11644 Remote Code Execution 10724-11645 Remote Code Execution 10724-11646 Remote Code Execution 10724-10729 Remote Code Execution 10724-10735 Remote Code Execution 10724-10852 Remote Code Execution 10724-10853 Remote Code Execution 10724-10816 Critical 11447 Critical 10724-11497 Critical 10724-11498 Critical 10724-11563 Critical 10724-11568 Critical 10724-11569 Critical 10724-11570 Moderate 10724-11571 Critical 10724-11712 Critical 10724-11713 Critical 10724-11714 Critical 10724-11453 Critical 10724-11454 Critical 10724-11583 Critical 10724-11644 Critical 10724-11645 Critical 10724-11646 Critical 10724-10729 Critical 10724-10735 Critical 10724-10852 Critical 10724-10853 Moderate 10724-10816 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 4.2 3.8 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C 11447 4.2 3.8 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C 10724-11497 4.2 3.8 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C 10724-11498 4.2 3.8 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C 10724-11563 4.2 3.8 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C 10724-11568 4.2 3.8 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C 10724-11569 4.2 3.8 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C 10724-11570 4.2 3.8 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C 10724-11571 4.2 3.8 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C 10724-11712 4.2 3.8 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C 10724-11713 4.2 3.8 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C 10724-11714 4.2 3.8 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C 10724-11453 4.2 3.8 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C 10724-11454 4.2 3.8 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C 10724-11583 4.2 3.8 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C 10724-11644 4.2 3.8 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C 10724-11645 4.2 3.8 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C 10724-11646 4.2 3.8 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C 10724-10729 4.2 3.8 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C 10724-10735 4.2 3.8 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C 10724-10852 4.2 3.8 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C 10724-10853 4.2 3.8 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C 10724-10816 Release Notes https://github.com/Microsoft/ChakraCore/releases/tag/v1.11.19 11447 Maybe Security Update 4556807 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556807 4550922 10724-11497 10724-11498 10724-11563 Yes Security Update 4551853 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4551853 4549949 10724-11568 10724-11569 10724-11570 10724-11571 Yes Security Update 4551853 https://support.microsoft.com/help/4551853 10724-11568 10724-11569 10724-11570 10724-11571 4556799 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556799 4549951 10724-11712 10724-11713 10724-11714 10724-11644 10724-11645 10724-11646 Yes Security Update 4556812 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556812 4550927 10724-11453 10724-11454 10724-11583 Yes Security Update 4556826 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556826 4550930 10724-10729 10724-10735 Yes Security Update 4556813 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556813 4550929 10724-10852 10724-10853 10724-10816 Yes Security Update 4556813 https://support.microsoft.com/help/4556813 10724-10852 10724-10853 10724-10816 <a href="https://twitter.com/S0rryMybad">Qixun Zhao</a> of <a href="http://www.360.com/">Qihoo 360 Vulcan Team</a>​ 1.0 2020-05-12T07:00:00Z <p>Information published.</p> Windows Print Spooler Elevation of Privilege Vulnerability <p>An elevation of privilege vulnerability exists when the Windows Print Spooler service improperly allows arbitrary writing to the file system. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.</p> <p>To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted script or application.</p> <p>The update addresses the vulnerability by correcting how the Windows Print Spooler Component writes to the file system.</p> Microsoft Windows Microsoft CVE-2020-1048 11497 11498 11499 11563 11568 11569 11570 11571 11572 11712 11713 11714 11715 11453 11454 11583 11644 11645 11646 11647 10729 10735 10852 10853 10816 10855 10047 10048 10481 10482 10484 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11497 Elevation of Privilege 11498 Elevation of Privilege 11499 Elevation of Privilege 11563 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11712 Elevation of Privilege 11713 Elevation of Privilege 11714 Elevation of Privilege 11715 Elevation of Privilege 11453 Elevation of Privilege 11454 Elevation of Privilege 11583 Elevation of Privilege 11644 Elevation of Privilege 11645 Elevation of Privilege 11646 Elevation of Privilege 11647 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 10047 Elevation of Privilege 10048 Elevation of Privilege 10481 Elevation of Privilege 10482 Elevation of Privilege 10484 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11497 Important 11498 Important 11499 Important 11563 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11712 Important 11713 Important 11714 Important 11715 Important 11453 Important 11454 Important 11583 Important 11644 Important 11645 Important 11646 Important 11647 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10047 Important 10048 Important 10481 Important 10482 Important 10484 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11497 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11498 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11499 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11563 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11568 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11569 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11570 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11571 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11572 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11712 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11713 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11714 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11715 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11453 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11454 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11583 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11644 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11645 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11646 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11647 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10729 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10735 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10852 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10853 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10816 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10855 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10047 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10048 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10481 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10482 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10484 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 9312 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10287 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 9318 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 9344 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10051 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10049 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10378 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10379 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10483 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10543 4556807 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556807 4550922 11497 11498 11499 11563 Yes Security Update 4551853 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4551853 4549949 11568 11569 11570 11571 11572 Yes Security Update 4551853 https://support.microsoft.com/help/4551853 11568 11569 11570 11571 11572 4556799 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556799 4549951 11712 11713 11714 11715 11644 11645 11646 11647 Yes Security Update 4556812 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556812 4550927 11453 11454 11583 Yes Security Update 4556826 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556826 4550930 10729 10735 Yes Security Update 4556813 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556813 4550929 10852 10853 10816 10855 Yes Security Update 4556813 https://support.microsoft.com/help/4556813 10852 10853 10816 10855 4556836 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556836 4550964 10047 10048 10051 10049 Yes Monthly Rollup 4556836 https://support.microsoft.com/help/4556836 10047 10048 10051 10049 4556843 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556843 10047 10048 10051 10049 Yes Security Only 4556843 https://support.microsoft.com/help/4556843 10047 10048 10051 10049 4556846 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556846 4550961 10481 10482 10484 10483 10543 Yes Monthly Rollup 4556853 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556853 10481 10482 10483 10543 Yes Security Only 4556860 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556860 4550951 9312 10287 9318 9344 Yes Monthly Rollup 4556860 https://support.microsoft.com/help/4556860 9312 10287 9318 9344 4556854 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556854 9312 10287 9318 9344 Yes Security Only 4556854 https://support.microsoft.com/help/4556854 9312 10287 9318 9344 4556840 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556840 4550917 10378 10379 Yes Monthly Rollup 4556852 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556852 10378 10379 Yes Security Only Peleg Hadar (<a href="https://twitter.com/peleghd">@peleghd</a>) and Tomer Bar of SafeBreach Labs 1.0 2020-05-12T07:00:00Z <p>Information published.</p> Win32k Elevation of Privilege Vulnerability <p>An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.</p> <p>To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system.</p> <p>The update addresses this vulnerability by correcting how the Windows kernel-mode driver handles objects in memory.</p> Microsoft Graphics Component Microsoft CVE-2020-1054 11497 11498 11499 11563 11568 11569 11570 11571 11572 11712 11713 11714 11715 11453 11454 11583 11644 11645 11646 11647 10729 10735 10852 10853 10816 10855 10047 10048 10481 10482 10484 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11497 Elevation of Privilege 11498 Elevation of Privilege 11499 Elevation of Privilege 11563 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11712 Elevation of Privilege 11713 Elevation of Privilege 11714 Elevation of Privilege 11715 Elevation of Privilege 11453 Elevation of Privilege 11454 Elevation of Privilege 11583 Elevation of Privilege 11644 Elevation of Privilege 11645 Elevation of Privilege 11646 Elevation of Privilege 11647 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 10047 Elevation of Privilege 10048 Elevation of Privilege 10481 Elevation of Privilege 10482 Elevation of Privilege 10484 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11497 Important 11498 Important 11499 Important 11563 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11712 Important 11713 Important 11714 Important 11715 Important 11453 Important 11454 Important 11583 Important 11644 Important 11645 Important 11646 Important 11647 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10047 Important 10048 Important 10481 Important 10482 Important 10484 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;Older Software Release:Exploitation More Likely;DOS:N/A 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11497 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11498 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11499 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11563 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11568 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11569 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11570 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11571 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11572 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11712 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11713 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11714 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11715 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11453 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11454 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11583 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11644 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11645 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11646 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11647 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10729 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10735 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10852 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10853 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10816 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10855 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10047 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10048 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10481 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10482 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10484 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10287 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 9318 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 9344 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10051 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10049 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10378 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10379 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10483 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10543 4556807 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556807 4550922 11497 11498 11499 11563 Yes Security Update 4551853 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4551853 4549949 11568 11569 11570 11571 11572 Yes Security Update 4551853 https://support.microsoft.com/help/4551853 11568 11569 11570 11571 11572 4556799 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556799 4549951 11712 11713 11714 11715 11644 11645 11646 11647 Yes Security Update 4556812 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556812 4550927 11453 11454 11583 Yes Security Update 4556826 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556826 4550930 10729 10735 Yes Security Update 4556813 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556813 4550929 10852 10853 10816 10855 Yes Security Update 4556813 https://support.microsoft.com/help/4556813 10852 10853 10816 10855 4556836 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556836 4550964 10047 10048 10051 10049 Yes Monthly Rollup 4556836 https://support.microsoft.com/help/4556836 10047 10048 10051 10049 4556843 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556843 10047 10048 10051 10049 Yes Security Only 4556843 https://support.microsoft.com/help/4556843 10047 10048 10051 10049 4556846 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556846 4550961 10481 10482 10484 10483 10543 Yes Monthly Rollup 4556853 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556853 10481 10482 10483 10543 Yes Security Only 4556860 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556860 4550951 9312 10287 9318 9344 Yes Monthly Rollup 4556860 https://support.microsoft.com/help/4556860 9312 10287 9318 9344 4556854 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556854 9312 10287 9318 9344 Yes Security Only 4556854 https://support.microsoft.com/help/4556854 9312 10287 9318 9344 4556840 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556840 4550917 10378 10379 Yes Monthly Rollup 4556852 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556852 10378 10379 Yes Security Only Netanel Ben-Simon and Yoav Alon from Check Point Research bee13oy of Qihoo 360 Vulcan Team 1.1 2020-05-14T07:00:00Z <p>Added acknowledgements. This is an informational change only.</p> 1.0 2020-05-12T07:00:00Z <p>Information published.</p> Microsoft Active Directory Federation Services Cross-Site Scripting Vulnerability <p>A cross-site-scripting (XSS) vulnerability exists when Active Directory Federation Services (ADFS) does not properly sanitize user inputs. An un-authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected ADFS server.</p> <p>The attacker who successfully exploited the vulnerability could then perform cross-site scripting attacks on affected systems and run scripts in the security context of the current user.</p> <p>This security update addresses the vulnerability by ensuring that ADFS properly sanitizes user inputs.</p> Active Directory Microsoft CVE-2020-1055 11568 11569 11570 11571 11572 11712 11713 11714 11715 11644 11645 11646 11647 Spoofing 11568 Spoofing 11569 Spoofing 11570 Spoofing 11571 Spoofing 11572 Spoofing 11712 Spoofing 11713 Spoofing 11714 Spoofing 11715 Spoofing 11644 Spoofing 11645 Spoofing 11646 Spoofing 11647 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11712 Important 11713 Important 11714 Important 11715 Important 11644 Important 11645 Important 11646 Important 11647 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 4551853 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4551853 4549949 11568 11569 11570 11571 11572 Yes Security Update 4551853 https://support.microsoft.com/help/4551853 11568 11569 11570 11571 11572 4556799 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556799 4549951 11712 11713 11714 11715 11644 11645 11646 11647 Yes Security Update Steve Patches 1.0 2020-05-12T07:00:00Z <p>Information published.</p> VBScript Remote Code Execution Vulnerability <p>A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.</p> <p>In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website. An attacker could also embed an ActiveX control marked &quot;safe for initialization&quot; in an application or Microsoft Office document that hosts the IE rendering engine. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability.</p> <p>The security update addresses the vulnerability by modifying how the scripting engine handles objects in memory.</p> Microsoft Scripting Engine Microsoft CVE-2020-1058 10336-9312 10336-9318 10486-11497 10486-11498 10486-11563 10486-11568 10486-11569 10486-11570 10486-11571 10486-11712 10486-11713 10486-11714 10486-11453 10486-11454 10486-11583 10486-11644 10486-11645 10486-11646 10486-10729 10486-10735 10486-10852 10486-10853 10486-10816 10486-10047 10486-10048 10486-10481 10486-10482 10486-10484 10486-10051 10486-10378 10486-10483 Remote Code Execution 10336-9312 Remote Code Execution 10336-9318 Remote Code Execution 10486-11497 Remote Code Execution 10486-11498 Remote Code Execution 10486-11563 Remote Code Execution 10486-11568 Remote Code Execution 10486-11569 Remote Code Execution 10486-11570 Remote Code Execution 10486-11571 Remote Code Execution 10486-11712 Remote Code Execution 10486-11713 Remote Code Execution 10486-11714 Remote Code Execution 10486-11453 Remote Code Execution 10486-11454 Remote Code Execution 10486-11583 Remote Code Execution 10486-11644 Remote Code Execution 10486-11645 Remote Code Execution 10486-11646 Remote Code Execution 10486-10729 Remote Code Execution 10486-10735 Remote Code Execution 10486-10852 Remote Code Execution 10486-10853 Remote Code Execution 10486-10816 Remote Code Execution 10486-10047 Remote Code Execution 10486-10048 Remote Code Execution 10486-10481 Remote Code Execution 10486-10482 Remote Code Execution 10486-10484 Remote Code Execution 10486-10051 Remote Code Execution 10486-10378 Remote Code Execution 10486-10483 Low 10336-9312 Low 10336-9318 Important 10486-11497 Important 10486-11498 Important 10486-11563 Important 10486-11568 Important 10486-11569 Important 10486-11570 Low 10486-11571 Important 10486-11712 Important 10486-11713 Important 10486-11714 Important 10486-11453 Important 10486-11454 Important 10486-11583 Important 10486-11644 Important 10486-11645 Important 10486-11646 Important 10486-10729 Important 10486-10735 Important 10486-10852 Important 10486-10853 Low 10486-10816 Important 10486-10047 Important 10486-10048 Important 10486-10481 Important 10486-10482 Important 10486-10484 Low 10486-10051 Low 10486-10378 Low 10486-10483 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;Older Software Release:Exploitation More Likely;DOS:N/A 6.4 5.8 CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10336-9312 6.4 5.8 CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10336-9318 7.5 6.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10486-11497 7.5 6.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10486-11498 7.5 6.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10486-11563 7.5 6.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10486-11568 7.5 6.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10486-11569 7.5 6.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10486-11570 6.4 5.8 CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10486-11571 7.5 6.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10486-11712 7.5 6.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10486-11713 7.5 6.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10486-11714 7.5 6.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10486-11453 7.5 6.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10486-11454 7.5 6.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10486-11583 7.5 6.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10486-11644 7.5 6.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10486-11645 7.5 6.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10486-11646 7.5 6.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10486-10729 7.5 6.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10486-10735 7.5 6.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10486-10852 7.5 6.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10486-10853 6.4 5.8 CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10486-10816 7.5 6.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10486-10047 7.5 6.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10486-10048 7.5 6.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10486-10481 7.5 6.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10486-10482 7.5 6.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10486-10484 6.4 5.8 CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10486-10051 6.4 5.8 CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10486-10378 6.4 5.8 CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10486-10483 4556860 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556860 4550951 10336-9312 10336-9318 Yes Monthly Rollup 4556860 https://support.microsoft.com/help/4556860 10336-9312 10336-9318 4556798 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556798 4550905 10336-9312 10336-9318 10486-10047 10486-10048 10486-10481 10486-10482 10486-10051 10486-10378 10486-10483 Yes IE Cumulative 4556807 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556807 4550922 10486-11497 10486-11498 10486-11563 Yes Security Update 4551853 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4551853 4549949 10486-11568 10486-11569 10486-11570 10486-11571 Yes Security Update 4551853 https://support.microsoft.com/help/4551853 10486-11568 10486-11569 10486-11570 10486-11571 4556799 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556799 4549951 10486-11712 10486-11713 10486-11714 10486-11644 10486-11645 10486-11646 Yes Security Update 4556812 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556812 4550927 10486-11453 10486-11454 10486-11583 Yes Security Update 4556826 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556826 4550930 10486-10729 10486-10735 Yes Security Update 4556813 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556813 4550929 10486-10852 10486-10853 10486-10816 Yes Security Update 4556813 https://support.microsoft.com/help/4556813 10486-10852 10486-10853 10486-10816 4556836 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556836 4550964 10486-10047 10486-10048 10486-10051 Yes Monthly Rollup 4556836 https://support.microsoft.com/help/4556836 10486-10047 10486-10048 10486-10051 4556846 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556846 4550961 10486-10481 10486-10482 10486-10484 10486-10483 Yes Monthly Rollup 4556840 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556840 4550917 10486-10378 Yes Monthly Rollup Yuki Chen of <a href="https://www.360.com/">Qihoo 360 Vulcan Team</a> 1.0 2020-05-12T07:00:00Z <p>Information published.</p> Microsoft Edge Spoofing Vulnerability <p>A spoofing vulnerability exists when Microsoft Edge does not properly parse HTTP content. An attacker who successfully exploited this vulnerability could trick a user by redirecting the user to a specially crafted website. The specially crafted website could either spoof content or serve as a pivot to chain an attack with other vulnerabilities in web services.</p> <p>To exploit the vulnerability, the user must click a specially crafted URL. In an email attack scenario, an attacker could send an email message containing the specially crafted URL to the user in an attempt to convince the user to click it.</p> <p>In a web-based attack scenario, an attacker could host a specially crafted website designed to appear as a legitimate website to the user. However, the attacker would have no way to force the user to visit the specially crafted website. The attacker would have to convince the user to visit the specially crafted website, typically by way of enticement in an email or instant message, and then convince the user to interact with content on the website.</p> <p>The update addresses the vulnerability by correcting how Microsoft Edge parses HTTP responses.</p> Microsoft Edge (HTML-based) Microsoft CVE-2020-1059 10724-11497 10724-11498 10724-11563 10724-11568 10724-11569 10724-11570 10724-11571 10724-11712 10724-11713 10724-11714 10724-11644 10724-11645 10724-11646 Spoofing 10724-11497 Spoofing 10724-11498 Spoofing 10724-11563 Spoofing 10724-11568 Spoofing 10724-11569 Spoofing 10724-11570 Spoofing 10724-11571 Spoofing 10724-11712 Spoofing 10724-11713 Spoofing 10724-11714 Spoofing 10724-11644 Spoofing 10724-11645 Spoofing 10724-11646 Important 10724-11497 Important 10724-11498 Important 10724-11563 Important 10724-11568 Important 10724-11569 Important 10724-11570 Low 10724-11571 Important 10724-11712 Important 10724-11713 Important 10724-11714 Important 10724-11644 Important 10724-11645 Important 10724-11646 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 4.3 3.9 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C 10724-11497 4.3 3.9 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C 10724-11498 4.3 3.9 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C 10724-11563 4.3 3.9 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C 10724-11568 4.3 3.9 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C 10724-11569 4.3 3.9 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C 10724-11570 4.3 3.9 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C 10724-11571 4.3 3.9 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C 10724-11712 4.3 3.9 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C 10724-11713 4.3 3.9 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C 10724-11714 4.3 3.9 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C 10724-11644 4.3 3.9 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C 10724-11645 4.3 3.9 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C 10724-11646 4556807 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556807 4550922 10724-11497 10724-11498 10724-11563 Yes Security Update 4551853 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4551853 4549949 10724-11568 10724-11569 10724-11570 10724-11571 Yes Security Update 4551853 https://support.microsoft.com/help/4551853 10724-11568 10724-11569 10724-11570 10724-11571 4556799 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556799 4549951 10724-11712 10724-11713 10724-11714 10724-11644 10724-11645 10724-11646 Yes Security Update Michal Bentkowski <a href="https://research.securitum.com/">with Securitum</a> 1.0 2020-05-12T07:00:00Z <p>Information published.</p> VBScript Remote Code Execution Vulnerability <p>A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.</p> <p>In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website. An attacker could also embed an ActiveX control marked &quot;safe for initialization&quot; in an application or Microsoft Office document that hosts the IE rendering engine. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability.</p> <p>The security update addresses the vulnerability by modifying how the scripting engine handles objects in memory.</p> Microsoft Scripting Engine Microsoft CVE-2020-1060 10336-9312 10336-9318 10486-11497 10486-11498 10486-11563 10486-11568 10486-11569 10486-11570 10486-11571 10486-11712 10486-11713 10486-11714 10486-11453 10486-11454 10486-11583 10486-11644 10486-11645 10486-11646 10486-10729 10486-10735 10486-10852 10486-10853 10486-10816 10486-10047 10486-10048 10486-10481 10486-10482 10486-10484 10486-10051 10486-10378 10486-10483 Remote Code Execution 10336-9312 Remote Code Execution 10336-9318 Remote Code Execution 10486-11497 Remote Code Execution 10486-11498 Remote Code Execution 10486-11563 Remote Code Execution 10486-11568 Remote Code Execution 10486-11569 Remote Code Execution 10486-11570 Remote Code Execution 10486-11571 Remote Code Execution 10486-11712 Remote Code Execution 10486-11713 Remote Code Execution 10486-11714 Remote Code Execution 10486-11453 Remote Code Execution 10486-11454 Remote Code Execution 10486-11583 Remote Code Execution 10486-11644 Remote Code Execution 10486-11645 Remote Code Execution 10486-11646 Remote Code Execution 10486-10729 Remote Code Execution 10486-10735 Remote Code Execution 10486-10852 Remote Code Execution 10486-10853 Remote Code Execution 10486-10816 Remote Code Execution 10486-10047 Remote Code Execution 10486-10048 Remote Code Execution 10486-10481 Remote Code Execution 10486-10482 Remote Code Execution 10486-10484 Remote Code Execution 10486-10051 Remote Code Execution 10486-10378 Remote Code Execution 10486-10483 Low 10336-9312 Low 10336-9318 Important 10486-11497 Important 10486-11498 Important 10486-11563 Important 10486-11568 Important 10486-11569 Important 10486-11570 Low 10486-11571 Important 10486-11712 Important 10486-11713 Important 10486-11714 Important 10486-11453 Important 10486-11454 Important 10486-11583 Important 10486-11644 Important 10486-11645 Important 10486-11646 Important 10486-10729 Important 10486-10735 Important 10486-10852 Important 10486-10853 Low 10486-10816 Important 10486-10047 Important 10486-10048 Important 10486-10481 Important 10486-10482 Important 10486-10484 Low 10486-10051 Low 10486-10378 Low 10486-10483 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;Older Software Release:Exploitation More Likely;DOS:N/A 6.4 5.8 CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10336-9312 6.4 5.8 CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10336-9318 7.5 6.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10486-11497 7.5 6.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10486-11498 7.5 6.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10486-11563 7.5 6.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10486-11568 7.5 6.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10486-11569 7.5 6.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10486-11570 6.4 5.8 CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10486-11571 7.5 6.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10486-11712 7.5 6.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10486-11713 7.5 6.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10486-11714 7.5 6.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10486-11453 7.5 6.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10486-11454 7.5 6.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10486-11583 7.5 6.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10486-11644 7.5 6.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10486-11645 7.5 6.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10486-11646 7.5 6.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10486-10729 7.5 6.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10486-10735 7.5 6.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10486-10852 7.5 6.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10486-10853 6.4 5.8 CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10486-10816 7.5 6.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10486-10047 7.5 6.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10486-10048 7.5 6.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10486-10481 7.5 6.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10486-10482 7.5 6.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10486-10484 6.4 5.8 CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10486-10051 6.4 5.8 CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10486-10378 6.4 5.8 CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10486-10483 4556860 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556860 4550951 10336-9312 10336-9318 Yes Monthly Rollup 4556860 https://support.microsoft.com/help/4556860 10336-9312 10336-9318 4556798 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556798 4550905 10336-9312 10336-9318 10486-10047 10486-10048 10486-10481 10486-10482 10486-10051 10486-10378 10486-10483 Yes IE Cumulative 4556807 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556807 4550922 10486-11497 10486-11498 10486-11563 Yes Security Update 4551853 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4551853 4549949 10486-11568 10486-11569 10486-11570 10486-11571 Yes Security Update 4551853 https://support.microsoft.com/help/4551853 10486-11568 10486-11569 10486-11570 10486-11571 4556799 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556799 4549951 10486-11712 10486-11713 10486-11714 10486-11644 10486-11645 10486-11646 Yes Security Update 4556812 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556812 4550927 10486-11453 10486-11454 10486-11583 Yes Security Update 4556826 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556826 4550930 10486-10729 10486-10735 Yes Security Update 4556813 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556813 4550929 10486-10852 10486-10853 10486-10816 Yes Security Update 4556813 https://support.microsoft.com/help/4556813 10486-10852 10486-10853 10486-10816 4556836 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556836 4550964 10486-10047 10486-10048 10486-10051 Yes Monthly Rollup 4556836 https://support.microsoft.com/help/4556836 10486-10047 10486-10048 10486-10051 4556846 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556846 4550961 10486-10481 10486-10482 10486-10484 10486-10483 Yes Monthly Rollup 4556840 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556840 4550917 10486-10378 Yes Monthly Rollup Yuki Chen of <a href="https://www.360.com/">Qihoo 360 Vulcan Team</a> 1.0 2020-05-12T07:00:00Z <p>Information published.</p> Microsoft Script Runtime Remote Code Execution Vulnerability <p>A remote code execution vulnerability exists in the way that the Microsoft Script Runtime handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.</p> <p>In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website. An attacker could also embed an ActiveX control marked &quot;safe for initialization&quot; in an application or Microsoft Office document that hosts the IE rendering engine. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability.</p> <p>The security update addresses the vulnerability by modifying how the Microsoft Script Runtime handles objects in memory.</p> Windows Scripting Microsoft CVE-2020-1061 11497 11498 11499 11563 11568 11569 11570 11571 11572 11712 11713 11714 11715 11453 11454 11583 11644 11645 11646 11647 10729 10735 10852 10853 10816 10855 10047 10048 10481 10482 10484 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11497 Remote Code Execution 11498 Remote Code Execution 11499 Remote Code Execution 11563 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11570 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11712 Remote Code Execution 11713 Remote Code Execution 11714 Remote Code Execution 11715 Remote Code Execution 11453 Remote Code Execution 11454 Remote Code Execution 11583 Remote Code Execution 11644 Remote Code Execution 11645 Remote Code Execution 11646 Remote Code Execution 11647 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 10047 Remote Code Execution 10048 Remote Code Execution 10481 Remote Code Execution 10482 Remote Code Execution 10484 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11497 Important 11498 Important 11499 Important 11563 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11712 Important 11713 Important 11714 Important 11715 Important 11453 Important 11454 Important 11583 Important 11644 Important 11645 Important 11646 Important 11647 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10047 Important 10048 Important 10481 Important 10482 Important 10484 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 7.5 6.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11497 7.5 6.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11498 6.4 5.8 CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11499 7.5 6.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11563 7.5 6.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11568 7.5 6.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11569 7.5 6.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11570 6.4 5.8 CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11571 6.4 5.8 CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11572 7.5 6.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11712 7.5 6.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11713 7.5 6.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11714 6.4 5.8 CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11715 7.5 6.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11453 7.5 6.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11454 7.5 6.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11583 7.5 6.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11644 7.5 6.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11645 7.5 6.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11646 6.4 5.8 CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11647 7.5 6.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10729 7.5 6.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10735 7.5 6.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10852 7.5 6.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10853 6.4 5.8 CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10816 6.4 5.8 CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10855 7.5 6.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10047 7.5 6.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10048 7.5 6.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10481 7.5 6.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10482 7.5 6.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10484 6.4 5.8 CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 9312 6.4 5.8 CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10287 6.4 5.8 CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 9318 6.4 5.8 CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 9344 6.4 5.8 CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10051 6.4 5.8 CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10049 6.4 5.8 CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10378 6.4 5.8 CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10379 6.4 5.8 CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10483 6.4 5.8 CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10543 4556807 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556807 4550922 11497 11498 11499 11563 Yes Security Update 4551853 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4551853 4549949 11568 11569 11570 11571 11572 Yes Security Update 4551853 https://support.microsoft.com/help/4551853 11568 11569 11570 11571 11572 4556799 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556799 4549951 11712 11713 11714 11715 11644 11645 11646 11647 Yes Security Update 4556812 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556812 4550927 11453 11454 11583 Yes Security Update 4556826 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556826 4550930 10729 10735 Yes Security Update 4556813 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556813 4550929 10852 10853 10816 10855 Yes Security Update 4556813 https://support.microsoft.com/help/4556813 10852 10853 10816 10855 4556836 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556836 4550964 10047 10048 10051 10049 Yes Monthly Rollup 4556836 https://support.microsoft.com/help/4556836 10047 10048 10051 10049 4556843 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556843 10047 10048 10051 10049 Yes Security Only 4556843 https://support.microsoft.com/help/4556843 10047 10048 10051 10049 4556846 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556846 4550961 10481 10482 10484 10483 10543 Yes Monthly Rollup 4556853 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556853 10481 10482 10483 10543 Yes Security Only 4556860 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556860 4550951 9312 10287 9318 9344 Yes Monthly Rollup 4556860 https://support.microsoft.com/help/4556860 9312 10287 9318 9344 4556854 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556854 9312 10287 9318 9344 Yes Security Only 4556854 https://support.microsoft.com/help/4556854 9312 10287 9318 9344 4556840 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556840 4550917 10378 10379 Yes Monthly Rollup 4556852 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556852 10378 10379 Yes Security Only Yuki Chen of <a href="https://www.360.com/">Qihoo 360 Vulcan Team</a> 1.0 2020-05-12T07:00:00Z <p>Information published.</p> Internet Explorer Memory Corruption Vulnerability <p>A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, the attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.</p> <p>An attacker could host a specially crafted website designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website. The attacker could also take advantage of compromised websites, or websites that accept or host user-provided content or advertisements, by adding specially crafted content that could exploit the vulnerability. However, in all cases an attacker would have no way to force a user to view the attacker-controlled content. Instead, an attacker would have to convince a user to take action, typically by an enticement in an email or instant message, or by getting the user to open an attachment sent through email.</p> <p>The security update addresses the vulnerability by modifying how Internet Explorer handles objects in memory.</p> Internet Explorer Microsoft CVE-2020-1062 10336-9312 10336-9318 10486-11497 10486-11498 10486-11563 10486-11568 10486-11569 10486-11570 10486-11571 10486-11712 10486-11713 10486-11714 10486-11453 10486-11454 10486-11583 10486-11644 10486-11645 10486-11646 10486-10729 10486-10735 10486-10852 10486-10853 10486-10816 10486-10047 10486-10048 10486-10481 10486-10482 10486-10484 10486-10051 10486-10378 10486-10483 Remote Code Execution 10336-9312 Remote Code Execution 10336-9318 Remote Code Execution 10486-11497 Remote Code Execution 10486-11498 Remote Code Execution 10486-11563 Remote Code Execution 10486-11568 Remote Code Execution 10486-11569 Remote Code Execution 10486-11570 Remote Code Execution 10486-11571 Remote Code Execution 10486-11712 Remote Code Execution 10486-11713 Remote Code Execution 10486-11714 Remote Code Execution 10486-11453 Remote Code Execution 10486-11454 Remote Code Execution 10486-11583 Remote Code Execution 10486-11644 Remote Code Execution 10486-11645 Remote Code Execution 10486-11646 Remote Code Execution 10486-10729 Remote Code Execution 10486-10735 Remote Code Execution 10486-10852 Remote Code Execution 10486-10853 Remote Code Execution 10486-10816 Remote Code Execution 10486-10047 Remote Code Execution 10486-10048 Remote Code Execution 10486-10481 Remote Code Execution 10486-10482 Remote Code Execution 10486-10484 Remote Code Execution 10486-10051 Remote Code Execution 10486-10378 Remote Code Execution 10486-10483 Moderate 10336-9312 Moderate 10336-9318 Critical 10486-11497 Critical 10486-11498 Critical 10486-11563 Critical 10486-11568 Critical 10486-11569 Critical 10486-11570 Moderate 10486-11571 Critical 10486-11712 Critical 10486-11713 Critical 10486-11714 Critical 10486-11453 Critical 10486-11454 Critical 10486-11583 Critical 10486-11644 Critical 10486-11645 Critical 10486-11646 Critical 10486-10729 Critical 10486-10735 Critical 10486-10852 Critical 10486-10853 Moderate 10486-10816 Critical 10486-10047 Critical 10486-10048 Critical 10486-10481 Critical 10486-10482 Critical 10486-10484 Moderate 10486-10051 Moderate 10486-10378 Moderate 10486-10483 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;Older Software Release:Exploitation More Likely;DOS:N/A 6.4 5.8 CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10336-9312 6.4 5.8 CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10336-9318 7.5 6.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10486-11497 7.5 6.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10486-11498 7.5 6.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10486-11563 7.5 6.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10486-11568 7.5 6.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10486-11569 7.5 6.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10486-11570 6.4 5.8 CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10486-11571 7.5 6.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10486-11712 7.5 6.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10486-11713 7.5 6.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10486-11714 7.5 6.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10486-11453 7.5 6.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10486-11454 7.5 6.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10486-11583 7.5 6.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10486-11644 7.5 6.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10486-11645 7.5 6.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10486-11646 7.5 6.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10486-10729 7.5 6.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10486-10735 7.5 6.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10486-10852 7.5 6.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10486-10853 6.4 5.8 CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10486-10816 7.5 6.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10486-10047 7.5 6.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10486-10048 7.5 6.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10486-10481 7.5 6.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10486-10482 7.5 6.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10486-10484 6.4 5.8 CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10486-10051 6.4 5.8 CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10486-10378 6.4 5.8 CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10486-10483 4556860 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556860 4550951 10336-9312 10336-9318 Yes Monthly Rollup 4556860 https://support.microsoft.com/help/4556860 10336-9312 10336-9318 4556798 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556798 4550905 10336-9312 10336-9318 10486-10047 10486-10048 10486-10481 10486-10482 10486-10051 10486-10378 10486-10483 Yes IE Cumulative 4556807 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556807 4550922 10486-11497 10486-11498 10486-11563 Yes Security Update 4551853 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4551853 4549949 10486-11568 10486-11569 10486-11570 10486-11571 Yes Security Update 4551853 https://support.microsoft.com/help/4551853 10486-11568 10486-11569 10486-11570 10486-11571 4556799 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556799 4549951 10486-11712 10486-11713 10486-11714 10486-11644 10486-11645 10486-11646 Yes Security Update 4556812 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556812 4550927 10486-11453 10486-11454 10486-11583 Yes Security Update 4556826 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556826 4550930 10486-10729 10486-10735 Yes Security Update 4556813 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556813 4550929 10486-10852 10486-10853 10486-10816 Yes Security Update 4556813 https://support.microsoft.com/help/4556813 10486-10852 10486-10853 10486-10816 4556836 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556836 4550964 10486-10047 10486-10048 10486-10051 Yes Monthly Rollup 4556836 https://support.microsoft.com/help/4556836 10486-10047 10486-10048 10486-10051 4556846 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556846 4550961 10486-10481 10486-10482 10486-10484 10486-10483 Yes Monthly Rollup 4556840 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556840 4550917 10486-10378 Yes Monthly Rollup Edward Thompson working with <a href="https://vcp.idefense.com">iDefense Labs</a> Anonymous working with <a href="https://www.zerodayinitiative.com/">Trend Micro's Zero Day Initiative</a> 1.0 2020-05-12T07:00:00Z <p>Information published.</p> Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability <p>A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a specially crafted web request to an affected Dynamics server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected Dynamics server.</p> <p>The attacker who successfully exploited the vulnerability could then perform cross-site scripting attacks on affected systems and run script in the security context of the current authenticated user. These attacks could allow the attacker to read content that the attacker is not authorized to read, use the victim's identity to take actions within Dynamics Server on behalf of the user, such as change permissions and delete content, and inject malicious content in the browser of the user.</p> <p>The security update addresses the vulnerability by helping to ensure that Dynamics Server properly sanitizes web requests.</p> Microsoft Dynamics Microsoft CVE-2020-1063 11663 11664 Spoofing 11663 Spoofing 11664 Important 11663 Important 11664 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 4551998 https://www.microsoft.com/en-us/download/details.aspx?id=101255 11663 Maybe Security Update 4552002 https://www.microsoft.com/en-us/download/details.aspx?id=101254 11664 Maybe Security Update 1.0 2020-05-12T07:00:00Z <p>Information published.</p> MSHTML Engine Remote Code Execution Vulnerability <p>A remote code execution vulnerability exists in the way that the MSHTML engine improperly validates input.</p> <p>An attacker could execute arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.</p> <p>In a HTML editing attack scenario, an attacker could trick a user into editing a specially crafted file that is designed to exploit the vulnerability.</p> <p>The security update addresses the vulnerability by modifying how MSHTML engine validates input.</p> Internet Explorer Microsoft CVE-2020-1064 10336-9312 10336-9318 10486-11497 10486-11498 10486-11563 10486-11568 10486-11569 10486-11570 10486-11571 10486-11712 10486-11713 10486-11714 10486-11453 10486-11454 10486-11583 10486-11644 10486-11645 10486-11646 10486-10729 10486-10735 10486-10852 10486-10853 10486-10816 10486-10047 10486-10048 10486-10481 10486-10482 10486-10484 10486-10051 10486-10378 10486-10483 Remote Code Execution 10336-9312 Remote Code Execution 10336-9318 Remote Code Execution 10486-11497 Remote Code Execution 10486-11498 Remote Code Execution 10486-11563 Remote Code Execution 10486-11568 Remote Code Execution 10486-11569 Remote Code Execution 10486-11570 Remote Code Execution 10486-11571 Remote Code Execution 10486-11712 Remote Code Execution 10486-11713 Remote Code Execution 10486-11714 Remote Code Execution 10486-11453 Remote Code Execution 10486-11454 Remote Code Execution 10486-11583 Remote Code Execution 10486-11644 Remote Code Execution 10486-11645 Remote Code Execution 10486-11646 Remote Code Execution 10486-10729 Remote Code Execution 10486-10735 Remote Code Execution 10486-10852 Remote Code Execution 10486-10853 Remote Code Execution 10486-10816 Remote Code Execution 10486-10047 Remote Code Execution 10486-10048 Remote Code Execution 10486-10481 Remote Code Execution 10486-10482 Remote Code Execution 10486-10484 Remote Code Execution 10486-10051 Remote Code Execution 10486-10378 Remote Code Execution 10486-10483 Moderate 10336-9312 Moderate 10336-9318 Critical 10486-11497 Critical 10486-11498 Critical 10486-11563 Critical 10486-11568 Critical 10486-11569 Critical 10486-11570 Moderate 10486-11571 Critical 10486-11712 Critical 10486-11713 Critical 10486-11714 Critical 10486-11453 Critical 10486-11454 Critical 10486-11583 Critical 10486-11644 Critical 10486-11645 Critical 10486-11646 Critical 10486-10729 Critical 10486-10735 Critical 10486-10852 Critical 10486-10853 Moderate 10486-10816 Critical 10486-10047 Critical 10486-10048 Critical 10486-10481 Critical 10486-10482 Critical 10486-10484 Moderate 10486-10051 Moderate 10486-10378 Moderate 10486-10483 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 6.4 5.8 CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10336-9312 6.4 5.8 CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10336-9318 7.5 6.