KLA11692 Multiple vulnerabilities in Microsoft products (ESU)

Multiple vulnerabilities were found in Microsoft Extended Security Updates. Malicious users can exploit these vulnerabilities to gain privileges, execute arbitrary code, obtain sensitive information, spoof user interface.

Below is a complete list of vulnerabilities:

1. An elevation of privilege vulnerability in Windows Installer can be exploited remotely to gain privileges.
2. A memory corruption vulnerability in Scripting Engine can be exploited remotely via specially crafted website to execute arbitrary code.
3. An information disclosure vulnerability in Windows Imaging Component can be exploited remotely via specially crafted website to obtain sensitive information.
4. An elevation of privilege vulnerability in Win32k can be exploited remotely via specially crafted application to gain privileges.
5. An information disclosure vulnerability in Windows GDI can be exploited remotely via specially crafted application to obtain sensitive information.
6. An information disclosure vulnerability in Windows Network Connections Service can be exploited remotely via specially crafted application to obtain sensitive information.
7. An elevation of privilege vulnerability in Windows CSC Service can be exploited remotely via specially crafted application to gain privileges.
8. An elevation of privilege vulnerability in Windows Hard Link can be exploited remotely via specially crafted application to gain privileges.
9. An elevation of privilege vulnerability in Windows UPnP Service can be exploited remotely via specially crafted script to gain privileges.
10. An elevation of privilege vulnerability in Windows User Profile Service can be exploited remotely via specially crafted application to gain privileges.
11. An elevation of privilege vulnerability in Windows Background Intelligent Transfer Service can be exploited remotely via specially crafted application to gain privileges.
12. A remote code execution vulnerability in LNK can be exploited remotely to execute arbitrary code.
13. An elevation of privilege vulnerability in Windows Error Reporting can be exploited remotely via specially crafted application to gain privileges.
14. An elevation of privilege vulnerability in Windows Network Connections Service can be exploited remotely via specially crafted application to gain privileges.
15. An elevation of privilege vulnerability in Windows Language Pack Installer can be exploited remotely via specially crafted application to gain privileges.
16. A remote code execution vulnerability in VBScript can be exploited remotely via specially crafted website to execute arbitrary code.
17. An elevation of privilege vulnerability in Windows ActiveX Installer Service can be exploited remotely via specially crafted application to gain privileges.
18. An elevation of privilege vulnerability in Connected User Experiences and Telemetry Service can be exploited remotely via specially crafted application to gain privileges.
19. An information disclosure vulnerability in Windows Graphics Component can be exploited remotely via specially crafted document to obtain sensitive information.
20. A remote code execution vulnerability in GDI+ can be exploited remotely via specially crafted website to execute arbitrary code.
21. An information disclosure vulnerability in Windows GDI can be exploited remotely via specially crafted document to obtain sensitive information.
22. A tampering vulnerability in Microsoft IIS Server can be exploited remotely to spoof user interface.
23. An elevation of privilege vulnerability in Windows Installer can be exploited remotely via specially crafted application to gain privileges.
24. An elevation of privilege vulnerability in Windows Graphics Component can be exploited remotely via specially crafted application to gain privileges.

