SB2020041409 - Multiple vulnerabilities in Microsoft Windows Kernel
Published: April 14, 2020 Updated: April 14, 2020
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 6 secuirty vulnerabilities.
1) Out-of-bounds read (CVE-ID: CVE-2020-0955)
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the Windows kernel when certain central processing units (CPU) speculatively access memory. A local user can use a specially crafted application to trigger out-of-bounds read error and read contents of memory on the system.
2) Buffer overflow (CVE-ID: CVE-2020-0913)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error when processing objects in memory within the Windows kernel. A local user can create a malicious application, launch it on the system and execute arbitrary code with SYSTEM privileges.
3) Out-of-bounds read (CVE-ID: CVE-2020-0821)
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the Windows kernel. A local user can use a specially crafted application to trigger out-of-bounds read error and read contents of memory on the system.
4) Out-of-bounds read (CVE-ID: CVE-2020-1007)
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the Windows kernel. A local user can use a specially crafted application to trigger out-of-bounds read error and read contents of memory on the system.
5) Buffer overflow (CVE-ID: CVE-2020-1003)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error when processing objects in memory within the Windows kernel. A local user can create a malicious application, launch it on the system and execute arbitrary code with SYSTEM privileges.
6) Buffer overflow (CVE-ID: CVE-2020-1000)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error when processing objects in memory within the Windows kernel. A local user can create a malicious application, launch it on the system and execute arbitrary code with SYSTEM privileges.
Remediation
Install update from vendor's website.
References
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0955
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0913
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0821
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1007
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1003
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1000