This report contains detail for the following vulnerabilities:
| Tag | CVE ID | CVE Title |
|---|---|---|
| Active Directory | CVE-2020-0761 | Active Directory Remote Code Execution Vulnerability |
| Active Directory | CVE-2020-0856 | Active Directory Information Disclosure Vulnerability |
| Active Directory | CVE-2020-0718 | Active Directory Remote Code Execution Vulnerability |
| Active Directory | CVE-2020-0664 | Active Directory Information Disclosure Vulnerability |
| Active Directory Federation Services | CVE-2020-0837 | ADFS Spoofing Vulnerability |
| ASP.NET | CVE-2020-1045 | Microsoft ASP.NET Core Security Feature Bypass Vulnerability |
| Common Log File System Driver | CVE-2020-1115 | Windows Common Log File System Driver Elevation of Privilege Vulnerability |
| Internet Explorer | CVE-2020-1012 | WinINet API Elevation of Privilege Vulnerability |
| Internet Explorer | CVE-2020-16884 | Internet Explorer Browser Helper Object (BHO) Memory Corruption Vulnerability |
| Internet Explorer | CVE-2020-1506 | Windows Start-Up Application Elevation of Privilege Vulnerability |
| Microsoft Browsers | CVE-2020-0878 | Microsoft Browser Memory Corruption Vulnerability |
| Microsoft Dynamics | CVE-2020-16857 | Microsoft Dynamics 365 for Finance and Operations (on-premises) Remote Code Execution Vulnerability |
| Microsoft Dynamics | CVE-2020-16858 | Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability |
| Microsoft Dynamics | CVE-2020-16860 | Microsoft Dynamics 365 (on-premises) Remote Code Execution Vulnerability |
| Microsoft Dynamics | CVE-2020-16859 | Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability |
| Microsoft Dynamics | CVE-2020-16861 | Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability |
| Microsoft Dynamics | CVE-2020-16872 | Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability |
| Microsoft Dynamics | CVE-2020-16864 | Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability |
| Microsoft Dynamics | CVE-2020-16878 | Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability |
| Microsoft Dynamics | CVE-2020-16862 | Microsoft Dynamics 365 (on-premises) Remote Code Execution Vulnerability |
| Microsoft Dynamics | CVE-2020-16871 | Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability |
| Microsoft Exchange Server | CVE-2020-16875 | Microsoft Exchange Memory Corruption Vulnerability |
| Microsoft Graphics Component | CVE-2020-0921 | Microsoft Graphics Component Information Disclosure Vulnerability |
| Microsoft Graphics Component | CVE-2020-0998 | Windows Graphics Component Elevation of Privilege Vulnerability |
| Microsoft Graphics Component | CVE-2020-1091 | Windows Graphics Component Information Disclosure Vulnerability |
| Microsoft Graphics Component | CVE-2020-1152 | Windows Win32k Elevation of Privilege Vulnerability |
| Microsoft Graphics Component | CVE-2020-1097 | Windows Graphics Component Information Disclosure Vulnerability |
| Microsoft Graphics Component | CVE-2020-1083 | Microsoft Graphics Component Information Disclosure Vulnerability |
| Microsoft Graphics Component | CVE-2020-1053 | DirectX Elevation of Privilege Vulnerability |
| Microsoft Graphics Component | CVE-2020-1308 | DirectX Elevation of Privilege Vulnerability |
| Microsoft Graphics Component | CVE-2020-1245 | Win32k Elevation of Privilege Vulnerability |
| Microsoft Graphics Component | CVE-2020-1285 | GDI+ Remote Code Execution Vulnerability |
| Microsoft Graphics Component | CVE-2020-1256 | Windows GDI Information Disclosure Vulnerability |
| Microsoft Graphics Component | CVE-2020-1250 | Win32k Information Disclosure Vulnerability |
| Microsoft JET Database Engine | CVE-2020-1039 | Jet Database Engine Remote Code Execution Vulnerability |
| Microsoft JET Database Engine | CVE-2020-1074 | Jet Database Engine Remote Code Execution Vulnerability |
| Microsoft NTFS | CVE-2020-0838 | NTFS Elevation of Privilege Vulnerability |
| Microsoft Office | CVE-2020-1594 | Microsoft Excel Remote Code Execution Vulnerability |
| Microsoft Office | CVE-2020-1335 | Microsoft Excel Remote Code Execution Vulnerability |
| Microsoft Office | CVE-2020-16855 | Microsoft Office Information Disclosure Vulnerability |
| Microsoft Office | CVE-2020-1338 | Microsoft Word Remote Code Execution Vulnerability |
| Microsoft Office | CVE-2020-1332 | Microsoft Excel Remote Code Execution Vulnerability |
| Microsoft Office | CVE-2020-1224 | Microsoft Excel Information Disclosure Vulnerability |
| Microsoft Office | CVE-2020-1218 | Microsoft Word Remote Code Execution Vulnerability |
| Microsoft Office | CVE-2020-1193 | Microsoft Excel Remote Code Execution Vulnerability |
| Microsoft Office SharePoint | CVE-2020-1345 | Microsoft Office SharePoint XSS Vulnerability |
| Microsoft Office SharePoint | CVE-2020-1205 | Microsoft SharePoint Spoofing Vulnerability |
| Microsoft Office SharePoint | CVE-2020-1210 | Microsoft SharePoint Remote Code Execution Vulnerability |
| Microsoft Office SharePoint | CVE-2020-1514 | Microsoft Office SharePoint XSS Vulnerability |
| Microsoft Office SharePoint | CVE-2020-1595 | Microsoft SharePoint Remote Code Execution Vulnerability |
| Microsoft Office SharePoint | CVE-2020-1523 | Microsoft SharePoint Server Tampering Vulnerability |
| Microsoft Office SharePoint | CVE-2020-1440 | Microsoft SharePoint Server Tampering Vulnerability |
| Microsoft Office SharePoint | CVE-2020-1200 | Microsoft SharePoint Remote Code Execution Vulnerability |
| Microsoft Office SharePoint | CVE-2020-1482 | Microsoft Office SharePoint XSS Vulnerability |
| Microsoft Office SharePoint | CVE-2020-1198 | Microsoft Office SharePoint XSS Vulnerability |
| Microsoft Office SharePoint | CVE-2020-1227 | Microsoft Office SharePoint XSS Vulnerability |
| Microsoft Office SharePoint | CVE-2020-1576 | Microsoft SharePoint Remote Code Execution Vulnerability |
| Microsoft Office SharePoint | CVE-2020-1452 | Microsoft SharePoint Remote Code Execution Vulnerability |
| Microsoft Office SharePoint | CVE-2020-1575 | Microsoft Office SharePoint XSS Vulnerability |
| Microsoft Office SharePoint | CVE-2020-1453 | Microsoft SharePoint Remote Code Execution Vulnerability |
| Microsoft Office SharePoint | CVE-2020-1460 | Microsoft SharePoint Server Remote Code Execution Vulnerability |
| Microsoft OneDrive | CVE-2020-16853 | OneDrive for Windows Elevation of Privilege Vulnerability |
| Microsoft OneDrive | CVE-2020-16851 | OneDrive for Windows Elevation of Privilege Vulnerability |
| Microsoft OneDrive | CVE-2020-16852 | OneDrive for Windows Elevation of Privilege Vulnerability |
| Microsoft Scripting Engine | CVE-2020-1057 | Scripting Engine Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2020-1180 | Scripting Engine Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2020-1172 | Scripting Engine Memory Corruption Vulnerability |
| Microsoft Windows | CVE-2020-1596 | TLS Information Disclosure Vulnerability |
| Microsoft Windows | CVE-2020-1169 | Windows Runtime Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2020-1593 | Windows Media Audio Decoder Remote Code Execution Vulnerability |
| Microsoft Windows | CVE-2020-1159 | Windows Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2020-1598 | Windows UPnP Service Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2020-0790 | Microsoft splwow64 Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2020-0922 | Microsoft COM for Windows Remote Code Execution Vulnerability |
| Microsoft Windows | CVE-2020-0782 | Windows Cryptographic Catalog Services Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2020-0648 | Windows RSoP Service Application Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2020-0766 | Microsoft Store Runtime Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2020-1590 | Connected User Experiences and Telemetry Service Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2020-1376 | Windows Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2020-1471 | Windows CloudExperienceHost Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2020-16879 | Projected Filesystem Information Disclosure Vulnerability |
| Microsoft Windows | CVE-2020-1013 | Group Policy Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2020-1532 | Windows InstallService Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2020-1491 | Windows Function Discovery Service Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2020-1303 | Windows Runtime Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2020-1252 | Windows Remote Code Execution Vulnerability |
| Microsoft Windows | CVE-2020-1559 | Windows Storage Services Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2020-1507 | Microsoft COM for Windows Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2020-1508 | Windows Media Audio Decoder Remote Code Execution Vulnerability |
| Microsoft Windows | CVE-2020-0914 | Windows State Repository Service Information Disclosure Vulnerability |
| Microsoft Windows | CVE-2020-0886 | Windows Storage Services Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2020-0989 | Windows Mobile Device Management Diagnostics Information Disclosure Vulnerability |
| Microsoft Windows | CVE-2020-0875 | Microsoft splwow64 Information Disclosure Vulnerability |
| Microsoft Windows | CVE-2020-0912 | Windows Function Discovery SSDP Provider Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2020-1038 | Windows Routing Utilities Denial of Service |
| Microsoft Windows | CVE-2020-0908 | Windows Text Service Module Remote Code Execution Vulnerability |
| Microsoft Windows | CVE-2020-1052 | Windows Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2020-0911 | Windows Modules Installer Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2020-0805 | Projected Filesystem Security Feature Bypass Vulnerability |
| Microsoft Windows | CVE-2020-1119 | Windows Information Disclosure Vulnerability |
| Microsoft Windows | CVE-2020-1146 | Microsoft Store Runtime Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2020-0951 | Windows Defender Application Control Security Feature Bypass Vulnerability |
| Microsoft Windows | CVE-2020-1122 | Windows Language Pack Installer Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2020-1098 | Windows Shell Infrastructure Component Elevation of Privilege Vulnerability |
| Microsoft Windows Codecs Library | CVE-2020-1319 | Microsoft Windows Codecs Library Remote Code Execution Vulnerability |
| Microsoft Windows Codecs Library | CVE-2020-0997 | Windows Camera Codec Pack Remote Code Execution Vulnerability |
| Microsoft Windows Codecs Library | CVE-2020-1129 | Microsoft Windows Codecs Library Remote Code Execution Vulnerability |
| Microsoft Windows DNS | CVE-2020-0839 | Windows dnsrslvr.dll Elevation of Privilege Vulnerability |
| Microsoft Windows DNS | CVE-2020-1228 | Windows DNS Denial of Service Vulnerability |
| Microsoft Windows DNS | CVE-2020-0836 | Windows DNS Denial of Service Vulnerability |
| Open Source Software | CVE-2020-16873 | Xamarin.Forms Spoofing Vulnerability |
| SQL Server | CVE-2020-1044 | SQL Server Reporting Services Security Feature Bypass Vulnerability |
| Visual Studio | CVE-2020-16874 | Visual Studio Remote Code Execution Vulnerability |
| Visual Studio | CVE-2020-16856 | Visual Studio Remote Code Execution Vulnerability |
| Visual Studio | CVE-2020-16881 | Visual Studio JSON Remote Code Execution Vulnerability |
| Windows DHCP Server | CVE-2020-1031 | Windows DHCP Server Information Disclosure Vulnerability |
| Windows Diagnostic Hub | CVE-2020-1130 | Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability |
| Windows Diagnostic Hub | CVE-2020-1133 | Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability |
| Windows Hyper-V | CVE-2020-0904 | Windows Hyper-V Denial of Service Vulnerability |
| Windows Hyper-V | CVE-2020-0890 | Windows Hyper-V Denial of Service Vulnerability |
| Windows Kernel | CVE-2020-0941 | Win32k Information Disclosure Vulnerability |
| Windows Kernel | CVE-2020-0928 | Windows Kernel Information Disclosure Vulnerability |
| Windows Kernel | CVE-2020-16854 | Windows Kernel Information Disclosure Vulnerability |
| Windows Kernel | CVE-2020-1034 | Windows Kernel Elevation of Privilege Vulnerability |
| Windows Kernel | CVE-2020-1033 | Windows Kernel Information Disclosure Vulnerability |
| Windows Kernel | CVE-2020-1589 | Windows Kernel Information Disclosure Vulnerability |
| Windows Kernel | CVE-2020-1592 | Windows Kernel Information Disclosure Vulnerability |
| Windows Print Spooler Components | CVE-2020-1030 | Windows Print Spooler Elevation of Privilege Vulnerability |
| Windows Shell | CVE-2020-0870 | Shell infrastructure component Elevation of Privilege Vulnerability |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2020-1345 MITRE NVD |
CVE Title: Microsoft Office SharePoint XSS Vulnerability
Description: A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server. The attacker who successfully exploited the vulnerability could then perform cross-site scripting attacks on affected systems and run script in the security context of the current user. The attacks could allow the attacker to read content that the attacker is not authorized to read, use the victim's identity to take actions on the SharePoint site on behalf of the user, such as change permissions and delete content, and inject malicious content in the browser of the user. The security update addresses the vulnerability by helping to ensure that SharePoint Server properly sanitizes web requests. FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2020-09-08T07:00:00Z Information published. |
Important | Spoofing |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2020-1345 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Microsoft SharePoint Enterprise Server 2016 | 4484506 (Security Update) | Important | Spoofing | 4484473 | Base: 7.4 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N/E:P/RL:O/RC:C |
Maybe |
| Microsoft SharePoint Foundation 2010 Service Pack 2 | 4486667 (Security Update) | Important | Spoofing | 4484462 |
Base: 7.4 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N/E:P/RL:O/RC:C |
Maybe |
| Microsoft SharePoint Foundation 2013 Service Pack 1 | 4484525 (Security Update) | Important | Spoofing | 4484487 | Base: 7.4 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N/E:P/RL:O/RC:C |
Maybe |
| Microsoft SharePoint Server 2019 | 4484505 (Security Update) | Important | Spoofing | 4484472 | Base: 7.4 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N/E:P/RL:O/RC:C |
Maybe |
| CVE ID | Acknowledgements |
| CVE-2020-1345 | Huynh Phuoc Hung, @hph0var |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2020-1460 MITRE NVD |
CVE Title: Microsoft SharePoint Server Remote Code Execution Vulnerability
Description: A remote code execution vulnerability exists in Microsoft SharePoint Server when it fails to properly identify and filter unsafe ASP.Net web controls. An authenticated attacker who successfully exploited the vulnerability could use a specially crafted page to perform actions in the security context of the SharePoint application pool process. To exploit the vulnerability, an authenticated user must create and invoke a specially crafted page on an affected version of Microsoft SharePoint Server. The security update addresses the vulnerability by correcting how Microsoft SharePoint Server handles processing of created content. FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2020-09-08T07:00:00Z Information published. |
Critical | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2020-1460 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Microsoft SharePoint Enterprise Server 2013 Service Pack 1 | 4484515 (Security Update) | Critical | Remote Code Execution | 4484479 |
Base: 8.6 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L/E:P/RL:O/RC:C |
Maybe |
| Microsoft SharePoint Enterprise Server 2016 | 4484506 (Security Update) | Critical | Remote Code Execution | 4484473 | Base: 8.6 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L/E:P/RL:O/RC:C |
Maybe |
| Microsoft SharePoint Foundation 2010 Service Pack 2 | 4486667 (Security Update) | Critical | Remote Code Execution | 4484462 |
Base: 8.6 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L/E:P/RL:O/RC:C |
Maybe |
| Microsoft SharePoint Foundation 2013 Service Pack 1 | 4484488 (Security Update) | Critical | Remote Code Execution | 4484411 |
Base: 8.6 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L/E:P/RL:O/RC:C |
Maybe |