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10486-11497 7.5 6.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10486-11498 7.5 6.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10486-11563 7.5 6.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10486-11568 7.5 6.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10486-11569 7.5 6.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10486-11570 6.4 5.8 CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10486-11571 7.5 6.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10486-11712 7.5 6.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10486-11713 7.5 6.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10486-11714 7.5 6.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10486-11453 7.5 6.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10486-11454 7.5 6.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10486-11583 7.5 6.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10486-11644 7.5 6.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10486-11645 7.5 6.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10486-11646 7.5 6.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10486-10729 7.5 6.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10486-10735 7.5 6.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10486-10852 7.5 6.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10486-10853 6.4 5.8 CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10486-10816 7.5 6.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10486-10047 7.5 6.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10486-10048 7.5 6.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10486-10481 7.5 6.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10486-10482 7.5 6.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10486-10484 6.4 5.8 CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10486-10051 6.4 5.8 CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10486-10378 6.4 5.8 CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10486-10483 4556860 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556860 4550951 10336-9312 10336-9318 Yes Monthly Rollup 4556860 https://support.microsoft.com/help/4556860 10336-9312 10336-9318 4556798 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556798 4550905 10336-9312 10336-9318 10486-10047 10486-10048 10486-10481 10486-10482 10486-10051 10486-10378 10486-10483 Yes IE Cumulative 4556807 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556807 4550922 10486-11497 10486-11498 10486-11563 Yes Security Update 4551853 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4551853 4549949 10486-11568 10486-11569 10486-11570 10486-11571 Yes Security Update 4551853 https://support.microsoft.com/help/4551853 10486-11568 10486-11569 10486-11570 10486-11571 4556799 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556799 4549951 10486-11712 10486-11713 10486-11714 10486-11644 10486-11645 10486-11646 Yes Security Update 4556812 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556812 4550927 10486-11453 10486-11454 10486-11583 Yes Security Update 4556826 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556826 4550930 10486-10729 10486-10735 Yes Security Update 4556813 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556813 4550929 10486-10852 10486-10853 10486-10816 Yes Security Update 4556813 https://support.microsoft.com/help/4556813 10486-10852 10486-10853 10486-10816 4556836 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556836 4550964 10486-10047 10486-10048 10486-10051 Yes Monthly Rollup 4556836 https://support.microsoft.com/help/4556836 10486-10047 10486-10048 10486-10051 4556846 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556846 4550961 10486-10481 10486-10482 10486-10484 10486-10483 Yes Monthly Rollup 4556840 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556840 4550917 10486-10378 Yes Monthly Rollup Yuki Chen of <a href="https://www.360.com/">Qihoo 360 Vulcan Team</a> 1.0 2020-05-12T07:00:00Z <p>Information published.</p> Scripting Engine Memory Corruption Vulnerability <p>A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.</p> <p>If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.</p> <p>The security update addresses the vulnerability by modifying how the ChakraCore scripting engine handles objects in memory.</p> Microsoft Scripting Engine Microsoft CVE-2020-1065 11447 10724-11497 10724-11498 10724-11563 10724-11568 10724-11569 10724-11570 10724-11571 10724-11712 10724-11713 10724-11714 10724-11644 10724-11645 10724-11646 Remote Code Execution 11447 Remote Code Execution 10724-11497 Remote Code Execution 10724-11498 Remote Code Execution 10724-11563 Remote Code Execution 10724-11568 Remote Code Execution 10724-11569 Remote Code Execution 10724-11570 Remote Code Execution 10724-11571 Remote Code Execution 10724-11712 Remote Code Execution 10724-11713 Remote Code Execution 10724-11714 Remote Code Execution 10724-11644 Remote Code Execution 10724-11645 Remote Code Execution 10724-11646 Critical 11447 Critical 10724-11497 Critical 10724-11498 Critical 10724-11563 Critical 10724-11568 Critical 10724-11569 Critical 10724-11570 Moderate 10724-11571 Critical 10724-11712 Critical 10724-11713 Critical 10724-11714 Critical 10724-11644 Critical 10724-11645 Critical 10724-11646 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 4.2 3.8 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C 11447 4.2 3.8 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C 10724-11497 4.2 3.8 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C 10724-11498 4.2 3.8 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C 10724-11563 4.2 3.8 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C 10724-11568 4.2 3.8 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C 10724-11569 4.2 3.8 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C 10724-11570 4.2 3.8 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C 10724-11571 4.2 3.8 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C 10724-11712 4.2 3.8 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C 10724-11713 4.2 3.8 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C 10724-11714 4.2 3.8 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C 10724-11644 4.2 3.8 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C 10724-11645 4.2 3.8 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C 10724-11646 Release Notes https://github.com/Microsoft/ChakraCore/releases/tag/v1.11.19 11447 Maybe Security Update 4556807 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556807 4550922 10724-11497 10724-11498 10724-11563 Yes Security Update 4551853 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4551853 4549949 10724-11568 10724-11569 10724-11570 10724-11571 Yes Security Update 4551853 https://support.microsoft.com/help/4551853 10724-11568 10724-11569 10724-11570 10724-11571 4556799 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556799 4549951 10724-11712 10724-11713 10724-11714 10724-11644 10724-11645 10724-11646 Yes Security Update Looben Yang 1.0 2020-05-12T07:00:00Z <p>Information published.</p> .NET Framework Elevation of Privilege Vulnerability <p>An elevation of privilege vulnerability exists in .NET Framework which could allow an attacker to elevate their privilege level.</p> <p>To exploit the vulnerability, an attacker would first have to access the local machine, and then run a malicious program.</p> <p>The update addresses the vulnerability by correcting how .NET Framework activates COM objects.</p> .NET Framework Microsoft CVE-2020-1066 9195-9312 9195-9318 9495-10047 9495-10048 9495-10051 9495-10049 Elevation of Privilege 9195-9312 Elevation of Privilege 9195-9318 Elevation of Privilege 9495-10047 Elevation of Privilege 9495-10048 Elevation of Privilege 9495-10051 Elevation of Privilege 9495-10049 Important 9195-9312 Important 9195-9318 Important 9495-10047 Important 9495-10048 Important 9495-10051 Important 9495-10049 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 4556402 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4552939 9195-9312 9195-9318 Maybe Monthly Rollup 4556406 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4552964 9195-9312 9195-9318 Maybe Security Only 4556399 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4552940 9495-10047 9495-10048 9495-10051 9495-10049 Maybe Monthly Rollup 4556403 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4552965 9495-10047 9495-10048 9495-10051 9495-10049 Maybe Security Only ChengBin Wang(<a href="https://github.com/cbwang505">@cbwang505</a>) from ZheJiang Guoli Security Technology 2.0 2020-05-14T07:00:00Z <p>In the Security Updates table, removed Microsoft .NET Framework 3.5 installed on Windows Server 2008 for Itanium-based Systems and Microsoft .NET Framework 3.5.1 installed on Windows Server 2008 R2 for Itanium-based Systems as these versions are no longer supported.</p> 1.0 2020-05-12T07:00:00Z <p>Information published.</p> Windows Remote Access Common Dialog Elevation of Privilege Vulnerability <p>An elevation of privilege vulnerability exists when Windows improperly handles errors tied to Remote Access Common Dialog. An attacker who successfully exploited the vulnerability could run arbitrary code with elevated privileges.</p> <p>To exploit this vulnerability an attacker would need to physically access the booted machine to reach the logon screen. An attacker could then exploit the vulnerability and take control of an affected system.</p> <p>The update addresses the vulnerability by correcting how the Windows handles errors tied to Remote Access Common Dialog.</p> Microsoft Windows Microsoft CVE-2020-1071 11497 11498 11499 11563 11568 11569 11570 11571 11572 11712 11713 11714 11715 11453 11454 11583 11644 11645 11646 11647 10729 10735 10852 10853 10816 10855 10047 10048 10481 10482 10484 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11497 Elevation of Privilege 11498 Elevation of Privilege 11499 Elevation of Privilege 11563 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11712 Elevation of Privilege 11713 Elevation of Privilege 11714 Elevation of Privilege 11715 Elevation of Privilege 11453 Elevation of Privilege 11454 Elevation of Privilege 11583 Elevation of Privilege 11644 Elevation of Privilege 11645 Elevation of Privilege 11646 Elevation of Privilege 11647 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 10047 Elevation of Privilege 10048 Elevation of Privilege 10481 Elevation of Privilege 10482 Elevation of Privilege 10484 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11497 Important 11498 Important 11499 Important 11563 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11712 Important 11713 Important 11714 Important 11715 Important 11453 Important 11454 Important 11583 Important 11644 Important 11645 Important 11646 Important 11647 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10047 Important 10048 Important 10481 Important 10482 Important 10484 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 6.8 6.1 CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11497 6.8 6.1 CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11498 6.8 6.1 CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11499 6.8 6.1 CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11563 6.8 6.1 CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11568 6.8 6.1 CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11569 6.8 6.1 CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11570 6.8 6.1 CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11571 6.8 6.1 CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11572 6.8 6.1 CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11712 6.8 6.1 CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11713 6.8 6.1 CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11714 6.8 6.1 CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11715 6.8 6.1 CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11453 6.8 6.1 CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11454 6.8 6.1 CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11583 6.8 6.1 CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11644 6.8 6.1 CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11645 6.8 6.1 CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11646 6.8 6.1 CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11647 6.8 6.1 CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10729 6.8 6.1 CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10735 6.8 6.1 CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10852 6.8 6.1 CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10853 6.8 6.1 CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10816 6.8 6.1 CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10855 6.8 6.1 CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10047 6.8 6.1 CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10048 6.8 6.1 CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10481 6.8 6.1 CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10482 6.8 6.1 CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10484 6.8 6.1 CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10051 6.8 6.1 CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10049 6.8 6.1 CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10378 6.8 6.1 CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10379 6.8 6.1 CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10483 6.8 6.1 CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10543 4556807 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556807 4550922 11497 11498 11499 11563 Yes Security Update 4551853 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4551853 4549949 11568 11569 11570 11571 11572 Yes Security Update 4551853 https://support.microsoft.com/help/4551853 11568 11569 11570 11571 11572 4556799 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556799 4549951 11712 11713 11714 11715 11644 11645 11646 11647 Yes Security Update 4556812 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556812 4550927 11453 11454 11583 Yes Security Update 4556826 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556826 4550930 10729 10735 Yes Security Update 4556813 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556813 4550929 10852 10853 10816 10855 Yes Security Update 4556813 https://support.microsoft.com/help/4556813 10852 10853 10816 10855 4556836 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556836 4550964 10047 10048 10051 10049 Yes Monthly Rollup 4556836 https://support.microsoft.com/help/4556836 10047 10048 10051 10049 4556843 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556843 10047 10048 10051 10049 Yes Security Only 4556843 https://support.microsoft.com/help/4556843 10047 10048 10051 10049 4556846 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556846 4550961 10481 10482 10484 10483 10543 Yes Monthly Rollup 4556853 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556853 10481 10482 10483 10543 Yes Security Only 4556840 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556840 4550917 10378 10379 Yes Monthly Rollup 4556852 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556852 10378 10379 Yes Security Only GhostInTheMachine 1.0 2020-05-12T07:00:00Z <p>Information published.</p> Windows Denial of Service Vulnerability <p>A denial of service vulnerability exists when Windows improperly handles objects in memory. An attacker who successfully exploited the vulnerability could cause a target system to stop responding.</p> <p>To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The vulnerability would not allow an attacker to execute code or to elevate user rights directly, but it could be used to cause a target system to stop responding.</p> <p>The update addresses the vulnerability by correcting how Windows handles objects in memory.</p> Microsoft Windows Microsoft CVE-2020-1076 11497 11498 11499 11563 11568 11569 11570 11571 11572 11712 11713 11714 11715 11453 11454 11583 11644 11645 11646 11647 10729 10735 10852 10853 10816 10855 10481 10482 10484 10378 10379 10483 10543 Denial of Service 11497 Denial of Service 11498 Denial of Service 11499 Denial of Service 11563 Denial of Service 11568 Denial of Service 11569 Denial of Service 11570 Denial of Service 11571 Denial of Service 11572 Denial of Service 11712 Denial of Service 11713 Denial of Service 11714 Denial of Service 11715 Denial of Service 11453 Denial of Service 11454 Denial of Service 11583 Denial of Service 11644 Denial of Service 11645 Denial of Service 11646 Denial of Service 11647 Denial of Service 10729 Denial of Service 10735 Denial of Service 10852 Denial of Service 10853 Denial of Service 10816 Denial of Service 10855 Denial of Service 10481 Denial of Service 10482 Denial of Service 10484 Denial of Service 10378 Denial of Service 10379 Denial of Service 10483 Denial of Service 10543 Important 11497 Important 11498 Important 11499 Important 11563 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11712 Important 11713 Important 11714 Important 11715 Important 11453 Important 11454 Important 11583 Important 11644 Important 11645 Important 11646 Important 11647 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10481 Important 10482 Important 10484 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 11497 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 11498 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 11499 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 11563 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 11568 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 11569 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 11570 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 11571 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 11572 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 11712 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 11713 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 11714 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 11715 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 11453 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 11454 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 11583 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 11644 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 11645 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 11646 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 11647 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 10729 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 10735 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 10852 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 10853 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 10816 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 10855 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 10481 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 10482 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 10484 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 10378 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 10379 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 10483 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 10543 4556807 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556807 4550922 11497 11498 11499 11563 Yes Security Update 4551853 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4551853 4549949 11568 11569 11570 11571 11572 Yes Security Update 4551853 https://support.microsoft.com/help/4551853 11568 11569 11570 11571 11572 4556799 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556799 4549951 11712 11713 11714 11715 11644 11645 11646 11647 Yes Security Update 4556812 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556812 4550927 11453 11454 11583 Yes Security Update 4556826 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556826 4550930 10729 10735 Yes Security Update 4556813 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556813 4550929 10852 10853 10816 10855 Yes Security Update 4556813 https://support.microsoft.com/help/4556813 10852 10853 10816 10855 4556846 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556846 4550961 10481 10482 10484 10483 10543 Yes Monthly Rollup 4556853 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556853 10481 10482 10483 10543 Yes Security Only 4556840 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556840 4550917 10378 10379 Yes Monthly Rollup 4556852 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556852 10378 10379 Yes Security Only Gábor Selján (<A href="https://twitter.com/GaborSeljan">@GaborSeljan</a>) 1.0 2020-05-12T07:00:00Z <p>Information published.</p> Windows Installer Elevation of Privilege Vulnerability <p>An elevation of privilege vulnerability exists in Windows Installer because of the way Windows Installer handles certain filesystem operations.</p> <p>To exploit the vulnerability, an attacker would require unprivileged execution on the victim system. After successfully exploiting the vulnerability, an attacker could run arbitrary code with elevated privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.</p> <p>The security update addresses the vulnerability by correcting the way Windows Installer handles certain filesystem operations.</p> Microsoft Windows Microsoft CVE-2020-1078 11497 11498 11499 11563 11568 11569 11570 11571 11572 11712 11713 11714 11715 11453 11454 11583 11644 11645 11646 11647 10729 10735 10852 10853 10816 10855 10047 10048 10481 10482 10484 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11497 Elevation of Privilege 11498 Elevation of Privilege 11499 Elevation of Privilege 11563 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11712 Elevation of Privilege 11713 Elevation of Privilege 11714 Elevation of Privilege 11715 Elevation of Privilege 11453 Elevation of Privilege 11454 Elevation of Privilege 11583 Elevation of Privilege 11644 Elevation of Privilege 11645 Elevation of Privilege 11646 Elevation of Privilege 11647 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 10047 Elevation of Privilege 10048 Elevation of Privilege 10481 Elevation of Privilege 10482 Elevation of Privilege 10484 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11497 Important 11498 Important 11499 Important 11563 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11712 Important 11713 Important 11714 Important 11715 Important 11453 Important 11454 Important 11583 Important 11644 Important 11645 Important 11646 Important 11647 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10047 Important 10048 Important 10481 Important 10482 Important 10484 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11497 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11498 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11499 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11563 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11568 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11569 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11570 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11571 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11572 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11712 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11713 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11714 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11715 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11453 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11454 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11583 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11644 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11645 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11646 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11647 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10729 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10735 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10852 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10853 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10816 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10855 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10047 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10048 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10481 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10482 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10484 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 9312 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10287 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 9318 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 9344 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10051 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10049 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10378 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10379 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10483 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10543 4556807 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556807 4550922 11497 11498 11499 11563 Yes Security Update 4551853 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4551853 4549949 11568 11569 11570 11571 11572 Yes Security Update 4551853 https://support.microsoft.com/help/4551853 11568 11569 11570 11571 11572 4556799 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556799 4549951 11712 11713 11714 11715 11644 11645 11646 11647 Yes Security Update 4556812 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556812 4550927 11453 11454 11583 Yes Security Update 4556826 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556826 4550930 10729 10735 Yes Security Update 4556813 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556813 4550929 10852 10853 10816 10855 Yes Security Update 4556813 https://support.microsoft.com/help/4556813 10852 10853 10816 10855 4556836 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556836 4550964 10047 10048 10051 10049 Yes Monthly Rollup 4556836 https://support.microsoft.com/help/4556836 10047 10048 10051 10049 4556843 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556843 10047 10048 10051 10049 Yes Security Only 4556843 https://support.microsoft.com/help/4556843 10047 10048 10051 10049 4556846 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556846 4550961 10481 10482 10484 10483 10543 Yes Monthly Rollup 4556853 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556853 10481 10482 10483 10543 Yes Security Only 4556860 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556860 4550951 9312 10287 9318 9344 Yes Monthly Rollup 4556860 https://support.microsoft.com/help/4556860 9312 10287 9318 9344 4556854 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556854 9312 10287 9318 9344 Yes Security Only 4556854 https://support.microsoft.com/help/4556854 9312 10287 9318 9344 4556840 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556840 4550917 10378 10379 Yes Monthly Rollup 4556852 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556852 10378 10379 Yes Security Only JeongOh Kyea(@kkokkokye) of THEORI 1.0 2020-05-12T07:00:00Z <p>Information published.</p> Connected User Experiences and Telemetry Service Denial of Service Vulnerability <p>A Denial Of Service vulnerability exists when Connected User Experiences and Telemetry Service fails to validate certain function values. An attacker who successfully exploited this vulnerability could deny dependent security feature functionality.</p> <p>To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application.</p> <p>The security update addresses the vulnerability by correcting how the Connected User Experiences and Telemetry Service validates certain function values.</p> Microsoft Windows Microsoft CVE-2020-1084 11497 11498 11499 11563 11568 11569 11570 11571 11572 11712 11713 11714 11715 11453 11454 11583 11644 11645 11646 11647 10729 10735 10852 10853 10816 10855 Denial of Service 11497 Denial of Service 11498 Denial of Service 11499 Denial of Service 11563 Denial of Service 11568 Denial of Service 11569 Denial of Service 11570 Denial of Service 11571 Denial of Service 11572 Denial of Service 11712 Denial of Service 11713 Denial of Service 11714 Denial of Service 11715 Denial of Service 11453 Denial of Service 11454 Denial of Service 11583 Denial of Service 11644 Denial of Service 11645 Denial of Service 11646 Denial of Service 11647 Denial of Service 10729 Denial of Service 10735 Denial of Service 10852 Denial of Service 10853 Denial of Service 10816 Denial of Service 10855 Important 11497 Important 11498 Important 11499 Important 11563 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11712 Important 11713 Important 11714 Important 11715 Important 11453 Important 11454 Important 11583 Important 11644 Important 11645 Important 11646 Important 11647 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 11497 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 11498 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 11499 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 11563 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 11568 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 11569 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 11570 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 11571 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 11572 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 11712 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 11713 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 11714 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 11715 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 11453 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 11454 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 11583 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 11644 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 11645 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 11646 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 11647 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 10729 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 10735 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 10852 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 10853 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 10816 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 10855 4556807 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556807 4550922 11497 11498 11499 11563 Yes Security Update 4551853 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4551853 4549949 11568 11569 11570 11571 11572 Yes Security Update 4551853 https://support.microsoft.com/help/4551853 11568 11569 11570 11571 11572 4556799 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556799 4549951 11712 11713 11714 11715 11644 11645 11646 11647 Yes Security Update 4556812 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556812 4550927 11453 11454 11583 Yes Security Update 4556826 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556826 4550930 10729 10735 Yes Security Update 4556813 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556813 4550929 10852 10853 10816 10855 Yes Security Update 4556813 https://support.microsoft.com/help/4556813 10852 10853 10816 10855 Somaro Sai Cheng with ChengDu MeetSec Technology Co., Ltd. Zhiniang Peng (<a href="https://twitter.com/edwardzpeng">@edwardzpeng</a>) of Qihoo 360 Core Security & Jiadong Lu Somaro2 1.1 2020-05-19T07:00:00Z <p>Updated acknowledgment. This is an informational change only.</p> 1.0 2020-05-12T07:00:00Z <p>Information published.</p> VBScript Remote Code Execution Vulnerability <p>A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.</p> <p>In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website. An attacker could also embed an ActiveX control marked &quot;safe for initialization&quot; in an application or Microsoft Office document that hosts the IE rendering engine. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability.</p> <p>The security update addresses the vulnerability by modifying how the scripting engine handles objects in memory.</p> Internet Explorer Microsoft CVE-2020-1093 10336-9312 10336-9318 10486-11497 10486-11498 10486-11563 10486-11568 10486-11569 10486-11570 10486-11571 10486-11712 10486-11713 10486-11714 10486-11453 10486-11454 10486-11583 10486-11644 10486-11645 10486-11646 10486-10729 10486-10735 10486-10852 10486-10853 10486-10816 10486-10047 10486-10048 10486-10481 10486-10482 10486-10484 10486-10051 10486-10378 10486-10483 Remote Code Execution 10336-9312 Remote Code Execution 10336-9318 Remote Code Execution 10486-11497 Remote Code Execution 10486-11498 Remote Code Execution 10486-11563 Remote Code Execution 10486-11568 Remote Code Execution 10486-11569 Remote Code Execution 10486-11570 Remote Code Execution 10486-11571 Remote Code Execution 10486-11712 Remote Code Execution 10486-11713 Remote Code Execution 10486-11714 Remote Code Execution 10486-11453 Remote Code Execution 10486-11454 Remote Code Execution 10486-11583 Remote Code Execution 10486-11644 Remote Code Execution 10486-11645 Remote Code Execution 10486-11646 Remote Code Execution 10486-10729 Remote Code Execution 10486-10735 Remote Code Execution 10486-10852 Remote Code Execution 10486-10853 Remote Code Execution 10486-10816 Remote Code Execution 10486-10047 Remote Code Execution 10486-10048 Remote Code Execution 10486-10481 Remote Code Execution 10486-10482 Remote Code Execution 10486-10484 Remote Code Execution 10486-10051 Remote Code Execution 10486-10378 Remote Code Execution 10486-10483 Moderate 10336-9312 Moderate 10336-9318 Critical 10486-11497 Critical 10486-11498 Critical 10486-11563 Critical 10486-11568 Critical 10486-11569 Critical 10486-11570 Moderate 10486-11571 Critical 10486-11712 Critical 10486-11713 Critical 10486-11714 Critical 10486-11453 Critical 10486-11454 Critical 10486-11583 Critical 10486-11644 Critical 10486-11645 Critical 10486-11646 Critical 10486-10729 Critical 10486-10735 Critical 10486-10852 Critical 10486-10853 Moderate 10486-10816 Critical 10486-10047 Critical 10486-10048 Critical 10486-10481 Critical 10486-10482 Critical 10486-10484 Moderate 10486-10051 Moderate 10486-10378 Moderate 10486-10483 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 6.4 5.8 CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10336-9312 6.4 5.8 CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10336-9318 7.5 6.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10486-11497 7.5 6.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10486-11498 7.5 6.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10486-11563 7.5 6.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10486-11568 7.5 6.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10486-11569 7.5 6.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10486-11570 6.4 5.8 CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10486-11571 7.5 6.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10486-11712 7.5 6.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10486-11713 7.5 6.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10486-11714 7.5 6.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10486-11453 7.5 6.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10486-11454 7.5 6.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10486-11583 7.5 6.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10486-11644 7.5 6.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10486-11645 7.5 6.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10486-11646 7.5 6.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10486-10729 7.5 6.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10486-10735 7.5 6.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10486-10852 7.5 6.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10486-10853 6.4 5.8 CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10486-10816 7.5 6.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10486-10047 7.5 6.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10486-10048 7.5 6.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10486-10481 7.5 6.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10486-10482 7.5 6.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10486-10484 6.4 5.8 CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10486-10051 6.4 5.8 CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10486-10378 6.4 5.8 CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10486-10483 4556860 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556860 4550951 10336-9312 10336-9318 Yes Monthly Rollup 4556860 https://support.microsoft.com/help/4556860 10336-9312 10336-9318 4556798 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556798 4550905 10336-9312 10336-9318 10486-10047 10486-10048 10486-10481 10486-10482 10486-10051 10486-10378 10486-10483 Yes IE Cumulative 4556807 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556807 4550922 10486-11497 10486-11498 10486-11563 Yes Security Update 4551853 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4551853 4549949 10486-11568 10486-11569 10486-11570 10486-11571 Yes Security Update 4551853 https://support.microsoft.com/help/4551853 10486-11568 10486-11569 10486-11570 10486-11571 4556799 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556799 4549951 10486-11712 10486-11713 10486-11714 10486-11644 10486-11645 10486-11646 Yes Security Update 4556812 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556812 4550927 10486-11453 10486-11454 10486-11583 Yes Security Update 4556826 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556826 4550930 10486-10729 10486-10735 Yes Security Update 4556813 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556813 4550929 10486-10852 10486-10853 10486-10816 Yes Security Update 4556813 https://support.microsoft.com/help/4556813 10486-10852 10486-10853 10486-10816 4556836 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556836 4550964 10486-10047 10486-10048 10486-10051 Yes Monthly Rollup 4556836 https://support.microsoft.com/help/4556836 10486-10047 10486-10048 10486-10051 4556846 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556846 4550961 10486-10481 10486-10482 10486-10484 10486-10483 Yes Monthly Rollup 4556840 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556840 4550917 10486-10378 Yes Monthly Rollup Yuki Chen of <a href="https://www.360.com/">Qihoo 360 Vulcan Team</a> 1.0 2020-05-12T07:00:00Z <p>Information published.</p> Microsoft Edge PDF Remote Code Execution Vulnerability <p>A remote code execution vulnerability exists when Microsoft Edge PDF Reader improperly handles objects in memory. The vulnerability could corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.</p> <p>To exploit the vulnerability, in a web-based attack scenario, an attacker could host a website that contains malicious PDF content. In addition, compromised websites and websites that accept or host user-provided content could contain specially crafted PDF content that could exploit the vulnerability. However, in all cases an attacker would have no way to force a user to view the attacker-controlled content. Instead, an attacker would have to convince a user to take action. For example, an attacker could trick a user into clicking a link that takes the user to the attacker's site.</p> <p>The security update addresses the vulnerability by modifying how Microsoft Edge PDF Reader handles objects in memory.</p> Microsoft Edge (HTML-based) Microsoft CVE-2020-1096 10724-11497 10724-11498 10724-11563 10724-11568 10724-11569 10724-11570 10724-11571 10724-11712 10724-11713 10724-11714 10724-11644 10724-11645 10724-11646 Remote Code Execution 10724-11497 Remote Code Execution 10724-11498 Remote Code Execution 10724-11563 Remote Code Execution 10724-11568 Remote Code Execution 10724-11569 Remote Code Execution 10724-11570 Remote Code Execution 10724-11571 Remote Code Execution 10724-11712 Remote Code Execution 10724-11713 Remote Code Execution 10724-11714 Remote Code Execution 10724-11644 Remote Code Execution 10724-11645 Remote Code Execution 10724-11646 Important 10724-11497 Important 10724-11498 Important 10724-11563 Important 10724-11568 Important 10724-11569 Important 10724-11570 Low 10724-11571 Important 10724-11712 Important 10724-11713 Important 10724-11714 Important 10724-11644 Important 10724-11645 Important 10724-11646 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 4.2 3.8 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C 10724-11497 4.2 3.8 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C 10724-11498 4.2 3.8 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C 10724-11563 4.2 3.8 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C 10724-11568 4.2 3.8 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C 10724-11569 4.2 3.8 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C 10724-11570 4.2 3.8 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C 10724-11571 4.2 3.8 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C 10724-11712 4.2 3.8 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C 10724-11713 4.2 3.8 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C 10724-11714 4.2 3.8 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C 10724-11644 4.2 3.8 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C 10724-11645 4.2 3.8 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C 10724-11646 4556807 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556807 4550922 10724-11497 10724-11498 10724-11563 Yes Security Update 4551853 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4551853 4549949 10724-11568 10724-11569 10724-11570 10724-11571 Yes Security Update 4551853 https://support.microsoft.com/help/4551853 10724-11568 10724-11569 10724-11570 10724-11571 4556799 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556799 4549951 10724-11712 10724-11713 10724-11714 10724-11644 10724-11645 10724-11646 Yes Security Update kdot working with <a href="https://www.zerodayinitiative.com/">Trend Micro's Zero Day Initiative</a> yangkang(@dnpushme) of qihoo 360 core security 1.0 2020-05-12T07:00:00Z <p>Information published.</p> Microsoft Office SharePoint XSS Vulnerability <p>A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.</p> <p>The attacker who successfully exploited the vulnerability could then perform cross-site scripting attacks on affected systems and run script in the security context of the current user. The attacks could allow the attacker to read content that the attacker is not authorized to read, use the victim's identity to take actions on the SharePoint site on behalf of the user, such as change permissions and delete content, and inject malicious content in the browser of the user.</p> <p>The security update addresses the vulnerability by helping to ensure that SharePoint Server properly sanitizes web requests.</p> Microsoft Office SharePoint Microsoft CVE-2020-1099 10950 11585 Spoofing 10950 Spoofing 11585 Important 10950 Important 11585 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 4484336 https://www.microsoft.com/download/details.aspx?familyid=4943205b-b1fc-4faf-8a2f-3f35afdb3178 4484299 10950 Maybe Security Update 4484332 https://www.microsoft.com/download/details.aspx?familyid=74d91329-15bb-4cfb-9040-5860a4e27805 4484292 11585 Maybe Security Update Huynh Phuoc Hung, <a href="https://twitter.com/hph0var">@hph0var</a> 1.0 2020-05-12T07:00:00Z <p>Information published.</p> Microsoft Office SharePoint XSS Vulnerability <p>A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.</p> <p>The attacker who successfully exploited the vulnerability could then perform cross-site scripting attacks on affected systems and run script in the security context of the current user. The attacks could allow the attacker to read content that the attacker is not authorized to read, use the victim's identity to take actions on the SharePoint site on behalf of the user, such as change permissions and delete content, and inject malicious content in the browser of the user.</p> <p>The security update addresses the vulnerability by helping to ensure that SharePoint Server properly sanitizes web requests.</p> Microsoft Office SharePoint Microsoft CVE-2020-1101 10950 11585 10612 Spoofing 10950 Spoofing 11585 Spoofing 10612 Important 10950 Important 11585 Important 10612 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 4484336 https://www.microsoft.com/download/details.aspx?familyid=4943205b-b1fc-4faf-8a2f-3f35afdb3178 4484299 10950 Maybe Security Update 4484332 https://www.microsoft.com/download/details.aspx?familyid=74d91329-15bb-4cfb-9040-5860a4e27805 4484292 11585 Maybe Security Update 4484364 https://www.microsoft.com/download/details.aspx?familyid=2a44537d-f219-46f5-9c20-c5455b5ed61c 4484321 10612 Maybe Security Update Huynh Phuoc Hung, <a href="https://twitter.com/hph0var">@hph0var</a> 1.0 2020-05-12T07:00:00Z <p>Information published.</p> Microsoft SharePoint Spoofing Vulnerability <p>A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.</p> <p>The attacker who successfully exploited the vulnerability could then perform cross-site scripting attacks on affected systems and run script in the security context of the current user. These attacks could allow the attacker to read content that the attacker is not authorized to read, use the victim's identity to take actions on the SharePoint site on behalf of the user, such as change permissions and delete content, and inject malicious content in the browser of the user.</p> <p>The security update addresses the vulnerability by helping to ensure that SharePoint Server properly sanitizes web requests.</p> Microsoft Office SharePoint Microsoft CVE-2020-1107 10950 11099 11585 10612 Spoofing 10950 Spoofing 11099 Spoofing 11585 Spoofing 10612 Important 10950 Important 11099 Important 11585 Important 10612 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 4484336 https://www.microsoft.com/download/details.aspx?familyid=4943205b-b1fc-4faf-8a2f-3f35afdb3178 4484299 10950 Maybe Security Update 4484352 https://www.microsoft.com/download/details.aspx?familyid=bea43daa-88d3-43bd-b312-c9f65854f2ee 4484308 11099 Maybe Security Update 4484332 https://www.microsoft.com/download/details.aspx?familyid=74d91329-15bb-4cfb-9040-5860a4e27805 4484292 11585 Maybe Security Update 4484364 https://www.microsoft.com/download/details.aspx?familyid=2a44537d-f219-46f5-9c20-c5455b5ed61c 4484321 10612 Maybe Security Update Huynh Phuoc Hung, <a href="https://twitter.com/hph0var">@hph0var</a> 1.0 2020-05-12T07:00:00Z <p>Information published.</p> Windows Update Stack Elevation of Privilege Vulnerability <p>An elevation of privilege vulnerability exists when the Windows Update Stack fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.</p> <p>To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application to take control of an affected system.</p> <p>The update addresses the vulnerability by correcting how the Windows Update Stack handles objects in memory.</p> Windows Update Stack Microsoft CVE-2020-1110 11497 11498 11499 11563 11568 11569 11570 11571 11572 11712 11713 11714 11715 11453 11454 11583 11644 11645 11646 11647 Elevation of Privilege 11497 Elevation of Privilege 11498 Elevation of Privilege 11499 Elevation of Privilege 11563 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11712 Elevation of Privilege 11713 Elevation of Privilege 11714 Elevation of Privilege 11715 Elevation of Privilege 11453 Elevation of Privilege 11454 Elevation of Privilege 11583 Elevation of Privilege 11644 Elevation of Privilege 11645 Elevation of Privilege 11646 Elevation of Privilege 11647 Important 11497 Important 11498 Important 11499 Important 11563 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11712 Important 11713 Important 11714 Important 11715 Important 11453 Important 11454 Important 11583 Important 11644 Important 11645 Important 11646 Important 11647 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11497 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11498 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11499 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11563 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11568 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11569 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11570 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11571 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11572 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11712 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11713 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11714 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11715 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11453 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11454 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11583 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11644 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11645 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11646 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11647 4556807 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556807 4550922 11497 11498 11499 11563 Yes Security Update 4551853 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4551853 4549949 11568 11569 11570 11571 11572 Yes Security Update 4551853 https://support.microsoft.com/help/4551853 11568 11569 11570 11571 11572 4556799 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556799 4549951 11712 11713 11714 11715 11644 11645 11646 11647 Yes Security Update 4556812 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556812 4550927 11453 11454 11583 Yes Security Update Shefang Zhong of <a href="http://www.360.com/">Qihoo 360 Vulcan Team</a> 1.0 2020-05-12T07:00:00Z <p>Information published.</p> Windows Task Scheduler Security Feature Bypass Vulnerability <p>A security feature bypass vulnerability exists in Microsoft Windows when the Task Scheduler service fails to properly verify client connections over RPC. An attacker who successfully exploited this vulnerability could run arbitrary code as an administrator. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.</p> <p>To exploit this vulnerability, a man-in-the-middle attacker would need to send a specially crafted request to a vulnerable system.</p> <p>The security update addresses the vulnerability by correcting how the Task Scheduler service validates connections.