KLA11639 Multiple vulnerabilities in Microsoft Windows

Multiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to execute arbitrary code, obtain sensitive information, gain privileges, bypass security restrictions, spoof user interface, cause denial of service.

Below is a complete list of vulnerabilities:

1. A remote code execution vulnerability in Windows Remote Desktop Gateway (RD Gateway) can be exploited remotely via specially crafted requests to execute arbitrary code.
2. An information disclosure vulnerability in Win32k can be exploited remotely via specially crafted application to obtain sensitive information.
3. An elevation of privilege vulnerability in Windows Search Indexer can be exploited remotely via specially crafted application to gain privileges.
4. An elevation of privilege vulnerability in Win32k can be exploited remotely via specially crafted application to gain privileges.
5. An information disclosure vulnerability in Microsoft Graphics Component can be exploited remotely via specially crafted application to obtain sensitive information.
6. A security feature bypass vulnerability in Windows can be exploited remotely via to bypass security restrictions.
7. An elevation of privilege vulnerability in Microsoft Cryptographic Services can be exploited remotely via to gain privileges.
8. A spoofing vulnerability in Windows CryptoAPI can be exploited remotely to bypass security restrictions.
9. An elevation of privilege vulnerability in Windows can be exploited remotely via specially crafted application to gain privileges.
10. An elevation of privilege vulnerability in Microsoft Windows can be exploited remotely via specially crafted application to gain privileges.
11. An information disclosure vulnerability in Windows GDI+ can be exploited remotely via specially crafted application to obtain sensitive information.
12. An information disclosure vulnerability in Microsoft Graphics Components can be exploited remotely via specially crafted file to obtain sensitive information.
13. An elevation of privilege vulnerability in Windows Common Log File System Driver can be exploited remotely via specially crafted application to gain privileges.
14. An elevation of privilege vulnerability in Windows Subsystem for Linux can be exploited remotely via specially crafted application to gain privileges.
15. An information disclosure vulnerability in Remote Desktop Web Access can be exploited remotely via to obtain sensitive information.
16. A denial of service vulnerability in Windows Remote Desktop Gateway (RD Gateway) can be exploited remotely via specially crafted requests to cause denial of service.
17. An information disclosure vulnerability in Windows Common Log File System Driver can be exploited remotely via specially crafted application to obtain sensitive information.
18. A remote code execution vulnerability in Remote Desktop Client can be exploited remotely via to execute arbitrary code.
19. A denial of service vulnerability in Microsoft Windows can be exploited remotely via specially crafted application to cause denial of service.
20. A denial of service vulnerability in Hyper-V can be exploited remotely via specially crafted application to cause denial of service.
21. An elevation of privilege vulnerability in Update Notification Manager can be exploited remotely via specially crafted application to gain privileges.

Technical details

(8) CVE-2020-0601 The certificate validation vulnerability exists in the way Windows CryptoAPI (Crypt32.dll) validates Elliptic Curve Cryptography (ECC) certificates. It could allow an adversary to spoof a code-signing or TLS certificate and have it appear as valid, in addition this vulnerability may allow remote code execution. This Microsoft security patch also creates a new log event with event ID 1 in the Windows Application event log to record the attempted exploitation of this vulnerability.

Original advisories

CVE-2020-0609

CVE-2020-0608

CVE-2020-0625

CVE-2020-0624

CVE-2020-0623

CVE-2020-0622

CVE-2020-0621

CVE-2020-0620

CVE-2020-0601

CVE-2020-0629

CVE-2020-0628

CVE-2020-0644

CVE-2020-0641

CVE-2020-0643

CVE-2020-0642

CVE-2020-0607

CVE-2020-0630

CVE-2020-0631

CVE-2020-0632

CVE-2020-0633

CVE-2020-0634

CVE-2020-0635

CVE-2020-0636

CVE-2020-0637

CVE-2020-0612

CVE-2020-0639

CVE-2020-0610

CVE-2020-0611

CVE-2020-0616

CVE-2020-0617

CVE-2020-0614

CVE-2020-0615

CVE-2020-0627

CVE-2020-0626

CVE-2020-0613

CVE-2020-0638

Exploitation

Public exploits exist for this vulnerability.