| Microsoft SharePoint Server 2019 | 4484505 (Security Update) | Critical | Remote Code Execution | 4484472 | Base: 8.6 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L/E:P/RL:O/RC:C |
Maybe |
| CVE ID | Acknowledgements |
| CVE-2020-1460 | Oleksandr Mirosh (@olekmirosh) from Micro Focus Fortify |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2020-1532 MITRE NVD |
CVE Title: Windows InstallService Elevation of Privilege Vulnerability
Description: An elevation of privilege vulnerability exists when the Windows InstallService improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges. The security update addresses the vulnerability by correcting how the Windows InstallService handles memory. FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2020-09-08T07:00:00Z Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2020-1532 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Windows 10 Version 1903 for 32-bit Systems | 4574727 (Security Update) | Important | Elevation of Privilege | 4565351 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for ARM64-based Systems | 4574727 (Security Update) | Important | Elevation of Privilege | 4565351 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for x64-based Systems | 4574727 (Security Update) | Important | Elevation of Privilege | 4565351 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 4574727 (Security Update) | Important | Elevation of Privilege | 4565351 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 4574727 (Security Update) | Important | Elevation of Privilege | 4565351 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 4574727 (Security Update) | Important | Elevation of Privilege | 4565351 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 4571756 (Security Update) | Important | Elevation of Privilege | 4566782 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 4571756 (Security Update) | Important | Elevation of Privilege | 4566782 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 4571756 (Security Update) | Important | Elevation of Privilege | 4566782 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1903 (Server Core installation) | 4574727 (Security Update) | Important | Elevation of Privilege | 4565351 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1909 (Server Core installation) | 4574727 (Security Update) | Important | Elevation of Privilege | 4565351 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 4571756 (Security Update) | Important | Elevation of Privilege | 4566782 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2020-1532 | anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2020-16856 MITRE NVD |
CVE Title: Visual Studio Remote Code Execution Vulnerability
Description: A remote code execution vulnerability exists in Visual Studio when it improperly handles objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. To exploit the vulnerability, an attacker would have to convince a user to open a specially crafted file with an affected version of Visual Studio. The update addresses the vulnerability by correcting how Visual Studio handles objects in memory. FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2020-09-08T07:00:00Z Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2020-16856 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Microsoft Visual Studio 2012 Update 5 | 4571479 (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Maybe |
| Microsoft Visual Studio 2013 Update 5 | 4571480 (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Maybe |
| Microsoft Visual Studio 2015 Update 3 | 4571481 (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Maybe |
| Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8) | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Maybe |
| Microsoft Visual Studio 2019 version 16.0 | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Maybe |
| Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3) | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Maybe |
| Microsoft Visual Studio 2019 version 16.7 (includes 16.0 – 16.6) | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Maybe |
| CVE ID | Acknowledgements |
| CVE-2020-16856 | Wen guang Jiao working with Trend Micro's Zero Day Initiative |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2020-16857 MITRE NVD |
CVE Title: Microsoft Dynamics 365 for Finance and Operations (on-premises) Remote Code Execution Vulnerability
Description: A remote code execution vulnerability exists in Microsoft Dynamics 365 for Finance and Operations (on-premises) version 10.0.11. An attacker who successfully exploited this vulnerability could gain remote code execution via server-side script execution on the victim server. An authenticated attacker with privileges to import and export data could exploit this vulnerability by sending a specially crafted file to a vulnerable Dynamics server. The security update addresses the vulnerability by correcting how Microsoft Dynamics 365 for Finance and Operations (on-premises) version 10.0.11 handles user input. FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2020-09-08T07:00:00Z Information published. |
Critical | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2020-16857 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Dynamics 365 for Finance and Operations | Release Notes (Security Update) | Critical | Remote Code Execution | None | Base: 7.1 Temporal: 6.4 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:N/E:P/RL:O/RC:C |
Maybe |
| CVE ID | Acknowledgements |
| CVE-2020-16857 | Nicolas Joly of Microsoft Corporation |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2020-16858 MITRE NVD |
CVE Title: Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability
Description: A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a specially crafted web request to an affected Dynamics server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected Dynamics server. The attacker who successfully exploited the vulnerability could then perform cross-site scripting attacks on affected systems and run script in the security context of the current authenticated user. These attacks could allow the attacker to read content that the attacker is not authorized to read, use the victim's identity to take actions within Dynamics Server on behalf of the user, such as change permissions and delete content, and inject malicious content in the browser of the user. The security update addresses the vulnerability by helping to ensure that Dynamics Server properly sanitizes web requests. FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2020-09-08T07:00:00Z Information published. |
Important | Spoofing |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2020-16858 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Microsoft Dynamics 365 (on-premises) version 9.0 | 4574742 (Security Update) | Important | Spoofing | None | Base: 5.4 Temporal: 4.9 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:P/RL:O/RC:C |
Maybe |
| CVE ID | Acknowledgements |
| CVE-2020-16858 | Ashar Javed of Hyundai AutoEver Europe GmbH |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2020-16859 MITRE NVD |
CVE Title: Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability
Description: A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a specially crafted web request to an affected Dynamics server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected Dynamics server. The attacker who successfully exploited the vulnerability could then perform cross-site scripting attacks on affected systems and run script in the security context of the current authenticated user. These attacks could allow the attacker to read content that the attacker is not authorized to read, use the victim's identity to take actions within Dynamics Server on behalf of the user, such as change permissions and delete content, and inject malicious content in the browser of the user. The security update addresses the vulnerability by helping to ensure that Dynamics Server properly sanitizes web requests. FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2020-09-08T07:00:00Z Information published. |
Important | Spoofing |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2020-16859 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Microsoft Dynamics 365 (on-premises) version 9.0 | 4574742 (Security Update) | Important | Spoofing | None | Base: 5.4 Temporal: 4.9 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:P/RL:O/RC:C |
Maybe |
| CVE ID | Acknowledgements |
| CVE-2020-16859 | Ashar Javed of Hyundai AutoEver Europe GmbH |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2020-16860 MITRE NVD |
CVE Title: Microsoft Dynamics 365 (on-premises) Remote Code Execution Vulnerability
Description: A remote code execution vulnerability exists in Microsoft Dynamics 365 (on-premises) when the server fails to properly sanitize web requests to an affected Dynamics server. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SQL service account. An authenticated attacker could exploit this vulnerability by sending a specially crafted request to a vulnerable Dynamics server. The security update addresses the vulnerability by correcting how Microsoft Dynamics 365 (on-premises) validates and sanitizes user input. FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2020-09-08T07:00:00Z Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2020-16860 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Microsoft Dynamics 365 (on-premises) version 9.0 | 4574742 (Security Update) | Important | Remote Code Execution | None | Base: 6.8 Temporal: 6.1 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
Maybe |
| CVE ID | Acknowledgements |
| CVE-2020-16860 | Ashar Javed of Hyundai AutoEver Europe GmbH |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2020-16861 MITRE NVD |
CVE Title: Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability
Description: A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a specially crafted web request to an affected Dynamics server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected Dynamics server. The attacker who successfully exploited the vulnerability could then perform cross-site scripting attacks on affected systems and run script in the security context of the current authenticated user. These attacks could allow the attacker to read content that the attacker is not authorized to read, use the victim's identity to take actions within Dynamics Server on behalf of the user, such as change permissions and delete content, and inject malicious content in the browser of the user. The security update addresses the vulnerability by helping to ensure that Dynamics Server properly sanitizes web requests. FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2020-09-08T07:00:00Z Information published. |
Important | Spoofing |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2020-16861 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Microsoft Dynamics 365 (on-premises) version 8.2 | 4577501 (Security Update) | Important | Spoofing | None | Base: 5.4 Temporal: 4.9 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:P/RL:O/RC:C |
Maybe |
| Microsoft Dynamics 365 (on-premises) version 9.0 | 4574742 (Security Update) | Important | Spoofing | None | Base: 5.4 Temporal: 4.9 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:P/RL:O/RC:C |
Maybe |
| CVE ID | Acknowledgements |
| CVE-2020-16861 | Pham Van Khanh from Viettel Cyber Security |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2020-16862 MITRE NVD |
CVE Title: Microsoft Dynamics 365 (on-premises) Remote Code Execution Vulnerability
Description: A remote code execution vulnerability exists in Microsoft Dynamics 365 (on-premises) when the server fails to properly sanitize web requests to an affected Dynamics server. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SQL service account. An authenticated attacker could exploit this vulnerability by sending a specially crafted request to a vulnerable Dynamics server. The security update addresses the vulnerability by correcting how Microsoft Dynamics 365 (on-premises) validates and sanitizes user input. FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2020-09-08T07:00:00Z Information published. |
Critical | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2020-16862 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Microsoft Dynamics 365 (on-premises) version 9.0 | 4574742 (Security Update) | Critical | Remote Code Execution | None | Base: 7.1 Temporal: 6.4 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C |
Maybe |
| CVE ID | Acknowledgements |
| CVE-2020-16862 | Fabian Schmidt |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2020-16864 MITRE NVD |
CVE Title: Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability
Description: A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a specially crafted web request to an affected Dynamics server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected Dynamics server. The attacker who successfully exploited the vulnerability could then perform cross-site scripting attacks on affected systems and run script in the security context of the current authenticated user. These attacks could allow the attacker to read content that the attacker is not authorized to read, use the victim's identity to take actions within Dynamics Server on behalf of the user, such as change permissions and delete content, and inject malicious content in the browser of the user. The security update addresses the vulnerability by helping to ensure that Dynamics Server properly sanitizes web requests. FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2020-09-08T07:00:00Z Information published. |
Important | Spoofing |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2020-16864 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Microsoft Dynamics 365 (on-premises) version 9.0 | 4574742 (Security Update) | Important | Spoofing | None | Base: 5.4 Temporal: 4.9 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:P/RL:O/RC:C |
Maybe |
| CVE ID | Acknowledgements |
| CVE-2020-16864 | Pham Van Khanh from Viettel Cyber Security |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2020-16872 MITRE NVD |
CVE Title: Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability
Description: A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a specially crafted web request to an affected Dynamics server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected Dynamics server. The attacker who successfully exploited the vulnerability could then perform cross-site scripting attacks on affected systems and run script in the security context of the current authenticated user. These attacks could allow the attacker to read content that the attacker is not authorized to read, use the victim's identity to take actions within Dynamics Server on behalf of the user, such as change permissions and delete content, and inject malicious content in the browser of the user. The security update addresses the vulnerability by helping to ensure that Dynamics Server properly sanitizes web requests. FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2020-09-08T07:00:00Z Information published. |
Important | Spoofing |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2020-16872 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Microsoft Dynamics 365 (on-premises) version 9.0 | 4574742 (Security Update) | Important | Spoofing | None | Base: 7.6 Temporal: 6.8 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N/E:P/RL:O/RC:C |
Maybe |
| CVE ID | Acknowledgements |
| CVE-2020-16872 | Pham Van Khanh @rskvp93 from Viettel Cyber Security |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2020-16878 MITRE NVD |
CVE Title: Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability
Description: A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a specially crafted web request to an affected Dynamics server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected Dynamics server. The attacker who successfully exploited the vulnerability could then perform cross-site scripting attacks on affected systems and run script in the security context of the current authenticated user. These attacks could allow the attacker to read content that the attacker is not authorized to read, use the victim's identity to take actions within Dynamics Server on behalf of the user, such as change permissions and delete content, and inject malicious content in the browser of the user. The security update addresses the vulnerability by helping to ensure that Dynamics Server properly sanitizes web requests. FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2020-09-08T07:00:00Z Information published. |