</p> Windows Task Scheduler Microsoft CVE-2020-1113 11497 11498 11499 11563 11568 11569 11570 11571 11572 11712 11713 11714 11715 11453 11454 11583 11644 11645 11646 11647 10729 10735 10852 10853 10816 10855 10047 10048 10481 10482 10484 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Security Feature Bypass 11497 Security Feature Bypass 11498 Security Feature Bypass 11499 Security Feature Bypass 11563 Security Feature Bypass 11568 Security Feature Bypass 11569 Security Feature Bypass 11570 Security Feature Bypass 11571 Security Feature Bypass 11572 Security Feature Bypass 11712 Security Feature Bypass 11713 Security Feature Bypass 11714 Security Feature Bypass 11715 Security Feature Bypass 11453 Security Feature Bypass 11454 Security Feature Bypass 11583 Security Feature Bypass 11644 Security Feature Bypass 11645 Security Feature Bypass 11646 Security Feature Bypass 11647 Security Feature Bypass 10729 Security Feature Bypass 10735 Security Feature Bypass 10852 Security Feature Bypass 10853 Security Feature Bypass 10816 Security Feature Bypass 10855 Security Feature Bypass 10047 Security Feature Bypass 10048 Security Feature Bypass 10481 Security Feature Bypass 10482 Security Feature Bypass 10484 Security Feature Bypass 9312 Security Feature Bypass 10287 Security Feature Bypass 9318 Security Feature Bypass 9344 Security Feature Bypass 10051 Security Feature Bypass 10049 Security Feature Bypass 10378 Security Feature Bypass 10379 Security Feature Bypass 10483 Security Feature Bypass 10543 Important 11497 Important 11498 Important 11499 Important 11563 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11712 Important 11713 Important 11714 Important 11715 Important 11453 Important 11454 Important 11583 Important 11644 Important 11645 Important 11646 Important 11647 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10047 Important 10048 Important 10481 Important 10482 Important 10484 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 5.3 4.8 CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C 11497 5.3 4.8 CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C 11498 5.3 4.8 CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C 11499 5.3 4.8 CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C 11563 5.3 4.8 CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C 11568 5.3 4.8 CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C 11569 5.3 4.8 CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C 11570 5.3 4.8 CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C 11571 5.3 4.8 CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C 11572 5.3 4.8 CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C 11712 5.3 4.8 CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C 11713 5.3 4.8 CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C 11714 5.3 4.8 CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C 11715 5.3 4.8 CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C 11453 5.3 4.8 CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C 11454 5.3 4.8 CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C 11583 5.3 4.8 CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C 11644 5.3 4.8 CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C 11645 5.3 4.8 CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C 11646 5.3 4.8 CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C 11647 5.3 4.8 CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C 10729 5.3 4.8 CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C 10735 5.3 4.8 CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C 10852 5.3 4.8 CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C 10853 5.3 4.8 CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C 10816 5.3 4.8 CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C 10855 5.3 4.8 CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C 10047 5.3 4.8 CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C 10048 5.3 4.8 CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C 10481 5.3 4.8 CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C 10482 5.3 4.8 CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C 10484 5.3 4.8 CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C 9312 5.3 4.8 CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C 10287 5.3 4.8 CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C 9318 5.3 4.8 CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C 9344 5.3 4.8 CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C 10051 5.3 4.8 CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C 10049 5.3 4.8 CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C 10378 5.3 4.8 CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C 10379 5.3 4.8 CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C 10483 5.3 4.8 CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C 10543 4556807 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556807 4550922 11497 11498 11499 11563 Yes Security Update 4551853 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4551853 4549949 11568 11569 11570 11571 11572 Yes Security Update 4551853 https://support.microsoft.com/help/4551853 11568 11569 11570 11571 11572 4556799 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556799 4549951 11712 11713 11714 11715 11644 11645 11646 11647 Yes Security Update 4556812 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556812 4550927 11453 11454 11583 Yes Security Update 4556826 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556826 4550930 10729 10735 Yes Security Update 4556813 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556813 4550929 10852 10853 10816 10855 Yes Security Update 4556813 https://support.microsoft.com/help/4556813 10852 10853 10816 10855 4556836 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556836 4550964 10047 10048 10051 10049 Yes Monthly Rollup 4556836 https://support.microsoft.com/help/4556836 10047 10048 10051 10049 4556843 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556843 10047 10048 10051 10049 Yes Security Only 4556843 https://support.microsoft.com/help/4556843 10047 10048 10051 10049 4556846 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556846 4550961 10481 10482 10484 10483 10543 Yes Monthly Rollup 4556853 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556853 10481 10482 10483 10543 Yes Security Only 4556860 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556860 4550951 9312 10287 9318 9344 Yes Monthly Rollup 4556860 https://support.microsoft.com/help/4556860 9312 10287 9318 9344 4556854 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556854 9312 10287 9318 9344 Yes Security Only 4556854 https://support.microsoft.com/help/4556854 9312 10287 9318 9344 4556840 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556840 4550917 10378 10379 Yes Monthly Rollup 4556852 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556852 10378 10379 Yes Security Only Sylvain Heiniger of <a href="https://www.compass-security.com">Compass Security</a> 1.0 2020-05-12T07:00:00Z <p>Information published.</p> Windows Kernel Elevation of Privilege Vulnerability <p>An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.</p> <p>To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application to take control of an affected system.</p> <p>The update addresses the vulnerability by correcting how the Windows kernel handles objects in memory.</p> Windows Kernel Microsoft CVE-2020-1114 11497 11498 11499 11563 11568 11569 11570 11571 11572 11712 11713 11714 11715 11453 11454 11583 11644 11645 11646 11647 10729 10735 10852 10853 10816 10855 10047 10048 10481 10482 10484 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11497 Elevation of Privilege 11498 Elevation of Privilege 11499 Elevation of Privilege 11563 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11712 Elevation of Privilege 11713 Elevation of Privilege 11714 Elevation of Privilege 11715 Elevation of Privilege 11453 Elevation of Privilege 11454 Elevation of Privilege 11583 Elevation of Privilege 11644 Elevation of Privilege 11645 Elevation of Privilege 11646 Elevation of Privilege 11647 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 10047 Elevation of Privilege 10048 Elevation of Privilege 10481 Elevation of Privilege 10482 Elevation of Privilege 10484 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11497 Important 11498 Important 11499 Important 11563 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11712 Important 11713 Important 11714 Important 11715 Important 11453 Important 11454 Important 11583 Important 11644 Important 11645 Important 11646 Important 11647 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10047 Important 10048 Important 10481 Important 10482 Important 10484 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11497 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11498 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11499 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11563 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11568 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11569 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11570 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11571 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11572 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11712 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11713 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11714 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11715 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11453 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11454 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11583 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11644 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11645 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11646 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11647 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10729 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10735 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10852 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10853 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10816 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10855 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10047 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10048 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10481 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10482 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10484 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 9312 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10287 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 9318 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 9344 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10051 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10049 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10378 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10379 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10483 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10543 4556807 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556807 4550922 11497 11498 11499 11563 Yes Security Update 4551853 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4551853 4549949 11568 11569 11570 11571 11572 Yes Security Update 4551853 https://support.microsoft.com/help/4551853 11568 11569 11570 11571 11572 4556799 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556799 4549951 11712 11713 11714 11715 11644 11645 11646 11647 Yes Security Update 4556812 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556812 4550927 11453 11454 11583 Yes Security Update 4556826 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556826 4550930 10729 10735 Yes Security Update 4556813 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556813 4550929 10852 10853 10816 10855 Yes Security Update 4556813 https://support.microsoft.com/help/4556813 10852 10853 10816 10855 4556836 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556836 4550964 10047 10048 10051 10049 Yes Monthly Rollup 4556836 https://support.microsoft.com/help/4556836 10047 10048 10051 10049 4556843 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556843 10047 10048 10051 10049 Yes Security Only 4556843 https://support.microsoft.com/help/4556843 10047 10048 10051 10049 4556846 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556846 4550961 10481 10482 10484 10483 10543 Yes Monthly Rollup 4556853 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556853 10481 10482 10483 10543 Yes Security Only 4556860 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556860 4550951 9312 10287 9318 9344 Yes Monthly Rollup 4556860 https://support.microsoft.com/help/4556860 9312 10287 9318 9344 4556854 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556854 9312 10287 9318 9344 Yes Security Only 4556854 https://support.microsoft.com/help/4556854 9312 10287 9318 9344 4556840 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556840 4550917 10378 10379 Yes Monthly Rollup 4556852 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556852 10378 10379 Yes Security Only 1.0 2020-05-12T07:00:00Z <p>Information published.</p> Windows CSRSS Information Disclosure Vulnerability <p>An information disclosure vulnerability exists when the Windows Client Server Run-Time Subsystem (CSRSS) fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system.</p> <p>To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application.</p> <p>The update addresses the vulnerability by correcting how the Windows CSRSS handles objects in memory.</p> <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>The type of information that could be disclosed if an attacker successfully exploited this vulnerability is the contents of Kernel memory. An attacker could read the contents of Kernel memory from a user mode process.</p> Microsoft Windows Microsoft CVE-2020-1116 11497 11498 11499 11563 11568 11569 11570 11571 11572 11712 11713 11714 11715 11453 11454 11583 11644 11645 11646 11647 10729 10735 10852 10853 10816 10855 10047 10048 10481 10482 10484 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Information Disclosure 11497 Information Disclosure 11498 Information Disclosure 11499 Information Disclosure 11563 Information Disclosure 11568 Information Disclosure 11569 Information Disclosure 11570 Information Disclosure 11571 Information Disclosure 11572 Information Disclosure 11712 Information Disclosure 11713 Information Disclosure 11714 Information Disclosure 11715 Information Disclosure 11453 Information Disclosure 11454 Information Disclosure 11583 Information Disclosure 11644 Information Disclosure 11645 Information Disclosure 11646 Information Disclosure 11647 Information Disclosure 10729 Information Disclosure 10735 Information Disclosure 10852 Information Disclosure 10853 Information Disclosure 10816 Information Disclosure 10855 Information Disclosure 10047 Information Disclosure 10048 Information Disclosure 10481 Information Disclosure 10482 Information Disclosure 10484 Information Disclosure 9312 Information Disclosure 10287 Information Disclosure 9318 Information Disclosure 9344 Information Disclosure 10051 Information Disclosure 10049 Information Disclosure 10378 Information Disclosure 10379 Information Disclosure 10483 Information Disclosure 10543 Important 11497 Important 11498 Important 11499 Important 11563 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11712 Important 11713 Important 11714 Important 11715 Important 11453 Important 11454 Important 11583 Important 11644 Important 11645 Important 11646 Important 11647 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10047 Important 10048 Important 10481 Important 10482 Important 10484 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 11497 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 11498 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 11499 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 11563 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 11568 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 11569 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 11570 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 11571 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 11572 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 11712 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 11713 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 11714 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 11715 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 11453 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 11454 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 11583 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 11644 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 11645 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 11646 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 11647 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 10729 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 10735 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 10852 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 10853 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 10816 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 10855 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 10047 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 10048 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 10481 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 10482 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 10484 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 9312 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 10287 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 9318 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 9344 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 10051 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 10049 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 10378 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 10379 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 10483 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 10543 4556807 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556807 4550922 11497 11498 11499 11563 Yes Security Update 4551853 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4551853 4549949 11568 11569 11570 11571 11572 Yes Security Update 4551853 https://support.microsoft.com/help/4551853 11568 11569 11570 11571 11572 4556799 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556799 4549951 11712 11713 11714 11715 11644 11645 11646 11647 Yes Security Update 4556812 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556812 4550927 11453 11454 11583 Yes Security Update 4556826 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556826 4550930 10729 10735 Yes Security Update 4556813 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556813 4550929 10852 10853 10816 10855 Yes Security Update 4556813 https://support.microsoft.com/help/4556813 10852 10853 10816 10855 4556836 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556836 4550964 10047 10048 10051 10049 Yes Monthly Rollup 4556836 https://support.microsoft.com/help/4556836 10047 10048 10051 10049 4556843 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556843 10047 10048 10051 10049 Yes Security Only 4556843 https://support.microsoft.com/help/4556843 10047 10048 10051 10049 4556846 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556846 4550961 10481 10482 10484 10483 10543 Yes Monthly Rollup 4556853 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556853 10481 10482 10483 10543 Yes Security Only 4556860 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556860 4550951 9312 10287 9318 9344 Yes Monthly Rollup 4556860 https://support.microsoft.com/help/4556860 9312 10287 9318 9344 4556854 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556854 9312 10287 9318 9344 Yes Security Only 4556854 https://support.microsoft.com/help/4556854 9312 10287 9318 9344 4556840 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556840 4550917 10378 10379 Yes Monthly Rollup 4556852 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556852 10378 10379 Yes Security Only Walied Assar (<a href="https://twitter.com/waleedassar">@waleedassar</a>) 1.0 2020-05-12T07:00:00Z <p>Information published.</p> Microsoft Windows Transport Layer Security Denial of Service Vulnerability <p>A denial of service vulnerability exists in the Windows implementation of Transport Layer Security (TLS) when it improperly handles certain key exchanges. An attacker who successfully exploited the vulnerability could cause a target system to stop responding.</p> <p>To exploit this vulnerability, a remote unauthenticated attacker could send a specially crafted request to a target system utilizing TLS 1.2 or lower, triggering the system to automatically reboot.</p> <p>The update addresses the vulnerability by changing the way TLS key exchange messages are validated.</p> Microsoft Windows Microsoft CVE-2020-1118 11497 11498 11499 11563 11568 11569 11570 11571 11572 11712 11713 11714 11715 11453 11454 11583 11644 11645 11646 11647 Denial of Service 11497 Denial of Service 11498 Denial of Service 11499 Denial of Service 11563 Denial of Service 11568 Denial of Service 11569 Denial of Service 11570 Denial of Service 11571 Denial of Service 11572 Denial of Service 11712 Denial of Service 11713 Denial of Service 11714 Denial of Service 11715 Denial of Service 11453 Denial of Service 11454 Denial of Service 11583 Denial of Service 11644 Denial of Service 11645 Denial of Service 11646 Denial of Service 11647 Important 11497 Important 11498 Important 11499 Important 11563 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11712 Important 11713 Important 11714 Important 11715 Important 11453 Important 11454 Important 11583 Important 11644 Important 11645 Important 11646 Important 11647 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 8.6 7.7 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:P/RL:O/RC:C 11497 8.6 7.7 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:P/RL:O/RC:C 11498 8.6 7.7 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:P/RL:O/RC:C 11499 8.6 7.7 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:P/RL:O/RC:C 11563 8.6 7.7 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:P/RL:O/RC:C 11568 8.6 7.7 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:P/RL:O/RC:C 11569 8.6 7.7 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:P/RL:O/RC:C 11570 8.6 7.7 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:P/RL:O/RC:C 11571 8.6 7.7 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:P/RL:O/RC:C 11572 8.6 7.7 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:P/RL:O/RC:C 11712 8.6 7.7 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:P/RL:O/RC:C 11713 8.6 7.7 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:P/RL:O/RC:C 11714 8.6 7.7 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:P/RL:O/RC:C 11715 8.6 7.7 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:P/RL:O/RC:C 11453 8.6 7.7 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:P/RL:O/RC:C 11454 8.6 7.7 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:P/RL:O/RC:C 11583 8.6 7.7 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:P/RL:O/RC:C 11644 8.6 7.7 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:P/RL:O/RC:C 11645 8.6 7.7 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:P/RL:O/RC:C 11646 8.6 7.7 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:P/RL:O/RC:C 11647 4556807 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556807 4550922 11497 11498 11499 11563 Yes Security Update 4551853 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4551853 4549949 11568 11569 11570 11571 11572 Yes Security Update 4551853 https://support.microsoft.com/help/4551853 11568 11569 11570 11571 11572 4556799 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556799 4549951 11712 11713 11714 11715 11644 11645 11646 11647 Yes Security Update 4556812 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556812 4550927 11453 11454 11583 Yes Security Update 1.0 2020-05-12T07:00:00Z <p>Information published.</p> Windows State Repository Service Elevation of Privilege Vulnerability <p>An elevation of privilege vulnerability exists when the Windows State Repository Service improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in an elevated context.</p> <p>An attacker could exploit this vulnerability by running a specially crafted application on the victim system.</p> <p>The update addresses the vulnerability by correcting the way the Windows State Repository Service handles objects in memory.</p> Microsoft Windows Microsoft CVE-2020-1124 11497 11498 11499 11563 11568 11569 11570 11571 11572 11712 11713 11714 11715 11453 11454 11583 11644 11645 11646 11647 10729 10735 10852 10853 10816 10855 Elevation of Privilege 11497 Elevation of Privilege 11498 Elevation of Privilege 11499 Elevation of Privilege 11563 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11712 Elevation of Privilege 11713 Elevation of Privilege 11714 Elevation of Privilege 11715 Elevation of Privilege 11453 Elevation of Privilege 11454 Elevation of Privilege 11583 Elevation of Privilege 11644 Elevation of Privilege 11645 Elevation of Privilege 11646 Elevation of Privilege 11647 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Important 11497 Important 11498 Important 11499 Important 11563 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11712 Important 11713 Important 11714 Important 11715 Important 11453 Important 11454 Important 11583 Important 11644 Important 11645 Important 11646 Important 11647 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11497 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11498 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11499 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11563 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11568 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11569 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11570 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11571 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11572 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11712 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11713 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11714 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11715 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11453 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11454 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11583 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11644 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11645 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11646 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11647 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10729 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10735 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10852 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10853 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10816 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10855 4556807 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556807 4550922 11497 11498 11499 11563 Yes Security Update 4551853 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4551853 4549949 11568 11569 11570 11571 11572 Yes Security Update 4551853 https://support.microsoft.com/help/4551853 11568 11569 11570 11571 11572 4556799 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556799 4549951 11712 11713 11714 11715 11644 11645 11646 11647 Yes Security Update 4556812 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556812 4550927 11453 11454 11583 Yes Security Update 4556826 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556826 4550930 10729 10735 Yes Security Update 4556813 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556813 4550929 10852 10853 10816 10855 Yes Security Update 4556813 https://support.microsoft.com/help/4556813 10852 10853 10816 10855 anonymous Zhiniang Peng (<a href="https://twitter.com/edwardzpeng">@edwardzpeng</a>) of Qihoo 360 Core Security & Fangming Gu (<a href="https://twitter.com/afang5472">@afang5472</a>) k0shl of Qihoo 360 Vulcan team 1.0 2020-05-12T07:00:00Z <p>Information published.</p> Media Foundation Memory Corruption Vulnerability <p>A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory. An attacker who successfully exploited the vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights.</p> <p>There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit a malicious webpage.</p> <p>The security update addresses the vulnerability by correcting how Windows Media Foundation handles objects in memory.</p> Microsoft Windows Microsoft CVE-2020-1126 11497 11498 11499 11563 11568 11569 11570 11571 11572 11712 11713 11714 11715 11453 11454 11583 11644 11645 11646 11647 10852 10853 10816 10855 Remote Code Execution 11497 Remote Code Execution 11498 Remote Code Execution 11499 Remote Code Execution 11563 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11570 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11712 Remote Code Execution 11713 Remote Code Execution 11714 Remote Code Execution 11715 Remote Code Execution 11453 Remote Code Execution 11454 Remote Code Execution 11583 Remote Code Execution 11644 Remote Code Execution 11645 Remote Code Execution 11646 Remote Code Execution 11647 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Critical 11497 Critical 11498 Critical 11499 Critical 11563 Critical 11568 Critical 11569 Critical 11570 Critical 11571 Critical 11572 Critical 11712 Critical 11713 Critical 11714 Critical 11715 Critical 11453 Critical 11454 Critical 11583 Critical 11644 Critical 11645 Critical 11646 Critical 11647 Critical 10852 Critical 10853 Critical 10816 Critical 10855 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 8.8 7.9 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11497 8.8 7.9 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11498 8.8 7.9 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11499 8.8 7.9 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11563 8.8 7.9 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11568 8.8 7.9 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11569 8.8 7.9 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11570 8.8 7.9 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11571 8.8 7.9 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11572 8.8 7.9 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11712 8.8 7.9 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11713 8.8 7.9 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11714 8.8 7.9 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11715 8.8 7.9 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11453 8.8 7.9 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11454 8.8 7.9 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11583 8.8 7.9 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11644 8.8 7.9 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11645 8.8 7.9 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11646 8.8 7.9 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11647 8.8 7.9 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10852 8.8 7.9 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10853 8.8 7.9 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10816 8.8 7.9 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10855 4556807 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556807 4550922 11497 11498 11499 11563 Yes Security Update 4551853 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4551853 4549949 11568 11569 11570 11571 11572 Yes Security Update 4551853 https://support.microsoft.com/help/4551853 11568 11569 11570 11571 11572 4556799 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556799 4549951 11712 11713 11714 11715 11644 11645 11646 11647 Yes Security Update 4556812 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556812 4550927 11453 11454 11583 Yes Security Update 4556813 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556813 4550929 10852 10853 10816 10855 Yes Security Update 4556813 https://support.microsoft.com/help/4556813 10852 10853 10816 10855 Hossein Lotfi of <a href="https://www.zerodayinitiative.com/">Trend Micro's Zero Day Initiative</a> bee13oy of Qihoo 360 Vulcan Team Hossein Lotfi working with <a href="https://www.zerodayinitiative.com/">Trend Micro's Zero Day Initiative</a> 1.0 2020-05-12T07:00:00Z <p>Information published.</p> Windows State Repository Service Elevation of Privilege Vulnerability <p>An elevation of privilege vulnerability exists when the Windows State Repository Service improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in an elevated context.</p> <p>An attacker could exploit this vulnerability by running a specially crafted application on the victim system.</p> <p>The update addresses the vulnerability by correcting the way the Windows State Repository Service handles objects in memory.</p> Microsoft Windows Microsoft CVE-2020-1134 11497 11498 11499 11563 11568 11569 11570 11571 11572 11712 11713 11714 11715 11453 11454 11583 11644 11645 11646 11647 10729 10735 10852 10853 10816 10855 Elevation of Privilege 11497 Elevation of Privilege 11498 Elevation of Privilege 11499 Elevation of Privilege 11563 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11712 Elevation of Privilege 11713 Elevation of Privilege 11714 Elevation of Privilege 11715 Elevation of Privilege 11453 Elevation of Privilege 11454 Elevation of Privilege 11583 Elevation of Privilege 11644 Elevation of Privilege 11645 Elevation of Privilege 11646 Elevation of Privilege 11647 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Important 11497 Important 11498 Important 11499 Important 11563 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11712 Important 11713 Important 11714 Important 11715 Important 11453 Important 11454 Important 11583 Important 11644 Important 11645 Important 11646 Important 11647 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11497 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11498 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11499 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11563 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11568 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11569 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11570 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11571 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11572 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11712 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11713 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11714 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11715 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11453 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11454 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11583 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11644 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11645 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11646 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11647 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10729 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10735 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10852 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10853 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10816 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10855 4556807 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556807 4550922 11497 11498 11499 11563 Yes Security Update 4551853 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4551853 4549949 11568 11569 11570 11571 11572 Yes Security Update 4551853 https://support.microsoft.com/help/4551853 11568 11569 11570 11571 11572 4556799 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556799 4549951 11712 11713 11714 11715 11644 11645 11646 11647 Yes Security Update 4556812 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556812 4550927 11453 11454 11583 Yes Security Update 4556826 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556826 4550930 10729 10735 Yes Security Update 4556813 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556813 4550929 10852 10853 10816 10855 Yes Security Update 4556813 https://support.microsoft.com/help/4556813 10852 10853 10816 10855 Zhiniang Peng (<a href="https://twitter.com/edwardzpeng">@edwardzpeng</a>) of Qihoo 360 Core security & Xuefeng Li 1.0 2020-05-12T07:00:00Z <p>Information published.</p> Windows Graphics Component Elevation of Privilege Vulnerability <p>An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context.</p> <p>In a local attack scenario, an attacker could exploit this vulnerability by running a specially crafted application to take control over the affected system.</p> <p>The update addresses the vulnerability by correcting the way in which the Microsoft Graphics Component handles objects in memory and preventing unintended elevation from user mode.</p> Microsoft Graphics Component Microsoft CVE-2020-1135 11497 11498 11499 11563 11568 11569 11570 11571 11572 11712 11713 11714 11715 11453 11454 11583 11644 11645 11646 11647 Elevation of Privilege 11497 Elevation of Privilege 11498 Elevation of Privilege 11499 Elevation of Privilege 11563 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11712 Elevation of Privilege 11713 Elevation of Privilege 11714 Elevation of Privilege 11715 Elevation of Privilege 11453 Elevation of Privilege 11454 Elevation of Privilege 11583 Elevation of Privilege 11644 Elevation of Privilege 11645 Elevation of Privilege 11646 Elevation of Privilege 11647 Important 11497 Important 11498 Important 11499 Important 11563 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11712 Important 11713 Important 11714 Important 11715 Important 11453 Important 11454 Important 11583 Important 11644 Important 11645 Important 11646 Important 11647 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;Older Software Release:Exploitation More Likely;DOS:N/A 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11497 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11498 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11499 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11563 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11568 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11569 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11570 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11571 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11572 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11712 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11713 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11714 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11715 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11453 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11454 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11583 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11644 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11645 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11646 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11647 4556807 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556807 4550922 11497 11498 11499 11563 Yes Security Update 4551853 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4551853 4549949 11568 11569 11570 11571 11572 Yes Security Update 4551853 https://support.microsoft.com/help/4551853 11568 11569 11570 11571 11572 4556799 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556799 4549951 11712 11713 11714 11715 11644 11645 11646 11647 Yes Security Update 4556812 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556812 4550927 11453 11454 11583 Yes Security Update <a href="https://twitter.com/fluoroacetate">fluoroacetate</a> working with <a href="https://www.zerodayinitiative.com/">Trend Micro's Zero Day Initiative</a> 1.0 2020-05-12T07:00:00Z <p>Information published.</p> Windows Push Notification Service Elevation of Privilege Vulnerability <p>An elevation of privilege vulnerability exists in the way the Windows Push Notification Service handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could then install programs; view, change or delete data.</p> <p>To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system.</p> <p>The security update addresses the vulnerability by correcting how the Windows Push Notification Service handles objects in memory.</p> Microsoft Windows Microsoft CVE-2020-1137 11497 11498 11499 11563 11568 11569 11570 11571 11572 11712 11713 11714 11715 11453 11454 11583 11644 11645 11646 11647 Elevation of Privilege 11497 Elevation of Privilege 11498 Elevation of Privilege 11499 Elevation of Privilege 11563 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11712 Elevation of Privilege 11713 Elevation of Privilege 11714 Elevation of Privilege 11715 Elevation of Privilege 11453 Elevation of Privilege 11454 Elevation of Privilege 11583 Elevation of Privilege 11644 Elevation of Privilege 11645 Elevation of Privilege 11646 Elevation of Privilege 11647 Important 11497 Important 11498 Important 11499 Important 11563 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11712 Important 11713 Important 11714 Important 11715 Important 11453 Important 11454 Important 11583 Important 11644 Important 11645 Important 11646 Important 11647 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11497 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11498 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11499 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11563 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11568 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11569 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11570 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11571 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11572 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11712 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11713 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11714 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11715 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11453 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11454 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11583 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11644 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11645 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11646 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11647 4556807 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556807 4550922 11497 11498 11499 11563 Yes Security Update 4551853 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4551853 4549949 11568 11569 11570 11571 11572 Yes Security Update 4551853 https://support.microsoft.com/help/4551853 11568 11569 11570 11571 11572 4556799 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556799 4549951 11712 11713 11714 11715 11644 11645 11646 11647 Yes Security Update 4556812 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556812 4550927 11453 11454 11583 Yes Security Update Anonymous researcher Zhiniang Peng (<a href="https://twitter.com/edwardzpeng">@edwardzpeng</a>) of Qihoo 360 Core security & Xuefeng Li 1.0 2020-05-12T07:00:00Z <p>Information published.</p> Windows Storage Service Elevation of Privilege Vulnerability <p>An elevation of privilege vulnerability exists when the Storage Service improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges on the victim system.</p> <p>To exploit the vulnerability, an attacker would first have to gain execution on the victim system, then run a specially crafted application.</p> <p>The security update addresses the vulnerability by correcting how the Storage Services handles file operations.</p> Microsoft Windows Microsoft CVE-2020-1138 11497 11712 11715 11713 11714 11645 11569 11647 11563 11583 11454 11570 11499 11568 11644 11571 11572 11646 11453 10816 10855 11498 Elevation of Privilege 11497 Elevation of Privilege 11712 Elevation of Privilege 11715 Elevation of Privilege 11713 Elevation of Privilege 11714 Elevation of Privilege 11645 Elevation of Privilege 11569 Elevation of Privilege 11647 Elevation of Privilege 11563 Elevation of Privilege 11583 Elevation of Privilege 11454 Elevation of Privilege 11570 Elevation of Privilege 11499 Elevation of Privilege 11568 Elevation of Privilege 11644 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11646 Elevation of Privilege 11453 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 11498 Important 11497 Important 11712 Important 11715 Important 11713 Important 11714 Important 11645 Important 11569 Important 11647 Important 11563 Important 11583 Important 11454 Important 11570 Important 11499 Important 11568 Important 11644 Important 11571 Important 11572 Important 11646 Important 11453 Important 10816 Important 10855 Important 11498 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11497 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11712 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11715 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11713 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11714 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11645 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11569 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11647 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11563 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11583 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11454 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11570 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11499 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11568 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11644 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11571 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11572 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11646 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11453 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10816 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10855 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11498 4556807 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556807 4550922 11497 11563 11499 11498 Yes Security Update 4556799 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556799 4549951 11712 11715 11713 11714 11645 11647 11644 11646 Yes Security Update 4551853 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4551853 4549949 11569 11570 11568 11571 11572 Yes Security Update 4551853 https://support.microsoft.com/help/4551853 11569 11570 11568 11571 11572 4556812 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556812 4550927 11583 11454 11453 Yes Security Update 4556813 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556813 4550929 10816 10855 Yes Security Update 4556813 https://support.microsoft.com/help/4556813 10816 10855 Shefang Zhong of <a href="http://www.360.com/">Qihoo 360 Vulcan Team</a> 1.0 2020-05-12T07:00:00Z <p>Information published.</p> DirectX Elevation of Privilege Vulnerability <p>An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.</p> <p>To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system.</p> <p>The update addresses the vulnerability by correcting how DirectX handles objects in memory.</p> Microsoft Graphics Component Microsoft CVE-2020-1140 11568 11569 11570 11571 11572 11712 11713 11714 11715 11644 11645 11646 11647 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11712 Elevation of Privilege 11713 Elevation of Privilege 11714 Elevation of Privilege 11715 Elevation of Privilege 11644 Elevation of Privilege 11645 Elevation of Privilege 11646 Elevation of Privilege 11647 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11712 Important 11713 Important 11714 Important 11715 Important 11644 Important 11645 Important 11646 Important 11647 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11568 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11569 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11570 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11571 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11572 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11712 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11713 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11714 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11715 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11644 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11645 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11646 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11647 4551853 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4551853 4549949 11568 11569 11570 11571 11572 Yes Security Update 4551853 https://support.microsoft.com/help/4551853 11568 11569 11570 11571 11572 4556799 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556799 4549951 11712 11713 11714 11715 11644 11645 11646 11647 Yes Security Update <a href="https://twitter.com/flame36987044">liuxiaoliang</a> and <a href="http://weibo.com/jfpan">pjf</a> of IceSword Lab , Qihoo 360</a> 1.0 2020-05-12T07:00:00Z <p>Information published.</p> Win32k Elevation of Privilege Vulnerability <p>An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.</p> <p>To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system.</p> <p>The update addresses this vulnerability by correcting how the Windows kernel-mode driver handles objects in memory.</p> Microsoft Windows Microsoft CVE-2020-1143 11497 11498 11499 11563 11568 11569 11570 11571 11572 11712 11713 11714 11715 11453 11454 11583 11644 11645 11646 11647 10729 10735 10852 10853 10816 10855 10047 10048 10481 10482 10484 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11497 Elevation of Privilege 11498 Elevation of Privilege 11499 Elevation of Privilege 11563 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11712 Elevation of Privilege 11713 Elevation of Privilege 11714 Elevation of Privilege 11715 Elevation of Privilege 11453 Elevation of Privilege 11454 Elevation of Privilege 11583 Elevation of Privilege 11644 Elevation of Privilege 11645 Elevation of Privilege 11646 Elevation of Privilege 11647 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 10047 Elevation of Privilege 10048 Elevation of Privilege 10481 Elevation of Privilege 10482 Elevation of Privilege 10484 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11497 Important 11498 Important 11499 Important 11563 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11712 Important 11713 Important 11714 Important 11715 Important 11453 Important 11454 Important 11583 Important 11644 Important 11645 Important 11646 Important 11647 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10047 Important 10048 Important 10481 Important 10482 Important 10484 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;Older Software Release:Exploitation More Likely;DOS:N/A 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11497 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11498 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11499 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11563 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11568 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11569 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11570 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11571 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11572 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11712 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11713 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11714 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11715 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11453 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11454 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11583 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11644 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11645 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11646 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11647 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10729 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10735 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10852 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10853 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10816 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10855 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10047 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10048 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10481 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10482 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10484 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 9312 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10287 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 9318 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 9344 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10051 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10049 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10378 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10379 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10483 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10543 4556807 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556807 4550922 11497 11498 11499 11563 Yes Security Update 4551853 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4551853 4549949 11568 11569 11570 11571 11572 Yes Security Update 4551853 https://support.microsoft.com/help/4551853 11568 11569 11570 11571 11572 4556799 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556799 4549951 11712 11713 11714 11715 11644 11645 11646 11647 Yes Security Update 4556812 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556812 4550927 11453 11454 11583 Yes Security Update 4556826 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556826 4550930 10729 10735 Yes Security Update 4556813 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556813 4550929 10852 10853 10816 10855 Yes Security Update 4556813 https://support.microsoft.com/help/4556813 10852 10853 10816 10855 4556836 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556836 4550964 10047 10048 10051 10049 Yes Monthly Rollup 4556836 https://support.microsoft.com/help/4556836 10047 10048 10051 10049 4556843 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556843 10047 10048 10051 10049 Yes Security Only 4556843 https://support.microsoft.com/help/4556843 10047 10048 10051 10049 4556846 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556846 4550961 10481 10482 10484 10483 10543 Yes Monthly Rollup 4556853 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556853 10481 10482 10483 10543 Yes Security Only 4556860 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556860 4550951 9312 10287 9318 9344 Yes Monthly Rollup 4556860 https://support.microsoft.com/help/4556860 9312 10287 9318 9344 4556854 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556854 9312 10287 9318 9344 Yes Security Only 4556854 https://support.microsoft.com/help/4556854 9312 10287 9318 9344 4556840 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556840 4550917 10378 10379 Yes Monthly Rollup 4556852 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556852 10378 10379 Yes Security Only Netanel Ben-Simon and Yoav Alon from Check Point Research 1.0 2020-05-12T07:00:00Z <p>Information published.</p> Windows State Repository Service Elevation of Privilege Vulnerability <p>An elevation of privilege vulnerability exists when the Windows State Repository Service improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in an elevated context.</p> <p>An attacker could exploit this vulnerability by running a specially crafted application on the victim system.</p> <p>The update addresses the vulnerability by correcting the way the Windows State Repository Service handles objects in memory.