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Related products

Microsoft-Windows

CVE list

CVE-2020-0609 critical

CVE-2020-0608 high

CVE-2020-0625 critical

CVE-2020-0624 critical

CVE-2020-0623 critical

CVE-2020-0622 high

CVE-2020-0621 warning

CVE-2020-0620 critical

CVE-2020-0601 critical

CVE-2020-0629 critical

CVE-2020-0628 critical

CVE-2020-0644 critical

CVE-2020-0641 critical

CVE-2020-0643 high

CVE-2020-0642 critical

CVE-2020-0607 high

CVE-2020-0630 critical

CVE-2020-0631 critical

CVE-2020-0632 critical

CVE-2020-0633 critical

CVE-2020-0634 critical

CVE-2020-0635 critical

CVE-2020-0636 critical

CVE-2020-0637 high

CVE-2020-0612 critical

CVE-2020-0639 high

CVE-2020-0610 critical

CVE-2020-0611 critical

CVE-2020-0616 high

CVE-2020-0617 high

CVE-2020-0614 critical

CVE-2020-0615 high

CVE-2020-0627 critical

CVE-2020-0626 critical

CVE-2020-0613 critical

CVE-2020-0638 critical

KB list

4534306

4534276

4534271

4534293

4534297

4534283

4534273

4528760

4534288

4534309

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Impacts

• ACE

Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.

• OSI

Obtain sensitive information. Exploitation of vulnerabilities with this impact can lead to capturing by abuser information, critical for user or system.

• DoS

Denial of service. Exploitation of vulnerabilities with this impact can lead to loss of system availability or critical functional fault.

• SB

Security bypass. Exploitation of vulnerabilities with this impact can lead to performing actions restricted by current security settings.

• PE

Privilege escalation. Exploitation of vulnerabilities with this impact can lead to performing by abuser actions, which are normally disallowed for current role.

Affected Products

• Windows Server 2019 (Server Core installation)Windows Server 2012 R2 (Server Core installation)Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)Windows 10 Version 1809 for x64-based SystemsWindows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)Windows Server, version 1803 (Server Core Installation)Windows 10 Version 1709 for ARM64-based SystemsWindows 10 for x64-based SystemsWindows Server 2008 for Itanium-Based Systems Service Pack 2Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1Windows 7 for x64-based Systems Service Pack 1Windows RT 8.1Windows Server 2008 for 32-bit Systems Service Pack 2Windows 8.1 for 32-bit systemsWindows 10 Version 1903 for 32-bit SystemsWindows 10 Version 1709 for x64-based SystemsWindows Server, version 1909 (Server Core installation)Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)Windows Server 2008 for x64-based Systems Service Pack 2Windows 10 Version 1607 for 32-bit SystemsWindows 10 Version 1803 for x64-based SystemsWindows 10 Version 1909 for 32-bit SystemsWindows 8.1 for x64-based systemsWindows 10 Version 1909 for x64-based SystemsWindows 10 Version 1803 for ARM64-based SystemsWindows 7 for 32-bit Systems Service Pack 1Windows 10 Version 1803 for 32-bit SystemsWindows 10 for 32-bit SystemsWindows Server, version 1903 (Server Core installation)Windows Server 2012Windows Server 2016 (Server Core installation)Windows 10 Version 1903 for x64-based SystemsWindows Server 2019Windows 10 Version 1903 for ARM64-based SystemsWindows Server 2012 R2Windows Server 2012 (Server Core installation)Windows Server 2008 R2 for x64-based Systems Service Pack 1Windows 10 Version 1909 for ARM64-based SystemsWindows Server 2016Windows 10 Version 1709 for 32-bit SystemsWindows 10 Version 1607 for x64-based SystemsWindows 10 Version 1809 for 32-bit SystemsWindows 10 Version 1809 for ARM64-based Systems