Important | Spoofing |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2020-16878 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Microsoft Dynamics 365 (on-premises) version 8.2 | 4577501 (Security Update) | Important | Spoofing | None | Base: 5.4 Temporal: 4.9 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:P/RL:O/RC:C |
Maybe |
| Microsoft Dynamics 365 (on-premises) version 9.0 | 4574742 (Security Update) | Important | Spoofing | None | Base: 5.4 Temporal: 4.9 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:P/RL:O/RC:C |
Maybe |
| CVE ID | Acknowledgements |
| CVE-2020-16878 | Tevfik DEMİREL Cyber Security Engineer at ASELSAN |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2020-16879 MITRE NVD |
CVE Title: Projected Filesystem Information Disclosure Vulnerability
Description: An information disclosure vulnerability exists when a Windows Projected Filesystem improperly handles file redirections. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user's system To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability. The security update addresses the vulnerability by correcting how Windows Projected Filesystem handle file redirections. FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is unauthorized file system access - reading from the file system. Mitigations: None Workarounds: None Revision: 1.0 2020-09-08T07:00:00Z Information published. |
Important | Information Disclosure |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2020-16879 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Windows 10 Version 1809 for 32-bit Systems | 4570333 (Security Update) | Important | Information Disclosure | 4565349 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 4570333 (Security Update) | Important | Information Disclosure | 4565349 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 4570333 (Security Update) | Important | Information Disclosure | 4565349 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for 32-bit Systems | 4574727 (Security Update) | Important | Information Disclosure | 4565351 | Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for ARM64-based Systems | 4574727 (Security Update) | Important | Information Disclosure | 4565351 | Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for x64-based Systems | 4574727 (Security Update) | Important | Information Disclosure | 4565351 | Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 4574727 (Security Update) | Important | Information Disclosure | 4565351 | Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 4574727 (Security Update) | Important | Information Disclosure | 4565351 | Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 4574727 (Security Update) | Important | Information Disclosure | 4565351 | Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 4571756 (Security Update) | Important | Information Disclosure | 4566782 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 4571756 (Security Update) | Important | Information Disclosure | 4566782 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 4571756 (Security Update) | Important | Information Disclosure | 4566782 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 | 4570333 (Security Update) | Important | Information Disclosure | 4565349 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 4570333 (Security Update) | Important | Information Disclosure | 4565349 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1903 (Server Core installation) | 4574727 (Security Update) | Important | Information Disclosure | 4565351 | Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1909 (Server Core installation) | 4574727 (Security Update) | Important | Information Disclosure | 4565351 | Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 4571756 (Security Update) | Important | Information Disclosure | 4566782 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2020-16879 | Zhiniang Peng (@edwardzpeng) and Xuefeng Li |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2020-16881 MITRE NVD |
CVE Title: Visual Studio JSON Remote Code Execution Vulnerability
Description: A remote code execution vulnerability exists in Visual Studio Code when a user is tricked into opening a malicious 'package.json' file. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would need to convince a target to clone a repository and open it in Visual Studio Code. Attacker-specified code would execute when the target opens the malicious 'package.json' file. The update address the vulnerability by modifying the way Visual Studio Code handles JSON files. FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2020-09-08T07:00:00Z Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2020-16881 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Visual Studio Code | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Maybe |
| CVE ID | Acknowledgements |
| CVE-2020-16881 | David Dworken |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2020-1376 MITRE NVD |
CVE Title: Windows Elevation of Privilege Vulnerability
Description: An elevation of privilege vulnerability exists in the way that fdSSDP.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. To exploit the vulnerability, a locally authenticated attacker could run a specially crafted application. The security update addresses the vulnerability by ensuring the ssdpsrv.dll properly handles objects in memory. FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2020-09-08T07:00:00Z Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2020-1376 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 4577049 (Security Update) | Important | Elevation of Privilege | 4571692 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 4577049 (Security Update) | Important | Elevation of Privilege | 4571692 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 4577015 (Security Update) | Important | Elevation of Privilege | 4571694 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 4577015 (Security Update) | Important | Elevation of Privilege | 4571694 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for 32-bit Systems | 4577041 (Security Update) | Important | Elevation of Privilege | 4571741 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for ARM64-based Systems | 4577041 (Security Update) | Important | Elevation of Privilege | 4571741 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for x64-based Systems | 4577041 (Security Update) | Important | Elevation of Privilege | 4571741 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for 32-bit Systems | 4577032 (Security Update) | Important | Elevation of Privilege | 4571709 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 4577032 (Security Update) | Important | Elevation of Privilege | 4571709 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 4577032 (Security Update) | Important | Elevation of Privilege | 4571709 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 4570333 (Security Update) | Important | Elevation of Privilege | 4565349 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 4570333 (Security Update) | Important | Elevation of Privilege | 4565349 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 4570333 (Security Update) | Important | Elevation of Privilege | 4565349 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for 32-bit Systems | 4574727 (Security Update) | Important | Elevation of Privilege | 4565351 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for ARM64-based Systems | 4574727 (Security Update) | Important | Elevation of Privilege | 4565351 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for x64-based Systems | 4574727 (Security Update) | Important | Elevation of Privilege | 4565351 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 4574727 (Security Update) | Important | Elevation of Privilege | 4565351 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 4574727 (Security Update) | Important | Elevation of Privilege | 4565351 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 4574727 (Security Update) | Important | Elevation of Privilege | 4565351 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 4571756 (Security Update) | Important | Elevation of Privilege | 4566782 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 4571756 (Security Update) | Important | Elevation of Privilege | 4566782 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 4571756 (Security Update) | Important | Elevation of Privilege | 4566782 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 7 for 32-bit Systems Service Pack 1 | 4577051 (Monthly Rollup) 4577053 (Security Only) |
Important | Elevation of Privilege | 4571729 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 4577051 (Monthly Rollup) 4577053 (Security Only) |
Important | Elevation of Privilege | 4571729 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 4577066 (Monthly Rollup) 4577071 (Security Only) |
Important | Elevation of Privilege | 4571703 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 4577066 (Monthly Rollup) 4577071 (Security Only) |
Important | Elevation of Privilege | 4571703 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 4577066 (Monthly Rollup) | Important | Elevation of Privilege | 4571703 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 4577064 (Monthly Rollup) 4577070 (Security Only) |
Important | Elevation of Privilege | 4571730 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 4577064 (Monthly Rollup) 4577070 (Security Only) |
Important | Elevation of Privilege | 4571730 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 4577064 (Monthly Rollup) 4577070 (Security Only) |
Important | Elevation of Privilege | 4571730 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 4577064 (Monthly Rollup) 4577070 (Security Only) |
Important | Elevation of Privilege | 4571730 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 4577051 (Monthly Rollup) 4577053 (Security Only) |
Important | Elevation of Privilege | 4571729 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 4577051 (Monthly Rollup) 4577053 (Security Only) |
Important | Elevation of Privilege | 4571729 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 | 4577038 (Monthly Rollup) 4577048 (Security Only) |
Important | Elevation of Privilege | 4571736 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 4577038 (Monthly Rollup) 4577048 (Security Only) |
Important | Elevation of Privilege | 4571736 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 4577066 (Monthly Rollup) 4577071 (Security Only) |
Important | Elevation of Privilege | 4571703 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 4577066 (Monthly Rollup) 4577071 (Security Only) |
Important | Elevation of Privilege | 4571703 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 | 4577015 (Security Update) | Important | Elevation of Privilege | 4571694 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 4577015 (Security Update) | Important | Elevation of Privilege | 4571694 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 | 4570333 (Security Update) | Important | Elevation of Privilege | 4565349 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 4570333 (Security Update) | Important | Elevation of Privilege | 4565349 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1903 (Server Core installation) | 4574727 (Security Update) | Important | Elevation of Privilege | 4565351 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1909 (Server Core installation) | 4574727 (Security Update) | Important | Elevation of Privilege | 4565351 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 4571756 (Security Update) | Important | Elevation of Privilege | 4566782 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2020-1376 | Yuki Chen |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2020-1452 MITRE NVD |
CVE Title: Microsoft SharePoint Remote Code Execution Vulnerability
Description: A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application pool and the SharePoint server farm account. Exploitation of this vulnerability requires that a user uploads a specially crafted SharePoint application package to an affected version of SharePoint. The security update addresses the vulnerability by correcting how SharePoint checks the source markup of application packages. FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2020-09-08T07:00:00Z Information published. |
Critical | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2020-1452 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Microsoft SharePoint Enterprise Server 2013 Service Pack 1 | 4484515 (Security Update) | Critical | Remote Code Execution | 4484479 |
Base: 8.6 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L/E:P/RL:O/RC:C |
Maybe |
| Microsoft SharePoint Enterprise Server 2016 | 4484506 (Security Update) | Critical | Remote Code Execution | 4484473 | Base: 8.6 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L/E:P/RL:O/RC:C |
Maybe |
| Microsoft SharePoint Foundation 2010 Service Pack 2 | 4486667 (Security Update) | Critical | Remote Code Execution | 4484462 |
Base: 8.6 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L/E:P/RL:O/RC:C |
Maybe |
| Microsoft SharePoint Foundation 2013 Service Pack 1 | 4484525 (Security Update) | Critical | Remote Code Execution | 4484487 | Base: 8.6 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L/E:P/RL:O/RC:C |
Maybe |
| Microsoft SharePoint Server 2019 | 4484505 (Security Update) | Critical | Remote Code Execution | 4484472 | Base: 8.6 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L/E:P/RL:O/RC:C |
Maybe |
| CVE ID | Acknowledgements |
| CVE-2020-1452 | Oleksandr Mirosh (@olekmirosh) from Micro Focus Fortify |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2020-1453 MITRE NVD |
CVE Title: Microsoft SharePoint Remote Code Execution Vulnerability
Description: A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application pool and the SharePoint server farm account. Exploitation of this vulnerability requires that a user uploads a specially crafted SharePoint application package to an affected version of SharePoint. The security update addresses the vulnerability by correcting how SharePoint checks the source markup of application packages. FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2020-09-08T07:00:00Z Information published. |
Critical | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2020-1453 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Microsoft SharePoint Enterprise Server 2013 Service Pack 1 | 4484515 (Security Update) | Critical | Remote Code Execution | 4484479 |
Base: 8.6 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L/E:P/RL:O/RC:C |
Maybe |
| Microsoft SharePoint Enterprise Server 2016 | 4484506 (Security Update) | Critical | Remote Code Execution | 4484473 | Base: 8.6 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L/E:P/RL:O/RC:C |
Maybe |
| Microsoft SharePoint Foundation 2010 Service Pack 2 | 4486667 (Security Update) | Critical | Remote Code Execution | 4484462 |
Base: 8.6 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L/E:P/RL:O/RC:C |
Maybe |
| Microsoft SharePoint Foundation 2013 Service Pack 1 | 4484525 (Security Update) | Critical | Remote Code Execution | 4484487 | Base: 8.6 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L/E:P/RL:O/RC:C |
Maybe |
| Microsoft SharePoint Server 2019 | 4484505 (Security Update) | Critical | Remote Code Execution | 4484472 | Base: 8.6 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L/E:P/RL:O/RC:C |
Maybe |
| CVE ID | Acknowledgements |
| CVE-2020-1453 | Oleksandr Mirosh (@olekmirosh) from Micro Focus Fortify |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2020-1471 MITRE NVD |
CVE Title: Windows CloudExperienceHost Elevation of Privilege Vulnerability