</p> Microsoft Windows Microsoft CVE-2020-1144 11497 11498 11499 11563 11568 11569 11570 11571 11572 11712 11713 11714 11715 11453 11454 11583 11644 11645 11646 11647 10729 10735 10852 10853 10816 10855 Elevation of Privilege 11497 Elevation of Privilege 11498 Elevation of Privilege 11499 Elevation of Privilege 11563 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11712 Elevation of Privilege 11713 Elevation of Privilege 11714 Elevation of Privilege 11715 Elevation of Privilege 11453 Elevation of Privilege 11454 Elevation of Privilege 11583 Elevation of Privilege 11644 Elevation of Privilege 11645 Elevation of Privilege 11646 Elevation of Privilege 11647 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Important 11497 Important 11498 Important 11499 Important 11563 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11712 Important 11713 Important 11714 Important 11715 Important 11453 Important 11454 Important 11583 Important 11644 Important 11645 Important 11646 Important 11647 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11497 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11498 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11499 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11563 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11568 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11569 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11570 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11571 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11572 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11712 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11713 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11714 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11715 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11453 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11454 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11583 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11644 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11645 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11646 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11647 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10729 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10735 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10852 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10853 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10816 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10855 4556807 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556807 4550922 11497 11498 11499 11563 Yes Security Update 4551853 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4551853 4549949 11568 11569 11570 11571 11572 Yes Security Update 4551853 https://support.microsoft.com/help/4551853 11568 11569 11570 11571 11572 4556799 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556799 4549951 11712 11713 11714 11715 11644 11645 11646 11647 Yes Security Update 4556812 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556812 4550927 11453 11454 11583 Yes Security Update 4556826 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556826 4550930 10729 10735 Yes Security Update 4556813 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556813 4550929 10852 10853 10816 10855 Yes Security Update 4556813 https://support.microsoft.com/help/4556813 10852 10853 10816 10855 Zhiniang Peng (<a href="https://twitter.com/edwardzpeng">@edwardzpeng</a>) of Qihoo 360 Core Security and Fangming Gu (<a href="https://twitter.com/afang5472">@afang5472</a>) 1.1 2020-05-19T07:00:00Z <p>Updated acknowledgment. This is an informational change only.</p> 1.0 2020-05-12T07:00:00Z <p>Information published.</p> Windows Runtime Elevation of Privilege Vulnerability <p>An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in an elevated context.</p> <p>An attacker could exploit this vulnerability by running a specially crafted application on the victim system.</p> <p>The update addresses the vulnerability by correcting the way the Windows Runtime handles objects in memory.</p> Microsoft Windows Microsoft CVE-2020-1149 11497 11498 11499 11563 11568 11569 11570 11571 11572 11712 11713 11714 11715 11453 11454 11583 11644 11645 11646 11647 10729 10735 10852 10853 10816 10855 10481 10482 10484 10483 10543 Elevation of Privilege 11497 Elevation of Privilege 11498 Elevation of Privilege 11499 Elevation of Privilege 11563 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11712 Elevation of Privilege 11713 Elevation of Privilege 11714 Elevation of Privilege 11715 Elevation of Privilege 11453 Elevation of Privilege 11454 Elevation of Privilege 11583 Elevation of Privilege 11644 Elevation of Privilege 11645 Elevation of Privilege 11646 Elevation of Privilege 11647 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 10481 Elevation of Privilege 10482 Elevation of Privilege 10484 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11497 Important 11498 Important 11499 Important 11563 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11712 Important 11713 Important 11714 Important 11715 Important 11453 Important 11454 Important 11583 Important 11644 Important 11645 Important 11646 Important 11647 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10481 Important 10482 Important 10484 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11497 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11498 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11499 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11563 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11568 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11569 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11570 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11571 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11572 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11712 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11713 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11714 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11715 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11453 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11454 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11583 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11644 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11645 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11646 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11647 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10729 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10735 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10852 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10853 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10816 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10855 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10481 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10482 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10484 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10483 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10543 4556807 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556807 4550922 11497 11498 11499 11563 Yes Security Update 4551853 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4551853 4549949 11568 11569 11570 11571 11572 Yes Security Update 4551853 https://support.microsoft.com/help/4551853 11568 11569 11570 11571 11572 4556799 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556799 4549951 11712 11713 11714 11715 11644 11645 11646 11647 Yes Security Update 4556812 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556812 4550927 11453 11454 11583 Yes Security Update 4556826 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556826 4550930 10729 10735 Yes Security Update 4556813 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556813 4550929 10852 10853 10816 10855 Yes Security Update 4556813 https://support.microsoft.com/help/4556813 10852 10853 10816 10855 4556846 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556846 4550961 10481 10482 10484 10483 10543 Yes Monthly Rollup 4556853 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556853 10481 10482 10483 10543 Yes Security Only George Hughey (<a href="https://twitter.com/ecthr0s">@ecthr0s</a>) of MSRC Vulnerabilities & Mitigations Team 1.0 2020-05-12T07:00:00Z <p>Information published.</p> Media Foundation Memory Corruption Vulnerability <p>A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory. An attacker who successfully exploited the vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights.</p> <p>There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit a malicious webpage.</p> <p>The security update addresses the vulnerability by correcting how Windows Media Foundation handles objects in memory.</p> Microsoft Windows Microsoft CVE-2020-1150 10047 10048 10051 10049 Remote Code Execution 10047 Remote Code Execution 10048 Remote Code Execution 10051 Remote Code Execution 10049 Important 10047 Important 10048 Important 10051 Important 10049 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10047 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10048 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10051 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10049 4556836 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556836 4550964 10047 10048 10051 10049 Yes Monthly Rollup 4556836 https://support.microsoft.com/help/4556836 10047 10048 10051 10049 4556843 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556843 10047 10048 10051 10049 Yes Security Only 4556843 https://support.microsoft.com/help/4556843 10047 10048 10051 10049 Hossein Lotfi of <a href="https://www.zerodayinitiative.com/">Trend Micro's Zero Day Initiative</a> 1.0 2020-05-12T07:00:00Z <p>Information published.</p> Windows Runtime Elevation of Privilege Vulnerability <p>An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in an elevated context.</p> <p>An attacker could exploit this vulnerability by running a specially crafted application on the victim system.</p> <p>The update addresses the vulnerability by correcting the way the Windows Runtime handles objects in memory.</p> Microsoft Windows Microsoft CVE-2020-1151 11714 11568 11499 11645 11713 11715 11569 11646 11497 11647 11571 11583 11454 11498 11712 11572 11563 11644 11453 11570 Elevation of Privilege 11714 Elevation of Privilege 11568 Elevation of Privilege 11499 Elevation of Privilege 11645 Elevation of Privilege 11713 Elevation of Privilege 11715 Elevation of Privilege 11569 Elevation of Privilege 11646 Elevation of Privilege 11497 Elevation of Privilege 11647 Elevation of Privilege 11571 Elevation of Privilege 11583 Elevation of Privilege 11454 Elevation of Privilege 11498 Elevation of Privilege 11712 Elevation of Privilege 11572 Elevation of Privilege 11563 Elevation of Privilege 11644 Elevation of Privilege 11453 Elevation of Privilege 11570 Important 11714 Important 11568 Important 11499 Important 11645 Important 11713 Important 11715 Important 11569 Important 11646 Important 11497 Important 11647 Important 11571 Important 11583 Important 11454 Important 11498 Important 11712 Important 11572 Important 11563 Important 11644 Important 11453 Important 11570 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11714 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11568 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11499 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11645 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11713 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11715 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11569 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11646 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11497 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11647 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11571 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11583 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11454 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11498 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11712 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11572 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11563 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11644 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11453 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11570 4556799 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556799 4549951 11714 11645 11713 11715 11646 11647 11712 11644 Yes Security Update 4551853 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4551853 4549949 11568 11569 11571 11572 11570 Yes Security Update 4551853 https://support.microsoft.com/help/4551853 11568 11569 11571 11572 11570 4556807 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556807 4550922 11499 11497 11498 11563 Yes Security Update 4556812 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556812 4550927 11583 11454 11453 Yes Security Update Zhiniang Peng (<a href="https://twitter.com/edwardzpeng">@edwardzpeng</a>) of Qihoo 360 Core security & Xuefeng Li 1.0 2020-05-12T07:00:00Z <p>Information published.</p> Windows Common Log File System Driver Elevation of Privilege Vulnerability <p>An elevation of privilege vulnerability exists when the <a href="https://technet.microsoft.com/library/security/dn848375.aspx#CLFS">Windows Common Log File System (CLFS)</a> driver improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context.</p> <p>To exploit the vulnerability, an attacker would first have to log on to the system, and then run a specially crafted application to take control over the affected system.</p> <p>The security update addresses the vulnerability by correcting how CLFS handles objects in memory.</p> Common Log File System Driver Microsoft CVE-2020-1154 11497 11498 11499 11563 11568 11569 11570 11571 11572 11712 11713 11714 11715 11453 11454 11583 11644 11645 11646 11647 10729 10735 10852 10853 10816 10855 10047 10048 10481 10482 10484 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11497 Elevation of Privilege 11498 Elevation of Privilege 11499 Elevation of Privilege 11563 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11712 Elevation of Privilege 11713 Elevation of Privilege 11714 Elevation of Privilege 11715 Elevation of Privilege 11453 Elevation of Privilege 11454 Elevation of Privilege 11583 Elevation of Privilege 11644 Elevation of Privilege 11645 Elevation of Privilege 11646 Elevation of Privilege 11647 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 10047 Elevation of Privilege 10048 Elevation of Privilege 10481 Elevation of Privilege 10482 Elevation of Privilege 10484 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11497 Important 11498 Important 11499 Important 11563 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11712 Important 11713 Important 11714 Important 11715 Important 11453 Important 11454 Important 11583 Important 11644 Important 11645 Important 11646 Important 11647 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10047 Important 10048 Important 10481 Important 10482 Important 10484 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11497 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11498 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11499 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11563 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11568 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11569 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11570 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11571 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11572 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11712 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11713 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11714 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11715 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11453 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11454 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11583 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11644 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11645 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11646 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11647 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10729 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10735 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10852 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10853 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10816 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10855 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10047 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10048 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10481 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10482 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10484 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 9312 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10287 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 9318 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 9344 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10051 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10049 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10378 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10379 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10483 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10543 4556807 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556807 4550922 11497 11498 11499 11563 Yes Security Update 4551853 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4551853 4549949 11568 11569 11570 11571 11572 Yes Security Update 4551853 https://support.microsoft.com/help/4551853 11568 11569 11570 11571 11572 4556799 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556799 4549951 11712 11713 11714 11715 11644 11645 11646 11647 Yes Security Update 4556812 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556812 4550927 11453 11454 11583 Yes Security Update 4556826 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556826 4550930 10729 10735 Yes Security Update 4556813 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556813 4550929 10852 10853 10816 10855 Yes Security Update 4556813 https://support.microsoft.com/help/4556813 10852 10853 10816 10855 4556836 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556836 4550964 10047 10048 10051 10049 Yes Monthly Rollup 4556836 https://support.microsoft.com/help/4556836 10047 10048 10051 10049 4556843 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556843 10047 10048 10051 10049 Yes Security Only 4556843 https://support.microsoft.com/help/4556843 10047 10048 10051 10049 4556846 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556846 4550961 10481 10482 10484 10483 10543 Yes Monthly Rollup 4556853 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556853 10481 10482 10483 10543 Yes Security Only 4556860 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556860 4550951 9312 10287 9318 9344 Yes Monthly Rollup 4556860 https://support.microsoft.com/help/4556860 9312 10287 9318 9344 4556854 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556854 9312 10287 9318 9344 Yes Security Only 4556854 https://support.microsoft.com/help/4556854 9312 10287 9318 9344 4556840 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556840 4550917 10378 10379 Yes Monthly Rollup 4556852 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556852 10378 10379 Yes Security Only <a href="https://twitter.com/kkokkokye">JeongOh Kyea</a> of THEORI 1.0 2020-05-12T07:00:00Z <p>Information published.</p> Windows Runtime Elevation of Privilege Vulnerability <p>An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in an elevated context.</p> <p>An attacker could exploit this vulnerability by running a specially crafted application on the victim system.</p> <p>The update addresses the vulnerability by correcting the way the Windows Runtime handles objects in memory.</p> Microsoft Windows Microsoft CVE-2020-1155 11497 11498 11499 11563 11568 11569 11570 11571 11572 11712 11713 11714 11715 11453 11454 11583 11644 11645 11646 11647 Elevation of Privilege 11497 Elevation of Privilege 11498 Elevation of Privilege 11499 Elevation of Privilege 11563 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11712 Elevation of Privilege 11713 Elevation of Privilege 11714 Elevation of Privilege 11715 Elevation of Privilege 11453 Elevation of Privilege 11454 Elevation of Privilege 11583 Elevation of Privilege 11644 Elevation of Privilege 11645 Elevation of Privilege 11646 Elevation of Privilege 11647 Important 11497 Important 11498 Important 11499 Important 11563 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11712 Important 11713 Important 11714 Important 11715 Important 11453 Important 11454 Important 11583 Important 11644 Important 11645 Important 11646 Important 11647 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11497 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11498 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11499 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11563 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11568 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11569 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11570 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11571 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11572 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11712 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11713 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11714 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11715 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11453 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11454 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11583 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11644 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11645 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11646 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11647 4556807 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556807 4550922 11497 11498 11499 11563 Yes Security Update 4551853 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4551853 4549949 11568 11569 11570 11571 11572 Yes Security Update 4551853 https://support.microsoft.com/help/4551853 11568 11569 11570 11571 11572 4556799 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556799 4549951 11712 11713 11714 11715 11644 11645 11646 11647 Yes Security Update 4556812 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556812 4550927 11453 11454 11583 Yes Security Update Zhiniang Peng (<a href="https://twitter.com/edwardzpeng">@edwardzpeng</a>) of Qihoo 360 Core security & Xuefeng Li 1.0 2020-05-12T07:00:00Z <p>Information published.</p> Windows Runtime Elevation of Privilege Vulnerability <p>An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in an elevated context.</p> <p>An attacker could exploit this vulnerability by running a specially crafted application on the victim system.</p> <p>The update addresses the vulnerability by correcting the way the Windows Runtime handles objects in memory.</p> Microsoft Windows Microsoft CVE-2020-1156 11497 11498 11499 11563 11568 11569 11570 11571 11572 11712 11713 11714 11715 11453 11454 11583 11644 11645 11646 11647 10729 10735 10852 10853 10816 10855 Elevation of Privilege 11497 Elevation of Privilege 11498 Elevation of Privilege 11499 Elevation of Privilege 11563 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11712 Elevation of Privilege 11713 Elevation of Privilege 11714 Elevation of Privilege 11715 Elevation of Privilege 11453 Elevation of Privilege 11454 Elevation of Privilege 11583 Elevation of Privilege 11644 Elevation of Privilege 11645 Elevation of Privilege 11646 Elevation of Privilege 11647 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Important 11497 Important 11498 Important 11499 Important 11563 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11712 Important 11713 Important 11714 Important 11715 Important 11453 Important 11454 Important 11583 Important 11644 Important 11645 Important 11646 Important 11647 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11497 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11498 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11499 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11563 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11568 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11569 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11570 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11571 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11572 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11712 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11713 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11714 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11715 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11453 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11454 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11583 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11644 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11645 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11646 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11647 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10729 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10735 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10852 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10853 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10816 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10855 4556807 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556807 4550922 11497 11498 11499 11563 Yes Security Update 4551853 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4551853 4549949 11568 11569 11570 11571 11572 Yes Security Update 4551853 https://support.microsoft.com/help/4551853 11568 11569 11570 11571 11572 4556799 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556799 4549951 11712 11713 11714 11715 11644 11645 11646 11647 Yes Security Update 4556812 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556812 4550927 11453 11454 11583 Yes Security Update 4556826 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556826 4550930 10729 10735 Yes Security Update 4556813 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556813 4550929 10852 10853 10816 10855 Yes Security Update 4556813 https://support.microsoft.com/help/4556813 10852 10853 10816 10855 Zhiniang Peng (<a href="https://twitter.com/edwardzpeng">@edwardzpeng</a>) of Qihoo 360 Core Security & Haoran Qin (<a href="https://twitter.com/Q4n">@Q4n</a>) 1.0 2020-05-12T07:00:00Z <p>Information published.</p> Windows Runtime Elevation of Privilege Vulnerability <p>An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in an elevated context.</p> <p>An attacker could exploit this vulnerability by running a specially crafted application on the victim system.</p> <p>The update addresses the vulnerability by correcting the way the Windows Runtime handles objects in memory.</p> Microsoft Windows Microsoft CVE-2020-1157 11712 11714 11713 11715 11644 11646 11645 11647 11568 11569 11570 11571 11572 11563 11497 10852 10816 11499 10853 11498 10855 11453 11454 11583 10729 10735 Elevation of Privilege 11712 Elevation of Privilege 11714 Elevation of Privilege 11713 Elevation of Privilege 11715 Elevation of Privilege 11644 Elevation of Privilege 11646 Elevation of Privilege 11645 Elevation of Privilege 11647 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11563 Elevation of Privilege 11497 Elevation of Privilege 10852 Elevation of Privilege 10816 Elevation of Privilege 11499 Elevation of Privilege 10853 Elevation of Privilege 11498 Elevation of Privilege 10855 Elevation of Privilege 11453 Elevation of Privilege 11454 Elevation of Privilege 11583 Elevation of Privilege 10729 Elevation of Privilege 10735 Important 11712 Important 11714 Important 11713 Important 11715 Important 11644 Important 11646 Important 11645 Important 11647 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11563 Important 11497 Important 10852 Important 10816 Important 11499 Important 10853 Important 11498 Important 10855 Important 11453 Important 11454 Important 11583 Important 10729 Important 10735 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11712 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11714 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11713 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11715 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11644 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11646 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11645 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11647 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11568 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11569 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11570 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11571 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11572 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11563 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11497 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10852 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10816 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11499 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10853 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11498 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10855 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11453 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11454 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11583 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10729 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10735 4556799 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556799 4549951 11712 11714 11713 11715 11644 11646 11645 11647 Yes Security Update 4551853 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4551853 4549949 11568 11569 11570 11571 11572 Yes Security Update 4551853 https://support.microsoft.com/help/4551853 11568 11569 11570 11571 11572 4556807 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556807 4550922 11563 11497 11499 11498 Yes Security Update 4556813 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556813 4550929 10852 10816 10853 10855 Yes Security Update 4556813 https://support.microsoft.com/help/4556813 10852 10816 10853 10855 4556812 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556812 4550927 11453 11454 11583 Yes Security Update 4556826 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556826 4550930 10729 10735 Yes Security Update Zhiniang Peng (<a href="https://twitter.com/edwardzpeng">@edwardzpeng</a>) of Qihoo 360 Core Security & Haoran Qin (<a href="https://twitter.com/Q4n">@Q4n</a>) 1.0 2020-05-12T07:00:00Z <p>Information published.</p> Windows Runtime Elevation of Privilege Vulnerability <p>An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in an elevated context.</p> <p>An attacker could exploit this vulnerability by running a specially crafted application on the victim system.</p> <p>The update addresses the vulnerability by correcting the way the Windows Runtime handles objects in memory.</p> Microsoft Windows Microsoft CVE-2020-1158 11714 11712 11713 11715 11646 11647 11645 11644 11568 11570 11569 11571 11572 11563 11498 11497 10852 10816 10853 11499 10855 11454 11453 11583 Elevation of Privilege 11714 Elevation of Privilege 11712 Elevation of Privilege 11713 Elevation of Privilege 11715 Elevation of Privilege 11646 Elevation of Privilege 11647 Elevation of Privilege 11645 Elevation of Privilege 11644 Elevation of Privilege 11568 Elevation of Privilege 11570 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11563 Elevation of Privilege 11498 Elevation of Privilege 11497 Elevation of Privilege 10852 Elevation of Privilege 10816 Elevation of Privilege 10853 Elevation of Privilege 11499 Elevation of Privilege 10855 Elevation of Privilege 11454 Elevation of Privilege 11453 Elevation of Privilege 11583 Important 11714 Important 11712 Important 11713 Important 11715 Important 11646 Important 11647 Important 11645 Important 11644 Important 11568 Important 11570 Important 11569 Important 11571 Important 11572 Important 11563 Important 11498 Important 11497 Important 10852 Important 10816 Important 10853 Important 11499 Important 10855 Important 11454 Important 11453 Important 11583 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11714 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11712 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11713 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11715 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11646 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11647 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11645 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11644 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11568 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11570 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11569 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11571 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11572 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11563 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11498 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11497 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10852 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10816 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10853 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11499 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10855 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11454 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11453 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11583 4556799 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556799 4549951 11714 11712 11713 11715 11646 11647 11645 11644 Yes Security Update 4551853 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4551853 4549949 11568 11570 11569 11571 11572 Yes Security Update 4551853 https://support.microsoft.com/help/4551853 11568 11570 11569 11571 11572 4556807 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556807 4550922 11563 11498 11497 11499 Yes Security Update 4556813 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556813 4550929 10852 10816 10853 10855 Yes Security Update 4556813 https://support.microsoft.com/help/4556813 10852 10816 10853 10855 4556812 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556812 4550927 11454 11453 11583 Yes Security Update Zhiniang Peng (<a href="https://twitter.com/edwardzpeng">@edwardzpeng</a>) of Qihoo 360 Core Security & Fangming Gu (<a href="https://twitter.com/afang5472">@afang5472</a>) Anonymous researcher 1.0 2020-05-12T07:00:00Z <p>Information published.</p> Jet Database Engine Remote Code Execution Vulnerability <p>A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.</p> <p>An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file.</p> <p>The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory.</p> Microsoft JET Database Engine Microsoft CVE-2020-1175 11497 11498 11499 11563 11568 11569 11570 11571 11572 11712 11713 11714 11715 11453 11454 11583 11644 11645 11646 11647 10729 10735 10852 10853 10816 10855 10047 10048 10481 10482 10484 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11497 Remote Code Execution 11498 Remote Code Execution 11499 Remote Code Execution 11563 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11570 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11712 Remote Code Execution 11713 Remote Code Execution 11714 Remote Code Execution 11715 Remote Code Execution 11453 Remote Code Execution 11454 Remote Code Execution 11583 Remote Code Execution 11644 Remote Code Execution 11645 Remote Code Execution 11646 Remote Code Execution 11647 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 10047 Remote Code Execution 10048 Remote Code Execution 10481 Remote Code Execution 10482 Remote Code Execution 10484 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11497 Important 11498 Important 11499 Important 11563 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11712 Important 11713 Important 11714 Important 11715 Important 11453 Important 11454 Important 11583 Important 11644 Important 11645 Important 11646 Important 11647 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10047 Important 10048 Important 10481 Important 10482 Important 10484 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11497 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11498 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11499 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11563 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11568 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11569 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11570 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11571 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11572 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11712 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11713 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11714 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11715 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11453 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11454 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11583 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11644 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11645 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11646 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11647 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10729 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10735 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10852 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10853 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10816 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10855 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10047 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10048 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10481 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10482 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10484 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 9312 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10287 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 9318 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 9344 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10051 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10049 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10378 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10379 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10483 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10543 4556807 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556807 4550922 11497 11498 11499 11563 Yes Security Update 4551853 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4551853 4549949 11568 11569 11570 11571 11572 Yes Security Update 4551853 https://support.microsoft.com/help/4551853 11568 11569 11570 11571 11572 4556799 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556799 4549951 11712 11713 11714 11715 11644 11645 11646 11647 Yes Security Update 4556812 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556812 4550927 11453 11454 11583 Yes Security Update 4556826 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556826 4550930 10729 10735 Yes Security Update 4556813 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556813 4550929 10852 10853 10816 10855 Yes Security Update 4556813 https://support.microsoft.com/help/4556813 10852 10853 10816 10855 4556836 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556836 4550964 10047 10048 10051 10049 Yes Monthly Rollup 4556836 https://support.microsoft.com/help/4556836 10047 10048 10051 10049 4556843 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556843 10047 10048 10051 10049 Yes Security Only 4556843 https://support.microsoft.com/help/4556843 10047 10048 10051 10049 4556846 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556846 4550961 10481 10482 10484 10483 10543 Yes Monthly Rollup 4556853 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556853 10481 10482 10483 10543 Yes Security Only 4556860 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556860 4550951 9312 10287 9318 9344 Yes Monthly Rollup 4556860 https://support.microsoft.com/help/4556860 9312 10287 9318 9344 4556854 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556854 9312 10287 9318 9344 Yes Security Only 4556854 https://support.microsoft.com/help/4556854 9312 10287 9318 9344 4556840 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556840 4550917 10378 10379 Yes Monthly Rollup 4556852 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556852 10378 10379 Yes Security Only Hossein Lotfi of <a href="https://www.zerodayinitiative.com/">Trend Micro's Zero Day Initiative</a> 1.0 2020-05-12T07:00:00Z <p>Information published.</p> Windows GDI Information Disclosure Vulnerability <p>An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system.</p> <p>There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage.</p> <p>The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory.</p> <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>The type of information that could be disclosed if an attacker successfully exploited this vulnerability is memory layout - the vulnerability allows an attacker to collect information that facilitates predicting addressing of the memory.</p> Microsoft Graphics Component Microsoft CVE-2020-1179 11497 11498 11499 11563 11568 11569 11570 11571 11572 11712 11713 11714 11715 11453 11454 11583 11644 11645 11646 11647 10729 10735 10852 10853 10816 10855 10047 10048 10481 10482 10484 10051 10049 10378 10379 10483 10543 Information Disclosure 11497 Information Disclosure 11498 Information Disclosure 11499 Information Disclosure 11563 Information Disclosure 11568 Information Disclosure 11569 Information Disclosure 11570 Information Disclosure 11571 Information Disclosure 11572 Information Disclosure 11712 Information Disclosure 11713 Information Disclosure 11714 Information Disclosure 11715 Information Disclosure 11453 Information Disclosure 11454 Information Disclosure 11583 Information Disclosure 11644 Information Disclosure 11645 Information Disclosure 11646 Information Disclosure 11647 Information Disclosure 10729 Information Disclosure 10735 Information Disclosure 10852 Information Disclosure 10853 Information Disclosure 10816 Information Disclosure 10855 Information Disclosure 10047 Information Disclosure 10048 Information Disclosure 10481 Information Disclosure 10482 Information Disclosure 10484 Information Disclosure 10051 Information Disclosure 10049 Information Disclosure 10378 Information Disclosure 10379 Information Disclosure 10483 Information Disclosure 10543 Important 11497 Important 11498 Important 11499 Important 11563 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11712 Important 11713 Important 11714 Important 11715 Important 11453 Important 11454 Important 11583 Important 11644 Important 11645 Important 11646 Important 11647 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10047 Important 10048 Important 10481 Important 10482 Important 10484 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 4556807 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556807 4550922 11497 11498 11499 11563 Yes Security Update 4551853 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4551853 4549949 11568 11569 11570 11571 11572 Yes Security Update 4551853 https://support.microsoft.com/help/4551853 11568 11569 11570 11571 11572 4556799 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556799 4549951 11712 11713 11714 11715 11644 11645 11646 11647 Yes Security Update 4556812 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556812 4550927 11453 11454 11583 Yes Security Update 4556826 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556826 4550930 10729 10735 Yes Security Update 4556813 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556813 4550929 10852 10853 10816 10855 Yes Security Update 4556813 https://support.microsoft.com/help/4556813 10852 10853 10816 10855 4556836 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556836 4550964 10047 10048 10051 10049 Yes Monthly Rollup 4556836 https://support.microsoft.com/help/4556836 10047 10048 10051 10049 4556843 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556843 10047 10048 10051 10049 Yes Security Only 4556843 https://support.microsoft.com/help/4556843 10047 10048 10051 10049 4556846 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556846 4550961 10481 10482 10484 10483 10543 Yes Monthly Rollup 4556853 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556853 10481 10482 10483 10543 Yes Security Only 4556840 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556840 4550917 10378 10379 Yes Monthly Rollup 4556852 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556852 10378 10379 Yes Security Only Simon Barsky (<a href="https://twitter.com/expend20">@expend20</a>) <a href="https://twitter.com/klotxl404">Ke Liu</a> of <a href="https://xlab.tencent.com/en/">Tencent Security Xuanwu Lab</a> <a href=”https://twitter.com/hardik05”>Hardik Shah </a> of McAfee 1.0 2020-05-12T07:00:00Z <p>Information published.</p> Windows State Repository Service Elevation of Privilege Vulnerability <p>An elevation of privilege vulnerability exists when the Windows State Repository Service improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in an elevated context.</p> <p>An attacker could exploit this vulnerability by running a specially crafted application on the victim system.</p> <p>The update addresses the vulnerability by correcting the way the Windows State Repository Service handles objects in memory.</p> Microsoft Windows Microsoft CVE-2020-1186 11497 11498 11499 11563 11568 11569 11570 11571 11572 11712 11713 11714 11715 11453 11454 11583 11644 11645 11646 11647 10852 10853 10816 10855 Elevation of Privilege 11497 Elevation of Privilege 11498 Elevation of Privilege 11499 Elevation of Privilege 11563 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11712 Elevation of Privilege 11713 Elevation of Privilege 11714 Elevation of Privilege 11715 Elevation of Privilege 11453 Elevation of Privilege 11454 Elevation of Privilege 11583 Elevation of Privilege 11644 Elevation of Privilege 11645 Elevation of Privilege 11646 Elevation of Privilege 11647 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Important 11497 Important 11498 Important 11499 Important 11563 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11712 Important 11713 Important 11714 Important 11715 Important 11453 Important 11454 Important 11583 Important 11644 Important 11645 Important 11646 Important 11647 Important 10852 Important 10853 Important 10816 Important 10855 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11497 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11498 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11499 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11563 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11568 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11569 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11570 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11571 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11572 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11712 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11713 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11714 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11715 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11453 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11454 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11583 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11644 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11645 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11646 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11647 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10852 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10853 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10816 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10855 4556807 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556807 4550922 11497 11498 11499 11563 Yes Security Update 4551853 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4551853 4549949 11568 11569 11570 11571 11572 Yes Security Update 4551853 https://support.microsoft.com/help/4551853 11568 11569 11570 11571 11572 4556799 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556799 4549951 11712 11713 11714 11715 11644 11645 11646 11647 Yes Security Update 4556812 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556812 4550927 11453 11454 11583 Yes Security Update 4556813 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556813 4550929 10852 10853 10816 10855 Yes Security Update 4556813 https://support.microsoft.com/help/4556813 10852 10853 10816 10855 Zhiniang Peng (<a href="https://twitter.com/edwardzpeng">@edwardzpeng</a>) of Qihoo 360 Core security and Fangming Gu (<a href="https://twitter.com/afang5472">@afang5472</a>) Anonymous Finder 1.1 2020-05-27T07:00:00Z <p>Added acknowledgements. This is an informational change only.</p> 1.0 2020-05-12T07:00:00Z <p>Information published.</p> Windows State Repository Service Elevation of Privilege Vulnerability <p>An elevation of privilege vulnerability exists when the Windows State Repository Service improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in an elevated context.</p> <p>An attacker could exploit this vulnerability by running a specially crafted application on the victim system.</p> <p>The update addresses the vulnerability by correcting the way the Windows State Repository Service handles objects in memory.</p> Microsoft Windows Microsoft CVE-2020-1189 11497 11498 11499 11563 11568 11569 11570 11571 11572 11712 11713 11714 11715 11453 11454 11583 11644 11645 11646 11647 10852 10853 10816 10855 Elevation of Privilege 11497 Elevation of Privilege 11498 Elevation of Privilege 11499 Elevation of Privilege 11563 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11712 Elevation of Privilege 11713 Elevation of Privilege 11714 Elevation of Privilege 11715 Elevation of Privilege 11453 Elevation of Privilege 11454 Elevation of Privilege 11583 Elevation of Privilege 11644 Elevation of Privilege 11645 Elevation of Privilege 11646 Elevation of Privilege 11647 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Important 11497 Important 11498 Important 11499 Important 11563 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11712 Important 11713 Important 11714 Important 11715 Important 11453 Important 11454 Important 11583 Important 11644 Important 11645 Important 11646 Important 11647 Important 10852 Important 10853 Important 10816 Important 10855 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11497 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11498 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11499 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11563 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11568 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11569 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11570 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11571 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11572 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11712 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11713 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11714 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11715 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11453 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11454 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11583 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11644 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11645 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11646 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11647 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10852 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10853 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10816 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10855 4556807 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556807 4550922 11497 11498 11499 11563 Yes Security Update 4551853 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4551853 4549949 11568 11569 11570 11571 11572 Yes Security Update 4551853 https://support.microsoft.com/help/4551853 11568 11569 11570 11571 11572 4556799 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556799 4549951 11712 11713 11714 11715 11644 11645 11646 11647 Yes Security Update 4556812 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556812 4550927 11453 11454 11583 Yes Security Update 4556813 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556813 4550929 10852 10853 10816 10855 Yes Security Update 4556813 https://support.microsoft.com/help/4556813 10852 10853 10816 10855 Zhiniang Peng (<a href="https://twitter.com/edwardzpeng">@edwardzpeng</a>) of Qihoo 360 Core security and Fangming Gu (<a href="https://twitter.com/afang5472">@afang5472</a>) Anonymous Finder 1.1 2020-05-27T07:00:00Z <p>Added acknowledgements. This is an informational change only.