| Severity | Low |
| Patch available | YES |
| Number of vulnerabilities | 15 |
| CVE ID | CVE-2020-1273 CVE-2020-1316 CVE-2020-1241 CVE-2020-1324 CVE-2020-1307 CVE-2020-1275 CVE-2020-1274 CVE-2020-1269 CVE-2020-1262 CVE-2020-1246 CVE-2020-1237 CVE-2020-1276 CVE-2020-1266 CVE-2020-1264 CVE-2020-1162 |
| CWE ID | CWE-119 CWE-20 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Windows Operating systems & Components / Operating system Windows Server Operating systems & Components / Operating system |
| Vendor | Microsoft |
Severity: Low
CVSSv3: 6.8 [CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]
CVE-ID: CVE-2020-1273
CWE-ID:
CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error when processing objects in memory within the Windows kernel. A local user can create a malicious application, launch it on the system and execute arbitrary code with SYSTEM privileges.
MitigationInstall update from vendor's website.
Vulnerable software versionsWindows: 10 1903, 10 1909, 10 2004
Windows Server: 2019 1903, 2019 1909, 2019 2004
CPEhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1273
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
Severity: Low
CVSSv3: 6.8 [CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]
CVE-ID: CVE-2020-1316
CWE-ID:
CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error when processing objects in memory within the Windows kernel. A local user can create a malicious application, launch it on the system and execute arbitrary code with SYSTEM privileges.
MitigationInstall update from vendor's website.
Vulnerable software versionsWindows: 10, 10 1607, 10 1709, 10 1803, 10 1809, 10 1903, 10 1909, 10 2004
Windows Server: 2016, 2019, 2019 1803, 2019 1903, 2019 1909, 2019 2004
CPEhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1316
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
Severity: Low
CVSSv3: 3.9 [CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-1241
CWE-ID:
CWE-20 - Improper Input Validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to bypass implemented security restrictions.
The vulnerability exists due to insufficient validation of user-supplied input in Windows kernel. A local user can run a specially crafted application and bypass implemented security features.
Install updates from vendor's website.
Vulnerable software versionsWindows: 10 1607, 10 1709, 10 1803, 10 1809, 10 1903, 10 1909, 10 2004
Windows Server: 2016, 2019, 2019 1803, 2019 1903, 2019 1909, 2019 2004
CPEhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1241
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
Severity: Low
CVSSv3: 6.8 [CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]
CVE-ID: CVE-2020-1324
CWE-ID:
CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the target system.
The vulnerability exists due to a boundary error in Windows Security Health Service. A local user can run a specially crafted command, trigger memory corruption and gain elevated privileges on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsWindows: 10 1709, 10 1803, 10 1809, 10 1903, 10 1909, 10 2004
Windows Server: 2019, 2019 1803, 2019 1903, 2019 1909, 2019 2004
CPEhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1324
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
Severity: Low
CVSSv3: 6.8 [CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]
CVE-ID: CVE-2020-1307
CWE-ID:
CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error when processing objects in memory within the Windows kernel. A local user can create a malicious application, launch it on the system and execute arbitrary code with SYSTEM privileges.
MitigationInstall update from vendor's website.
Vulnerable software versionsWindows: 10 1903, 10 1909, 10 2004
Windows Server: 2019 1903, 2019 1909, 2019 2004
CPEhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1307
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
Severity: Low
CVSSv3: 6.8 [CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]
CVE-ID: CVE-2020-1275
CWE-ID:
CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error when processing objects in memory within the Windows kernel. A local user can create a malicious application, launch it on the system and execute arbitrary code with SYSTEM privileges.
MitigationInstall update from vendor's website.
Vulnerable software versionsWindows: 10 1903, 10 1909, 10 2004
Windows Server: 2019 1903, 2019 1909, 2019 2004
CPEhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1275
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
Severity: Low
CVSSv3: 6.8 [CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]
CVE-ID: CVE-2020-1274
CWE-ID:
CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error when processing objects in memory within the Windows kernel. A local user can create a malicious application, launch it on the system and execute arbitrary code with SYSTEM privileges.
MitigationInstall update from vendor's website.
Vulnerable software versionsWindows: 10 1803, 10 1809, 10 1903, 10 1909, 10 2004
Windows Server: 2019, 2019 1803, 2019 1903, 2019 1909, 2019 2004
CPEhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1274
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
Severity: Low
CVSSv3: 6.8 [CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]
CVE-ID: CVE-2020-1269
CWE-ID:
CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error when processing objects in memory within the Windows kernel. A local user can create a malicious application, launch it on the system and execute arbitrary code with SYSTEM privileges.