Description: An elevation of privilege vulnerability exists when Microsoft Windows CloudExperienceHost fails to check COM objects. An attacker who successfully exploited the vulnerability could gain elevated privileges on a targeted system. To exploit the vulnerability, an attacker would have to log on to an affected system and run a specially crafted script or application. The security update addresses the vulnerability by checking COM objects. FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2020-09-08T07:00:00Z Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2020-1471 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 4577049 (Security Update) | Important | Elevation of Privilege | 4571692 | Base: 6.1 Temporal: 5.5 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 4577049 (Security Update) | Important | Elevation of Privilege | 4571692 | Base: 6.1 Temporal: 5.5 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 4577015 (Security Update) | Important | Elevation of Privilege | 4571694 |
Base: 6.1 Temporal: 5.5 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 4577015 (Security Update) | Important | Elevation of Privilege | 4571694 |
Base: 6.1 Temporal: 5.5 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for 32-bit Systems | 4577041 (Security Update) | Important | Elevation of Privilege | 4571741 | Base: 6.1 Temporal: 5.5 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for ARM64-based Systems | 4577041 (Security Update) | Important | Elevation of Privilege | 4571741 | Base: 6.1 Temporal: 5.5 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for x64-based Systems | 4577041 (Security Update) | Important | Elevation of Privilege | 4571741 | Base: 6.1 Temporal: 5.5 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for 32-bit Systems | 4577032 (Security Update) | Important | Elevation of Privilege | 4571709 | Base: 6.1 Temporal: 5.5 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 4577032 (Security Update) | Important | Elevation of Privilege | 4571709 | Base: 6.1 Temporal: 5.5 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 4577032 (Security Update) | Important | Elevation of Privilege | 4571709 | Base: 6.1 Temporal: 5.5 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 4570333 (Security Update) | Important | Elevation of Privilege | 4565349 |
Base: 6.1 Temporal: 5.5 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 4570333 (Security Update) | Important | Elevation of Privilege | 4565349 |
Base: 6.1 Temporal: 5.5 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 4570333 (Security Update) | Important | Elevation of Privilege | 4565349 |
Base: 6.1 Temporal: 5.5 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for 32-bit Systems | 4574727 (Security Update) | Important | Elevation of Privilege | 4565351 | Base: 6.1 Temporal: 5.5 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for ARM64-based Systems | 4574727 (Security Update) | Important | Elevation of Privilege | 4565351 | Base: 6.1 Temporal: 5.5 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for x64-based Systems | 4574727 (Security Update) | Important | Elevation of Privilege | 4565351 | Base: 6.1 Temporal: 5.5 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 4574727 (Security Update) | Important | Elevation of Privilege | 4565351 | Base: 7.3 Temporal: 6.6 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 4574727 (Security Update) | Important | Elevation of Privilege | 4565351 | Base: 7.3 Temporal: 6.6 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 4574727 (Security Update) | Important | Elevation of Privilege | 4565351 | Base: 7.3 Temporal: 6.6 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 4571756 (Security Update) | Important | Elevation of Privilege | 4566782 |
Base: 6.1 Temporal: 5.5 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 4571756 (Security Update) | Important | Elevation of Privilege | 4566782 |
Base: 6.1 Temporal: 5.5 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 4571756 (Security Update) | Important | Elevation of Privilege | 4566782 |
Base: 6.1 Temporal: 5.5 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 | 4577015 (Security Update) | Important | Elevation of Privilege | 4571694 |
Base: 6.1 Temporal: 5.5 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 | 4570333 (Security Update) | Important | Elevation of Privilege | 4565349 |
Base: 6.1 Temporal: 5.5 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2020-1471 | James Forshaw of Google Project Zero |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2020-1491 MITRE NVD |
CVE Title: Windows Function Discovery Service Elevation of Privilege Vulnerability
Description: An elevation of privilege vulnerability exists in the way that the Windows Function Discovery Service handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. To exploit the vulnerability, a locally authenticated attacker could run a specially crafted application. The security update addresses the vulnerability by ensuring the Windows Function Discovery Service properly handles objects in memory. FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2020-09-08T07:00:00Z Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2020-1491 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 4577049 (Security Update) | Important | Elevation of Privilege | 4571692 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 4577049 (Security Update) | Important | Elevation of Privilege | 4571692 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 4577015 (Security Update) | Important | Elevation of Privilege | 4571694 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 4577015 (Security Update) | Important | Elevation of Privilege | 4571694 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for 32-bit Systems | 4577041 (Security Update) | Important | Elevation of Privilege | 4571741 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for ARM64-based Systems | 4577041 (Security Update) | Important | Elevation of Privilege | 4571741 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for x64-based Systems | 4577041 (Security Update) | Important | Elevation of Privilege | 4571741 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for 32-bit Systems | 4577032 (Security Update) | Important | Elevation of Privilege | 4571709 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 4577032 (Security Update) | Important | Elevation of Privilege | 4571709 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 4577032 (Security Update) | Important | Elevation of Privilege | 4571709 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 4570333 (Security Update) | Important | Elevation of Privilege | 4565349 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 4570333 (Security Update) | Important | Elevation of Privilege | 4565349 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 4570333 (Security Update) | Important | Elevation of Privilege | 4565349 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for 32-bit Systems | 4574727 (Security Update) | Important | Elevation of Privilege | 4565351 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for ARM64-based Systems | 4574727 (Security Update) | Important | Elevation of Privilege | 4565351 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for x64-based Systems | 4574727 (Security Update) | Important | Elevation of Privilege | 4565351 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 4574727 (Security Update) | Important | Elevation of Privilege | 4565351 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 4574727 (Security Update) | Important | Elevation of Privilege | 4565351 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 4574727 (Security Update) | Important | Elevation of Privilege | 4565351 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 4571756 (Security Update) | Important | Elevation of Privilege | 4566782 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 4571756 (Security Update) | Important | Elevation of Privilege | 4566782 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 4571756 (Security Update) | Important | Elevation of Privilege | 4566782 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 7 for 32-bit Systems Service Pack 1 | 4577051 (Monthly Rollup) 4577053 (Security Only) |
Important | Elevation of Privilege | 4571729 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 4577051 (Monthly Rollup) 4577053 (Security Only) |
Important | Elevation of Privilege | 4571729 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 4577066 (Monthly Rollup) 4577071 (Security Only) |
Important | Elevation of Privilege | 4571703 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 4577066 (Monthly Rollup) 4577071 (Security Only) |
Important | Elevation of Privilege | 4571703 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 4577066 (Monthly Rollup) | Important | Elevation of Privilege | 4571703 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 4577064 (Monthly Rollup) 4577070 (Security Only) |
Important | Elevation of Privilege | 4571730 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 4577064 (Monthly Rollup) 4577070 (Security Only) |
Important | Elevation of Privilege | 4571730 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 4577064 (Monthly Rollup) 4577070 (Security Only) |
Important | Elevation of Privilege | 4571730 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 4577064 (Monthly Rollup) 4577070 (Security Only) |
Important | Elevation of Privilege | 4571730 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 4577051 (Monthly Rollup) 4577053 (Security Only) |
Important | Elevation of Privilege | 4571729 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 4577051 (Monthly Rollup) 4577053 (Security Only) |
Important | Elevation of Privilege | 4571729 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 | 4577038 (Monthly Rollup) 4577048 (Security Only) |
Important | Elevation of Privilege | 4571736 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 4577038 (Monthly Rollup) 4577048 (Security Only) |
Important | Elevation of Privilege | 4571736 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 4577066 (Monthly Rollup) 4577071 (Security Only) |
Important | Elevation of Privilege | 4571703 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 4577066 (Monthly Rollup) 4577071 (Security Only) |
Important | Elevation of Privilege | 4571703 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 | 4577015 (Security Update) | Important | Elevation of Privilege | 4571694 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 4577015 (Security Update) | Important | Elevation of Privilege | 4571694 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 | 4570333 (Security Update) | Important | Elevation of Privilege | 4565349 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 4570333 (Security Update) | Important | Elevation of Privilege | 4565349 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1903 (Server Core installation) | 4574727 (Security Update) | Important | Elevation of Privilege | 4565351 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1909 (Server Core installation) | 4574727 (Security Update) | Important | Elevation of Privilege | 4565351 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 4571756 (Security Update) | Important | Elevation of Privilege | 4566782 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2020-1491 | Yuki Chen |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2020-1506 MITRE NVD |
CVE Title: Windows Start-Up Application Elevation of Privilege Vulnerability
Description: An elevation of privilege vulnerability exists in the way that the Wininit.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. There are multiple ways an attacker could exploit the vulnerability:
The security update addresses the vulnerability by ensuring the Wininit.dll properly handles objects in memory. FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2020-09-08T07:00:00Z Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2020-1506 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Internet Explorer 11 on Windows 10 Version 1709 for 32-bit Systems | 4577041 (Security Update) | Important | Elevation of Privilege | 4571741 | Base: 6.1 Temporal: 5.5 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 10 Version 1709 for ARM64-based Systems | 4577041 (Security Update) | Important | Elevation of Privilege | 4571741 | Base: 6.1 Temporal: 5.5 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 10 Version 1709 for x64-based Systems | 4577041 (Security Update) | Important | Elevation of Privilege | 4571741 | Base: 6.1 Temporal: 5.5 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 10 Version 1803 for 32-bit Systems | 4577032 (Security Update) | Important | Elevation of Privilege | 4571709 | Base: 6.1 Temporal: 5.5 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 10 Version 1803 for ARM64-based Systems | 4577032 (Security Update) | Important | Elevation of Privilege | 4571709 | Base: 6.1 Temporal: 5.5 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 10 Version 1803 for x64-based Systems | 4577032 (Security Update) | Important | Elevation of Privilege | 4571709 | Base: 6.1 Temporal: 5.5 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 10 Version 1809 for 32-bit Systems | 4570333 (Security Update) | Important | Elevation of Privilege | 4565349 |
Base: 6.1 Temporal: 5.5 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 10 Version 1809 for ARM64-based Systems | 4570333 (Security Update) | Important | Elevation of Privilege | 4565349 |
Base: 6.1 Temporal: 5.5 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 10 Version 1809 for x64-based Systems | 4570333 (Security Update) | Important | Elevation of Privilege | 4565349 |
Base: 6.1 Temporal: 5.5 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 10 Version 1903 for 32-bit Systems | 4574727 (Security Update) | Important | Elevation of Privilege | 4565351 | Base: 6.1 Temporal: 5.5 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 10 Version 1903 for ARM64-based Systems | 4574727 (Security Update) | Important | Elevation of Privilege | 4565351 | Base: 6.1 Temporal: 5.5 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 10 Version 1903 for x64-based Systems | 4574727 (Security Update) | Important | Elevation of Privilege | 4565351 | Base: 6.1 Temporal: 5.5 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 10 Version 1909 for 32-bit Systems | 4574727 (Security Update) | Important | Elevation of Privilege | 4565351 | Base: 6.1 Temporal: 5.5 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 10 Version 1909 for ARM64-based Systems | 4574727 (Security Update) | Important | Elevation of Privilege | 4565351 | Base: 6.1 Temporal: 5.5 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 10 Version 1909 for x64-based Systems | 4574727 (Security Update) | Important | Elevation of Privilege | 4565351 | Base: 6.1 Temporal: 5.5 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 10 Version 2004 for 32-bit Systems | 4571756 (Security Update) | Important | Elevation of Privilege | 4566782 |
Base: 4.4 Temporal: 4.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 10 Version 2004 for ARM64-based Systems | 4571756 (Security Update) | Important | Elevation of Privilege | 4566782 |
Base: 4.4 Temporal: 4.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 10 Version 2004 for x64-based Systems | 4571756 (Security Update) | Important | Elevation of Privilege | 4566782 |
Base: 4.4 Temporal: 4.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows Server 2019 | 4570333 (Security Update) | Low | Elevation of Privilege | 4565349 |
Base: 6.1 Temporal: 5.5 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2020-1506 | pgboy (http://weibo.com/pgboy1988) of 360vulcan |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2020-1507 MITRE NVD |
CVE Title: Microsoft COM for Windows Elevation of Privilege Vulnerability
Description: An elevation of privilege vulnerability exists in the way that Microsoft COM for Windows handles objects in memory. An attacker who successfully exploited the vulnerability could gain elevated privileges on a targeted system. To exploit the vulnerability, a user would have to open a specially crafted file. The security update addresses the vulnerability by correcting how Microsoft COM for Windows handles objects in memory. FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2020-09-08T07:00:00Z Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2020-1507 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Windows 10 Version 1809 for 32-bit Systems | 4570333 (Security Update) | Important | Elevation of Privilege | 4565349 |
Base: 7.9 Temporal: 7.1 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 4570333 (Security Update) | Important | Elevation of Privilege | 4565349 |