</p> 1.0 2020-05-12T07:00:00Z <p>Information published.</p> Windows State Repository Service Elevation of Privilege Vulnerability <p>An elevation of privilege vulnerability exists when the Windows State Repository Service improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in an elevated context.</p> <p>An attacker could exploit this vulnerability by running a specially crafted application on the victim system.</p> <p>The update addresses the vulnerability by correcting the way the Windows State Repository Service handles objects in memory.</p> Microsoft Windows Microsoft CVE-2020-1190 11497 11498 11499 11563 11568 11569 11570 11571 11572 11712 11713 11714 11715 11453 11454 11583 11644 11645 11646 11647 10852 10853 10816 10855 Elevation of Privilege 11497 Elevation of Privilege 11498 Elevation of Privilege 11499 Elevation of Privilege 11563 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11712 Elevation of Privilege 11713 Elevation of Privilege 11714 Elevation of Privilege 11715 Elevation of Privilege 11453 Elevation of Privilege 11454 Elevation of Privilege 11583 Elevation of Privilege 11644 Elevation of Privilege 11645 Elevation of Privilege 11646 Elevation of Privilege 11647 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Important 11497 Important 11498 Important 11499 Important 11563 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11712 Important 11713 Important 11714 Important 11715 Important 11453 Important 11454 Important 11583 Important 11644 Important 11645 Important 11646 Important 11647 Important 10852 Important 10853 Important 10816 Important 10855 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11497 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11498 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11499 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11563 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11568 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11569 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11570 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11571 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11572 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11712 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11713 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11714 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11715 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11453 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11454 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11583 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11644 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11645 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11646 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11647 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10852 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10853 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10816 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10855 4556807 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556807 4550922 11497 11498 11499 11563 Yes Security Update 4551853 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4551853 4549949 11568 11569 11570 11571 11572 Yes Security Update 4551853 https://support.microsoft.com/help/4551853 11568 11569 11570 11571 11572 4556799 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556799 4549951 11712 11713 11714 11715 11644 11645 11646 11647 Yes Security Update 4556812 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556812 4550927 11453 11454 11583 Yes Security Update 4556813 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556813 4550929 10852 10853 10816 10855 Yes Security Update 4556813 https://support.microsoft.com/help/4556813 10852 10853 10816 10855 Zhiniang Peng (<a href="https://twitter.com/edwardzpeng">@edwardzpeng</a>) of Qihoo 360 Core security and Fangming Gu (<a href="https://twitter.com/afang5472">@afang5472</a>) Anonymous Finder 1.1 2020-05-27T07:00:00Z <p>Added acknowledgements. This is an informational change only.</p> 1.0 2020-05-12T07:00:00Z <p>Information published.</p> Jet Database Engine Remote Code Execution Vulnerability <p>A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.</p> <p>An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file.</p> <p>The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory.</p> Microsoft JET Database Engine Microsoft CVE-2020-1051 11497 11498 11499 11563 11568 11569 11570 11571 11572 11712 11713 11714 11715 11453 11454 11583 11644 11645 11646 11647 10729 10735 10852 10853 10816 10855 10047 10048 10481 10482 10484 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11497 Remote Code Execution 11498 Remote Code Execution 11499 Remote Code Execution 11563 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11570 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11712 Remote Code Execution 11713 Remote Code Execution 11714 Remote Code Execution 11715 Remote Code Execution 11453 Remote Code Execution 11454 Remote Code Execution 11583 Remote Code Execution 11644 Remote Code Execution 11645 Remote Code Execution 11646 Remote Code Execution 11647 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 10047 Remote Code Execution 10048 Remote Code Execution 10481 Remote Code Execution 10482 Remote Code Execution 10484 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11497 Important 11498 Important 11499 Important 11563 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11712 Important 11713 Important 11714 Important 11715 Important 11453 Important 11454 Important 11583 Important 11644 Important 11645 Important 11646 Important 11647 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10047 Important 10048 Important 10481 Important 10482 Important 10484 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11497 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11498 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11499 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11563 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11568 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11569 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11570 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11571 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11572 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11712 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11713 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11714 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11715 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11453 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11454 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11583 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11644 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11645 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11646 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11647 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10729 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10735 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10852 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10853 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10816 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10855 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10047 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10048 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10481 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10482 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10484 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 9312 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10287 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 9318 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 9344 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10051 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10049 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10378 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10379 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10483 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10543 4556807 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556807 4550922 11497 11498 11499 11563 Yes Security Update 4551853 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4551853 4549949 11568 11569 11570 11571 11572 Yes Security Update 4551853 https://support.microsoft.com/help/4551853 11568 11569 11570 11571 11572 4556799 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556799 4549951 11712 11713 11714 11715 11644 11645 11646 11647 Yes Security Update 4556812 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556812 4550927 11453 11454 11583 Yes Security Update 4556826 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556826 4550930 10729 10735 Yes Security Update 4556813 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556813 4550929 10852 10853 10816 10855 Yes Security Update 4556813 https://support.microsoft.com/help/4556813 10852 10853 10816 10855 4556836 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556836 4550964 10047 10048 10051 10049 Yes Monthly Rollup 4556836 https://support.microsoft.com/help/4556836 10047 10048 10051 10049 4556843 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556843 10047 10048 10051 10049 Yes Security Only 4556843 https://support.microsoft.com/help/4556843 10047 10048 10051 10049 4556846 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556846 4550961 10481 10482 10484 10483 10543 Yes Monthly Rollup 4556853 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556853 10481 10482 10483 10543 Yes Security Only 4556860 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556860 4550951 9312 10287 9318 9344 Yes Monthly Rollup 4556860 https://support.microsoft.com/help/4556860 9312 10287 9318 9344 4556854 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556854 9312 10287 9318 9344 Yes Security Only 4556854 https://support.microsoft.com/help/4556854 9312 10287 9318 9344 4556840 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556840 4550917 10378 10379 Yes Monthly Rollup 4556852 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556852 10378 10379 Yes Security Only Hossein Lotfi of <a href="https://www.zerodayinitiative.com/">Trend Micro's Zero Day Initiative</a> 1.0 2020-05-12T07:00:00Z <p>Information published.</p> Microsoft Edge Elevation of Privilege Vulnerability <p>An elevation of privilege vulnerability exists when Microsoft Edge does not properly enforce cross-domain policies, which could allow an attacker to access information from one domain and inject it into another domain.</p> <p>In a web-based attack scenario, an attacker could host a website that is used to attempt to exploit the vulnerability. In addition, compromised websites and websites that accept or host user-provided content could contain specially crafted content that could exploit the vulnerability. However, in all cases an attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action. For example, an attacker could trick users into clicking a link that takes them to the attacker's site. An attacker who successfully exploited this vulnerability could elevate privileges in affected versions of Microsoft Edge.</p> <p>The security update addresses the vulnerability by helping to ensure that cross-domain policies are properly enforced in Microsoft Edge.</p> Microsoft Edge (HTML-based) Microsoft CVE-2020-1056 10724-11497 10724-11498 10724-11563 10724-11568 10724-11569 10724-11570 10724-11571 10724-11712 10724-11713 10724-11714 10724-11453 10724-11454 10724-11583 10724-11644 10724-11645 10724-11646 10724-10852 10724-10853 10724-10816 Elevation of Privilege 10724-11497 Elevation of Privilege 10724-11498 Elevation of Privilege 10724-11563 Elevation of Privilege 10724-11568 Elevation of Privilege 10724-11569 Elevation of Privilege 10724-11570 Elevation of Privilege 10724-11571 Elevation of Privilege 10724-11712 Elevation of Privilege 10724-11713 Elevation of Privilege 10724-11714 Elevation of Privilege 10724-11453 Elevation of Privilege 10724-11454 Elevation of Privilege 10724-11583 Elevation of Privilege 10724-11644 Elevation of Privilege 10724-11645 Elevation of Privilege 10724-11646 Elevation of Privilege 10724-10852 Elevation of Privilege 10724-10853 Elevation of Privilege 10724-10816 Critical 10724-11497 Critical 10724-11498 Critical 10724-11563 Critical 10724-11568 Critical 10724-11569 Critical 10724-11570 Moderate 10724-11571 Critical 10724-11712 Critical 10724-11713 Critical 10724-11714 Critical 10724-11453 Critical 10724-11454 Critical 10724-11583 Critical 10724-11644 Critical 10724-11645 Critical 10724-11646 Critical 10724-10852 Critical 10724-10853 Moderate 10724-10816 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 5.4 4.9 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C 10724-11497 5.4 4.9 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C 10724-11498 5.4 4.9 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C 10724-11563 5.4 4.9 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C 10724-11568 5.4 4.9 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C 10724-11569 5.4 4.9 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C 10724-11570 5.4 4.9 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C 10724-11571 5.4 4.9 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C 10724-11712 5.4 4.9 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C 10724-11713 5.4 4.9 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C 10724-11714 5.4 4.9 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C 10724-11453 5.4 4.9 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C 10724-11454 5.4 4.9 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C 10724-11583 5.4 4.9 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C 10724-11644 5.4 4.9 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C 10724-11645 5.4 4.9 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C 10724-11646 5.4 4.9 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C 10724-10852 5.4 4.9 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C 10724-10853 5.4 4.9 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C 10724-10816 4556807 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556807 4550922 10724-11497 10724-11498 10724-11563 Yes Security Update 4551853 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4551853 4549949 10724-11568 10724-11569 10724-11570 10724-11571 Yes Security Update 4551853 https://support.microsoft.com/help/4551853 10724-11568 10724-11569 10724-11570 10724-11571 4556799 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556799 4549951 10724-11712 10724-11713 10724-11714 10724-11644 10724-11645 10724-11646 Yes Security Update 4556812 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556812 4550927 10724-11453 10724-11454 10724-11583 Yes Security Update 4556813 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556813 4550929 10724-10852 10724-10853 10724-10816 Yes Security Update 4556813 https://support.microsoft.com/help/4556813 10724-10852 10724-10853 10724-10816 Yuki Chen of <a href="https://www.360.com/">Qihoo 360 Vulcan Team via Tianfu Cup 2019</a> 1.0 2020-05-12T07:00:00Z <p>Information published.</p> Windows Remote Code Execution Vulnerability <p>A remote code execution vulnerability exists in the way that Windows handles objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code with elevated permissions on a target system.</p> <p>To exploit the vulnerability, an attacker who has a domain user account could create a specially crafted request, causing Windows to execute arbitrary code with elevated permissions.</p> <p>The security update addresses the vulnerability by correcting how Windows handles objects in memory.</p> Microsoft Windows Microsoft CVE-2020-1067 11497 11498 11499 11563 11568 11569 11570 11571 11572 11712 11713 11714 11715 11453 11454 11583 11644 11645 11646 11647 10729 10735 10852 10853 10816 10855 10047 10048 10481 10482 10484 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11497 Remote Code Execution 11498 Remote Code Execution 11499 Remote Code Execution 11563 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11570 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11712 Remote Code Execution 11713 Remote Code Execution 11714 Remote Code Execution 11715 Remote Code Execution 11453 Remote Code Execution 11454 Remote Code Execution 11583 Remote Code Execution 11644 Remote Code Execution 11645 Remote Code Execution 11646 Remote Code Execution 11647 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 10047 Remote Code Execution 10048 Remote Code Execution 10481 Remote Code Execution 10482 Remote Code Execution 10484 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11497 Important 11498 Important 11499 Important 11563 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11712 Important 11713 Important 11714 Important 11715 Important 11453 Important 11454 Important 11583 Important 11644 Important 11645 Important 11646 Important 11647 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10047 Important 10048 Important 10481 Important 10482 Important 10484 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11497 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11498 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11499 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11563 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11568 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11569 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11570 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11571 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11572 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11712 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11713 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11714 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11715 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11453 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11454 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11583 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11644 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11645 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11646 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11647 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10729 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10735 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10852 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10853 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10816 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10855 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10047 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10048 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10481 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10482 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10484 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 9312 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10287 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 9318 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 9344 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10051 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10049 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10378 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10379 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10483 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10543 4556807 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556807 4550922 11497 11498 11499 11563 Yes Security Update 4551853 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4551853 4549949 11568 11569 11570 11571 11572 Yes Security Update 4551853 https://support.microsoft.com/help/4551853 11568 11569 11570 11571 11572 4556799 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556799 4549951 11712 11713 11714 11715 11644 11645 11646 11647 Yes Security Update 4556812 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556812 4550927 11453 11454 11583 Yes Security Update 4556826 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556826 4550930 10729 10735 Yes Security Update 4556813 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556813 4550929 10852 10853 10816 10855 Yes Security Update 4556813 https://support.microsoft.com/help/4556813 10852 10853 10816 10855 4556836 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556836 4550964 10047 10048 10051 10049 Yes Monthly Rollup 4556836 https://support.microsoft.com/help/4556836 10047 10048 10051 10049 4556843 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556843 10047 10048 10051 10049 Yes Security Only 4556843 https://support.microsoft.com/help/4556843 10047 10048 10051 10049 4556846 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556846 4550961 10481 10482 10484 10483 10543 Yes Monthly Rollup 4556853 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556853 10481 10482 10483 10543 Yes Security Only 4556860 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556860 4550951 9312 10287 9318 9344 Yes Monthly Rollup 4556860 https://support.microsoft.com/help/4556860 9312 10287 9318 9344 4556854 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556854 9312 10287 9318 9344 Yes Security Only 4556854 https://support.microsoft.com/help/4556854 9312 10287 9318 9344 4556840 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556840 4550917 10378 10379 Yes Monthly Rollup 4556852 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556852 10378 10379 Yes Security Only Yuki Chen of <a href="https://www.360.com/">Qihoo 360 Vulcan Team</a> 1.0 2020-05-12T07:00:00Z <p>Information published.</p> Microsoft Windows Elevation of Privilege Vulnerability <p>An elevation of privilege vulnerability exists in Windows Media Service that allows file creation in arbitrary locations.</p> <p>To exploit the vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system.</p> <p>The update addresses the vulnerability by correcting how the Windows Media Service handles file creation.</p> Microsoft Windows Microsoft CVE-2020-1068 11497 11498 11499 11563 11568 11569 11570 11571 11572 11712 11713 11714 11715 11453 11454 11583 11644 11645 11646 11647 10729 10735 10852 10853 10816 10855 Elevation of Privilege 11497 Elevation of Privilege 11498 Elevation of Privilege 11499 Elevation of Privilege 11563 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11712 Elevation of Privilege 11713 Elevation of Privilege 11714 Elevation of Privilege 11715 Elevation of Privilege 11453 Elevation of Privilege 11454 Elevation of Privilege 11583 Elevation of Privilege 11644 Elevation of Privilege 11645 Elevation of Privilege 11646 Elevation of Privilege 11647 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Important 11497 Important 11498 Important 11499 Important 11563 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11712 Important 11713 Important 11714 Important 11715 Important 11453 Important 11454 Important 11583 Important 11644 Important 11645 Important 11646 Important 11647 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11497 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11498 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11499 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11563 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11568 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11569 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11570 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11571 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11572 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11712 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11713 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11714 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11715 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11453 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11454 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11583 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11644 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11645 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11646 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11647 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10729 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10735 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10852 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10853 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10816 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10855 4556807 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556807 4550922 11497 11498 11499 11563 Yes Security Update 4551853 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4551853 4549949 11568 11569 11570 11571 11572 Yes Security Update 4551853 https://support.microsoft.com/help/4551853 11568 11569 11570 11571 11572 4556799 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556799 4549951 11712 11713 11714 11715 11644 11645 11646 11647 Yes Security Update 4556812 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556812 4550927 11453 11454 11583 Yes Security Update 4556826 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556826 4550930 10729 10735 Yes Security Update 4556813 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556813 4550929 10852 10853 10816 10855 Yes Security Update 4556813 https://support.microsoft.com/help/4556813 10852 10853 10816 10855 Zhiniang Peng (<a href="https://twitter.com/edwardzpeng">@edwardzpeng</a>) of Qihoo 360 Core security & Xuefeng Li 1.0 2020-05-12T07:00:00Z <p>Information published.</p> Microsoft SharePoint Server Remote Code Execution Vulnerability <p>A remote code execution vulnerability exists in Microsoft SharePoint Server when it fails to properly identify and filter unsafe ASP.Net web controls. An authenticated attacker who successfully exploited the vulnerability could use a specially crafted page to perform actions in the security context of the SharePoint application pool process.</p> <p>To exploit the vulnerability, an authenticated user must create and invoke a specially crafted page on an affected version of Microsoft SharePoint Server.</p> <p>The security update addresses the vulnerability by correcting how Microsoft SharePoint Server handles processing of created content.</p> Microsoft Office SharePoint Microsoft CVE-2020-1069 10950 11585 10612 Remote Code Execution 10950 Remote Code Execution 11585 Remote Code Execution 10612 Critical 10950 Critical 11585 Critical 10612 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 4484336 https://www.microsoft.com/download/details.aspx?familyid=4943205b-b1fc-4faf-8a2f-3f35afdb3178 4484299 10950 Maybe Security Update 4484332 https://www.microsoft.com/download/details.aspx?familyid=74d91329-15bb-4cfb-9040-5860a4e27805 4484292 11585 Maybe Security Update 4484364 https://www.microsoft.com/download/details.aspx?familyid=2a44537d-f219-46f5-9c20-c5455b5ed61c 4484321 10612 Maybe Security Update Oleksandr Mirosh (@olekmirosh) from Micro Focus Fortify 1.0 2020-05-12T07:00:00Z <p>Information published.</p> Windows Print Spooler Elevation of Privilege Vulnerability <p>An elevation of privilege vulnerability exists when the Windows Print Spooler service improperly allows arbitrary writing to the file system. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.</p> <p>To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted script or application.</p> <p>The update addresses the vulnerability by correcting how the Windows Print Spooler Component writes to the file system.</p> Microsoft Windows Microsoft CVE-2020-1070 11497 11498 11499 11563 11568 11569 11570 11571 11572 11712 11713 11714 11715 11453 11454 11583 11644 11645 11646 11647 10729 10735 10852 10853 10816 10855 10047 10048 10481 10482 10484 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11497 Elevation of Privilege 11498 Elevation of Privilege 11499 Elevation of Privilege 11563 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11712 Elevation of Privilege 11713 Elevation of Privilege 11714 Elevation of Privilege 11715 Elevation of Privilege 11453 Elevation of Privilege 11454 Elevation of Privilege 11583 Elevation of Privilege 11644 Elevation of Privilege 11645 Elevation of Privilege 11646 Elevation of Privilege 11647 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 10047 Elevation of Privilege 10048 Elevation of Privilege 10481 Elevation of Privilege 10482 Elevation of Privilege 10484 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11497 Important 11498 Important 11499 Important 11563 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11712 Important 11713 Important 11714 Important 11715 Important 11453 Important 11454 Important 11583 Important 11644 Important 11645 Important 11646 Important 11647 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10047 Important 10048 Important 10481 Important 10482 Important 10484 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11497 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11498 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11499 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11563 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11568 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11569 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11570 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11571 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11572 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11712 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11713 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11714 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11715 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11453 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11454 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11583 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11644 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11645 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11646 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11647 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10729 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10735 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10852 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10853 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10816 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10855 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10047 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10048 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10481 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10482 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10484 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 9312 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10287 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 9318 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 9344 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10051 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10049 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10378 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10379 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10483 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10543 4556807 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556807 4550922 11497 11498 11499 11563 Yes Security Update 4551853 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4551853 4549949 11568 11569 11570 11571 11572 Yes Security Update 4551853 https://support.microsoft.com/help/4551853 11568 11569 11570 11571 11572 4556799 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556799 4549951 11712 11713 11714 11715 11644 11645 11646 11647 Yes Security Update 4556812 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556812 4550927 11453 11454 11583 Yes Security Update 4556826 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556826 4550930 10729 10735 Yes Security Update 4556813 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556813 4550929 10852 10853 10816 10855 Yes Security Update 4556813 https://support.microsoft.com/help/4556813 10852 10853 10816 10855 4556836 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556836 4550964 10047 10048 10051 10049 Yes Monthly Rollup 4556836 https://support.microsoft.com/help/4556836 10047 10048 10051 10049 4556843 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556843 10047 10048 10051 10049 Yes Security Only 4556843 https://support.microsoft.com/help/4556843 10047 10048 10051 10049 4556846 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556846 4550961 10481 10482 10484 10483 10543 Yes Monthly Rollup 4556853 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556853 10481 10482 10483 10543 Yes Security Only 4556860 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556860 4550951 9312 10287 9318 9344 Yes Monthly Rollup 4556860 https://support.microsoft.com/help/4556860 9312 10287 9318 9344 4556854 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556854 9312 10287 9318 9344 Yes Security Only 4556854 https://support.microsoft.com/help/4556854 9312 10287 9318 9344 4556840 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556840 4550917 10378 10379 Yes Monthly Rollup 4556852 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556852 10378 10379 Yes Security Only <a href="https://twitter.com/kkokkokye">JeongOh Kyea</a> of THEORI 1.0 2020-05-12T07:00:00Z <p>Information published.</p> Windows Kernel Information Disclosure Vulnerability <p>An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system.</p> <p>To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The vulnerability would not allow an attacker to execute code or to elevate user rights directly, but it could be used to obtain information that could be used to try to further compromise the affected system.</p> <p>The update addresses the vulnerability by correcting how the Windows kernel handles objects in memory.</p> <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>The type of information that could be disclosed if an attacker successfully exploited this vulnerability is the contents of Kernel memory. An attacker could read the contents of Kernel memory from a user mode process.</p> Microsoft Windows Microsoft CVE-2020-1072 11497 11498 11499 11563 11568 11569 11570 11571 11572 11712 11713 11714 11715 11453 11454 11583 11644 11645 11646 11647 10729 10735 10852 10853 10816 10855 10047 10048 10481 10482 10484 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Information Disclosure 11497 Information Disclosure 11498 Information Disclosure 11499 Information Disclosure 11563 Information Disclosure 11568 Information Disclosure 11569 Information Disclosure 11570 Information Disclosure 11571 Information Disclosure 11572 Information Disclosure 11712 Information Disclosure 11713 Information Disclosure 11714 Information Disclosure 11715 Information Disclosure 11453 Information Disclosure 11454 Information Disclosure 11583 Information Disclosure 11644 Information Disclosure 11645 Information Disclosure 11646 Information Disclosure 11647 Information Disclosure 10729 Information Disclosure 10735 Information Disclosure 10852 Information Disclosure 10853 Information Disclosure 10816 Information Disclosure 10855 Information Disclosure 10047 Information Disclosure 10048 Information Disclosure 10481 Information Disclosure 10482 Information Disclosure 10484 Information Disclosure 9312 Information Disclosure 10287 Information Disclosure 9318 Information Disclosure 9344 Information Disclosure 10051 Information Disclosure 10049 Information Disclosure 10378 Information Disclosure 10379 Information Disclosure 10483 Information Disclosure 10543 Important 11497 Important 11498 Important 11499 Important 11563 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11712 Important 11713 Important 11714 Important 11715 Important 11453 Important 11454 Important 11583 Important 11644 Important 11645 Important 11646 Important 11647 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10047 Important 10048 Important 10481 Important 10482 Important 10484 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 11497 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 11498 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 11499 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 11563 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 11568 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 11569 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 11570 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 11571 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 11572 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 11712 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 11713 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 11714 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 11715 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 11453 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 11454 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 11583 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 11644 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 11645 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 11646 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 11647 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 10729 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 10735 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 10852 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 10853 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 10816 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 10855 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 10047 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 10048 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 10481 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 10482 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 10484 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 9312 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 10287 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 9318 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 9344 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 10051 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 10049 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 10378 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 10379 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 10483 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 10543 4556807 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556807 4550922 11497 11498 11499 11563 Yes Security Update 4551853 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4551853 4549949 11568 11569 11570 11571 11572 Yes Security Update 4551853 https://support.microsoft.com/help/4551853 11568 11569 11570 11571 11572 4556799 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556799 4549951 11712 11713 11714 11715 11644 11645 11646 11647 Yes Security Update 4556812 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556812 4550927 11453 11454 11583 Yes Security Update 4556826 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556826 4550930 10729 10735 Yes Security Update 4556813 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556813 4550929 10852 10853 10816 10855 Yes Security Update 4556813 https://support.microsoft.com/help/4556813 10852 10853 10816 10855 4556836 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556836 4550964 10047 10048 10051 10049 Yes Monthly Rollup 4556836 https://support.microsoft.com/help/4556836 10047 10048 10051 10049 4556843 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556843 10047 10048 10051 10049 Yes Security Only 4556843 https://support.microsoft.com/help/4556843 10047 10048 10051 10049 4556846 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556846 4550961 10481 10482 10484 10483 10543 Yes Monthly Rollup 4556853 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556853 10481 10482 10483 10543 Yes Security Only 4556860 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556860 4550951 9312 10287 9318 9344 Yes Monthly Rollup 4556860 https://support.microsoft.com/help/4556860 9312 10287 9318 9344 4556854 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556854 9312 10287 9318 9344 Yes Security Only 4556854 https://support.microsoft.com/help/4556854 9312 10287 9318 9344 4556840 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556840 4550917 10378 10379 Yes Monthly Rollup 4556852 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556852 10378 10379 Yes Security Only <a href="https://twitter.com/waleedassar">Walied Assar</a> 1.0 2020-05-12T07:00:00Z <p>Information published.</p> Windows Subsystem for Linux Information Disclosure Vulnerability <p>An information disclosure vulnerability exists when Windows Subsystem for Linux improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system.</p> <p>A attacker could exploit this vulnerability by running a specially crafted application.</p> <p>The update addresses the vulnerability by correcting how Windows Subsystem for Linux handles objects in memory.</p> <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>The type of information that could be disclosed if an attacker successfully exploited this vulnerability is the contents of Kernel memory. An attacker could read the contents of Kernel memory from a user mode process.</p> Windows Subsystem for Linux Microsoft CVE-2020-1075 11497 11498 11499 11563 11568 11569 11570 11571 11572 11712 11713 11714 11715 11644 11645 11646 11647 Information Disclosure 11497 Information Disclosure 11498 Information Disclosure 11499 Information Disclosure 11563 Information Disclosure 11568 Information Disclosure 11569 Information Disclosure 11570 Information Disclosure 11571 Information Disclosure 11572 Information Disclosure 11712 Information Disclosure 11713 Information Disclosure 11714 Information Disclosure 11715 Information Disclosure 11644 Information Disclosure 11645 Information Disclosure 11646 Information Disclosure 11647 Important 11497 Important 11498 Important 11499 Important 11563 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11712 Important 11713 Important 11714 Important 11715 Important 11644 Important 11645 Important 11646 Important 11647 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 11497 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 11498 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 11499 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 11563 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 11568 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 11569 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 11570 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 11571 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 11572 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 11712 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 11713 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 11714 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 11715 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 11644 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 11645 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 11646 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 11647 4556807 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556807 4550922 11497 11498 11499 11563 Yes Security Update 4551853 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4551853 4549949 11568 11569 11570 11571 11572 Yes Security Update 4551853 https://support.microsoft.com/help/4551853 11568 11569 11570 11571 11572 4556799 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556799 4549951 11712 11713 11714 11715 11644 11645 11646 11647 Yes Security Update <a href="https://twitter.com/anarcheuz">Anthony LAOU HINE TSUEI</a> 1.0 2020-05-12T07:00:00Z <p>Information published.</p> Windows Runtime Elevation of Privilege Vulnerability <p>An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in an elevated context.</p> <p>An attacker could exploit this vulnerability by running a specially crafted application on the victim system.</p> <p>The update addresses the vulnerability by correcting the way the Windows Runtime handles objects in memory.</p> Microsoft Windows Microsoft CVE-2020-1077 11497 11498 11499 11563 11568 11569 11570 11571 11572 11712 11713 11714 11715 11453 11454 11583 11644 11645 11646 11647 10852 10853 10816 10855 Elevation of Privilege 11497 Elevation of Privilege 11498 Elevation of Privilege 11499 Elevation of Privilege 11563 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11712 Elevation of Privilege 11713 Elevation of Privilege 11714 Elevation of Privilege 11715 Elevation of Privilege 11453 Elevation of Privilege 11454 Elevation of Privilege 11583 Elevation of Privilege 11644 Elevation of Privilege 11645 Elevation of Privilege 11646 Elevation of Privilege 11647 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Important 11497 Important 11498 Important 11499 Important 11563 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11712 Important 11713 Important 11714 Important 11715 Important 11453 Important 11454 Important 11583 Important 11644 Important 11645 Important 11646 Important 11647 Important 10852 Important 10853 Important 10816 Important 10855 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11497 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11498 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11499 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11563 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11568 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11569 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11570 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11571 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11572 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11712 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11713 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11714 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11715 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11453 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11454 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11583 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11644 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11645 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11646 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11647 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10852 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10853 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10816 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10855 4556807 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556807 4550922 11497 11498 11499 11563 Yes Security Update 4551853 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4551853 4549949 11568 11569 11570 11571 11572 Yes Security Update 4551853 https://support.microsoft.com/help/4551853 11568 11569 11570 11571 11572 4556799 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556799 4549951 11712 11713 11714 11715 11644 11645 11646 11647 Yes Security Update 4556812 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556812 4550927 11453 11454 11583 Yes Security Update 4556813 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556813 4550929 10852 10853 10816 10855 Yes Security Update 4556813 https://support.microsoft.com/help/4556813 10852 10853 10816 10855 Zhiniang Peng (<a href="https://twitter.com/edwardzpeng">@edwardzpeng</a>) of Qihoo 360 Core security & Xuefeng Li Anonymous Researcher 1.0 2020-05-12T07:00:00Z <p>Information published.</p> Microsoft Windows Elevation of Privilege Vulnerability <p>An elevation of privilege vulnerability exists when the Windows fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.</p> <p>To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application to take control of an affected system.</p> <p>The update addresses the vulnerability by correcting how the Windows handles objects in memory.</p> Microsoft Windows Microsoft CVE-2020-1079 11497 11498 11499 11563 11568 11569 11570 11571 11572 11712 11713 11714 11715 11453 11454 11583 11644 11645 11646 11647 10729 10735 10852 10853 10816 10855 10481 10482 10484 10378 10379 10483 10543 Elevation of Privilege 11497 Elevation of Privilege 11498 Elevation of Privilege 11499 Elevation of Privilege 11563 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11712 Elevation of Privilege 11713 Elevation of Privilege 11714 Elevation of Privilege 11715 Elevation of Privilege 11453 Elevation of Privilege 11454 Elevation of Privilege 11583 Elevation of Privilege 11644 Elevation of Privilege 11645 Elevation of Privilege 11646 Elevation of Privilege 11647 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 10481 Elevation of Privilege 10482 Elevation of Privilege 10484 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11497 Important 11498 Important 11499 Important 11563 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11712 Important 11713 Important 11714 Important 11715 Important 11453 Important 11454 Important 11583 Important 11644 Important 11645 Important 11646 Important 11647 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10481 Important 10482 Important 10484 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11497 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11498 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11499 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11563 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11568 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11569 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11570 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11571 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11572 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11712 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11713 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11714 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11715 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11453 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11454 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11583 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11644 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11645 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11646 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11647 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10729 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10735 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10852 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10853 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10816 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10855 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10481 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10482 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10484 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10378 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10379 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10483 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10543 4556807 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556807 4550922 11497 11498 11499 11563 Yes Security Update 4551853 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4551853 4549949 11568 11569 11570 11571 11572 Yes Security Update 4551853 https://support.microsoft.com/help/4551853 11568 11569 11570 11571 11572 4556799 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556799 4549951 11712 11713 11714 11715 11644 11645 11646 11647 Yes Security Update 4556812 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556812 4550927 11453 11454 11583 Yes Security Update 4556826 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556826 4550930 10729 10735 Yes Security Update 4556813 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556813 4550929 10852 10853 10816 10855 Yes Security Update 4556813 https://support.microsoft.com/help/4556813 10852 10853 10816 10855 4556846 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556846 4550961 10481 10482 10484 10483 10543 Yes Monthly Rollup 4556853 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556853 10481 10482 10483 10543 Yes Security Only 4556840 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556840 4550917 10378 10379 Yes Monthly Rollup 4556852 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556852 10378 10379 Yes Security Only Shefang Zhong of <a href="http://www.360.com/">Qihoo 360 Vulcan Team</a> 1.0 2020-05-12T07:00:00Z <p>Information published.</p> Windows Printer Service Elevation of Privilege Vulnerability <p>An elevation of privilege vulnerability exists when the Windows Printer Service improperly validates file paths while loading printer drivers. An authenticated attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges.</p> <p>To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system.</p> <p>The update addresses this vulnerability by correcting how the Windows Printer Service validates file paths.