10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.5 High
AI Score
Confidence
High
0.969 High
EPSS
Percentile
99.7%
Multiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to execute arbitrary code, obtain sensitive information, gain privileges, bypass security restrictions, spoof user interface, cause denial of service.
Below is a complete list of vulnerabilities:
Technical details
(8) CVE-2020-0601 The certificate validation vulnerability exists in the way Windows CryptoAPI (Crypt32.dll) validates Elliptic Curve Cryptography (ECC) certificates. It could allow an adversary to spoof a code-signing or TLS certificate and have it appear as valid, in addition this vulnerability may allow remote code execution. This Microsoft security patch also creates a new log event with event ID 1 in the Windows Application event log to record the attempted exploitation of this vulnerability.
Public exploits exist for this vulnerability.
Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.
CVE-2020-0609 critical
CVE-2020-0608 high
CVE-2020-0625 critical
CVE-2020-0624 critical
CVE-2020-0623 critical
CVE-2020-0622 high
CVE-2020-0621 warning
CVE-2020-0620 critical
CVE-2020-0601 critical
CVE-2020-0629 critical
CVE-2020-0628 critical
CVE-2020-0644 critical
CVE-2020-0641 critical
CVE-2020-0643 high
CVE-2020-0642 critical
CVE-2020-0607 high
CVE-2020-0630 critical
CVE-2020-0631 critical
CVE-2020-0632 critical
CVE-2020-0633 critical
CVE-2020-0634 critical
CVE-2020-0635 critical
CVE-2020-0636 critical
CVE-2020-0637 high
CVE-2020-0612 critical
CVE-2020-0639 high
CVE-2020-0610 critical
CVE-2020-0611 critical
CVE-2020-0616 high
CVE-2020-0617 high
CVE-2020-0614 critical
CVE-2020-0615 high
CVE-2020-0627 critical
CVE-2020-0626 critical
CVE-2020-0613 critical
CVE-2020-0638 critical
Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)
Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.
Obtain sensitive information. Exploitation of vulnerabilities with this impact can lead to capturing by abuser information, critical for user or system.
Denial of service. Exploitation of vulnerabilities with this impact can lead to loss of system availability or critical functional fault.
Security bypass. Exploitation of vulnerabilities with this impact can lead to performing actions restricted by current security settings.
Privilege escalation. Exploitation of vulnerabilities with this impact can lead to performing by abuser actions, which are normally disallowed for current role.
support.microsoft.com/kb/4528760
support.microsoft.com/kb/4534271
support.microsoft.com/kb/4534273
support.microsoft.com/kb/4534276
support.microsoft.com/kb/4534283
support.microsoft.com/kb/4534288
support.microsoft.com/kb/4534293
support.microsoft.com/kb/4534297
support.microsoft.com/kb/4534306
support.microsoft.com/kb/4534309
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0601
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0607
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0608
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0609
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0610
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0611
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0612
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0613
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0614
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0615
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0616
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0617
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0620
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0621
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0622
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0623
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0624
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0625
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0626
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0627
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0628
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0629
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0630
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0631
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0632
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0633
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0634
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0635
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0636
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0637
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0638
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0639
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0641
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0642
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0643
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0644
statistics.securelist.com/
threats.kaspersky.com/en/class/Exploit/
threats.kaspersky.com/en/product/Microsoft-Windows/
10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.5 High
AI Score
Confidence
High
0.969 High
EPSS
Percentile
99.7%