Base: 7.9 Temporal: 7.1 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 4570333 (Security Update) | Important | Elevation of Privilege | 4565349 |
Base: 7.9 Temporal: 7.1 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for 32-bit Systems | 4574727 (Security Update) | Important | Elevation of Privilege | 4565351 | Base: 7.9 Temporal: 7.1 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for ARM64-based Systems | 4574727 (Security Update) | Important | Elevation of Privilege | 4565351 | Base: 7.9 Temporal: 7.1 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for x64-based Systems | 4574727 (Security Update) | Important | Elevation of Privilege | 4565351 | Base: 7.9 Temporal: 7.1 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 4574727 (Security Update) | Important | Elevation of Privilege | 4565351 | Base: 7.9 Temporal: 7.1 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 4574727 (Security Update) | Important | Elevation of Privilege | 4565351 | Base: 7.9 Temporal: 7.1 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 4574727 (Security Update) | Important | Elevation of Privilege | 4565351 | Base: 7.9 Temporal: 7.1 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 4571756 (Security Update) | Important | Elevation of Privilege | 4566782 |
Base: 7.9 Temporal: 7.1 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 4571756 (Security Update) | Important | Elevation of Privilege | 4566782 |
Base: 7.9 Temporal: 7.1 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 4571756 (Security Update) | Important | Elevation of Privilege | 4566782 |
Base: 7.9 Temporal: 7.1 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 | 4570333 (Security Update) | Important | Elevation of Privilege | 4565349 |
Base: 7.9 Temporal: 7.1 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 4570333 (Security Update) | Important | Elevation of Privilege | 4565349 |
Base: 7.9 Temporal: 7.1 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1903 (Server Core installation) | 4574727 (Security Update) | Important | Elevation of Privilege | 4565351 | Base: 7.9 Temporal: 7.1 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1909 (Server Core installation) | 4574727 (Security Update) | Important | Elevation of Privilege | 4565351 | Base: 7.9 Temporal: 7.1 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 4571756 (Security Update) | Important | Elevation of Privilege | 4566782 |
Base: 7.9 Temporal: 7.1 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:N/E:P/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2020-1507 | Rick Veldhoven of Fox-IT Company |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2020-1508 MITRE NVD |
CVE Title: Windows Media Audio Decoder Remote Code Execution Vulnerability
Description: A remote code execution vulnerability exists when Windows Media Audio Decoder improperly handles objects. An attacker who successfully exploited the vulnerability could take control of an affected system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit a malicious webpage. The security update addresses the vulnerability by correcting how Windows Media Audio Decoder handles objects. FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2020-09-08T07:00:00Z Information published. |
Critical | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2020-1508 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 4577049 (Security Update) | Critical | Remote Code Execution | 4571692 | Base: 7.6 Temporal: 6.8 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 4577049 (Security Update) | Critical | Remote Code Execution | 4571692 | Base: 7.6 Temporal: 6.8 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 4577015 (Security Update) | Critical | Remote Code Execution | 4571694 |
Base: 7.6 Temporal: 6.8 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 4577015 (Security Update) | Critical | Remote Code Execution | 4571694 |
Base: 7.6 Temporal: 6.8 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for 32-bit Systems | 4577041 (Security Update) | Critical | Remote Code Execution | 4571741 | Base: 7.6 Temporal: 6.8 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for ARM64-based Systems | 4577041 (Security Update) | Critical | Remote Code Execution | 4571741 | Base: 7.6 Temporal: 6.8 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for x64-based Systems | 4577041 (Security Update) | Critical | Remote Code Execution | 4571741 | Base: 7.6 Temporal: 6.8 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for 32-bit Systems | 4577032 (Security Update) | Critical | Remote Code Execution | 4571709 | Base: 7.6 Temporal: 6.8 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 4577032 (Security Update) | Critical | Remote Code Execution | 4571709 | Base: 7.6 Temporal: 6.8 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 4577032 (Security Update) | Critical | Remote Code Execution | 4571709 | Base: 7.6 Temporal: 6.8 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 4570333 (Security Update) | Critical | Remote Code Execution | 4565349 |
Base: 7.6 Temporal: 6.8 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 4570333 (Security Update) | Critical | Remote Code Execution | 4565349 |
Base: 7.6 Temporal: 6.8 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 4570333 (Security Update) | Critical | Remote Code Execution | 4565349 |
Base: 7.6 Temporal: 6.8 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for 32-bit Systems | 4574727 (Security Update) | Critical | Remote Code Execution | 4565351 | Base: 7.6 Temporal: 6.8 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for ARM64-based Systems | 4574727 (Security Update) | Critical | Remote Code Execution | 4565351 | Base: 7.6 Temporal: 6.8 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for x64-based Systems | 4574727 (Security Update) | Critical | Remote Code Execution | 4565351 | Base: 7.6 Temporal: 6.8 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 4574727 (Security Update) | Critical | Remote Code Execution | 4565351 | Base: 7.6 Temporal: 6.8 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 4574727 (Security Update) | Critical | Remote Code Execution | 4565351 | Base: 7.6 Temporal: 6.8 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 4574727 (Security Update) | Critical | Remote Code Execution | 4565351 | Base: 7.6 Temporal: 6.8 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 4571756 (Security Update) | Critical | Remote Code Execution | 4566782 |
Base: 7.6 Temporal: 6.8 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 4571756 (Security Update) | Critical | Remote Code Execution | 4566782 |
Base: 7.6 Temporal: 6.8 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 4571756 (Security Update) | Critical | Remote Code Execution | 4566782 |
Base: 7.6 Temporal: 6.8 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 7 for 32-bit Systems Service Pack 1 | 4577051 (Monthly Rollup) 4577053 (Security Only) |
Critical | Remote Code Execution | 4571729 |
Base: 7.6 Temporal: 6.8 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 4577051 (Monthly Rollup) 4577053 (Security Only) |
Critical | Remote Code Execution | 4571729 |
Base: 7.6 Temporal: 6.8 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 4577066 (Monthly Rollup) 4577071 (Security Only) |
Critical | Remote Code Execution | 4571703 |
Base: 7.6 Temporal: 6.8 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 4577066 (Monthly Rollup) 4577071 (Security Only) |
Critical | Remote Code Execution | 4571703 |
Base: 7.6 Temporal: 6.8 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 4577066 (Monthly Rollup) | Critical | Remote Code Execution | 4571703 |
Base: 7.6 Temporal: 6.8 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 4577064 (Monthly Rollup) 4577070 (Security Only) |
Critical | Remote Code Execution | 4571730 |
Base: 7.6 Temporal: 6.8 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 4577064 (Monthly Rollup) 4577070 (Security Only) |
Critical | Remote Code Execution | 4571730 |
Base: 7.6 Temporal: 6.8 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 4577064 (Monthly Rollup) 4577070 (Security Only) |
Critical | Remote Code Execution | 4571730 |
Base: 7.6 Temporal: 6.8 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 4577064 (Monthly Rollup) 4577070 (Security Only) |
Critical | Remote Code Execution | 4571730 |
Base: 7.6 Temporal: 6.8 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 4577051 (Monthly Rollup) 4577053 (Security Only) |
Critical | Remote Code Execution | 4571729 |
Base: 7.6 Temporal: 6.8 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 4577051 (Monthly Rollup) 4577053 (Security Only) |
Critical | Remote Code Execution | 4571729 |
Base: 7.6 Temporal: 6.8 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 | 4577038 (Monthly Rollup) 4577048 (Security Only) |
Critical | Remote Code Execution | 4571736 |
Base: 7.6 Temporal: 6.8 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 4577038 (Monthly Rollup) 4577048 (Security Only) |
Critical | Remote Code Execution | 4571736 |
Base: 7.6 Temporal: 6.8 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 4577066 (Monthly Rollup) 4577071 (Security Only) |
Critical | Remote Code Execution | 4571703 |
Base: 7.6 Temporal: 6.8 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 4577066 (Monthly Rollup) 4577071 (Security Only) |
Critical | Remote Code Execution | 4571703 |
Base: 7.6 Temporal: 6.8 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 | 4577015 (Security Update) | Critical | Remote Code Execution | 4571694 |
Base: 7.6 Temporal: 6.8 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 4577015 (Security Update) | Critical | Remote Code Execution | 4571694 |
Base: 7.6 Temporal: 6.8 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 | 4570333 (Security Update) | Critical | Remote Code Execution | 4565349 |
Base: 7.6 Temporal: 6.8 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 4570333 (Security Update) | Critical | Remote Code Execution | 4565349 |
Base: 7.6 Temporal: 6.8 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1903 (Server Core installation) | 4574727 (Security Update) | Critical | Remote Code Execution | 4565351 | Base: 7.6 Temporal: 6.8 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1909 (Server Core installation) | 4574727 (Security Update) | Critical | Remote Code Execution | 4565351 | Base: 7.6 Temporal: 6.8 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 4571756 (Security Update) | Critical | Remote Code Execution | 4566782 |
Base: 7.6 Temporal: 6.8 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2020-1508 | yangkang (@dnpushme) |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2020-1559 MITRE NVD |
CVE Title: Windows Storage Services Elevation of Privilege Vulnerability
Description: An elevation of privilege vulnerability exists when the Windows Storage Services improperly handle file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges. To exploit the vulnerability, an attacker would first need code execution on a victim system. An attacker could then run a specially crafted application. The security update addresses the vulnerability by ensuring the Windows Storage Services properly handle file operations. FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2020-09-08T07:00:00Z Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2020-1559 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 4577049 (Security Update) | Important | Elevation of Privilege | 4571692 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 4577049 (Security Update) | Important | Elevation of Privilege | 4571692 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 4577015 (Security Update) | Important | Elevation of Privilege | 4571694 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 4577015 (Security Update) | Important | Elevation of Privilege | 4571694 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for 32-bit Systems | 4577041 (Security Update) | Important | Elevation of Privilege | 4571741 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for ARM64-based Systems | 4577041 (Security Update) | Important | Elevation of Privilege | 4571741 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for x64-based Systems | 4577041 (Security Update) | Important | Elevation of Privilege | 4571741 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for 32-bit Systems | 4577032 (Security Update) | Important | Elevation of Privilege | 4571709 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 4577032 (Security Update) | Important | Elevation of Privilege | 4571709 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 4577032 (Security Update) | Important | Elevation of Privilege | 4571709 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 4570333 (Security Update) | Important | Elevation of Privilege | 4565349 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 4570333 (Security Update) | Important | Elevation of Privilege | 4565349 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 4570333 (Security Update) | Important | Elevation of Privilege | 4565349 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for 32-bit Systems | 4574727 (Security Update) | Important | Elevation of Privilege | 4565351 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for ARM64-based Systems | 4574727 (Security Update) | Important | Elevation of Privilege | 4565351 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for x64-based Systems | 4574727 (Security Update) | Important | Elevation of Privilege | 4565351 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 4574727 (Security Update) | Important | Elevation of Privilege | 4565351 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 4574727 (Security Update) | Important | Elevation of Privilege | 4565351 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 4574727 (Security Update) | Important | Elevation of Privilege | 4565351 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 4571756 (Security Update) | Important | Elevation of Privilege | 4566782 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 4571756 (Security Update) | Important | Elevation of Privilege | 4566782 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 4571756 (Security Update) | Important | Elevation of Privilege | 4566782 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 7 for 32-bit Systems Service Pack 1 | 4577051 (Monthly Rollup) 4577053 (Security Only) |
Important | Elevation of Privilege | 4571729 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 4577051 (Monthly Rollup) 4577053 (Security Only) |
Important | Elevation of Privilege | 4571729 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 4577066 (Monthly Rollup) 4577071 (Security Only) |
Important | Elevation of Privilege | 4571703 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 4577066 (Monthly Rollup) 4577071 (Security Only) |
Important | Elevation of Privilege | 4571703 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 4577066 (Monthly Rollup) | Important | Elevation of Privilege | 4571703 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 4577064 (Monthly Rollup) 4577070 (Security Only) |
Important | Elevation of Privilege | 4571730 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 4577064 (Monthly Rollup) 4577070 (Security Only) |
Important | Elevation of Privilege | 4571730 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 4577064 (Monthly Rollup) 4577070 (Security Only) |
Important | Elevation of Privilege | 4571730 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 4577064 (Monthly Rollup) 4577070 (Security Only) |
Important | Elevation of Privilege | 4571730 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 4577051 (Monthly Rollup) 4577053 (Security Only) |
Important | Elevation of Privilege | 4571729 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 4577051 (Monthly Rollup) 4577053 (Security Only) |
Important | Elevation of Privilege | 4571729 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 | 4577038 (Monthly Rollup) 4577048 (Security Only) |
Important | Elevation of Privilege | 4571736 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 4577038 (Monthly Rollup) 4577048 (Security Only) |
Important | Elevation of Privilege | 4571736 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 4577066 (Monthly Rollup) 4577071 (Security Only) |
Important | Elevation of Privilege | 4571703 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 4577066 (Monthly Rollup) 4577071 (Security Only) |