Original advisories

CVE-2020-0814

CVE-2020-0832

CVE-2020-0853

CVE-2020-0877

CVE-2020-0874

CVE-2020-0871

CVE-2020-0769

CVE-2020-0849

CVE-2020-0879

CVE-2020-0788

CVE-2020-0781

CVE-2020-0783

CVE-2020-0785

CVE-2020-0787

CVE-2020-0684

CVE-2020-0806

CVE-2020-0804

CVE-2020-0803

CVE-2020-0802

CVE-2020-0822

CVE-2020-0843

CVE-2020-0842

CVE-2020-0847

CVE-2020-0860

CVE-2020-0845

CVE-2020-0844

CVE-2020-0887

CVE-2020-0885

CVE-2020-0883

CVE-2020-0882

CVE-2020-0881

CVE-2020-0880

CVE-2020-0774

CVE-2020-0645

CVE-2020-0771

CVE-2020-0770

CVE-2020-0773

CVE-2020-0772

CVE-2020-0779

CVE-2020-0778

CVE-2020-0791

Exploitation

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Related products

Microsoft-Internet-Explorer

Microsoft-Windows

Microsoft-Windows-Server

Microsoft-Windows-Server-2012

Microsoft-Windows-8

Microsoft-Windows-7

Microsoft-Windows-Server-2008

Windows-RT

Microsoft-Windows-10

CVE list

CVE-2020-0832 critical

CVE-2020-0847 critical

CVE-2020-0779 high

CVE-2020-0814 critical

CVE-2020-0788 critical

CVE-2020-0853 high

CVE-2020-0877 critical

CVE-2020-0874 high

CVE-2020-0871 high

CVE-2020-0787 critical

CVE-2020-0849 critical

CVE-2020-0879 high

CVE-2020-0645 critical

CVE-2020-0781 critical

CVE-2020-0783 critical

CVE-2020-0882 high

CVE-2020-0785 high

CVE-2020-0769 critical

CVE-2020-0684 critical

CVE-2020-0774 high

CVE-2020-0845 critical

CVE-2020-0806 critical

CVE-2020-0804 critical

CVE-2020-0803 critical

CVE-2020-0802 critical

CVE-2020-0822 critical

CVE-2020-0842 critical

CVE-2020-0843 critical

CVE-2020-0860 critical

CVE-2020-0844 critical

CVE-2020-0887 critical

CVE-2020-0885 warning

CVE-2020-0883 critical

CVE-2020-0881 critical

CVE-2020-0880 high

CVE-2020-0771 critical

CVE-2020-0773 critical

CVE-2020-0772 critical

CVE-2020-0778 critical

CVE-2020-0791 critical

CVE-2020-0770 critical

KB list

4541506

4540671

4540688

4541504

4541500

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Impacts

• ACE

Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.

• OSI

Obtain sensitive information. Exploitation of vulnerabilities with this impact can lead to capturing by abuser information, critical for user or system.

• PE

Privilege escalation. Exploitation of vulnerabilities with this impact can lead to performing by abuser actions, which are normally disallowed for current role.

• SUI

Spoof user interface. Exploitation of vulnerabilities with this impact can lead to changes in user interface to beguile user into inaccurate behavior.

Affected Products

• Windows 10 Version 1803 for 32-bit SystemsWindows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)Windows RT 8.1Windows Server 2019 (Server Core installation)Windows 10 Version 1709 for 32-bit SystemsWindows Server 2016 (Server Core installation)Windows 10 Version 1809 for 32-bit SystemsWindows 10 Version 1803 for x64-based SystemsWindows 10 Version 1909 for ARM64-based SystemsWindows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)Windows 10 for x64-based SystemsWindows 10 Version 1903 for ARM64-based SystemsWindows 7 for x64-based Systems Service Pack 1Internet Explorer 11Windows 10 Version 1909 for 32-bit SystemsWindows Server, version 1903 (Server Core installation)Windows Server 2012 R2 (Server Core installation)Windows 10 Version 1709 for ARM64-based SystemsWindows Server 2008 R2 for Itanium-Based Systems Service Pack 1Windows 10 Version 1909 for x64-based SystemsWindows Server 2008 for 32-bit Systems Service Pack 2Windows 8.1 for x64-based systemsWindows Server 2008 for Itanium-Based Systems Service Pack 2Windows Server, version 1909 (Server Core installation)Windows 10 Version 1903 for x64-based SystemsWindows Server 2012Windows 10 Version 1607 for 32-bit SystemsWindows 10 Version 1607 for x64-based SystemsWindows 8.1 for 32-bit systemsWindows 10 Version 1809 for ARM64-based SystemsWindows Server 2012 (Server Core installation)Windows 10 for 32-bit SystemsWindows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)Windows 10 Version 1903 for 32-bit SystemsWindows 10 Version 1709 for x64-based SystemsInternet Explorer 9Windows Server, version 1803 (Server Core Installation)Windows 10 Version 1809 for x64-based SystemsWindows Server 2008 R2 for x64-based Systems Service Pack 1Windows Server 2016Windows Server 2008 for x64-based Systems Service Pack 2Windows 7 for 32-bit Systems Service Pack 1Windows Server 2012 R2Windows Server 2019Windows 10 Version 1803 for ARM64-based Systems