</p> Microsoft Windows Microsoft CVE-2020-1081 11497 11498 11499 11563 11568 11569 11570 11571 11572 11712 11713 11714 11715 11453 11454 11583 11644 11645 11646 11647 10729 10735 10852 10853 10816 10855 10047 10048 10481 10482 10484 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11497 Elevation of Privilege 11498 Elevation of Privilege 11499 Elevation of Privilege 11563 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11712 Elevation of Privilege 11713 Elevation of Privilege 11714 Elevation of Privilege 11715 Elevation of Privilege 11453 Elevation of Privilege 11454 Elevation of Privilege 11583 Elevation of Privilege 11644 Elevation of Privilege 11645 Elevation of Privilege 11646 Elevation of Privilege 11647 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 10047 Elevation of Privilege 10048 Elevation of Privilege 10481 Elevation of Privilege 10482 Elevation of Privilege 10484 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11497 Important 11498 Important 11499 Important 11563 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11712 Important 11713 Important 11714 Important 11715 Important 11453 Important 11454 Important 11583 Important 11644 Important 11645 Important 11646 Important 11647 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10047 Important 10048 Important 10481 Important 10482 Important 10484 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11497 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11498 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11499 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11563 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11568 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11569 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11570 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11571 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11572 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11712 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11713 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11714 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11715 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11453 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11454 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11583 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11644 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11645 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11646 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11647 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10729 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10735 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10852 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10853 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10816 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10855 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10047 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10048 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10481 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10482 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10484 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 9312 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10287 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 9318 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 9344 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10051 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10049 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10378 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10379 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10483 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10543 4556807 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556807 4550922 11497 11498 11499 11563 Yes Security Update 4551853 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4551853 4549949 11568 11569 11570 11571 11572 Yes Security Update 4551853 https://support.microsoft.com/help/4551853 11568 11569 11570 11571 11572 4556799 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556799 4549951 11712 11713 11714 11715 11644 11645 11646 11647 Yes Security Update 4556812 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556812 4550927 11453 11454 11583 Yes Security Update 4556826 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556826 4550930 10729 10735 Yes Security Update 4556813 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556813 4550929 10852 10853 10816 10855 Yes Security Update 4556813 https://support.microsoft.com/help/4556813 10852 10853 10816 10855 4556836 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556836 4550964 10047 10048 10051 10049 Yes Monthly Rollup 4556836 https://support.microsoft.com/help/4556836 10047 10048 10051 10049 4556843 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556843 10047 10048 10051 10049 Yes Security Only 4556843 https://support.microsoft.com/help/4556843 10047 10048 10051 10049 4556846 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556846 4550961 10481 10482 10484 10483 10543 Yes Monthly Rollup 4556853 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556853 10481 10482 10483 10543 Yes Security Only 4556860 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556860 4550951 9312 10287 9318 9344 Yes Monthly Rollup 4556860 https://support.microsoft.com/help/4556860 9312 10287 9318 9344 4556854 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556854 9312 10287 9318 9344 Yes Security Only 4556854 https://support.microsoft.com/help/4556854 9312 10287 9318 9344 4556840 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556840 4550917 10378 10379 Yes Monthly Rollup 4556852 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556852 10378 10379 Yes Security Only <a href="https://twitter.com/kkokkokye">JeongOh Kyea</a> of THEORI 1.0 2020-05-12T07:00:00Z <p>Information published.</p> Windows Error Reporting Elevation of Privilege Vulnerability <p>An elevation of privilege vulnerability exists in Windows Error Reporting (WER) when WER handles and executes files. The vulnerability could allow elevation of privilege if an attacker can successfully exploit it.</p> <p>An attacker who successfully exploited the vulnerability could gain greater access to sensitive information and system functionality. To exploit the vulnerability, an attacker could run a specially crafted application.</p> <p>The security update addresses the vulnerability by correcting the way that WER handles and executes files.</p> Microsoft Windows Microsoft CVE-2020-1082 11497 11498 11499 11563 11568 11569 11570 11571 11572 11712 11713 11714 11715 11453 11454 11583 11644 11645 11646 11647 10729 10735 10852 10853 10816 10855 Elevation of Privilege 11497 Elevation of Privilege 11498 Elevation of Privilege 11499 Elevation of Privilege 11563 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11712 Elevation of Privilege 11713 Elevation of Privilege 11714 Elevation of Privilege 11715 Elevation of Privilege 11453 Elevation of Privilege 11454 Elevation of Privilege 11583 Elevation of Privilege 11644 Elevation of Privilege 11645 Elevation of Privilege 11646 Elevation of Privilege 11647 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Important 11497 Important 11498 Important 11499 Important 11563 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11712 Important 11713 Important 11714 Important 11715 Important 11453 Important 11454 Important 11583 Important 11644 Important 11645 Important 11646 Important 11647 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11497 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11498 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11499 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11563 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11568 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11569 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11570 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11571 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11572 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11712 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11713 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11714 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11715 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11453 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11454 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11583 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11644 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11645 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11646 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11647 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10729 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10735 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10852 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10853 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10816 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10855 4556807 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556807 4550922 11497 11498 11499 11563 Yes Security Update 4551853 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4551853 4549949 11568 11569 11570 11571 11572 Yes Security Update 4551853 https://support.microsoft.com/help/4551853 11568 11569 11570 11571 11572 4556799 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556799 4549951 11712 11713 11714 11715 11644 11645 11646 11647 Yes Security Update 4556812 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556812 4550927 11453 11454 11583 Yes Security Update 4556826 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556826 4550930 10729 10735 Yes Security Update 4556813 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556813 4550929 10852 10853 10816 10855 Yes Security Update 4556813 https://support.microsoft.com/help/4556813 10852 10853 10816 10855 <a href=https://www.linkedin.com/in/dimopouloselias>Ilias Dimopoulos</a> a.k.a gweeperx (<a href=https://twitter.com/gweeperx>@gweeperx</a>) 1.0 2020-05-12T07:00:00Z <p>Information published.</p> Windows Runtime Elevation of Privilege Vulnerability <p>An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in an elevated context.</p> <p>An attacker could exploit this vulnerability by running a specially crafted application on the victim system.</p> <p>The update addresses the vulnerability by correcting the way the Windows Runtime handles objects in memory.</p> Microsoft Windows Microsoft CVE-2020-1086 11497 11498 11499 11563 11568 11569 11570 11571 11572 11712 11713 11714 11715 11453 11454 11583 11644 11645 11646 11647 10729 10735 10852 10853 10816 10855 Elevation of Privilege 11497 Elevation of Privilege 11498 Elevation of Privilege 11499 Elevation of Privilege 11563 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11712 Elevation of Privilege 11713 Elevation of Privilege 11714 Elevation of Privilege 11715 Elevation of Privilege 11453 Elevation of Privilege 11454 Elevation of Privilege 11583 Elevation of Privilege 11644 Elevation of Privilege 11645 Elevation of Privilege 11646 Elevation of Privilege 11647 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Important 11497 Important 11498 Important 11499 Important 11563 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11712 Important 11713 Important 11714 Important 11715 Important 11453 Important 11454 Important 11583 Important 11644 Important 11645 Important 11646 Important 11647 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11497 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11498 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11499 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11563 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11568 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11569 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11570 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11571 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11572 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11712 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11713 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11714 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11715 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11453 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11454 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11583 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11644 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11645 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11646 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11647 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10729 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10735 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10852 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10853 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10816 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10855 4556807 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556807 4550922 11497 11498 11499 11563 Yes Security Update 4551853 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4551853 4549949 11568 11569 11570 11571 11572 Yes Security Update 4551853 https://support.microsoft.com/help/4551853 11568 11569 11570 11571 11572 4556799 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556799 4549951 11712 11713 11714 11715 11644 11645 11646 11647 Yes Security Update 4556812 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556812 4550927 11453 11454 11583 Yes Security Update 4556826 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556826 4550930 10729 10735 Yes Security Update 4556813 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556813 4550929 10852 10853 10816 10855 Yes Security Update 4556813 https://support.microsoft.com/help/4556813 10852 10853 10816 10855 Zhiniang Peng (<a href="https://twitter.com/edwardzpeng">@edwardzpeng</a>) of Qihoo 360 Core Security & Haoran Qin (<a href="https://twitter.com/Q4n">@Q4n</a>) 1.0 2020-05-12T07:00:00Z <p>Information published.</p> Windows Kernel Elevation of Privilege Vulnerability <p>An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.</p> <p>To exploit the vulnerability, a locally authenticated attacker could run a specially crafted application.</p> <p>The security update addresses the vulnerability by ensuring the Windows Kernel properly handles objects in memory.</p> Windows Kernel Microsoft CVE-2020-1087 11497 11498 11499 11563 11568 11569 11570 11571 11572 11712 11713 11714 11715 11453 11454 11583 11644 11645 11646 11647 Elevation of Privilege 11497 Elevation of Privilege 11498 Elevation of Privilege 11499 Elevation of Privilege 11563 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11712 Elevation of Privilege 11713 Elevation of Privilege 11714 Elevation of Privilege 11715 Elevation of Privilege 11453 Elevation of Privilege 11454 Elevation of Privilege 11583 Elevation of Privilege 11644 Elevation of Privilege 11645 Elevation of Privilege 11646 Elevation of Privilege 11647 Important 11497 Important 11498 Important 11499 Important 11563 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11712 Important 11713 Important 11714 Important 11715 Important 11453 Important 11454 Important 11583 Important 11644 Important 11645 Important 11646 Important 11647 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11497 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11498 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11499 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11563 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11568 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11569 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11570 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11571 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11572 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11712 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11713 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11714 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11715 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11453 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11454 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11583 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11644 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11645 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11646 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11647 4556807 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556807 4550922 11497 11498 11499 11563 Yes Security Update 4551853 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4551853 4549949 11568 11569 11570 11571 11572 Yes Security Update 4551853 https://support.microsoft.com/help/4551853 11568 11569 11570 11571 11572 4556799 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556799 4549951 11712 11713 11714 11715 11644 11645 11646 11647 Yes Security Update 4556812 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556812 4550927 11453 11454 11583 Yes Security Update Anonymous Finder bee13oy of Qihoo 360 Vulcan Team pgboy (http://weibo.com/pgboy1988) of 360vulcan 1.0 2020-05-12T07:00:00Z <p>Information published.</p> Windows Error Reporting Elevation of Privilege Vulnerability <p>An elevation of privilege vulnerability exists in Windows Error Reporting (WER) when WER handles and executes files. The vulnerability could allow elevation of privilege if an attacker can successfully exploit it.</p> <p>An attacker who successfully exploited the vulnerability could gain greater access to sensitive information and system functionality. To exploit the vulnerability, an attacker could run a specially crafted application.</p> <p>The security update addresses the vulnerability by correcting the way that WER handles and executes files.</p> Microsoft Windows Microsoft CVE-2020-1088 11497 11498 11499 11563 11568 11569 11570 11571 11572 11712 11713 11714 11715 11453 11454 11583 11644 11645 11646 11647 10729 10735 10852 10853 10816 10855 Elevation of Privilege 11497 Elevation of Privilege 11498 Elevation of Privilege 11499 Elevation of Privilege 11563 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11712 Elevation of Privilege 11713 Elevation of Privilege 11714 Elevation of Privilege 11715 Elevation of Privilege 11453 Elevation of Privilege 11454 Elevation of Privilege 11583 Elevation of Privilege 11644 Elevation of Privilege 11645 Elevation of Privilege 11646 Elevation of Privilege 11647 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Important 11497 Important 11498 Important 11499 Important 11563 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11712 Important 11713 Important 11714 Important 11715 Important 11453 Important 11454 Important 11583 Important 11644 Important 11645 Important 11646 Important 11647 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11497 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11498 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11499 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11563 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11568 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11569 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11570 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11571 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11572 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11712 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11713 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11714 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11715 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11453 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11454 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11583 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11644 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11645 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11646 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11647 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10729 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10735 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10852 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10853 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10816 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10855 4556807 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556807 4550922 11497 11498 11499 11563 Yes Security Update 4551853 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4551853 4549949 11568 11569 11570 11571 11572 Yes Security Update 4551853 https://support.microsoft.com/help/4551853 11568 11569 11570 11571 11572 4556799 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556799 4549951 11712 11713 11714 11715 11644 11645 11646 11647 Yes Security Update 4556812 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556812 4550927 11453 11454 11583 Yes Security Update 4556826 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556826 4550930 10729 10735 Yes Security Update 4556813 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556813 4550929 10852 10853 10816 10855 Yes Security Update 4556813 https://support.microsoft.com/help/4556813 10852 10853 10816 10855 <a href="https://twitter.com/fritzboger">Søren Fritzbøger</a> <a href="https://www.mcerlane.co.uk">Conor McErlane</a> 1.0 2020-05-12T07:00:00Z <p>Information published.</p> Windows Runtime Elevation of Privilege Vulnerability <p>An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in an elevated context.</p> <p>An attacker could exploit this vulnerability by running a specially crafted application on the victim system.</p> <p>The update addresses the vulnerability by correcting the way the Windows Runtime handles objects in memory.</p> Microsoft Windows Microsoft CVE-2020-1090 11497 11498 11499 11563 11568 11569 11570 11571 11572 11712 11713 11714 11715 11453 11454 11583 11644 11645 11646 11647 10852 10853 10816 10855 Elevation of Privilege 11497 Elevation of Privilege 11498 Elevation of Privilege 11499 Elevation of Privilege 11563 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11712 Elevation of Privilege 11713 Elevation of Privilege 11714 Elevation of Privilege 11715 Elevation of Privilege 11453 Elevation of Privilege 11454 Elevation of Privilege 11583 Elevation of Privilege 11644 Elevation of Privilege 11645 Elevation of Privilege 11646 Elevation of Privilege 11647 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Important 11497 Important 11498 Important 11499 Important 11563 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11712 Important 11713 Important 11714 Important 11715 Important 11453 Important 11454 Important 11583 Important 11644 Important 11645 Important 11646 Important 11647 Important 10852 Important 10853 Important 10816 Important 10855 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11497 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11498 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11499 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11563 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11568 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11569 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11570 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11571 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11572 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11712 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11713 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11714 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11715 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11453 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11454 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11583 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11644 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11645 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11646 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11647 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10852 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10853 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10816 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10855 4556807 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556807 4550922 11497 11498 11499 11563 Yes Security Update 4551853 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4551853 4549949 11568 11569 11570 11571 11572 Yes Security Update 4551853 https://support.microsoft.com/help/4551853 11568 11569 11570 11571 11572 4556799 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556799 4549951 11712 11713 11714 11715 11644 11645 11646 11647 Yes Security Update 4556812 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556812 4550927 11453 11454 11583 Yes Security Update 4556813 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556813 4550929 10852 10853 10816 10855 Yes Security Update 4556813 https://support.microsoft.com/help/4556813 10852 10853 10816 10855 Zhiniang Peng (<a href="https://twitter.com/edwardzpeng">@edwardzpeng</a>) of Qihoo 360 Core Security & Fangming Gu (<a href="https://twitter.com/afang5472">@afang5472</a>) Anonymous 1.0 2020-05-12T07:00:00Z <p>Information published.</p> Internet Explorer Memory Corruption Vulnerability <p>A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, the attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.</p> <p>An attacker could host a specially crafted website designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website. The attacker could also take advantage of compromised websites, or websites that accept or host user-provided content or advertisements, by adding specially crafted content that could exploit the vulnerability. However, in all cases an attacker would have no way to force a user to view the attacker-controlled content. Instead, an attacker would have to convince a user to take action, typically by an enticement in an email or instant message, or by getting the user to open an attachment sent through email.</p> <p>The security update addresses the vulnerability by modifying how Internet Explorer handles objects in memory.</p> Internet Explorer Microsoft CVE-2020-1092 10336-9312 10336-9318 10486-11497 10486-11498 10486-11563 10486-11568 10486-11569 10486-11570 10486-11571 10486-11712 10486-11713 10486-11714 10486-11453 10486-11454 10486-11583 10486-11644 10486-11645 10486-11646 10486-10729 10486-10735 10486-10852 10486-10853 10486-10816 10486-10047 10486-10048 10486-10481 10486-10482 10486-10484 10486-10051 10486-10378 10486-10483 Remote Code Execution 10336-9312 Remote Code Execution 10336-9318 Remote Code Execution 10486-11497 Remote Code Execution 10486-11498 Remote Code Execution 10486-11563 Remote Code Execution 10486-11568 Remote Code Execution 10486-11569 Remote Code Execution 10486-11570 Remote Code Execution 10486-11571 Remote Code Execution 10486-11712 Remote Code Execution 10486-11713 Remote Code Execution 10486-11714 Remote Code Execution 10486-11453 Remote Code Execution 10486-11454 Remote Code Execution 10486-11583 Remote Code Execution 10486-11644 Remote Code Execution 10486-11645 Remote Code Execution 10486-11646 Remote Code Execution 10486-10729 Remote Code Execution 10486-10735 Remote Code Execution 10486-10852 Remote Code Execution 10486-10853 Remote Code Execution 10486-10816 Remote Code Execution 10486-10047 Remote Code Execution 10486-10048 Remote Code Execution 10486-10481 Remote Code Execution 10486-10482 Remote Code Execution 10486-10484 Remote Code Execution 10486-10051 Remote Code Execution 10486-10378 Remote Code Execution 10486-10483 Low 10336-9312 Low 10336-9318 Important 10486-11497 Important 10486-11498 Important 10486-11563 Important 10486-11568 Important 10486-11569 Important 10486-11570 Low 10486-11571 Important 10486-11712 Important 10486-11713 Important 10486-11714 Important 10486-11453 Important 10486-11454 Important 10486-11583 Important 10486-11644 Important 10486-11645 Important 10486-11646 Important 10486-10729 Important 10486-10735 Important 10486-10852 Important 10486-10853 Low 10486-10816 Important 10486-10047 Important 10486-10048 Important 10486-10481 Important 10486-10482 Important 10486-10484 Low 10486-10051 Low 10486-10378 Low 10486-10483 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 6.4 5.8 CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10336-9312 6.4 5.8 CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10336-9318 7.5 6.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10486-11497 7.5 6.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10486-11498 7.5 6.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10486-11563 7.5 6.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10486-11568 7.5 6.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10486-11569 7.5 6.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10486-11570 6.4 5.8 CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10486-11571 7.5 6.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10486-11712 7.5 6.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10486-11713 7.5 6.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10486-11714 7.5 6.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10486-11453 7.5 6.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10486-11454 7.5 6.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10486-11583 7.5 6.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10486-11644 7.5 6.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10486-11645 7.5 6.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10486-11646 7.5 6.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10486-10729 7.5 6.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10486-10735 7.5 6.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10486-10852 7.5 6.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10486-10853 6.4 5.8 CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10486-10816 7.5 6.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10486-10047 7.5 6.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10486-10048 7.5 6.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10486-10481 7.5 6.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10486-10482 7.5 6.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10486-10484 6.4 5.8 CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10486-10051 6.4 5.8 CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10486-10378 6.4 5.8 CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10486-10483 4556860 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556860 4550951 10336-9312 10336-9318 Yes Monthly Rollup 4556860 https://support.microsoft.com/help/4556860 10336-9312 10336-9318 4556798 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556798 4550905 10336-9312 10336-9318 10486-10047 10486-10048 10486-10481 10486-10482 10486-10051 10486-10378 10486-10483 Yes IE Cumulative 4556807 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556807 4550922 10486-11497 10486-11498 10486-11563 Yes Security Update 4551853 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4551853 4549949 10486-11568 10486-11569 10486-11570 10486-11571 Yes Security Update 4551853 https://support.microsoft.com/help/4551853 10486-11568 10486-11569 10486-11570 10486-11571 4556799 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556799 4549951 10486-11712 10486-11713 10486-11714 10486-11644 10486-11645 10486-11646 Yes Security Update 4556812 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556812 4550927 10486-11453 10486-11454 10486-11583 Yes Security Update 4556826 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556826 4550930 10486-10729 10486-10735 Yes Security Update 4556813 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556813 4550929 10486-10852 10486-10853 10486-10816 Yes Security Update 4556813 https://support.microsoft.com/help/4556813 10486-10852 10486-10853 10486-10816 4556836 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556836 4550964 10486-10047 10486-10048 10486-10051 Yes Monthly Rollup 4556836 https://support.microsoft.com/help/4556836 10486-10047 10486-10048 10486-10051 4556846 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556846 4550961 10486-10481 10486-10482 10486-10484 10486-10483 Yes Monthly Rollup 4556840 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556840 4550917 10486-10378 Yes Monthly Rollup @j00sean 1.0 2020-05-12T07:00:00Z <p>Information published.</p> Microsoft Office SharePoint XSS Vulnerability <p>A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.</p> <p>The attacker who successfully exploited the vulnerability could then perform cross-site scripting attacks on affected systems and run script in the security context of the current user. The attacks could allow the attacker to read content that the attacker is not authorized to read, use the victim's identity to take actions on the SharePoint site on behalf of the user, such as change permissions and delete content, and inject malicious content in the browser of the user.</p> <p>The security update addresses the vulnerability by helping to ensure that SharePoint Server properly sanitizes web requests.</p> Microsoft Office SharePoint Microsoft CVE-2020-1100 10950 11099 11585 10495 Spoofing 10950 Spoofing 11099 Spoofing 11585 Spoofing 10495 Important 10950 Important 11099 Important 11585 Important 10495 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 4484336 https://www.microsoft.com/download/details.aspx?familyid=4943205b-b1fc-4faf-8a2f-3f35afdb3178 4484299 10950 Maybe Security Update 4484352 https://www.microsoft.com/download/details.aspx?familyid=bea43daa-88d3-43bd-b312-c9f65854f2ee 4484308 11099 Maybe Security Update 4484332 https://www.microsoft.com/download/details.aspx?familyid=74d91329-15bb-4cfb-9040-5860a4e27805 4484292 11585 Maybe Security Update 4484383 https://www.microsoft.com/download/details.aspx?familyid=6eaf8911-a138-4462-94bf-f64bf2770d98 4484297 10495 Maybe Security Update Huynh Phuoc Hung, <a href="https://twitter.com/hph0var">@hph0var</a> 1.0 2020-05-12T07:00:00Z <p>Information published.</p> Microsoft SharePoint Remote Code Execution Vulnerability <p>A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application pool and the SharePoint server farm account.</p> <p>Exploitation of this vulnerability requires that a user uploads a specially crafted SharePoint application package to an affected version of SharePoint.</p> <p>The security update addresses the vulnerability by correcting how SharePoint checks the source markup of application packages.</p> Microsoft Office SharePoint Microsoft CVE-2020-1102 10950 11585 Remote Code Execution 10950 Remote Code Execution 11585 Critical 10950 Critical 11585 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 4484336 https://www.microsoft.com/download/details.aspx?familyid=4943205b-b1fc-4faf-8a2f-3f35afdb3178 4484299 10950 Maybe Security Update 4484332 https://www.microsoft.com/download/details.aspx?familyid=74d91329-15bb-4cfb-9040-5860a4e27805 4484292 11585 Maybe Security Update Secventuregroup working with <a href="https://www.zerodayinitiative.com/">Trend Micro's Zero Day Initiative</a> 1.0 2020-05-12T07:00:00Z <p>Information published.</p> Microsoft SharePoint Information Disclosure Vulnerability <p>An information disclosure vulnerability exists where certain modes of the search function in Microsoft SharePoint Server are vulnerable to cross-site search attacks (a variant of cross-site request forgery, CSRF).</p> <p>When users are simultaneously logged in to Microsoft SharePoint Server and visit a malicious web page, the attacker can, through standard browser functionality, induce the browser to invoke search queries as the logged in user. While the attacker can’t access the search results or documents as such, the attacker can determine whether the query did return results or not, and thus by issuing targeted queries discover facts about documents that are searchable for the logged-in user.</p> <p>The security update addresses the vulnerability by running the search queries in a way that doesn’t expose them to this browser vulnerability.</p> <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>The type of information that could be disclosed if an attacker successfully exploited this vulnerability is unauthorized file system access - reading from the file system.</p> Microsoft Office SharePoint Microsoft CVE-2020-1103 10950 11585 10612 Information Disclosure 10950 Information Disclosure 11585 Information Disclosure 10612 Important 10950 Important 11585 Important 10612 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 4484336 https://www.microsoft.com/download/details.aspx?familyid=4943205b-b1fc-4faf-8a2f-3f35afdb3178 4484299 10950 Maybe Security Update 4484332 https://www.microsoft.com/download/details.aspx?familyid=74d91329-15bb-4cfb-9040-5860a4e27805 4484292 11585 Maybe Security Update 4484364 https://www.microsoft.com/download/details.aspx?familyid=2a44537d-f219-46f5-9c20-c5455b5ed61c 4484321 10612 Maybe Security Update Oleksandr Mirosh (@olekmirosh) from Micro Focus Fortify 1.0 2020-05-12T07:00:00Z <p>Information published.</p> Microsoft SharePoint Spoofing Vulnerability <p>A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.</p> <p>The attacker who successfully exploited the vulnerability could then perform cross-site scripting attacks on affected systems and run script in the security context of the current user. These attacks could allow the attacker to read content that the attacker is not authorized to read, use the victim's identity to take actions on the SharePoint site on behalf of the user, such as change permissions and delete content, and inject malicious content in the browser of the user.</p> <p>The security update addresses the vulnerability by helping to ensure that SharePoint Server properly sanitizes web requests.</p> Microsoft Office SharePoint Microsoft CVE-2020-1104 10950 11585 10612 Spoofing 10950 Spoofing 11585 Spoofing 10612 Important 10950 Important 11585 Important 10612 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 4484336 https://www.microsoft.com/download/details.aspx?familyid=4943205b-b1fc-4faf-8a2f-3f35afdb3178 4484299 10950 Maybe Security Update 4484332 https://www.microsoft.com/download/details.aspx?familyid=74d91329-15bb-4cfb-9040-5860a4e27805 4484292 11585 Maybe Security Update 4484364 https://www.microsoft.com/download/details.aspx?familyid=2a44537d-f219-46f5-9c20-c5455b5ed61c 4484321 10612 Maybe Security Update Huynh Phuoc Hung, <a href="https://twitter.com/hph0var">@hph0var</a> 1.0 2020-05-12T07:00:00Z <p>Information published.</p> Microsoft SharePoint Spoofing Vulnerability <p>A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.</p> <p>The attacker who successfully exploited the vulnerability could then perform cross-site scripting attacks on affected systems and run script in the security context of the current user. These attacks could allow the attacker to read content that the attacker is not authorized to read, use the victim's identity to take actions on the SharePoint site on behalf of the user, such as change permissions and delete content, and inject malicious content in the browser of the user.</p> <p>The security update addresses the vulnerability by helping to ensure that SharePoint Server properly sanitizes web requests.</p> Microsoft Office SharePoint Microsoft CVE-2020-1105 10950 10612 Spoofing 10950 Spoofing 10612 Important 10950 Important 10612 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 4484336 https://www.microsoft.com/download/details.aspx?familyid=4943205b-b1fc-4faf-8a2f-3f35afdb3178 4484299 10950 Maybe Security Update 4484364 https://www.microsoft.com/download/details.aspx?familyid=2a44537d-f219-46f5-9c20-c5455b5ed61c 4484321 10612 Maybe Security Update <a href="https://www.aswsec.com">Adam Willard</a> 1.0 2020-05-12T07:00:00Z <p>Information published.</p> Microsoft Office SharePoint XSS Vulnerability <p>A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.</p> <p>The attacker who successfully exploited the vulnerability could then perform cross-site scripting attacks on affected systems and run script in the security context of the current user. The attacks could allow the attacker to read content that the attacker is not authorized to read, use the victim's identity to take actions on the SharePoint site on behalf of the user, such as change permissions and delete content, and inject malicious content in the browser of the user.</p> <p>The security update addresses the vulnerability by helping to ensure that SharePoint Server properly sanitizes web requests.</p> Microsoft Office SharePoint Microsoft CVE-2020-1106 10950 11585 10612 Spoofing 10950 Spoofing 11585 Spoofing 10612 Important 10950 Important 11585 Important 10612 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 4484336 https://www.microsoft.com/download/details.aspx?familyid=4943205b-b1fc-4faf-8a2f-3f35afdb3178 4484299 10950 Maybe Security Update 4484332 https://www.microsoft.com/download/details.aspx?familyid=74d91329-15bb-4cfb-9040-5860a4e27805 4484292 11585 Maybe Security Update 4484364 https://www.microsoft.com/download/details.aspx?familyid=2a44537d-f219-46f5-9c20-c5455b5ed61c 4484321 10612 Maybe Security Update Huynh Phuoc Hung, <a href="https://twitter.com/hph0var">@hph0var</a> 1.0 2020-05-12T07:00:00Z <p>Information published.</p> .NET Core & .NET Framework Denial of Service Vulnerability <p>A denial of service vulnerability exists when .NET Core or .NET Framework improperly handles web requests. An attacker who successfully exploited this vulnerability could cause a denial of service against a .NET Core or .NET Framework web application. The vulnerability can be exploited remotely, without authentication.</p> <p>A remote unauthenticated attacker could exploit this vulnerability by issuing specially crafted requests to the .NET Core or .NET Framework application.</p> <p>The update addresses the vulnerability by correcting how the .NET Core or .NET Framework web application handles web requests.</p> .NET Core Microsoft CVE-2020-1108 11730 11565 11600 11658 11720 11756 11761 11617 11745 11529-10047 11529-10048 11529-10481 11529-10482 11529-10484 11529-10051 11529-10049 11529-10378 11529-10379 11529-10483 11529-10543 11650-11497 11650-11498 11650-11499 11650-11453 11650-11454 11650-10852 11650-10853 11650-10816 11650-10855 11650-10047 11650-10048 11650-10481 11650-10482 11650-10484 11650-10051 11650-10049 11650-10378 11650-10379 11650-10483 11650-10543 11676-11568 11676-11569 11676-11571 11676-11572 11676-11712 11676-11713 11676-11715 11676-11644 11676-11645 11676-11647 11677-11497 11677-11498 11677-11499 11677-11568 11677-11569 11677-11570 11677-11571 11677-11572 11723-10852 11723-10853 11723-10816 11723-10855 11725-11453 11725-11454 10728-9312 10728-9318 9292-9312 9292-9318 9195-9312 9195-9318 2472-10481 2472-10482 2472-10378 2472-10379 2472-10483 2472-10543 9495-10047 9495-10048 9495-10051 10636-10047 10636-10048 10636-10481 10636-10482 10636-10484 10636-9312 10636-9318 10636-10051 10636-10049 10636-10378 10636-10379 10636-10483 10636-10543 11676-11646 11676-11714 11725-11583 11764-10729 11764-10735 11677-11563 Denial of Service 11730 Denial of Service 11565 Denial of Service 11600 Denial of Service 11658 Denial of Service 11720 Denial of Service 11756 Denial of Service 11761 Denial of Service 11617 Denial of Service 11745 Denial of Service 11529-10047 Denial of Service 11529-10048 Denial of Service 11529-10481 Denial of Service 11529-10482 Denial of Service 11529-10484 Denial of Service 11529-10051 Denial of Service 11529-10049 Denial of Service 11529-10378 Denial of Service 11529-10379 Denial of Service 11529-10483 Denial of Service 11529-10543 Denial of Service 11650-11497 Denial of Service 11650-11498 Denial of Service 11650-11499 Denial of Service 11650-11453 Denial of Service 11650-11454 Denial of Service 11650-10852 Denial of Service 11650-10853 Denial of Service 11650-10816 Denial of Service 11650-10855 Denial of Service 11650-10047 Denial of Service 11650-10048 Denial of Service 11650-10481 Denial of Service 11650-10482 Denial of Service 11650-10484 Denial of Service 11650-10051 Denial of Service 11650-10049 Denial of Service 11650-10378 Denial of Service 11650-10379 Denial of Service 11650-10483 Denial of Service 11650-10543 Denial of Service 11676-11568 Denial of Service 11676-11569 Denial of Service 11676-11571 Denial of Service 11676-11572 Denial of Service 11676-11712 Denial of Service 11676-11713 Denial of Service 11676-11715 Denial of Service 11676-11644 Denial of Service 11676-11645 Denial of Service 11676-11647 Denial of Service 11677-11497 Denial of Service 11677-11498 Denial of Service 11677-11499 Denial of Service 11677-11568 Denial of Service 11677-11569 Denial of Service 11677-11570 Denial of Service 11677-11571 Denial of Service 11677-11572 Denial of Service 11723-10852 Denial of Service 11723-10853 Denial of Service 11723-10816 Denial of Service 11723-10855 Denial of Service 11725-11453 Denial of Service 11725-11454 Denial of Service 10728-9312 Denial of Service 10728-9318 Denial of Service 9292-9312 Denial of Service 9292-9318 Denial of Service 9195-9312 Denial of Service 9195-9318 Denial of Service 2472-10481 Denial of Service 2472-10482 Denial of Service 2472-10378 Denial of Service 2472-10379 Denial of Service 2472-10483 Denial of Service 2472-10543 Denial of Service 9495-10047 Denial of Service 9495-10048 Denial of Service 9495-10051 Denial of Service 10636-10047 Denial of Service 10636-10048 Denial of Service 10636-10481 Denial of Service 10636-10482 Denial of Service 10636-10484 Denial of Service 10636-9312 Denial of Service 10636-9318 Denial of Service 10636-10051 Denial of Service 10636-10049 Denial of Service 10636-10378 Denial of Service 10636-10379 Denial of Service 10636-10483 Denial of Service 10636-10543 Denial of Service 11676-11646 Denial of Service 11676-11714 Denial of Service 11725-11583 Denial of Service 11764-10729 Denial of Service 11764-10735 Denial of Service 11677-11563 Important 11730 Important 11565 Important 11600 Important 11658 Important 11720 Important 11756 Important 11761 Important 11617 Important 11745 Important 11529-10047 Important 11529-10048 Important 11529-10481 Important 11529-10482 Important 11529-10484 Important 11529-10051 Important 11529-10049 Important 11529-10378 Important 11529-10379 Important 11529-10483 Important 11529-10543 Important 11650-11497 Important 11650-11498 Important 11650-11499 Important 11650-11453 Important 11650-11454 Important 11650-10852 Important 11650-10853 Important 11650-10816 Important 11650-10855 Important 11650-10047 Important 11650-10048 Important 11650-10481 Important 11650-10482 Important 11650-10484 Important 11650-10051 Important 11650-10049 Important 11650-10378 Important 11650-10379 Important 11650-10483 Important 11650-10543 Important 11676-11568 Important 11676-11569 Important 11676-11571 Important 11676-11572 Important 11676-11712 Important 11676-11713 Important 11676-11715 Important 11676-11644 Important 11676-11645 Important 11676-11647 Important 11677-11497 Important 11677-11498 Important 11677-11499 Important 11677-11568 Important 11677-11569 Important 11677-11570 Important 11677-11571 Important 11677-11572 Important 11723-10852 Important 11723-10853 Important 11723-10816 Important 11723-10855 Important 11725-11453 Important 11725-11454 Important 10728-9312 Important 10728-9318 Important 9292-9312 Important 9292-9318 Important 9195-9312 Important 9195-9318 Important 2472-10481 Important 2472-10482 Important 2472-10378 Important 2472-10379 Important 2472-10483 Important 2472-10543 Important 9495-10047 Important 9495-10048 Important 9495-10051 Important 10636-10047 Important 10636-10048 Important 10636-10481 Important 10636-10482 Important 10636-10484 Important 10636-9312 Important 10636-9318 Important 10636-10051 Important 10636-10049 Important 10636-10378 Important 10636-10379 Important 10636-10483 Important 10636-10543 Important 11676-11646 Important 11676-11714 Important 11725-11583 Important 11764-10729 Important 11764-10735 Important 11677-11563 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A Release Notes https://dotnet.microsoft.com/download/dotnet-core/3.1 11730 11565 11600 11658 11720 11756 11761 11617 11745 Maybe Security Update 4556399 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4552919 11529-10047 11529-10048 11529-10051 11529-10049 11650-10047 11650-10048 11650-10051 11650-10049 9495-10047 9495-10048 9495-10051 10636-10047 10636-10048 10636-10051 10636-10049 Maybe Monthly Rollup 4556403 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4552951 11529-10047 11529-10048 11529-10051 11529-10049 11650-10047 11650-10048 11650-10051 11650-10049 9495-10047 9495-10048 9495-10051 10636-10047 10636-10048 10636-10051 10636-10049 Maybe Security Only 4556401 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4552923 11529-10481 11529-10482 11529-10484 11529-10483 11529-10543 11650-10481 11650-10482 11650-10484 11650-10483 11650-10543 2472-10481 2472-10482 2472-10483 2472-10543 10636-10481 10636-10482 10636-10484 10636-10483 10636-10543 Maybe Monthly Rollup 4556405 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4552959 11529-10481 11529-10482 11529-10483 11529-10543 11650-10481 11650-10482 11650-10483 11650-10543 2472-10481 2472-10482 2472-10483 2472-10543 10636-10481 10636-10482 10636-10483 10636-10543 Maybe Security Only 4556400 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4552922 11529-10378 11529-10379 11650-10378 11650-10379 2472-10378 2472-10379 10636-10378 10636-10379 Maybe Monthly Rollup 4556404 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4552958 11529-10378 11529-10379 11650-10378 11650-10379 2472-10378 2472-10379 10636-10378 10636-10379 Maybe Security Only 4552929 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4552929 4537479 11650-11497 11650-11498 11650-11499 Maybe Security Update 4552928 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4552928 4537478 11650-11453 11650-11454 Security Update 4552926 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4552926 4537477 11650-10852 11650-10853 11650-10816 11650-10855 Maybe Security Update 4556441 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4552930 4538156 11676-11568 11676-11569 11676-11571 11676-11572 11677-11568 11677-11569 11677-11570 11677-11571 11677-11572 Maybe Security Update 4552931 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4552931 4537572 11676-11712 11676-11713 11676-11715 11676-11644 11676-11645 11676-11647 11676-11646 11676-11714 Maybe Security Update 4556807 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556807 4550922 11677-11497 11677-11498 11677-11499 11677-11563 Yes Security Update 4556813 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556813 4550929 11723-10852 11723-10853 11723-10816 11723-10855 Yes Security Update 4556813 https://support.microsoft.com/help/4556813 11723-10852 11723-10853 11723-10816 11723-10855 4556812 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556812 4550927 11725-11453 11725-11454 11725-11583 Yes Security Update 4556402 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4552919 4533098; 4535105 10728-9312 10728-9318 9292-9312 9292-9318 9195-9312 9195-9318 10636-9312 10636-9318 Maybe Monthly Rollup 4556406 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4552951 10728-9312 10728-9318 9292-9312 9292-9318 9195-9312 9195-9318 10636-9312 10636-9318 Maybe Security Only 4556826 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556826 4550930 11764-10729 11764-10735 Yes Security Update 2.0 2020-05-14T07:00:00Z <p>In the Security Updates table, removed Microsoft .NET Framework 3.5 installed on Windows Server 2008 for Itanium-based Systems and Microsoft .NET Framework 3.5.1 installed on Windows Server 2008 R2 for Itanium-based Systems as these versions are no longer supported.</p> 1.1 2020-05-13T07:00:00Z <p>In the Security Updates table, corrected the Download links for .NET Core 2.1 and .NET Core 3.1. This is an informational change only.</p> 3.0 2020-05-15T07:00:00Z <p>Revised the Security Updates table to include PowerShell Core 6.2 and 7.0 because they are affected by CVE-2020-1108. See https://github.com/PowerShell/Announcements/issues/20 for more information.</p> 4.0 2020-06-09T07:00:00Z <p>To comprehensively address CVE-2020-1108, Microsoft has released updates for .NET Core 2.1 and .NET Core 3.1. Customers who use any of these versions of .NET Core should install the latest version of .NET Core. See the Release Notes (https://github.com/dotnet/announcements/issues/156) for the latest version numbers and instructions for updating .NET Core.</p> 5.0 2020-06-11T07:00:00Z <p>To comprehensively address CVE-2020-1108, Microsoft has released updates for PowerShell Core 6.2 and PowerShell 7.0. Customers who use any of these versions of PowerShell should install the latest version of PowerShell. See the Release Notes (https://github.com/powershell/announcements/issues/20) for the latest version numbers and instructions for updating PowerShell.</p> 1.0 2020-05-12T07:00:00Z <p>Information published.</p> Windows Update Stack Elevation of Privilege Vulnerability <p>An elevation of privilege vulnerability exists when the Windows Update Stack fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.</p> <p>To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application to take control of an affected system.</p> <p>The update addresses the vulnerability by correcting how the Windows Update Stack handles objects in memory.