Important | Elevation of Privilege | 4571703 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 | 4577015 (Security Update) | Important | Elevation of Privilege | 4571694 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 4577015 (Security Update) | Important | Elevation of Privilege | 4571694 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 | 4570333 (Security Update) | Important | Elevation of Privilege | 4565349 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 4570333 (Security Update) | Important | Elevation of Privilege | 4565349 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1903 (Server Core installation) | 4574727 (Security Update) | Important | Elevation of Privilege | 4565351 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1909 (Server Core installation) | 4574727 (Security Update) | Important | Elevation of Privilege | 4565351 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 4571756 (Security Update) | Important | Elevation of Privilege | 4566782 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2020-1559 | pgboy |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2020-1575 MITRE NVD |
CVE Title: Microsoft Office SharePoint XSS Vulnerability
Description: A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server. The attacker who successfully exploited the vulnerability could then perform cross-site scripting attacks on affected systems and run script in the security context of the current user. The attacks could allow the attacker to read content that the attacker is not authorized to read, use the victim's identity to take actions on the SharePoint site on behalf of the user, such as change permissions and delete content, and inject malicious content in the browser of the user. The security update addresses the vulnerability by helping to ensure that SharePoint Server properly sanitizes web requests. FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2020-09-08T07:00:00Z Information published. |
Important | Spoofing |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2020-1575 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Microsoft SharePoint Foundation 2013 Service Pack 1 | 4484525 (Security Update) | Important | Spoofing | 4484487 | Base: 5.4 Temporal: 4.9 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:P/RL:O/RC:C |
Maybe |
| CVE ID | Acknowledgements |
| CVE-2020-1575 | Pham Van Khanh @rskvp93 from Viettel Cyber Security |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2020-1576 MITRE NVD |
CVE Title: Microsoft SharePoint Remote Code Execution Vulnerability
Description: A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application pool and the SharePoint server farm account. Exploitation of this vulnerability requires that a user uploads a specially crafted SharePoint application package to an affected version of SharePoint. The security update addresses the vulnerability by correcting how SharePoint checks the source markup of application packages. FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2020-09-08T07:00:00Z Information published. |
Critical | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2020-1576 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Microsoft SharePoint Enterprise Server 2013 Service Pack 1 | 4484515 (Security Update) | Critical | Remote Code Execution | 4484479 |
Base: 8.5 Temporal: 7.6 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C |
Maybe |
| Microsoft SharePoint Enterprise Server 2016 | 4484506 (Security Update) | Critical | Remote Code Execution | 4484473 | Base: 8.5 Temporal: 7.6 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C |
Maybe |
| Microsoft SharePoint Foundation 2010 Service Pack 2 | 4486667 (Security Update) | Critical | Remote Code Execution | 4484462 |
Base: 8.5 Temporal: 7.6 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C |
Maybe |
| Microsoft SharePoint Foundation 2013 Service Pack 1 | 4484525 (Security Update) | Critical | Remote Code Execution | 4484487 | Base: 8.5 Temporal: 7.6 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C |
Maybe |
| Microsoft SharePoint Server 2010 Service Pack 2 | 4486664 (Security Update) | Critical | Remote Code Execution | 4484498 | Base: 8.5 Temporal: 7.6 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C |
Maybe |
| Microsoft SharePoint Server 2019 | 4484505 (Security Update) | Critical | Remote Code Execution | 4484472 | Base: 8.5 Temporal: 7.6 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C |
Maybe |
| CVE ID | Acknowledgements |
| CVE-2020-1576 | Markus Wulftange (@mwulftange) |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2020-1589 MITRE NVD |
CVE Title: Windows Kernel Information Disclosure Vulnerability
Description: An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The vulnerability would not allow an attacker to execute code or to elevate user rights directly, but it could be used to obtain information that could be used to try to further compromise the affected system. The update addresses the vulnerability by correcting how the Windows kernel handles objects in memory. FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is the contents of Kernel memory. An attacker could read the contents of Kernel memory from a user mode process. Mitigations: None Workarounds: None Revision: 1.0 2020-09-08T07:00:00Z Information published. |
Important | Information Disclosure |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2020-1589 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 4577049 (Security Update) | Important | Information Disclosure | 4571692 | Base: 4.4 Temporal: 4.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 4577049 (Security Update) | Important | Information Disclosure | 4571692 | Base: 4.4 Temporal: 4.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 4577015 (Security Update) | Important | Information Disclosure | 4571694 |
Base: 4.4 Temporal: 4.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 4577015 (Security Update) | Important | Information Disclosure | 4571694 |
Base: 4.4 Temporal: 4.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for 32-bit Systems | 4577041 (Security Update) | Important | Information Disclosure | 4571741 | Base: 4.4 Temporal: 4.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for ARM64-based Systems | 4577041 (Security Update) | Important | Information Disclosure | 4571741 | Base: 4.4 Temporal: 4.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for x64-based Systems | 4577041 (Security Update) | Important | Information Disclosure | 4571741 | Base: 4.4 Temporal: 4.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for 32-bit Systems | 4577032 (Security Update) | Important | Information Disclosure | 4571709 | Base: 4.4 Temporal: 4.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 4577032 (Security Update) | Important | Information Disclosure | 4571709 | Base: 4.4 Temporal: 4.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 4577032 (Security Update) | Important | Information Disclosure | 4571709 | Base: 4.4 Temporal: 4.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 4570333 (Security Update) | Important | Information Disclosure | 4565349 |
Base: 4.4 Temporal: 4.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 4570333 (Security Update) | Important | Information Disclosure | 4565349 |
Base: 4.4 Temporal: 4.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 4570333 (Security Update) | Important | Information Disclosure | 4565349 |
Base: 4.4 Temporal: 4.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for 32-bit Systems | 4574727 (Security Update) | Important | Information Disclosure | 4565351 | Base: 4.4 Temporal: 4.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for ARM64-based Systems | 4574727 (Security Update) | Important | Information Disclosure | 4565351 | Base: 4.4 Temporal: 4.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for x64-based Systems | 4574727 (Security Update) | Important | Information Disclosure | 4565351 | Base: 4.4 Temporal: 4.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 4574727 (Security Update) | Important | Information Disclosure | 4565351 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 4574727 (Security Update) | Important | Information Disclosure | 4565351 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 4574727 (Security Update) | Important | Information Disclosure | 4565351 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 4571756 (Security Update) | Important | Information Disclosure | 4566782 |
Base: 4.4 Temporal: 4.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 4571756 (Security Update) | Important | Information Disclosure | 4566782 |
Base: 4.4 Temporal: 4.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 4571756 (Security Update) | Important | Information Disclosure | 4566782 |
Base: 4.4 Temporal: 4.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 7 for 32-bit Systems Service Pack 1 | 4577051 (Monthly Rollup) 4577053 (Security Only) |
Important | Information Disclosure | 4571729 |
Base: 4.4 Temporal: 4.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 4577051 (Monthly Rollup) 4577053 (Security Only) |
Important | Information Disclosure | 4571729 |
Base: 4.4 Temporal: 4.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 4577066 (Monthly Rollup) 4577071 (Security Only) |
Important | Information Disclosure | 4571703 |
Base: 4.4 Temporal: 4.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 4577066 (Monthly Rollup) 4577071 (Security Only) |
Important | Information Disclosure | 4571703 |
Base: 4.4 Temporal: 4.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 4577066 (Monthly Rollup) | Important | Information Disclosure | 4571703 |
Base: 4.4 Temporal: 4.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 4577064 (Monthly Rollup) 4577070 (Security Only) |
Important | Information Disclosure | 4571730 |
Base: 4.4 Temporal: 4.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 4577064 (Monthly Rollup) 4577070 (Security Only) |
Important | Information Disclosure | 4571730 |
Base: 4.4 Temporal: 4.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 4577064 (Monthly Rollup) 4577070 (Security Only) |
Important | Information Disclosure | 4571730 |
Base: 4.4 Temporal: 4.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 4577064 (Monthly Rollup) 4577070 (Security Only) |
Important | Information Disclosure | 4571730 |
Base: 4.4 Temporal: 4.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 4577051 (Monthly Rollup) 4577053 (Security Only) |
Important | Information Disclosure | 4571729 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 4577051 (Monthly Rollup) 4577053 (Security Only) |
Important | Information Disclosure | 4571729 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows Server 2012 | 4577038 (Monthly Rollup) 4577048 (Security Only) |
Important | Information Disclosure | 4571736 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows Server 2012 (Server Core installation) | 4577038 (Monthly Rollup) 4577048 (Security Only) |
Important | Information Disclosure | 4571736 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows Server 2012 R2 | 4577066 (Monthly Rollup) 4577071 (Security Only) |
Important | Information Disclosure | 4571703 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 4577066 (Monthly Rollup) 4577071 (Security Only) |
Important | Information Disclosure | 4571703 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows Server 2016 | 4577015 (Security Update) | Important | Information Disclosure | 4571694 |
Base: 4.4 Temporal: 4.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 4577015 (Security Update) | Important | Information Disclosure | 4571694 |
Base: 4.4 Temporal: 4.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 | 4570333 (Security Update) | Important | Information Disclosure | 4565349 |
Base: 4.4 Temporal: 4.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 4570333 (Security Update) | Important | Information Disclosure | 4565349 |
Base: 4.4 Temporal: 4.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1903 (Server Core installation) | 4574727 (Security Update) | Important | Information Disclosure | 4565351 | Base: 4.4 Temporal: 4.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1909 (Server Core installation) | 4574727 (Security Update) | Important | Information Disclosure | 4565351 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows Server, version 2004 (Server Core installation) | 4571756 (Security Update) | Important | Information Disclosure | 4566782 |
Base: 4.4 Temporal: 4.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2020-1589 | JunGu and ZiMi of Alibaba Orion Security Lab |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2020-1590 MITRE NVD |
CVE Title: Connected User Experiences and Telemetry Service Elevation of Privilege Vulnerability
Description: An elevation of privilege vulnerability exists when the Connected User Experiences and Telemetry Service improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges on the victim system. To exploit the vulnerability, an attacker would first have to gain execution on the victim system, then run a specially crafted application. The security update addresses the vulnerability by correcting how the Connected User Experiences and Telemetry Service handles file operations. FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2020-09-08T07:00:00Z Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2020-1590 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Windows 10 Version 1809 for 32-bit Systems | 4570333 (Security Update) | Important | Elevation of Privilege | 4565349 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 4570333 (Security Update) | Important | Elevation of Privilege | 4565349 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 4570333 (Security Update) | Important | Elevation of Privilege | 4565349 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for 32-bit Systems | 4574727 (Security Update) | Important | Elevation of Privilege | 4565351 | Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for ARM64-based Systems | 4574727 (Security Update) | Important | Elevation of Privilege | 4565351 | Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for x64-based Systems | 4574727 (Security Update) | Important | Elevation of Privilege | 4565351 | Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 4574727 (Security Update) | Important | Elevation of Privilege | 4565351 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 4574727 (Security Update) | Important | Elevation of Privilege | 4565351 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 4574727 (Security Update) | Important | Elevation of Privilege | 4565351 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 4571756 (Security Update) | Important | Elevation of Privilege | 4566782 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 4571756 (Security Update) | Important | Elevation of Privilege | 4566782 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 4571756 (Security Update) | Important | Elevation of Privilege | 4566782 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 | 4570333 (Security Update) | Important | Elevation of Privilege | 4565349 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 4570333 (Security Update) | Important | Elevation of Privilege | 4565349 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1903 (Server Core installation) | 4574727 (Security Update) | Important | Elevation of Privilege | 4565351 | Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1909 (Server Core installation) | 4574727 (Security Update) | Important | Elevation of Privilege | 4565351 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows Server, version 2004 (Server Core installation) | 4571756 (Security Update) | Important | Elevation of Privilege | 4566782 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2020-1590 | Xuefeng Li (@lxf02942370) Zhiniang Peng (@edwardzpeng) & Jiadong Lu Jonas Lykkegård Fangming Gu (@afang5472) |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2020-1592 MITRE NVD |
CVE Title: Windows Kernel Information Disclosure Vulnerability