MitigationInstall update from vendor's website.
Vulnerable software versionsWindows: 8.1, 10, 10 1607, 10 1709, 10 1803, 10 1809, 10 1903, 10 1909, 10 2004, RT 8.1
Windows Server: 2012 R2, 2016, 2019, 2019 1803, 2019 1903, 2019 1909, 2019 2004
CPEhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1269
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
Severity: Low
CVSSv3: 6.8 [CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]
CVE-ID: CVE-2020-1262
CWE-ID:
CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error when processing objects in memory within the Windows kernel. A local user can create a malicious application, launch it on the system and execute arbitrary code with SYSTEM privileges.
MitigationInstall update from vendor's website.
Vulnerable software versionsWindows: 7, 8.1, 10, 10 1607, 10 1709, 10 1803, 10 1809, 10 1903, 10 1909, 10 2004, RT 8.1
Windows Server: 2008, 2008 R2, 2012, 2012 R2, 2016, 2019, 2019 1803, 2019 1903, 2019 1909, 2019 2004
CPEhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1262
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
Severity: Low
CVSSv3: 6.8 [CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]
CVE-ID: CVE-2020-1246
CWE-ID:
CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error when processing objects in memory within the Windows kernel. A local user can create a malicious application, launch it on the system and execute arbitrary code with SYSTEM privileges.
MitigationInstall update from vendor's website.
Vulnerable software versionsWindows: 7, 8.1, 10, 10 1607, 10 1709, 10 1803, 10 1809, 10 1903, 10 1909, 10 2004, RT 8.1
Windows Server: 2008, 2008 R2, 2012, 2012 R2, 2016, 2019, 2019 1803, 2019 1903, 2019 1909, 2019 2004
CPEhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1246
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
Severity: Low
CVSSv3: 6.8 [CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]
CVE-ID: CVE-2020-1237
CWE-ID:
CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privilege so the system.
The vulnerability exists due to a boundary error in the Windows Kernel when handling objects in memory. A local user can create a specially crafted application, trigger memory corruption and execute arbitrary code on the target system with elevated privileges.
MitigationInstall update from vendor's website.
Vulnerable software versionsWindows: 10 1709, 10 1803, 10 1809, 10 1903, 10 1909, 10 2004
Windows Server: 2019, 2019 1803, 2019 1903, 2019 1909, 2019 2004
CPEhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1237
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
Severity: Low
CVSSv3: 6.8 [CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]
CVE-ID: CVE-2020-1276
CWE-ID:
CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error when processing objects in memory within the Windows kernel. A local user can create a malicious application, launch it on the system and execute arbitrary code with SYSTEM privileges.
MitigationInstall update from vendor's website.
Vulnerable software versionsWindows: 10 1803, 10 1809, 10 1903, 10 1909, 10 2004
Windows Server: 2019, 2019 1803, 2019 1903, 2019 1909, 2019 2004
CPEhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1276
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
Severity: Low
CVSSv3: 6.8 [CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]
CVE-ID: CVE-2020-1266
CWE-ID:
CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error when processing objects in memory within the Windows kernel. A local user can create a malicious application, launch it on the system and execute arbitrary code with SYSTEM privileges.
MitigationInstall update from vendor's website.
Vulnerable software versionsWindows: 10, 10 1607, 10 1709, 10 1803, 10 1809, 10 1903, 10 1909, 10 2004
Windows Server: 2016, 2019, 2019 1803, 2019 1903, 2019 1909, 2019 2004
CPEhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1266
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
Severity: Low
CVSSv3: 6.8 [CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]
CVE-ID: CVE-2020-1264
CWE-ID:
CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error when processing objects in memory within the Windows kernel. A local user can create a malicious application, launch it on the system and execute arbitrary code with SYSTEM privileges.
MitigationInstall update from vendor's website.
Vulnerable software versionsWindows: 10, 10 1607, 10 1709, 10 1803, 10 1809, 10 1903, 10 1909, 10 2004
Windows Server: 2016, 2019, 2019 1803, 2019 1903, 2019 1909, 2019 2004
CPEhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1264
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
Severity: Low
CVSSv3: 6.8 [CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]
CVE-ID: CVE-2020-1162
CWE-ID:
CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the target system.
The vulnerability exists due to a boundary error in Windows Security Health Service. A local user can run a specially crafted command, trigger memory corruption and gain elevated privileges on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsWindows: 10 1709, 10 1803, 10 1809, 10 1903, 10 1909, 10 2004
Windows Server: 2019, 2019 1803, 2019 1903, 2019 1909, 2019 2004
CPEhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1162
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.