</p> Windows Update Stack Microsoft CVE-2020-1109 11497 11498 11499 11563 11568 11569 11570 11571 11572 11712 11713 11714 11715 11453 11454 11583 11644 11645 11646 11647 Elevation of Privilege 11497 Elevation of Privilege 11498 Elevation of Privilege 11499 Elevation of Privilege 11563 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11712 Elevation of Privilege 11713 Elevation of Privilege 11714 Elevation of Privilege 11715 Elevation of Privilege 11453 Elevation of Privilege 11454 Elevation of Privilege 11583 Elevation of Privilege 11644 Elevation of Privilege 11645 Elevation of Privilege 11646 Elevation of Privilege 11647 Important 11497 Important 11498 Important 11499 Important 11563 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11712 Important 11713 Important 11714 Important 11715 Important 11453 Important 11454 Important 11583 Important 11644 Important 11645 Important 11646 Important 11647 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11497 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11498 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11499 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11563 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11568 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11569 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11570 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11571 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11572 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11712 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11713 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11714 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11715 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11453 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11454 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11583 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11644 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11645 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11646 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11647 4556807 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556807 4550922 11497 11498 11499 11563 Yes Security Update 4551853 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4551853 4549949 11568 11569 11570 11571 11572 Yes Security Update 4551853 https://support.microsoft.com/help/4551853 11568 11569 11570 11571 11572 4556799 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556799 4549951 11712 11713 11714 11715 11644 11645 11646 11647 Yes Security Update 4556812 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556812 4550927 11453 11454 11583 Yes Security Update Shefang Zhong of <a href="http://www.360.com/">Qihoo 360 Vulcan Team</a> Zhiniang Peng (<a href="https://twitter.com/edwardzpeng">@edwardzpeng</a>) of Qihoo 360 Core Security & Jiadong Lu 1.1 2020-05-19T07:00:00Z <p>Updated acknowledgment. This is an informational change only.</p> 1.0 2020-05-12T07:00:00Z <p>Information published.</p> Windows Clipboard Service Elevation of Privilege Vulnerability <p>An elevation of privilege vulnerability exists when Windows improperly handles calls to Clipboard Service. An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.</p> <p>To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control over an affected system.</p> <p>The update addresses the vulnerability by correcting how Windows handles calls to Clipboard Service.</p> Microsoft Windows Microsoft CVE-2020-1111 11568 11569 11570 11571 11572 11712 11713 11714 11715 11644 11645 11646 11647 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11712 Elevation of Privilege 11713 Elevation of Privilege 11714 Elevation of Privilege 11715 Elevation of Privilege 11644 Elevation of Privilege 11645 Elevation of Privilege 11646 Elevation of Privilege 11647 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11712 Important 11713 Important 11714 Important 11715 Important 11644 Important 11645 Important 11646 Important 11647 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11568 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11569 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11570 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11571 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11572 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11712 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11713 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11714 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11715 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11644 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11645 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11646 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11647 4551853 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4551853 4549949 11568 11569 11570 11571 11572 Yes Security Update 4551853 https://support.microsoft.com/help/4551853 11568 11569 11570 11571 11572 4556799 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556799 4549951 11712 11713 11714 11715 11644 11645 11646 11647 Yes Security Update 1.0 2020-05-12T07:00:00Z <p>Information published.</p> Windows Background Intelligent Transfer Service Elevation of Privilege Vulnerability <p>An elevation of privilege vulnerability exists when the Windows Background Intelligent Transfer Service (BITS) IIS module improperly handles uploaded content. An attacker who successfully exploited this vulnerability could upload restricted file types to an IIS-hosted folder.</p> <p>To exploit this vulnerability, an attacker would require permissions to upload files via BITS. An attacker could then submit a specially crafted request to upload a file.</p> <p>The security update addresses the vulnerability by correcting how Windows BITS validates file names.</p> Microsoft Windows Microsoft CVE-2020-1112 11497 11498 11499 11563 11568 11569 11570 11571 11572 11712 11713 11714 11715 11453 11454 11583 11644 11645 11646 11647 10729 10735 10852 10853 10816 10855 10047 10048 10481 10482 10484 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11497 Elevation of Privilege 11498 Elevation of Privilege 11499 Elevation of Privilege 11563 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11712 Elevation of Privilege 11713 Elevation of Privilege 11714 Elevation of Privilege 11715 Elevation of Privilege 11453 Elevation of Privilege 11454 Elevation of Privilege 11583 Elevation of Privilege 11644 Elevation of Privilege 11645 Elevation of Privilege 11646 Elevation of Privilege 11647 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 10047 Elevation of Privilege 10048 Elevation of Privilege 10481 Elevation of Privilege 10482 Elevation of Privilege 10484 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11497 Important 11498 Important 11499 Important 11563 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11712 Important 11713 Important 11714 Important 11715 Important 11453 Important 11454 Important 11583 Important 11644 Important 11645 Important 11646 Important 11647 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10047 Important 10048 Important 10481 Important 10482 Important 10484 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 8.5 7.6 CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C 11497 8.5 7.6 CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C 11498 8.5 7.6 CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C 11499 8.5 7.6 CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C 11563 8.5 7.6 CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C 11568 8.5 7.6 CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C 11569 8.5 7.6 CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C 11570 8.5 7.6 CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C 11571 8.5 7.6 CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C 11572 8.5 7.6 CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C 11712 8.5 7.6 CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C 11713 8.5 7.6 CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C 11714 8.5 7.6 CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C 11715 8.5 7.6 CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C 11453 8.5 7.6 CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C 11454 8.5 7.6 CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C 11583 8.5 7.6 CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C 11644 8.5 7.6 CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C 11645 8.5 7.6 CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C 11646 8.5 7.6 CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C 11647 8.5 7.6 CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C 10729 8.5 7.6 CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C 10735 8.5 7.6 CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C 10852 8.5 7.6 CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C 10853 8.5 7.6 CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C 10816 8.5 7.6 CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C 10855 8.5 7.6 CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C 10047 8.5 7.6 CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C 10048 8.5 7.6 CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C 10481 8.5 7.6 CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C 10482 8.5 7.6 CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C 10484 8.5 7.6 CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C 9312 8.5 7.6 CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C 10287 8.5 7.6 CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C 9318 8.5 7.6 CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C 9344 8.5 7.6 CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C 10051 8.5 7.6 CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C 10049 8.5 7.6 CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C 10378 8.5 7.6 CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C 10379 8.5 7.6 CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C 10483 8.5 7.6 CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C 10543 4556807 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556807 4550922 11497 11498 11499 11563 Yes Security Update 4551853 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4551853 4549949 11568 11569 11570 11571 11572 Yes Security Update 4551853 https://support.microsoft.com/help/4551853 11568 11569 11570 11571 11572 4556799 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556799 4549951 11712 11713 11714 11715 11644 11645 11646 11647 Yes Security Update 4556812 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556812 4550927 11453 11454 11583 Yes Security Update 4556826 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556826 4550930 10729 10735 Yes Security Update 4556813 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556813 4550929 10852 10853 10816 10855 Yes Security Update 4556813 https://support.microsoft.com/help/4556813 10852 10853 10816 10855 4556836 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556836 4550964 10047 10048 10051 10049 Yes Monthly Rollup 4556836 https://support.microsoft.com/help/4556836 10047 10048 10051 10049 4556843 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556843 10047 10048 10051 10049 Yes Security Only 4556843 https://support.microsoft.com/help/4556843 10047 10048 10051 10049 4556846 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556846 4550961 10481 10482 10484 10483 10543 Yes Monthly Rollup 4556853 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556853 10481 10482 10483 10543 Yes Security Only 4556860 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556860 4550951 9312 10287 9318 9344 Yes Monthly Rollup 4556860 https://support.microsoft.com/help/4556860 9312 10287 9318 9344 4556854 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556854 9312 10287 9318 9344 Yes Security Only 4556854 https://support.microsoft.com/help/4556854 9312 10287 9318 9344 4556840 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556840 4550917 10378 10379 Yes Monthly Rollup 4556852 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556852 10378 10379 Yes Security Only Guido Principe Passini (<a href="https://twitter.com/divintzero">@DivIntZero</a>) of <a href="http://bawlsec.com/">BawlSec</a> 1.0 2020-05-12T07:00:00Z <p>Information published.</p> Microsoft Color Management Remote Code Execution Vulnerability <p>A remote code execution vulnerability exists in the way that the Color Management Module (ICM32.dll) handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.</p> <p>In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability and then convince users to view the website. An attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically by getting them to click a link in an email or Instant Messenger message that takes users to the attacker's website, or by opening an attachment sent through email.</p> <p>The security update addresses the vulnerability by correcting how Color Management Module handles objects in memory.</p> Microsoft Graphics Component Microsoft CVE-2020-1117 11497 11498 11499 11563 11568 11569 11570 11571 11572 11712 11713 11714 11715 11453 11454 11583 11644 11645 11646 11647 10852 10853 10816 10855 Remote Code Execution 11497 Remote Code Execution 11498 Remote Code Execution 11499 Remote Code Execution 11563 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11570 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11712 Remote Code Execution 11713 Remote Code Execution 11714 Remote Code Execution 11715 Remote Code Execution 11453 Remote Code Execution 11454 Remote Code Execution 11583 Remote Code Execution 11644 Remote Code Execution 11645 Remote Code Execution 11646 Remote Code Execution 11647 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Critical 11497 Critical 11498 Critical 11499 Critical 11563 Critical 11568 Critical 11569 Critical 11570 Critical 11571 Critical 11572 Critical 11712 Critical 11713 Critical 11714 Critical 11715 Critical 11453 Critical 11454 Critical 11583 Critical 11644 Critical 11645 Critical 11646 Critical 11647 Critical 10852 Critical 10853 Critical 10816 Critical 10855 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 8.8 7.9 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11497 8.8 7.9 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11498 8.8 7.9 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11499 8.8 7.9 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11563 8.8 7.9 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11568 8.8 7.9 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11569 8.8 7.9 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11570 8.8 7.9 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11571 8.8 7.9 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11572 8.8 7.9 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11712 8.8 7.9 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11713 8.8 7.9 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11714 8.8 7.9 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11715 8.8 7.9 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11453 8.8 7.9 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11454 8.8 7.9 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11583 8.8 7.9 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11644 8.8 7.9 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11645 8.8 7.9 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11646 8.8 7.9 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11647 8.8 7.9 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10852 8.8 7.9 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10853 8.8 7.9 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10816 8.8 7.9 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10855 4556807 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556807 4550922 11497 11498 11499 11563 Yes Security Update 4551853 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4551853 4549949 11568 11569 11570 11571 11572 Yes Security Update 4551853 https://support.microsoft.com/help/4551853 11568 11569 11570 11571 11572 4556799 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556799 4549951 11712 11713 11714 11715 11644 11645 11646 11647 Yes Security Update 4556812 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556812 4550927 11453 11454 11583 Yes Security Update 4556813 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556813 4550929 10852 10853 10816 10855 Yes Security Update 4556813 https://support.microsoft.com/help/4556813 10852 10853 10816 10855 Dhanesh Kizhakkinan of <a href="https://fireeye.com">FireEye Inc</a> 1.0 2020-05-12T07:00:00Z <p>Information published.</p> Windows Clipboard Service Elevation of Privilege Vulnerability <p>An elevation of privilege vulnerability exists when Windows improperly handles calls to Clipboard Service. An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.</p> <p>To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control over an affected system.</p> <p>The update addresses the vulnerability by correcting how Windows handles calls to Clipboard Service.</p> Microsoft Windows Microsoft CVE-2020-1121 11568 11569 11570 11571 11572 11712 11713 11714 11715 11644 11645 11646 11647 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11712 Elevation of Privilege 11713 Elevation of Privilege 11714 Elevation of Privilege 11715 Elevation of Privilege 11644 Elevation of Privilege 11645 Elevation of Privilege 11646 Elevation of Privilege 11647 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11712 Important 11713 Important 11714 Important 11715 Important 11644 Important 11645 Important 11646 Important 11647 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11568 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11569 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11570 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11571 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11572 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11712 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11713 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11714 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11715 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11644 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11645 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11646 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11647 4551853 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4551853 4549949 11568 11569 11570 11571 11572 Yes Security Update 4551853 https://support.microsoft.com/help/4551853 11568 11569 11570 11571 11572 4556799 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556799 4549951 11712 11713 11714 11715 11644 11645 11646 11647 Yes Security Update Zhiniang Peng (<a href="https://twitter.com/edwardzpeng">@edwardzpeng</a>) of Qihoo 360 Core Security & Haoran Qin (<a href="https://twitter.com/Q4n">@Q4n</a>) 1.0 2020-05-12T07:00:00Z <p>Information published.</p> Connected User Experiences and Telemetry Service Denial of Service Vulnerability <p>A denial of service vulnerability exists when Connected User Experiences and Telemetry Service improperly handles file operations. An attacker who successfully exploited this vulnerability could cause a system to stop responding.</p> <p>To exploit the vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability.</p> <p>The security update addresses the vulnerability by correcting how the Connected User Experiences and Telemetry Service handles file operations.</p> Microsoft Windows Microsoft CVE-2020-1123 11497 11498 11499 11563 11568 11569 11570 11571 11572 11712 11713 11714 11715 11453 11454 11583 11644 11645 11646 11647 10729 10735 10852 10853 10816 10855 Denial of Service 11497 Denial of Service 11498 Denial of Service 11499 Denial of Service 11563 Denial of Service 11568 Denial of Service 11569 Denial of Service 11570 Denial of Service 11571 Denial of Service 11572 Denial of Service 11712 Denial of Service 11713 Denial of Service 11714 Denial of Service 11715 Denial of Service 11453 Denial of Service 11454 Denial of Service 11583 Denial of Service 11644 Denial of Service 11645 Denial of Service 11646 Denial of Service 11647 Denial of Service 10729 Denial of Service 10735 Denial of Service 10852 Denial of Service 10853 Denial of Service 10816 Denial of Service 10855 Important 11497 Important 11498 Important 11499 Important 11563 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11712 Important 11713 Important 11714 Important 11715 Important 11453 Important 11454 Important 11583 Important 11644 Important 11645 Important 11646 Important 11647 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 11497 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 11498 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 11499 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 11563 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 11568 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 11569 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 11570 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 11571 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 11572 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 11712 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 11713 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 11714 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 11715 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 11453 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 11454 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 11583 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 11644 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 11645 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 11646 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 11647 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 10729 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 10735 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 10852 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 10853 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 10816 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 10855 4556807 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556807 4550922 11497 11498 11499 11563 Yes Security Update 4551853 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4551853 4549949 11568 11569 11570 11571 11572 Yes Security Update 4551853 https://support.microsoft.com/help/4551853 11568 11569 11570 11571 11572 4556799 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556799 4549951 11712 11713 11714 11715 11644 11645 11646 11647 Yes Security Update 4556812 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556812 4550927 11453 11454 11583 Yes Security Update 4556826 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556826 4550930 10729 10735 Yes Security Update 4556813 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556813 4550929 10852 10853 10816 10855 Yes Security Update 4556813 https://support.microsoft.com/help/4556813 10852 10853 10816 10855 <a href="https://www.mcerlane.co.uk">Conor McErlane</a> Gábor Selján (<A href="https://twitter.com/GaborSeljan">@GaborSeljan</a>) Zhiniang Peng (<a href="https://twitter.com/edwardzpeng">@edwardzpeng</a>) of Qihoo 360 Core security & Xuefeng Li 1.0 2020-05-12T07:00:00Z <p>Information published.</p> Windows Runtime Elevation of Privilege Vulnerability <p>An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in an elevated context.</p> <p>An attacker could exploit this vulnerability by running a specially crafted application on the victim system.</p> <p>The update addresses the vulnerability by correcting the way the Windows Runtime handles objects in memory.</p> Microsoft Windows Microsoft CVE-2020-1125 11497 11498 11499 11563 11568 11569 11570 11571 11572 11712 11713 11714 11715 11453 11454 11583 11644 11645 11646 11647 10729 10735 10852 10853 10816 10855 10481 10482 10484 Elevation of Privilege 11497 Elevation of Privilege 11498 Elevation of Privilege 11499 Elevation of Privilege 11563 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11712 Elevation of Privilege 11713 Elevation of Privilege 11714 Elevation of Privilege 11715 Elevation of Privilege 11453 Elevation of Privilege 11454 Elevation of Privilege 11583 Elevation of Privilege 11644 Elevation of Privilege 11645 Elevation of Privilege 11646 Elevation of Privilege 11647 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 10481 Elevation of Privilege 10482 Elevation of Privilege 10484 Important 11497 Important 11498 Important 11499 Important 11563 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11712 Important 11713 Important 11714 Important 11715 Important 11453 Important 11454 Important 11583 Important 11644 Important 11645 Important 11646 Important 11647 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10481 Important 10482 Important 10484 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11497 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11498 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11499 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11563 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11568 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11569 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11570 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11571 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11572 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11712 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11713 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11714 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11715 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11453 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11454 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11583 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11644 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11645 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11646 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11647 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10729 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10735 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10852 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10853 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10816 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10855 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10481 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10482 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10484 4556807 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556807 4550922 11497 11498 11499 11563 Yes Security Update 4551853 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4551853 4549949 11568 11569 11570 11571 11572 Yes Security Update 4551853 https://support.microsoft.com/help/4551853 11568 11569 11570 11571 11572 4556799 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556799 4549951 11712 11713 11714 11715 11644 11645 11646 11647 Yes Security Update 4556812 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556812 4550927 11453 11454 11583 Yes Security Update 4556826 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556826 4550930 10729 10735 Yes Security Update 4556813 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556813 4550929 10852 10853 10816 10855 Yes Security Update 4556813 https://support.microsoft.com/help/4556813 10852 10853 10816 10855 4556846 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556846 4550961 10481 10482 10484 Yes Monthly Rollup 4556853 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556853 10481 10482 Yes Security Only anonymous Zhiniang Peng (<a href="https://twitter.com/edwardzpeng">@edwardzpeng</a>) of Qihoo 360 Core Security & Fangming Gu (<a href="https://twitter.com/afang5472">@afang5472</a>) 1.0 2020-05-12T07:00:00Z <p>Information published.</p> Windows State Repository Service Elevation of Privilege Vulnerability <p>An elevation of privilege vulnerability exists when the Windows State Repository Service improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in an elevated context.</p> <p>An attacker could exploit this vulnerability by running a specially crafted application on the victim system.</p> <p>The update addresses the vulnerability by correcting the way the Windows State Repository Service handles objects in memory.</p> Microsoft Windows Microsoft CVE-2020-1131 11497 11498 11499 11563 11568 11569 11570 11571 11572 11712 11713 11714 11715 11453 11454 11583 11644 11645 11646 11647 10729 10735 10852 10853 10816 10855 Elevation of Privilege 11497 Elevation of Privilege 11498 Elevation of Privilege 11499 Elevation of Privilege 11563 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11712 Elevation of Privilege 11713 Elevation of Privilege 11714 Elevation of Privilege 11715 Elevation of Privilege 11453 Elevation of Privilege 11454 Elevation of Privilege 11583 Elevation of Privilege 11644 Elevation of Privilege 11645 Elevation of Privilege 11646 Elevation of Privilege 11647 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Important 11497 Important 11498 Important 11499 Important 11563 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11712 Important 11713 Important 11714 Important 11715 Important 11453 Important 11454 Important 11583 Important 11644 Important 11645 Important 11646 Important 11647 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 11497 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 11498 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 11499 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 11563 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 11568 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 11569 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 11570 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 11571 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 11572 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 11712 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 11713 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 11714 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 11715 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 11453 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 11454 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 11583 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 11644 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 11645 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 11646 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 11647 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 10729 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 10735 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 10852 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 10853 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 10816 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 10855 4556807 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556807 4550922 11497 11498 11499 11563 Yes Security Update 4551853 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4551853 4549949 11568 11569 11570 11571 11572 Yes Security Update 4551853 https://support.microsoft.com/help/4551853 11568 11569 11570 11571 11572 4556799 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556799 4549951 11712 11713 11714 11715 11644 11645 11646 11647 Yes Security Update 4556812 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556812 4550927 11453 11454 11583 Yes Security Update 4556826 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556826 4550930 10729 10735 Yes Security Update 4556813 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556813 4550929 10852 10853 10816 10855 Yes Security Update 4556813 https://support.microsoft.com/help/4556813 10852 10853 10816 10855 Zhiniang Peng (<a href="https://twitter.com/edwardzpeng">@edwardzpeng</a>) of Qihoo 360 Core security and Fangming Gu (<a href="https://twitter.com/afang5472">@afang5472</a>) 1.0 2020-05-12T07:00:00Z <p>Information published.</p> Windows Error Reporting Manager Elevation of Privilege Vulnerability <p>An elevation of privilege vulnerability exists when Windows Error Reporting manager improperly handles file and folder links. An attacker who successfully exploited this vulnerability could overwrite a targeted file leading to an elevated status.</p> <p>To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system.</p> <p>The security update addresses the vulnerability by correcting how Windows Error Reporting manager handles file and folder links.</p> Microsoft Windows Microsoft CVE-2020-1132 11497 11498 11499 11563 11568 11569 11570 11571 11572 11712 11713 11714 11715 11453 11454 11583 11644 11645 11646 11647 10729 10735 10852 10853 10816 10855 Elevation of Privilege 11497 Elevation of Privilege 11498 Elevation of Privilege 11499 Elevation of Privilege 11563 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11712 Elevation of Privilege 11713 Elevation of Privilege 11714 Elevation of Privilege 11715 Elevation of Privilege 11453 Elevation of Privilege 11454 Elevation of Privilege 11583 Elevation of Privilege 11644 Elevation of Privilege 11645 Elevation of Privilege 11646 Elevation of Privilege 11647 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Important 11497 Important 11498 Important 11499 Important 11563 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11712 Important 11713 Important 11714 Important 11715 Important 11453 Important 11454 Important 11583 Important 11644 Important 11645 Important 11646 Important 11647 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11497 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11498 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11499 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11563 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11568 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11569 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11570 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11571 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11572 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11712 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11713 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11714 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11715 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11453 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11454 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11583 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11644 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11645 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11646 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11647 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10729 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10735 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10852 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10853 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10816 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10855 4556807 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556807 4550922 11497 11498 11499 11563 Yes Security Update 4551853 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4551853 4549949 11568 11569 11570 11571 11572 Yes Security Update 4551853 https://support.microsoft.com/help/4551853 11568 11569 11570 11571 11572 4556799 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556799 4549951 11712 11713 11714 11715 11644 11645 11646 11647 Yes Security Update 4556812 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556812 4550927 11453 11454 11583 Yes Security Update 4556826 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556826 4550930 10729 10735 Yes Security Update 4556813 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556813 4550929 10852 10853 10816 10855 Yes Security Update 4556813 https://support.microsoft.com/help/4556813 10852 10853 10816 10855 Yuki Chen of <a href="https://www.360.com/">Qihoo 360 Vulcan Team</a> <a href="https://twitter.com/galdeleon">Gal De Leon</a> of Palo Alto Networks 1.0 2020-05-12T07:00:00Z <p>Information published.</p> Media Foundation Memory Corruption Vulnerability <p>A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory. An attacker who successfully exploited the vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights.</p> <p>There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit a malicious webpage.</p> <p>The security update addresses the vulnerability by correcting how Windows Media Foundation handles objects in memory.</p> Microsoft Windows Microsoft CVE-2020-1136 11497 11498 11499 11563 11568 11569 11570 11571 11572 11712 11713 11714 11715 11453 11454 11583 11644 11645 11646 11647 10729 10735 10852 10853 10816 10855 10481 10482 10484 10483 10543 Remote Code Execution 11497 Remote Code Execution 11498 Remote Code Execution 11499 Remote Code Execution 11563 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11570 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11712 Remote Code Execution 11713 Remote Code Execution 11714 Remote Code Execution 11715 Remote Code Execution 11453 Remote Code Execution 11454 Remote Code Execution 11583 Remote Code Execution 11644 Remote Code Execution 11645 Remote Code Execution 11646 Remote Code Execution 11647 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 10481 Remote Code Execution 10482 Remote Code Execution 10484 Remote Code Execution 10483 Remote Code Execution 10543 Critical 11497 Critical 11498 Critical 11499 Critical 11563 Critical 11568 Critical 11569 Critical 11570 Critical 11571 Critical 11572 Critical 11712 Critical 11713 Critical 11714 Critical 11715 Critical 11453 Critical 11454 Critical 11583 Critical 11644 Critical 11645 Critical 11646 Critical 11647 Critical 10729 Critical 10735 Critical 10852 Critical 10853 Critical 10816 Critical 10855 Critical 10481 Critical 10482 Critical 10484 Critical 10483 Critical 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11497 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11498 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11499 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11563 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11568 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11569 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11570 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11571 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11572 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11712 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11713 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11714 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11715 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11453 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11454 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11583 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11644 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11645 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11646 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11647 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10729 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10735 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10852 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10853 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10816 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10855 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10481 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10482 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10484 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10483 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10543 4556807 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556807 4550922 11497 11498 11499 11563 Yes Security Update 4551853 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4551853 4549949 11568 11569 11570 11571 11572 Yes Security Update 4551853 https://support.microsoft.com/help/4551853 11568 11569 11570 11571 11572 4556799 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556799 4549951 11712 11713 11714 11715 11644 11645 11646 11647 Yes Security Update 4556812 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556812 4550927 11453 11454 11583 Yes Security Update 4556826 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556826 4550930 10729 10735 Yes Security Update 4556813 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556813 4550929 10852 10853 10816 10855 Yes Security Update 4556813 https://support.microsoft.com/help/4556813 10852 10853 10816 10855 4556846 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556846 4550961 10481 10482 10484 10483 10543 Yes Monthly Rollup 4556853 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556853 10481 10482 10483 10543 Yes Security Only yangkang3 (<a href="https://twitter.com/dnpushme">@dnpushme</a>) of Qihoo 360 core security 1.0 2020-05-12T07:00:00Z <p>Information published.</p> Windows Runtime Elevation of Privilege Vulnerability <p>An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in an elevated context.</p> <p>An attacker could exploit this vulnerability by running a specially crafted application on the victim system.</p> <p>The update addresses the vulnerability by correcting the way the Windows Runtime handles objects in memory.</p> Microsoft Windows Microsoft CVE-2020-1139 11497 11498 11499 11563 11568 11569 11570 11571 11572 11712 11713 11714 11715 11453 11454 11583 11644 11645 11646 11647 10729 10735 10852 10853 10816 10855 Elevation of Privilege 11497 Elevation of Privilege 11498 Elevation of Privilege 11499 Elevation of Privilege 11563 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11712 Elevation of Privilege 11713 Elevation of Privilege 11714 Elevation of Privilege 11715 Elevation of Privilege 11453 Elevation of Privilege 11454 Elevation of Privilege 11583 Elevation of Privilege 11644 Elevation of Privilege 11645 Elevation of Privilege 11646 Elevation of Privilege 11647 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Important 11497 Important 11498 Important 11499 Important 11563 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11712 Important 11713 Important 11714 Important 11715 Important 11453 Important 11454 Important 11583 Important 11644 Important 11645 Important 11646 Important 11647 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11497 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11498 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11499 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11563 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11568 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11569 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11570 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11571 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11572 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11712 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11713 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11714 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11715 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11453 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11454 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11583 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11644 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11645 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11646 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11647 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10729 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10735 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10852 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10853 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10816 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10855 4556807 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556807 4550922 11497 11498 11499 11563 Yes Security Update 4551853 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4551853 4549949 11568 11569 11570 11571 11572 Yes Security Update 4551853 https://support.microsoft.com/help/4551853 11568 11569 11570 11571 11572 4556799 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556799 4549951 11712 11713 11714 11715 11644 11645 11646 11647 Yes Security Update 4556812 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556812 4550927 11453 11454 11583 Yes Security Update 4556826 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556826 4550930 10729 10735 Yes Security Update 4556813 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556813 4550929 10852 10853 10816 10855 Yes Security Update 4556813 https://support.microsoft.com/help/4556813 10852 10853 10816 10855 Zhiniang Peng (<a href="https://twitter.com/edwardzpeng">@edwardzpeng</a>) of Qihoo 360 Core security & Xuefeng Li 1.0 2020-05-12T07:00:00Z <p>Information published.</p> Windows GDI Information Disclosure Vulnerability <p>An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system. By itself, the information disclosure does not allow arbitrary code execution; however, it could allow arbitrary code to be run if the attacker uses it in combination with another vulnerability.</p> <p>To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application.</p> <p>The security update addresses the vulnerability by correcting how GDI handles memory addresses.</p> <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>The type of information that could be disclosed if an attacker successfully exploited this vulnerability is memory layout - the vulnerability allows an attacker to collect information that facilitates predicting addressing of the memory.</p> Microsoft Graphics Component Microsoft CVE-2020-1141 11497 11498 11499 11563 11568 11569 11570 11571 11572 11712 11713 11714 11715 11453 11454 11583 11644 11645 11646 11647 10729 10735 10852 10853 10816 10855 10047 10048 10481 10482 10484 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Information Disclosure 11497 Information Disclosure 11498 Information Disclosure 11499 Information Disclosure 11563 Information Disclosure 11568 Information Disclosure 11569 Information Disclosure 11570 Information Disclosure 11571 Information Disclosure 11572 Information Disclosure 11712 Information Disclosure 11713 Information Disclosure 11714 Information Disclosure 11715 Information Disclosure 11453 Information Disclosure 11454 Information Disclosure 11583 Information Disclosure 11644 Information Disclosure 11645 Information Disclosure 11646 Information Disclosure 11647 Information Disclosure 10729 Information Disclosure 10735 Information Disclosure 10852 Information Disclosure 10853 Information Disclosure 10816 Information Disclosure 10855 Information Disclosure 10047 Information Disclosure 10048 Information Disclosure 10481 Information Disclosure 10482 Information Disclosure 10484 Information Disclosure 9312 Information Disclosure 10287 Information Disclosure 9318 Information Disclosure 9344 Information Disclosure 10051 Information Disclosure 10049 Information Disclosure 10378 Information Disclosure 10379 Information Disclosure 10483 Information Disclosure 10543 Important 11497 Important 11498 Important 11499 Important 11563 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11712 Important 11713 Important 11714 Important 11715 Important 11453 Important 11454 Important 11583 Important 11644 Important 11645 Important 11646 Important 11647 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10047 Important 10048 Important 10481 Important 10482 Important 10484 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 11497 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 11498 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 11499 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 11563 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 11568 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 11569 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 11570 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 11571 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 11572 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 11712 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 11713 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 11714 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 11715 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 11453 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 11454 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 11583 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 11644 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 11645 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 11646 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 11647 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 10729 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 10735 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 10852 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 10853 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 10816 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 10855 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 10047 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 10048 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 10481 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 10482 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 10484 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 9312 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 10287 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 9318 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 9344 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 10051 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 10049 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 10378 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 10379 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 10483 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 10543 4556807 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556807 4550922 11497 11498 11499 11563 Yes Security Update 4551853 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4551853 4549949 11568 11569 11570 11571 11572 Yes Security Update 4551853 https://support.microsoft.com/help/4551853 11568 11569 11570 11571 11572 4556799 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556799 4549951 11712 11713 11714 11715 11644 11645 11646 11647 Yes Security Update 4556812 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556812 4550927 11453 11454 11583 Yes Security Update 4556826 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556826 4550930 10729 10735 Yes Security Update 4556813 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556813 4550929 10852 10853 10816 10855 Yes Security Update 4556813 https://support.microsoft.com/help/4556813 10852 10853 10816 10855 4556836 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556836 4550964 10047 10048 10051 10049 Yes Monthly Rollup 4556836 https://support.microsoft.com/help/4556836 10047 10048 10051 10049 4556843 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556843 10047 10048 10051 10049 Yes Security Only 4556843 https://support.microsoft.com/help/4556843 10047 10048 10051 10049 4556846 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556846 4550961 10481 10482 10484 10483 10543 Yes Monthly Rollup 4556853 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556853 10481 10482 10483 10543 Yes Security Only 4556860 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556860 4550951 9312 10287 9318 9344 Yes Monthly Rollup 4556860 https://support.microsoft.com/help/4556860 9312 10287 9318 9344 4556854 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556854 9312 10287 9318 9344 Yes Security Only 4556854 https://support.microsoft.com/help/4556854 9312 10287 9318 9344 4556840 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556840 4550917 10378 10379 Yes Monthly Rollup 4556852 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556852 10378 10379 Yes Security Only <a href="https://twitter.com/hardik05">Hardik Shah</a> of McAfee 1.0 2020-05-12T07:00:00Z <p>Information published.</p> Windows GDI Elevation of Privilege Vulnerability <p>An elevation of privilege vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.</p> <p>To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system.</p> <p>The update addresses the vulnerability by correcting how GDI handles objects in memory and by preventing instances of unintended user-mode privilege elevation.