Description: An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory. To exploit this vulnerability, an authenticated attacker could run a specially crafted application. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system. The update addresses the vulnerability by correcting how the Windows kernel initializes objects in memory. FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is the contents of Kernel memory. An attacker could read the contents of Kernel memory from a user mode process. Mitigations: None Workarounds: None Revision: 1.0 2020-09-08T07:00:00Z Information published. |
Important | Information Disclosure |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2020-1592 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Windows 10 Version 1803 for 32-bit Systems | 4577032 (Security Update) | Important | Information Disclosure | 4571709 | Base: 4.4 Temporal: 4.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 4577032 (Security Update) | Important | Information Disclosure | 4571709 | Base: 4.4 Temporal: 4.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 4577032 (Security Update) | Important | Information Disclosure | 4571709 | Base: 4.4 Temporal: 4.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 4570333 (Security Update) | Important | Information Disclosure | 4565349 |
Base: 4.4 Temporal: 4.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 4570333 (Security Update) | Important | Information Disclosure | 4565349 |
Base: 4.4 Temporal: 4.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 4570333 (Security Update) | Important | Information Disclosure | 4565349 |
Base: 4.4 Temporal: 4.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for 32-bit Systems | 4574727 (Security Update) | Important | Information Disclosure | 4565351 | Base: 4.4 Temporal: 4.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for ARM64-based Systems | 4574727 (Security Update) | Important | Information Disclosure | 4565351 | Base: 4.4 Temporal: 4.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for x64-based Systems | 4574727 (Security Update) | Important | Information Disclosure | 4565351 | Base: 4.4 Temporal: 4.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 4574727 (Security Update) | Important | Information Disclosure | 4565351 | Base: 4.4 Temporal: 4.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 4574727 (Security Update) | Important | Information Disclosure | 4565351 | Base: 4.4 Temporal: 4.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 4574727 (Security Update) | Important | Information Disclosure | 4565351 | Base: 4.4 Temporal: 4.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 4571756 (Security Update) | Important | Information Disclosure | 4566782 |
Base: 5.1 Temporal: 4.6 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 4571756 (Security Update) | Important | Information Disclosure | 4566782 |
Base: 5.1 Temporal: 4.6 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 4571756 (Security Update) | Important | Information Disclosure | 4566782 |
Base: 5.1 Temporal: 4.6 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 | 4570333 (Security Update) | Important | Information Disclosure | 4565349 |
Base: 5.1 Temporal: 4.6 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 4570333 (Security Update) | Important | Information Disclosure | 4565349 |
Base: 5.1 Temporal: 4.6 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1903 (Server Core installation) | 4574727 (Security Update) | Important | Information Disclosure | 4565351 | Base: 5.1 Temporal: 4.6 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1909 (Server Core installation) | 4574727 (Security Update) | Important | Information Disclosure | 4565351 | Base: 4.4 Temporal: 4.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 4571756 (Security Update) | Important | Information Disclosure | 4566782 |
Base: 5.1 Temporal: 4.6 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2020-1592 | Clément Rouault @hakril from Exatrack |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2020-1593 MITRE NVD |
CVE Title: Windows Media Audio Decoder Remote Code Execution Vulnerability
Description: A remote code execution vulnerability exists when Windows Media Audio Decoder improperly handles objects. An attacker who successfully exploited the vulnerability could take control of an affected system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit a malicious webpage. The security update addresses the vulnerability by correcting how Windows Media Audio Decoder handles objects. FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2020-09-08T07:00:00Z Information published. |
Critical | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2020-1593 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 4577049 (Security Update) | Critical | Remote Code Execution | 4571692 | Base: 7.6 Temporal: 6.8 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 4577049 (Security Update) | Critical | Remote Code Execution | 4571692 | Base: 7.6 Temporal: 6.8 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 4577015 (Security Update) | Critical | Remote Code Execution | 4571694 |
Base: 7.6 Temporal: 6.8 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 4577015 (Security Update) | Critical | Remote Code Execution | 4571694 |
Base: 7.6 Temporal: 6.8 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for 32-bit Systems | 4577041 (Security Update) | Critical | Remote Code Execution | 4571741 | Base: 7.6 Temporal: 6.8 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for ARM64-based Systems | 4577041 (Security Update) | Critical | Remote Code Execution | 4571741 | Base: 7.6 Temporal: 6.8 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for x64-based Systems | 4577041 (Security Update) | Critical | Remote Code Execution | 4571741 | Base: 7.6 Temporal: 6.8 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for 32-bit Systems | 4577032 (Security Update) | Critical | Remote Code Execution | 4571709 | Base: 7.6 Temporal: 6.8 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 4577032 (Security Update) | Critical | Remote Code Execution | 4571709 | Base: 7.6 Temporal: 6.8 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 4577032 (Security Update) | Critical | Remote Code Execution | 4571709 | Base: 7.6 Temporal: 6.8 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 4570333 (Security Update) | Critical | Remote Code Execution | 4565349 |
Base: 7.6 Temporal: 6.8 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 4570333 (Security Update) | Critical | Remote Code Execution | 4565349 |
Base: 7.6 Temporal: 6.8 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 4570333 (Security Update) | Critical | Remote Code Execution | 4565349 |
Base: 7.6 Temporal: 6.8 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for 32-bit Systems | 4574727 (Security Update) | Critical | Remote Code Execution | 4565351 | Base: 7.6 Temporal: 6.8 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for ARM64-based Systems | 4574727 (Security Update) | Critical | Remote Code Execution | 4565351 | Base: 7.6 Temporal: 6.8 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for x64-based Systems | 4574727 (Security Update) | Critical | Remote Code Execution | 4565351 | Base: 7.6 Temporal: 6.8 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 4574727 (Security Update) | Critical | Remote Code Execution | 4565351 | Base: 7.6 Temporal: 6.8 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 4574727 (Security Update) | Critical | Remote Code Execution | 4565351 | Base: 7.6 Temporal: 6.8 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 4574727 (Security Update) | Critical | Remote Code Execution | 4565351 | Base: 7.6 Temporal: 6.8 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 4571756 (Security Update) | Critical | Remote Code Execution | 4566782 |
Base: 7.6 Temporal: 6.8 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 4571756 (Security Update) | Critical | Remote Code Execution | 4566782 |
Base: 7.6 Temporal: 6.8 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 4571756 (Security Update) | Critical | Remote Code Execution | 4566782 |
Base: 7.6 Temporal: 6.8 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 7 for 32-bit Systems Service Pack 1 | 4577051 (Monthly Rollup) 4577053 (Security Only) |
Critical | Remote Code Execution | 4571729 |
Base: 7.6 Temporal: 6.8 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 4577051 (Monthly Rollup) 4577053 (Security Only) |
Critical | Remote Code Execution | 4571729 |
Base: 7.6 Temporal: 6.8 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 4577066 (Monthly Rollup) 4577071 (Security Only) |
Critical | Remote Code Execution | 4571703 |
Base: 7.6 Temporal: 6.8 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 4577066 (Monthly Rollup) 4577071 (Security Only) |
Critical | Remote Code Execution | 4571703 |
Base: 7.6 Temporal: 6.8 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 4577066 (Monthly Rollup) | Critical | Remote Code Execution | 4571703 |
Base: 7.6 Temporal: 6.8 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 4577064 (Monthly Rollup) 4577070 (Security Only) |
Critical | Remote Code Execution | 4571730 |
Base: 7.6 Temporal: 6.8 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 4577064 (Monthly Rollup) 4577070 (Security Only) |
Critical | Remote Code Execution | 4571730 |
Base: 7.6 Temporal: 6.8 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 4577064 (Monthly Rollup) 4577070 (Security Only) |
Critical | Remote Code Execution | 4571730 |
Base: 7.6 Temporal: 6.8 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 4577064 (Monthly Rollup) 4577070 (Security Only) |
Critical | Remote Code Execution | 4571730 |
Base: 7.6 Temporal: 6.8 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 4577051 (Monthly Rollup) 4577053 (Security Only) |
Critical | Remote Code Execution | 4571729 |
Base: 7.6 Temporal: 6.8 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 4577051 (Monthly Rollup) 4577053 (Security Only) |
Critical | Remote Code Execution | 4571729 |
Base: 7.6 Temporal: 6.8 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 | 4577038 (Monthly Rollup) 4577048 (Security Only) |
Critical | Remote Code Execution | 4571736 |
Base: 7.6 Temporal: 6.8 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 4577038 (Monthly Rollup) 4577048 (Security Only) |
Critical | Remote Code Execution | 4571736 |
Base: 7.6 Temporal: 6.8 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 4577066 (Monthly Rollup) 4577071 (Security Only) |
Critical | Remote Code Execution | 4571703 |
Base: 7.6 Temporal: 6.8 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 4577066 (Monthly Rollup) 4577071 (Security Only) |
Critical | Remote Code Execution | 4571703 |
Base: 7.6 Temporal: 6.8 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 | 4577015 (Security Update) | Critical | Remote Code Execution | 4571694 |
Base: 7.6 Temporal: 6.8 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 4577015 (Security Update) | Critical | Remote Code Execution | 4571694 |
Base: 7.6 Temporal: 6.8 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 | 4570333 (Security Update) | Critical | Remote Code Execution | 4565349 |
Base: 7.6 Temporal: 6.8 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 4570333 (Security Update) | Critical | Remote Code Execution | 4565349 |
Base: 7.6 Temporal: 6.8 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1903 (Server Core installation) | 4574727 (Security Update) | Critical | Remote Code Execution | 4565351 | Base: 7.6 Temporal: 6.8 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1909 (Server Core installation) | 4574727 (Security Update) | Critical | Remote Code Execution | 4565351 | Base: 7.6 Temporal: 6.8 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 4571756 (Security Update) | Critical | Remote Code Execution | 4566782 |
Base: 7.6 Temporal: 6.8 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2020-1593 | yangkang (@dnpushme) |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2020-1596 MITRE NVD |
CVE Title: TLS Information Disclosure Vulnerability
Description: A information disclosure vulnerability exists when TLS components use weak hash algorithms. An attacker who successfully exploited this vulnerability could obtain information to further compromise a users's encrypted transmission channel. To exploit the vulnerability, an attacker would have to conduct a man-in-the-middle attack. The update addresses the vulnerability by correcting how TLS components use hash algorithms. FAQ: What type of information disclosure does the CVE address? This CVE addresses protocol limitations associated with TLS_DHE ephemeral key reusage which can lead to key disclosure. Are there any advice regarding using TLS_DHE keys? The industry has mostly stopped using TLS_DHE. Microsoft advises customers to disable TLS_DHE . Mitigations: None Workarounds: None Revision: 1.0 2020-09-08T07:00:00Z Information published. |
Important | Information Disclosure |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2020-1596 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 4577049 (Security Update) | Important | Information Disclosure | 4571692 | Base: 5.4 Temporal: 4.9 Vector: CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 4577049 (Security Update) | Important | Information Disclosure | 4571692 | Base: 5.4 Temporal: 4.9 Vector: CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 4577015 (Security Update) | Important | Information Disclosure | 4571694 |
Base: 5.4 Temporal: 4.9 Vector: CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 4577015 (Security Update) | Important | Information Disclosure | 4571694 |
Base: 5.4 Temporal: 4.9 Vector: CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for 32-bit Systems | 4577041 (Security Update) | Important | Information Disclosure | 4571741 | Base: 5.4 Temporal: 4.9 Vector: CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for ARM64-based Systems | 4577041 (Security Update) | Important | Information Disclosure | 4571741 | Base: 5.4 Temporal: 4.9 Vector: CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for x64-based Systems | 4577041 (Security Update) | Important | Information Disclosure | 4571741 | Base: 5.4 Temporal: 4.9 Vector: CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for 32-bit Systems | 4577032 (Security Update) | Important | Information Disclosure | 4571709 | Base: 5.4 Temporal: 4.9 Vector: CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 4577032 (Security Update) | Important | Information Disclosure | 4571709 | Base: 5.4 Temporal: 4.9 Vector: CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 4577032 (Security Update) | Important | Information Disclosure | 4571709 | Base: 5.4 Temporal: 4.9 Vector: CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 4570333 (Security Update) | Important | Information Disclosure | 4565349 |
Base: 5.4 Temporal: 4.9 Vector: CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 4570333 (Security Update) | Important | Information Disclosure | 4565349 |
Base: 5.4 Temporal: 4.9 Vector: CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 4570333 (Security Update) | Important | Information Disclosure | 4565349 |
Base: 5.4 Temporal: 4.9 Vector: CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for 32-bit Systems | 4574727 (Security Update) | Important | Information Disclosure | 4565351 | Base: 5.4 Temporal: 4.9 Vector: CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for ARM64-based Systems | 4574727 (Security Update) | Important | Information Disclosure | 4565351 | Base: 5.4 Temporal: 4.9 Vector: CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for x64-based Systems | 4574727 (Security Update) | Important | Information Disclosure | 4565351 | Base: 5.4 Temporal: 4.9 Vector: CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 4574727 (Security Update) | Important | Information Disclosure | 4565351 | Base: 5.4 Temporal: 4.9 Vector: CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 4574727 (Security Update) | Important | Information Disclosure | 4565351 | Base: 5.4 Temporal: 4.9 Vector: CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 4574727 (Security Update) | Important | Information Disclosure | 4565351 | Base: 5.4 Temporal: 4.9 Vector: CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 4571756 (Security Update) | Important | Information Disclosure | 4566782 |
Base: 5.4 Temporal: 4.9 Vector: CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 4571756 (Security Update) | Important | Information Disclosure | 4566782 |
Base: 5.4 Temporal: 4.9 Vector: CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 4571756 (Security Update) | Important | Information Disclosure | 4566782 |
