SB2020060960 - Multiple vulnerabilities in Microsoft Windows

Description

This security bulletin contains information about 2 secuirty vulnerabilities.

1) Buffer overflow (CVE-ID: CVE-2020-1283)

The vulnerability allows a local user to perform denial of service (DoS) attack.

The vulnerability exists due to a boundary error when Windows improperly handles objects in memory. A local user can use a specially crafted application, or convince a user to open a specific file on a network share, trigger memory corruption and cause the system to stop responding.

Successful exploitation of this vulnerability may result in a denial of service (DoS) attack.

2) Buffer overflow (CVE-ID: CVE-2020-1300)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when Windows fails to properly handle cabinet files. A remote authenticated attacker can convince a victim to either open a specially crafted cabinet file or spoof a network printer and trick a user into installing a malicious cabinet file disguised as a printer driver, leading to remote code execution.

Remediation

Install update from vendor's website.

References

• https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1283
• https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1300