</p> Microsoft Graphics Component Microsoft CVE-2020-1142 11497 11498 11499 11563 11568 11569 11570 11571 11572 11712 11713 11714 11715 11453 11454 11583 11644 11645 11646 11647 Elevation of Privilege 11497 Elevation of Privilege 11498 Elevation of Privilege 11499 Elevation of Privilege 11563 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11712 Elevation of Privilege 11713 Elevation of Privilege 11714 Elevation of Privilege 11715 Elevation of Privilege 11453 Elevation of Privilege 11454 Elevation of Privilege 11583 Elevation of Privilege 11644 Elevation of Privilege 11645 Elevation of Privilege 11646 Elevation of Privilege 11647 Important 11497 Important 11498 Important 11499 Important 11563 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11712 Important 11713 Important 11714 Important 11715 Important 11453 Important 11454 Important 11583 Important 11644 Important 11645 Important 11646 Important 11647 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11497 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11498 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11499 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11563 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11568 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11569 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11570 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11571 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11572 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11712 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11713 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11714 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11715 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11453 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11454 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11583 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11644 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11645 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11646 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11647 4556807 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556807 4550922 11497 11498 11499 11563 Yes Security Update 4551853 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4551853 4549949 11568 11569 11570 11571 11572 Yes Security Update 4551853 https://support.microsoft.com/help/4551853 11568 11569 11570 11571 11572 4556799 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556799 4549951 11712 11713 11714 11715 11644 11645 11646 11647 Yes Security Update 4556812 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556812 4550927 11453 11454 11583 Yes Security Update anonymous 1.0 2020-05-12T07:00:00Z <p>Information published.</p> Windows GDI Information Disclosure Vulnerability <p>An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system. By itself, the information disclosure does not allow arbitrary code execution; however, it could allow arbitrary code to be run if the attacker uses it in combination with another vulnerability.</p> <p>To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application.</p> <p>The security update addresses the vulnerability by correcting how GDI handles memory addresses.</p> <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>The type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized memory.</p> Microsoft Graphics Component Microsoft CVE-2020-1145 11712 11713 11714 11715 11644 11645 11646 11647 Information Disclosure 11712 Information Disclosure 11713 Information Disclosure 11714 Information Disclosure 11715 Information Disclosure 11644 Information Disclosure 11645 Information Disclosure 11646 Information Disclosure 11647 Important 11712 Important 11713 Important 11714 Important 11715 Important 11644 Important 11645 Important 11646 Important 11647 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 11712 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 11713 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 11714 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 11715 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 11644 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 11645 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 11646 5.5 5.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 11647 4556799 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556799 4549951 11712 11713 11714 11715 11644 11645 11646 11647 Yes Security Update <a href="https://twitter.com/hardik05">Hardik Shah</a> of McAfee Wenguang Jiao of Qihoo 360 CoreSecurity 1.0 2020-05-12T07:00:00Z <p>Information published.</p> Microsoft Graphics Components Remote Code Execution Vulnerability <p>A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code on a target system.</p> <p>To exploit the vulnerability, a user would have to open a specially crafted file.</p> <p>The security update addresses the vulnerability by correcting how Microsoft Graphics Components handle objects in memory.</p> Microsoft Graphics Component Microsoft CVE-2020-1153 11497 11498 11499 11563 11568 11569 11570 11571 11572 11712 11713 11714 11715 11453 11454 11583 11644 11645 11646 11647 10729 10735 10852 10853 10816 10855 10047 10048 10481 10482 10484 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11497 Remote Code Execution 11498 Remote Code Execution 11499 Remote Code Execution 11563 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11570 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11712 Remote Code Execution 11713 Remote Code Execution 11714 Remote Code Execution 11715 Remote Code Execution 11453 Remote Code Execution 11454 Remote Code Execution 11583 Remote Code Execution 11644 Remote Code Execution 11645 Remote Code Execution 11646 Remote Code Execution 11647 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 10047 Remote Code Execution 10048 Remote Code Execution 10481 Remote Code Execution 10482 Remote Code Execution 10484 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Critical 11497 Critical 11498 Critical 11499 Critical 11563 Critical 11568 Critical 11569 Critical 11570 Critical 11571 Critical 11572 Critical 11712 Critical 11713 Critical 11714 Critical 11715 Critical 11453 Critical 11454 Critical 11583 Critical 11644 Critical 11645 Critical 11646 Critical 11647 Critical 10729 Critical 10735 Critical 10852 Critical 10853 Critical 10816 Critical 10855 Critical 10047 Critical 10048 Critical 10481 Critical 10482 Critical 10484 Critical 9312 Critical 10287 Critical 9318 Critical 9344 Critical 10051 Critical 10049 Critical 10378 Critical 10379 Critical 10483 Critical 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation More Likely;DOS:N/A 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11497 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11498 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11499 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11563 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11568 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11569 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11570 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11571 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11572 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11712 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11713 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11714 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11715 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11453 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11454 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11583 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11644 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11645 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11646 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11647 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10729 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10735 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10852 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10853 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10816 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10855 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10047 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10048 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10481 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10482 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10484 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 9312 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10287 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 9318 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 9344 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10051 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10049 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10378 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10379 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10483 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10543 4556807 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556807 4550922 11497 11498 11499 11563 Yes Security Update 4551853 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4551853 4549949 11568 11569 11570 11571 11572 Yes Security Update 4551853 https://support.microsoft.com/help/4551853 11568 11569 11570 11571 11572 4556799 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556799 4549951 11712 11713 11714 11715 11644 11645 11646 11647 Yes Security Update 4556812 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556812 4550927 11453 11454 11583 Yes Security Update 4556826 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556826 4550930 10729 10735 Yes Security Update 4556813 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556813 4550929 10852 10853 10816 10855 Yes Security Update 4556813 https://support.microsoft.com/help/4556813 10852 10853 10816 10855 4556836 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556836 4550964 10047 10048 10051 10049 Yes Monthly Rollup 4556836 https://support.microsoft.com/help/4556836 10047 10048 10051 10049 4556843 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556843 10047 10048 10051 10049 Yes Security Only 4556843 https://support.microsoft.com/help/4556843 10047 10048 10051 10049 4556846 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556846 4550961 10481 10482 10484 10483 10543 Yes Monthly Rollup 4556853 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556853 10481 10482 10483 10543 Yes Security Only 4556860 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556860 4550951 9312 10287 9318 9344 Yes Monthly Rollup 4556860 https://support.microsoft.com/help/4556860 9312 10287 9318 9344 4556854 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556854 9312 10287 9318 9344 Yes Security Only 4556854 https://support.microsoft.com/help/4556854 9312 10287 9318 9344 4556840 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556840 4550917 10378 10379 Yes Monthly Rollup 4556852 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556852 10378 10379 Yes Security Only Liubenjin from Codesafe Team of Legendsec at Qi'anxin Group 1.0 2020-05-12T07:00:00Z <p>Information published.</p> ASP.NET Core Denial of Service Vulnerability <p>A denial of service vulnerability exists when ASP.NET Core improperly handles web requests. An attacker who successfully exploited this vulnerability could cause a denial of service against an ASP.NET Core web application. The vulnerability can be exploited remotely, without authentication.</p> <p>A remote unauthenticated attacker could exploit this vulnerability by issuing specially crafted requests to the ASP.NET Core application.</p> <p>The update addresses the vulnerability by correcting how the ASP.NET Core web application handles web requests.</p> .NET Core Microsoft CVE-2020-1161 11600 11658 11720 11756 11728 Denial of Service 11600 Denial of Service 11658 Denial of Service 11720 Denial of Service 11756 Denial of Service 11728 Important 11600 Important 11658 Important 11720 Important 11756 Important 11728 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A Release Notes http://aka.ms/vs/15/release/latest 11600 11658 11720 11756 11728 Maybe Security Update 1.0 2020-05-12T07:00:00Z <p>Information published.</p> Windows Runtime Elevation of Privilege Vulnerability <p>An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in an elevated context.</p> <p>An attacker could exploit this vulnerability by running a specially crafted application on the victim system.</p> <p>The update addresses the vulnerability by correcting the way the Windows Runtime handles objects in memory.</p> Microsoft Windows Microsoft CVE-2020-1164 11497 11498 11499 11563 11568 11569 11570 11571 11572 11712 11713 11714 11715 11453 11454 11583 11644 11645 11646 11647 10729 10735 10852 10853 10816 10855 Elevation of Privilege 11497 Elevation of Privilege 11498 Elevation of Privilege 11499 Elevation of Privilege 11563 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11712 Elevation of Privilege 11713 Elevation of Privilege 11714 Elevation of Privilege 11715 Elevation of Privilege 11453 Elevation of Privilege 11454 Elevation of Privilege 11583 Elevation of Privilege 11644 Elevation of Privilege 11645 Elevation of Privilege 11646 Elevation of Privilege 11647 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Important 11497 Important 11498 Important 11499 Important 11563 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11712 Important 11713 Important 11714 Important 11715 Important 11453 Important 11454 Important 11583 Important 11644 Important 11645 Important 11646 Important 11647 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11497 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11498 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11499 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11563 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11568 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11569 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11570 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11571 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11572 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11712 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11713 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11714 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11715 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11453 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11454 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11583 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11644 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11645 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11646 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11647 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10729 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10735 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10852 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10853 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10816 7.0 6.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10855 4556807 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556807 4550922 11497 11498 11499 11563 Yes Security Update 4551853 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4551853 4549949 11568 11569 11570 11571 11572 Yes Security Update 4551853 https://support.microsoft.com/help/4551853 11568 11569 11570 11571 11572 4556799 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556799 4549951 11712 11713 11714 11715 11644 11645 11646 11647 Yes Security Update 4556812 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556812 4550927 11453 11454 11583 Yes Security Update 4556826 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556826 4550930 10729 10735 Yes Security Update 4556813 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556813 4550929 10852 10853 10816 10855 Yes Security Update 4556813 https://support.microsoft.com/help/4556813 10852 10853 10816 10855 Zhiniang Peng (<a href="https://twitter.com/edwardzpeng">@edwardzpeng</a>) of Qihoo 360 Core security & Xuefeng Li 1.0 2020-05-12T07:00:00Z <p>Information published.</p> Windows Clipboard Service Elevation of Privilege Vulnerability <p>An elevation of privilege vulnerability exists when Windows improperly handles calls to Clipboard Service. An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.</p> <p>To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control over an affected system.</p> <p>The update addresses the vulnerability by correcting how Windows handles calls to Clipboard Service.</p> Microsoft Windows Microsoft CVE-2020-1165 11712 11713 11714 11715 11644 11645 11646 11647 Elevation of Privilege 11712 Elevation of Privilege 11713 Elevation of Privilege 11714 Elevation of Privilege 11715 Elevation of Privilege 11644 Elevation of Privilege 11645 Elevation of Privilege 11646 Elevation of Privilege 11647 Important 11712 Important 11713 Important 11714 Important 11715 Important 11644 Important 11645 Important 11646 Important 11647 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11712 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11713 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11714 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11715 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11644 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11645 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11646 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11647 4556799 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556799 4549951 11712 11713 11714 11715 11644 11645 11646 11647 Yes Security Update Zhiniang Peng (<a href="https://twitter.com/edwardzpeng">@edwardzpeng</a>) of Qihoo 360 Core security & Xuefeng Li 1.0 2020-05-12T07:00:00Z <p>Information published.</p> Windows Clipboard Service Elevation of Privilege Vulnerability <p>An elevation of privilege vulnerability exists when Windows improperly handles calls to Clipboard Service. An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.</p> <p>To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control over an affected system.</p> <p>The update addresses the vulnerability by correcting how Windows handles calls to Clipboard Service.</p> Microsoft Windows Microsoft CVE-2020-1166 11712 11713 11714 11715 11644 11645 11646 11647 Elevation of Privilege 11712 Elevation of Privilege 11713 Elevation of Privilege 11714 Elevation of Privilege 11715 Elevation of Privilege 11644 Elevation of Privilege 11645 Elevation of Privilege 11646 Elevation of Privilege 11647 Important 11712 Important 11713 Important 11714 Important 11715 Important 11644 Important 11645 Important 11646 Important 11647 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11712 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11713 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11714 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11715 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11644 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11645 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11646 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11647 4556799 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556799 4549951 11712 11713 11714 11715 11644 11645 11646 11647 Yes Security Update Zhiniang Peng (<a href="https://twitter.com/edwardzpeng">@edwardzpeng</a>) of Qihoo 360 Core security & Xuefeng Li Anonymous finder 1.0 2020-05-12T07:00:00Z <p>Information published.</p> Visual Studio Code Python Extension Remote Code Execution Vulnerability <p>A remote code execution vulnerability exists in Visual Studio Code when the Python extension loads configuration files after opening a project. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.</p> <p>To exploit this vulnerability, an attacker would need to convince a target to clone a repository and open it in Visual Studio Code with the Python extension installed. Attacker-specified code would execute when the target opened the integrated terminal.</p> <p>The update address the vulnerability by modifying the way Visual Studio Code Python extension handles environment variables.</p> Microsoft CVE-2020-1171 11873 Remote Code Execution 11873 Important 11873 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A Release Notes https://marketplace.visualstudio.com/items?itemName=ms-python.python 11873 Maybe Security Update Chris Gavin (<a href="https://twitter.com/chrisgavinme">@chrisgavinme</a>) 1.1 2021-02-25T08:00:00Z <p>In the Security Updates table, corrected product name.</p> 1.0 2020-05-12T07:00:00Z <p>Information published.</p> Microsoft Power BI Report Server Spoofing Vulnerability <p>A spoofing vulnerability exists in Microsoft Power BI Report Server in the way it validates the content-type of uploaded attachments. An authenticated attacker could exploit the vulnerability by uploading a specially crafted payload and sending it to the user.</p> <p>The attacker who successfully exploited this vulnerability could then perform actions and run scripts in the security context of the user.</p> <p>This security update addresses the vulnerability by ensuring Power BI Report Server properly validates content-type of the attachments when uploading and opening.</p> <p><strong>What version of Power BI has this vulnerability?</strong></p> <ul> <li>The version of Power BI that contains the vulnerability is the May 2019 Release, version 1.5.7074.36177 (Build 15.0.1102.371).</li> <li>The vulnerability was addressed in the September 2019 release, version 1.6.7236.4246 (Build 15.0.1102.646).</li> <li>The most recent version of Power BI is the January 2020 release build is 15.0.1102.777.</li> </ul> Power BI Microsoft CVE-2020-1173 11719 Spoofing 11719 Important 11719 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A Release Details https://www.microsoft.com/en-us/download/details.aspx?id=55329 11719 Maybe Security Update Lukasz Plonka 1.0 2020-05-12T07:00:00Z <p>Information published.</p> Jet Database Engine Remote Code Execution Vulnerability <p>A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.</p> <p>An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file.</p> <p>The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory.</p> Microsoft JET Database Engine Microsoft CVE-2020-1174 11497 11498 11499 11563 11568 11569 11570 11571 11572 11712 11713 11714 11715 11453 11454 11583 11644 11645 11646 11647 10729 10735 10852 10853 10816 10855 10047 10048 10481 10482 10484 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11497 Remote Code Execution 11498 Remote Code Execution 11499 Remote Code Execution 11563 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11570 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11712 Remote Code Execution 11713 Remote Code Execution 11714 Remote Code Execution 11715 Remote Code Execution 11453 Remote Code Execution 11454 Remote Code Execution 11583 Remote Code Execution 11644 Remote Code Execution 11645 Remote Code Execution 11646 Remote Code Execution 11647 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 10047 Remote Code Execution 10048 Remote Code Execution 10481 Remote Code Execution 10482 Remote Code Execution 10484 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11497 Important 11498 Important 11499 Important 11563 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11712 Important 11713 Important 11714 Important 11715 Important 11453 Important 11454 Important 11583 Important 11644 Important 11645 Important 11646 Important 11647 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10047 Important 10048 Important 10481 Important 10482 Important 10484 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11497 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11498 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11499 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11563 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11568 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11569 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11570 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11571 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11572 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11712 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11713 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11714 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11715 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11453 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11454 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11583 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11644 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11645 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11646 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11647 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10729 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10735 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10852 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10853 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10816 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10855 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10047 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10048 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10481 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10482 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10484 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 9312 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10287 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 9318 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 9344 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10051 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10049 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10378 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10379 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10483 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10543 4556807 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556807 4550922 11497 11498 11499 11563 Yes Security Update 4551853 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4551853 4549949 11568 11569 11570 11571 11572 Yes Security Update 4551853 https://support.microsoft.com/help/4551853 11568 11569 11570 11571 11572 4556799 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556799 4549951 11712 11713 11714 11715 11644 11645 11646 11647 Yes Security Update 4556812 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556812 4550927 11453 11454 11583 Yes Security Update 4556826 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556826 4550930 10729 10735 Yes Security Update 4556813 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556813 4550929 10852 10853 10816 10855 Yes Security Update 4556813 https://support.microsoft.com/help/4556813 10852 10853 10816 10855 4556836 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556836 4550964 10047 10048 10051 10049 Yes Monthly Rollup 4556836 https://support.microsoft.com/help/4556836 10047 10048 10051 10049 4556843 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556843 10047 10048 10051 10049 Yes Security Only 4556843 https://support.microsoft.com/help/4556843 10047 10048 10051 10049 4556846 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556846 4550961 10481 10482 10484 10483 10543 Yes Monthly Rollup 4556853 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556853 10481 10482 10483 10543 Yes Security Only 4556860 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556860 4550951 9312 10287 9318 9344 Yes Monthly Rollup 4556860 https://support.microsoft.com/help/4556860 9312 10287 9318 9344 4556854 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556854 9312 10287 9318 9344 Yes Security Only 4556854 https://support.microsoft.com/help/4556854 9312 10287 9318 9344 4556840 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556840 4550917 10378 10379 Yes Monthly Rollup 4556852 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556852 10378 10379 Yes Security Only Hossein Lotfi of <a href="https://www.zerodayinitiative.com/">Trend Micro's Zero Day Initiative</a> 1.0 2020-05-12T07:00:00Z <p>Information published.</p> Jet Database Engine Remote Code Execution Vulnerability <p>A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.</p> <p>An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file.</p> <p>The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory.</p> Microsoft JET Database Engine Microsoft CVE-2020-1176 11497 11498 11499 11563 11568 11569 11570 11571 11572 11712 11713 11714 11715 11453 11454 11583 11644 11645 11646 11647 10729 10735 10852 10853 10816 10855 10047 10048 10481 10482 10484 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11497 Remote Code Execution 11498 Remote Code Execution 11499 Remote Code Execution 11563 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11570 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11712 Remote Code Execution 11713 Remote Code Execution 11714 Remote Code Execution 11715 Remote Code Execution 11453 Remote Code Execution 11454 Remote Code Execution 11583 Remote Code Execution 11644 Remote Code Execution 11645 Remote Code Execution 11646 Remote Code Execution 11647 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 10047 Remote Code Execution 10048 Remote Code Execution 10481 Remote Code Execution 10482 Remote Code Execution 10484 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11497 Important 11498 Important 11499 Important 11563 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11712 Important 11713 Important 11714 Important 11715 Important 11453 Important 11454 Important 11583 Important 11644 Important 11645 Important 11646 Important 11647 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10047 Important 10048 Important 10481 Important 10482 Important 10484 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11497 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11498 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11499 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11563 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11568 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11569 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11570 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11571 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11572 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11712 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11713 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11714 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11715 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11453 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11454 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11583 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11644 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11645 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11646 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11647 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10729 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10735 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10852 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10853 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10816 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10855 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10047 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10048 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10481 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10482 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10484 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 9312 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10287 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 9318 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 9344 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10051 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10049 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10378 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10379 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10483 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10543 4556807 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556807 4550922 11497 11498 11499 11563 Yes Security Update 4551853 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4551853 4549949 11568 11569 11570 11571 11572 Yes Security Update 4551853 https://support.microsoft.com/help/4551853 11568 11569 11570 11571 11572 4556799 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556799 4549951 11712 11713 11714 11715 11644 11645 11646 11647 Yes Security Update 4556812 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556812 4550927 11453 11454 11583 Yes Security Update 4556826 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556826 4550930 10729 10735 Yes Security Update 4556813 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556813 4550929 10852 10853 10816 10855 Yes Security Update 4556813 https://support.microsoft.com/help/4556813 10852 10853 10816 10855 4556836 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556836 4550964 10047 10048 10051 10049 Yes Monthly Rollup 4556836 https://support.microsoft.com/help/4556836 10047 10048 10051 10049 4556843 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556843 10047 10048 10051 10049 Yes Security Only 4556843 https://support.microsoft.com/help/4556843 10047 10048 10051 10049 4556846 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556846 4550961 10481 10482 10484 10483 10543 Yes Monthly Rollup 4556853 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556853 10481 10482 10483 10543 Yes Security Only 4556860 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556860 4550951 9312 10287 9318 9344 Yes Monthly Rollup 4556860 https://support.microsoft.com/help/4556860 9312 10287 9318 9344 4556854 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556854 9312 10287 9318 9344 Yes Security Only 4556854 https://support.microsoft.com/help/4556854 9312 10287 9318 9344 4556840 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556840 4550917 10378 10379 Yes Monthly Rollup 4556852 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556852 10378 10379 Yes Security Only Hossein Lotfi of <a href="https://www.zerodayinitiative.com/">Trend Micro's Zero Day Initiative</a> 1.0 2020-05-12T07:00:00Z <p>Information published.</p> Windows State Repository Service Elevation of Privilege Vulnerability <p>An elevation of privilege vulnerability exists when the Windows State Repository Service improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in an elevated context.</p> <p>An attacker could exploit this vulnerability by running a specially crafted application on the victim system.</p> <p>The update addresses the vulnerability by correcting the way the Windows State Repository Service handles objects in memory.</p> Microsoft Windows Microsoft CVE-2020-1184 11497 11498 11499 11563 11568 11569 11570 11571 11572 11712 11713 11714 11715 11453 11454 11583 11644 11645 11646 11647 10852 10853 10816 10855 Elevation of Privilege 11497 Elevation of Privilege 11498 Elevation of Privilege 11499 Elevation of Privilege 11563 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11712 Elevation of Privilege 11713 Elevation of Privilege 11714 Elevation of Privilege 11715 Elevation of Privilege 11453 Elevation of Privilege 11454 Elevation of Privilege 11583 Elevation of Privilege 11644 Elevation of Privilege 11645 Elevation of Privilege 11646 Elevation of Privilege 11647 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Important 11497 Important 11498 Important 11499 Important 11563 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11712 Important 11713 Important 11714 Important 11715 Important 11453 Important 11454 Important 11583 Important 11644 Important 11645 Important 11646 Important 11647 Important 10852 Important 10853 Important 10816 Important 10855 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11497 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11498 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11499 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11563 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11568 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11569 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11570 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11571 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11572 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11712 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11713 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11714 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11715 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11453 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11454 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11583 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11644 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11645 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11646 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11647 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10852 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10853 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10816 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10855 4556807 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556807 4550922 11497 11498 11499 11563 Yes Security Update 4551853 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4551853 4549949 11568 11569 11570 11571 11572 Yes Security Update 4551853 https://support.microsoft.com/help/4551853 11568 11569 11570 11571 11572 4556799 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556799 4549951 11712 11713 11714 11715 11644 11645 11646 11647 Yes Security Update 4556812 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556812 4550927 11453 11454 11583 Yes Security Update 4556813 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556813 4550929 10852 10853 10816 10855 Yes Security Update 4556813 https://support.microsoft.com/help/4556813 10852 10853 10816 10855 Anonymous Finder Zhiniang Peng (<a href="https://twitter.com/edwardzpeng">@edwardzpeng</a>) of Qihoo 360 Core security and Fangming Gu (<a href="https://twitter.com/afang5472">@afang5472</a>) 1.1 2020-05-27T07:00:00Z <p>Added acknowledgements. This is an informational change only.</p> 1.0 2020-05-12T07:00:00Z <p>Information published.</p> Windows State Repository Service Elevation of Privilege Vulnerability <p>An elevation of privilege vulnerability exists when the Windows State Repository Service improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in an elevated context.</p> <p>An attacker could exploit this vulnerability by running a specially crafted application on the victim system.</p> <p>The update addresses the vulnerability by correcting the way the Windows State Repository Service handles objects in memory.</p> Microsoft Windows Microsoft CVE-2020-1185 11497 11498 11499 11563 11568 11569 11570 11571 11572 11712 11713 11714 11715 11453 11454 11583 11644 11645 11646 11647 10852 10853 10816 10855 Elevation of Privilege 11497 Elevation of Privilege 11498 Elevation of Privilege 11499 Elevation of Privilege 11563 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11712 Elevation of Privilege 11713 Elevation of Privilege 11714 Elevation of Privilege 11715 Elevation of Privilege 11453 Elevation of Privilege 11454 Elevation of Privilege 11583 Elevation of Privilege 11644 Elevation of Privilege 11645 Elevation of Privilege 11646 Elevation of Privilege 11647 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Important 11497 Important 11498 Important 11499 Important 11563 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11712 Important 11713 Important 11714 Important 11715 Important 11453 Important 11454 Important 11583 Important 11644 Important 11645 Important 11646 Important 11647 Important 10852 Important 10853 Important 10816 Important 10855 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11497 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11498 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11499 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11563 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11568 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11569 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11570 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11571 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11572 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11712 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11713 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11714 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11715 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11453 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11454 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11583 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11644 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11645 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11646 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11647 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10852 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10853 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10816 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10855 4556807 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556807 4550922 11497 11498 11499 11563 Yes Security Update 4551853 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4551853 4549949 11568 11569 11570 11571 11572 Yes Security Update 4551853 https://support.microsoft.com/help/4551853 11568 11569 11570 11571 11572 4556799 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556799 4549951 11712 11713 11714 11715 11644 11645 11646 11647 Yes Security Update 4556812 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556812 4550927 11453 11454 11583 Yes Security Update 4556813 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556813 4550929 10852 10853 10816 10855 Yes Security Update 4556813 https://support.microsoft.com/help/4556813 10852 10853 10816 10855 Zhiniang Peng (<a href="https://twitter.com/edwardzpeng">@edwardzpeng</a>) of Qihoo 360 Core security and Fangming Gu (<a href="https://twitter.com/afang5472">@afang5472</a>) Anonymous Finder 1.1 2020-05-27T07:00:00Z <p>Added acknowledgements. This is an informational change only.</p> 1.0 2020-05-12T07:00:00Z <p>Information published.</p> Windows State Repository Service Elevation of Privilege Vulnerability <p>An elevation of privilege vulnerability exists when the Windows State Repository Service improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in an elevated context.</p> <p>An attacker could exploit this vulnerability by running a specially crafted application on the victim system.</p> <p>The update addresses the vulnerability by correcting the way the Windows State Repository Service handles objects in memory.</p> Microsoft Windows Microsoft CVE-2020-1187 11497 11498 11499 11563 11568 11569 11570 11571 11572 11712 11713 11714 11715 11453 11454 11583 11644 11645 11646 11647 10852 10853 10816 10855 Elevation of Privilege 11497 Elevation of Privilege 11498 Elevation of Privilege 11499 Elevation of Privilege 11563 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11712 Elevation of Privilege 11713 Elevation of Privilege 11714 Elevation of Privilege 11715 Elevation of Privilege 11453 Elevation of Privilege 11454 Elevation of Privilege 11583 Elevation of Privilege 11644 Elevation of Privilege 11645 Elevation of Privilege 11646 Elevation of Privilege 11647 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Important 11497 Important 11498 Important 11499 Important 11563 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11712 Important 11713 Important 11714 Important 11715 Important 11453 Important 11454 Important 11583 Important 11644 Important 11645 Important 11646 Important 11647 Important 10852 Important 10853 Important 10816 Important 10855 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11497 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11498 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11499 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11563 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11568 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11569 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11570 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11571 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11572 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11712 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11713 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11714 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11715 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11453 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11454 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11583 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11644 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11645 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11646 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11647 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10852 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10853 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10816 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10855 4556807 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556807 4550922 11497 11498 11499 11563 Yes Security Update 4551853 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4551853 4549949 11568 11569 11570 11571 11572 Yes Security Update 4551853 https://support.microsoft.com/help/4551853 11568 11569 11570 11571 11572 4556799 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556799 4549951 11712 11713 11714 11715 11644 11645 11646 11647 Yes Security Update 4556812 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556812 4550927 11453 11454 11583 Yes Security Update 4556813 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556813 4550929 10852 10853 10816 10855 Yes Security Update 4556813 https://support.microsoft.com/help/4556813 10852 10853 10816 10855 Zhiniang Peng (<a href="https://twitter.com/edwardzpeng">@edwardzpeng</a>) of Qihoo 360 Core security and Fangming Gu (<a href="https://twitter.com/afang5472">@afang5472</a>) Anonymous Finder 1.1 2020-05-27T07:00:00Z <p>Added acknowledgements. This is an informational change only.</p> 1.0 2020-05-12T07:00:00Z <p>Information published.</p> Windows State Repository Service Elevation of Privilege Vulnerability <p>An elevation of privilege vulnerability exists when the Windows State Repository Service improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in an elevated context.</p> <p>An attacker could exploit this vulnerability by running a specially crafted application on the victim system.</p> <p>The update addresses the vulnerability by correcting the way the Windows State Repository Service handles objects in memory.</p> Microsoft Windows Microsoft CVE-2020-1188 11497 11498 11499 11563 11568 11569 11570 11571 11572 11712 11713 11714 11715 11453 11454 11583 11644 11645 11646 11647 10852 10853 10816 10855 Elevation of Privilege 11497 Elevation of Privilege 11498 Elevation of Privilege 11499 Elevation of Privilege 11563 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11712 Elevation of Privilege 11713 Elevation of Privilege 11714 Elevation of Privilege 11715 Elevation of Privilege 11453 Elevation of Privilege 11454 Elevation of Privilege 11583 Elevation of Privilege 11644 Elevation of Privilege 11645 Elevation of Privilege 11646 Elevation of Privilege 11647 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Important 11497 Important 11498 Important 11499 Important 11563 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11712 Important 11713 Important 11714 Important 11715 Important 11453 Important 11454 Important 11583 Important 11644 Important 11645 Important 11646 Important 11647 Important 10852 Important 10853 Important 10816 Important 10855 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11497 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11498 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11499 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11563 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11568 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11569 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11570 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11571 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11572 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11712 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11713 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11714 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11715 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11453 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11454 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11583 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11644 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11645 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11646 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11647 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10852 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10853 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10816 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10855 4556807 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556807 4550922 11497 11498 11499 11563 Yes Security Update 4551853 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4551853 4549949 11568 11569 11570 11571 11572 Yes Security Update 4551853 https://support.microsoft.com/help/4551853 11568 11569 11570 11571 11572 4556799 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556799 4549951 11712 11713 11714 11715 11644 11645 11646 11647 Yes Security Update 4556812 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556812 4550927 11453 11454 11583 Yes Security Update 4556813 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556813 4550929 10852 10853 10816 10855 Yes Security Update 4556813 https://support.microsoft.com/help/4556813 10852 10853 10816 10855 Zhiniang Peng (<a href="https://twitter.com/edwardzpeng">@edwardzpeng</a>) of Qihoo 360 Core security and Fangming Gu (<a href="https://twitter.com/afang5472">@afang5472</a>) Anonymous Finder 1.1 2020-05-27T07:00:00Z <p>Added acknowledgements. This is an informational change only.</p> 1.0 2020-05-12T07:00:00Z <p>Information published.</p> Windows State Repository Service Elevation of Privilege Vulnerability <p>An elevation of privilege vulnerability exists when the Windows State Repository Service improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in an elevated context.</p> <p>An attacker could exploit this vulnerability by running a specially crafted application on the victim system.</p> <p>The update addresses the vulnerability by correcting the way the Windows State Repository Service handles objects in memory.</p> Microsoft Windows Microsoft CVE-2020-1191 11497 11498 11499 11563 11568 11569 11570 11571 11572 11712 11713 11714 11715 11453 11454 11583 11644 11645 11646 11647 10852 10853 10816 10855 Elevation of Privilege 11497 Elevation of Privilege 11498 Elevation of Privilege 11499 Elevation of Privilege 11563 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11570 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11712 Elevation of Privilege 11713 Elevation of Privilege 11714 Elevation of Privilege 11715 Elevation of Privilege 11453 Elevation of Privilege 11454 Elevation of Privilege 11583 Elevation of Privilege 11644 Elevation of Privilege 11645 Elevation of Privilege 11646 Elevation of Privilege 11647 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Important 11497 Important 11498 Important 11499 Important 11563 Important 11568 Important 11569 Important 11570 Important 11571 Important 11572 Important 11712 Important 11713 Important 11714 Important 11715 Important 11453 Important 11454 Important 11583 Important 11644 Important 11645 Important 11646 Important 11647 Important 10852 Important 10853 Important 10816 Important 10855 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11497 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11498 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11499 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11563 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11568 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11569 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11570 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11571 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11572 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11712 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11713 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11714 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11715 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11453 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11454 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11583 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11644 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11645 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11646 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11647 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10852 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10853 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10816 4556807 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556807 4550922 11497 11498 11499 11563 Yes Security Update 4551853 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4551853 4549949 11568 11569 11570 11571 11572 Yes Security Update 4551853 https://support.microsoft.com/help/4551853 11568 11569 11570 11571 11572 4556799 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556799 4549951 11712 11713 11714 11715 11644 11645 11646 11647 Yes Security Update 4556812 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556812 4550927 11453 11454 11583 Yes Security Update 4556813 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4556813 4550929 10852 10853 10816 10855 Yes Security Update 4556813 https://support.microsoft.com/help/4556813 10852 10853 10816 10855 Zhiniang Peng (<a href="https://twitter.com/edwardzpeng">@edwardzpeng</a>) of Qihoo 360 Core security and Fangming Gu (<a href="https://twitter.com/afang5472">@afang5472</a>) Anonymous Finder 1.1 2020-05-27T07:00:00Z <p>Added acknowledgements. This is an informational change only.</p> 1.0 2020-05-12T07:00:00Z <p>Information published.</p>