Base: 5.4 Temporal: 4.9 Vector: CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 7 for 32-bit Systems Service Pack 1 | 4577051 (Monthly Rollup) 4577053 (Security Only) |
Important | Information Disclosure | 4571729 |
Base: 5.4 Temporal: 4.9 Vector: CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 4577051 (Monthly Rollup) 4577053 (Security Only) |
Important | Information Disclosure | 4571729 |
Base: 5.4 Temporal: 4.9 Vector: CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 4577066 (Monthly Rollup) 4577071 (Security Only) |
Important | Information Disclosure | 4571703 |
Base: 5.4 Temporal: 4.9 Vector: CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 4577066 (Monthly Rollup) 4577071 (Security Only) |
Important | Information Disclosure | 4571703 |
Base: 5.4 Temporal: 4.9 Vector: CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 4577066 (Monthly Rollup) | Important | Information Disclosure | 4571703 |
Base: 5.4 Temporal: 4.9 Vector: CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 4577064 (Monthly Rollup) 4577070 (Security Only) |
Important | Information Disclosure | 4571730 |
Base: 5.4 Temporal: 4.9 Vector: CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 4577064 (Monthly Rollup) 4577070 (Security Only) |
Important | Information Disclosure | 4571730 |
Base: 5.4 Temporal: 4.9 Vector: CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 4577064 (Monthly Rollup) 4577070 (Security Only) |
Important | Information Disclosure | 4571730 |
Base: 5.4 Temporal: 4.9 Vector: CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 4577064 (Monthly Rollup) 4577070 (Security Only) |
Important | Information Disclosure | 4571730 |
Base: 5.4 Temporal: 4.9 Vector: CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 4577051 (Monthly Rollup) 4577053 (Security Only) |
Important | Information Disclosure | 4571729 |
Base: 5.4 Temporal: 4.9 Vector: CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 4577051 (Monthly Rollup) 4577053 (Security Only) |
Important | Information Disclosure | 4571729 |
Base: 5.4 Temporal: 4.9 Vector: CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 | 4577038 (Monthly Rollup) 4577048 (Security Only) |
Important | Information Disclosure | 4571736 |
Base: 5.4 Temporal: 4.9 Vector: CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 4577038 (Monthly Rollup) 4577048 (Security Only) |
Important | Information Disclosure | 4571736 |
Base: 5.4 Temporal: 4.9 Vector: CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 4577066 (Monthly Rollup) 4577071 (Security Only) |
Important | Information Disclosure | 4571703 |
Base: 5.4 Temporal: 4.9 Vector: CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 4577066 (Monthly Rollup) 4577071 (Security Only) |
Important | Information Disclosure | 4571703 |
Base: 5.4 Temporal: 4.9 Vector: CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 | 4577015 (Security Update) | Important | Information Disclosure | 4571694 |
Base: 5.4 Temporal: 4.9 Vector: CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 4577015 (Security Update) | Important | Information Disclosure | 4571694 |
Base: 5.4 Temporal: 4.9 Vector: CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 | 4570333 (Security Update) | Important | Information Disclosure | 4565349 |
Base: 5.4 Temporal: 4.9 Vector: CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 4570333 (Security Update) | Important | Information Disclosure | 4565349 |
Base: 5.4 Temporal: 4.9 Vector: CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1903 (Server Core installation) | 4574727 (Security Update) | Important | Information Disclosure | 4565351 | Base: 5.4 Temporal: 4.9 Vector: CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1909 (Server Core installation) | 4574727 (Security Update) | Important | Information Disclosure | 4565351 | Base: 5.4 Temporal: 4.9 Vector: CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 4571756 (Security Update) | Important | Information Disclosure | 4566782 |
Base: 5.4 Temporal: 4.9 Vector: CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2020-1596 | Robert Merget (Ruhr University Bochum), Marcus Brinkmann (Ruhr University Bochum), Nimrod Aviram (Tel Aviv University), Juraj Somorovsky (Paderborn University) |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2020-1598 MITRE NVD |
CVE Title: Windows UPnP Service Elevation of Privilege Vulnerability
Description: An elevation of privilege vulnerability exists when the Windows Universal Plug and Play (UPnP) service improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted script or application. The update addresses the vulnerability by correcting how the Windows UPnP service handles objects in memory. FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2020-09-08T07:00:00Z Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2020-1598 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 4577049 (Security Update) | Important | Elevation of Privilege | 4571692 | Base: 4.6 Temporal: 4.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 4577049 (Security Update) | Important | Elevation of Privilege | 4571692 | Base: 4.6 Temporal: 4.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 4577015 (Security Update) | Important | Elevation of Privilege | 4571694 |
Base: 4.6 Temporal: 4.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 4577015 (Security Update) | Important | Elevation of Privilege | 4571694 |
Base: 4.6 Temporal: 4.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for 32-bit Systems | 4577041 (Security Update) | Important | Elevation of Privilege | 4571741 | Base: 4.6 Temporal: 4.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for ARM64-based Systems | 4577041 (Security Update) | Important | Elevation of Privilege | 4571741 | Base: 4.6 Temporal: 4.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for x64-based Systems | 4577041 (Security Update) | Important | Elevation of Privilege | 4571741 | Base: 4.6 Temporal: 4.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for 32-bit Systems | 4577032 (Security Update) | Important | Elevation of Privilege | 4571709 | Base: 4.6 Temporal: 4.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 4577032 (Security Update) | Important | Elevation of Privilege | 4571709 | Base: 4.6 Temporal: 4.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 4577032 (Security Update) | Important | Elevation of Privilege | 4571709 | Base: 4.6 Temporal: 4.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 4570333 (Security Update) | Important | Elevation of Privilege | 4565349 |
Base: 4.6 Temporal: 4.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 4570333 (Security Update) | Important | Elevation of Privilege | 4565349 |
Base: 4.6 Temporal: 4.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 4570333 (Security Update) | Important | Elevation of Privilege | 4565349 |
Base: 4.6 Temporal: 4.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for 32-bit Systems | 4574727 (Security Update) | Important | Elevation of Privilege | 4565351 | Base: 4.6 Temporal: 4.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for ARM64-based Systems | 4574727 (Security Update) | Important | Elevation of Privilege | 4565351 | Base: 4.6 Temporal: 4.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for x64-based Systems | 4574727 (Security Update) | Important | Elevation of Privilege | 4565351 | Base: 4.6 Temporal: 4.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 4574727 (Security Update) | Important | Elevation of Privilege | 4565351 | Base: 6.1 Temporal: 5.5 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:L/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 4574727 (Security Update) | Important | Elevation of Privilege | 4565351 | Base: 6.1 Temporal: 5.5 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:L/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 4574727 (Security Update) | Important | Elevation of Privilege | 4565351 | Base: 6.1 Temporal: 5.5 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:L/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 4571756 (Security Update) | Important | Elevation of Privilege | 4566782 |
Base: 4.6 Temporal: 4.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 4571756 (Security Update) | Important | Elevation of Privilege | 4566782 |
Base: 4.6 Temporal: 4.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 4571756 (Security Update) | Important | Elevation of Privilege | 4566782 |
Base: 4.6 Temporal: 4.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 7 for 32-bit Systems Service Pack 1 | 4577051 (Monthly Rollup) 4577053 (Security Only) |
Important | Elevation of Privilege | 4571729 |
Base: 4.6 Temporal: 4.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 4577051 (Monthly Rollup) 4577053 (Security Only) |
Important | Elevation of Privilege | 4571729 |
Base: 4.6 Temporal: 4.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 4577066 (Monthly Rollup) 4577071 (Security Only) |
Important | Elevation of Privilege | 4571703 |
Base: 4.6 Temporal: 4.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 4577066 (Monthly Rollup) 4577071 (Security Only) |
Important | Elevation of Privilege | 4571703 |
Base: 4.6 Temporal: 4.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 4577066 (Monthly Rollup) | Important | Elevation of Privilege | 4571703 |
Base: 4.6 Temporal: 4.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 4577064 (Monthly Rollup) 4577070 (Security Only) |
Important | Elevation of Privilege | 4571730 |
Base: 4.6 Temporal: 4.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 4577064 (Monthly Rollup) 4577070 (Security Only) |
Important | Elevation of Privilege | 4571730 |
Base: 4.6 Temporal: 4.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 4577064 (Monthly Rollup) 4577070 (Security Only) |
Important | Elevation of Privilege | 4571730 |
Base: 4.6 Temporal: 4.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 4577064 (Monthly Rollup) 4577070 (Security Only) |
Important | Elevation of Privilege | 4571730 |
Base: 4.6 Temporal: 4.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 4577051 (Monthly Rollup) 4577053 (Security Only) |
Important | Elevation of Privilege | 4571729 |
Base: 6.1 Temporal: 5.5 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:L/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 4577051 (Monthly Rollup) 4577053 (Security Only) |
Important | Elevation of Privilege | 4571729 |
Base: 6.1 Temporal: 5.5 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:L/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 | 4577038 (Monthly Rollup) 4577048 (Security Only) |
Important | Elevation of Privilege | 4571736 |
Base: 6.1 Temporal: 5.5 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:L/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 4577038 (Monthly Rollup) 4577048 (Security Only) |
Important | Elevation of Privilege | 4571736 |
Base: 6.1 Temporal: 5.5 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:L/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 4577066 (Monthly Rollup) 4577071 (Security Only) |
Important | Elevation of Privilege | 4571703 |
Base: 6.1 Temporal: 5.5 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:L/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 4577066 (Monthly Rollup) 4577071 (Security Only) |
Important | Elevation of Privilege | 4571703 |
Base: 6.1 Temporal: 5.5 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:L/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 | 4577015 (Security Update) | Important | Elevation of Privilege | 4571694 |
Base: 4.6 Temporal: 4.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 4577015 (Security Update) | Important | Elevation of Privilege | 4571694 |
Base: 4.6 Temporal: 4.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 | 4570333 (Security Update) | Important | Elevation of Privilege | 4565349 |
Base: 4.6 Temporal: 4.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 4570333 (Security Update) | Important | Elevation of Privilege | 4565349 |
Base: 4.6 Temporal: 4.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1903 (Server Core installation) | 4574727 (Security Update) | Important | Elevation of Privilege | 4565351 | Base: 4.6 Temporal: 4.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1909 (Server Core installation) | 4574727 (Security Update) | Important | Elevation of Privilege | 4565351 | Base: 6.1 Temporal: 5.5 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:L/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 4571756 (Security Update) | Important | Elevation of Privilege | 4566782 |
Base: 4.6 Temporal: 4.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2020-1598 | Yuki Chen |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2020-0648 MITRE NVD |
CVE Title: Windows RSoP Service Application Elevation of Privilege Vulnerability
Description: An elevation of privilege vulnerability exists when the Windows RSoP Service Application improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges. The security update addresses the vulnerability by correcting how the Windows RSoP Service Application handles memory. FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2020-09-08T07:00:00Z Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2020-0648 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Windows 10 Version 1607 for 32-bit Systems | 4577015 (Security Update) | Important | Elevation of Privilege | 4571694 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 4577015 (Security Update) | Important | Elevation of Privilege | 4571694 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for 32-bit Systems | 4577041 (Security Update) | Important | Elevation of Privilege | 4571741 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for ARM64-based Systems | 4577041 (Security Update) | Important | Elevation of Privilege | 4571741 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for x64-based Systems | 4577041 (Security Update) | Important | Elevation of Privilege | 4571741 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for 32-bit Systems | 4577032 (Security Update) | Important | Elevation of Privilege | 4571709 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 4577032 (Security Update) | Important | Elevation of Privilege | 4571709 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 4577032 (Security Update) | Important | Elevation of Privilege | 4571709 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 4570333 (Security Update) | Important | Elevation of Privilege | 4565349 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 4570333 (Security Update) | Important | Elevation of Privilege | 4565349 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 4570333 (Security Update) | Important | Elevation of Privilege | 4565349 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for 32-bit Systems | 4574727 (Security Update) | Important | Elevation of Privilege | 4565351 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for ARM64-based Systems | 4574727 (Security Update) | Important | Elevation of Privilege | 4565351 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for x64-based Systems | 4574727 (Security Update) | Important | Elevation of Privilege | 4565351 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 4574727 (Security Update) | Important | Elevation of Privilege | 4565351 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 4574727 (Security Update) | Important | Elevation of Privilege | 4565351 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 4574727 (Security Update) | Important | Elevation of Privilege | 4565351 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 4571756 (Security Update) | Important | Elevation of Privilege | 4566782 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 4571756 (Security Update) | Important | Elevation of Privilege | 4566782 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 4571756 (Security Update) | Important | Elevation of Privilege | 4566782 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 7 for 32-bit Systems Service Pack 1 | 4577051 (Monthly Rollup) 4577053 (Security Only) |
Important | Elevation of Privilege | 4571729 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 4577051 (Monthly Rollup) 4577053 (Security Only) |
Important | Elevation of Privilege | 4571729 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 4577066 (Monthly Rollup) 4577071 (Security Only) |
Important | Elevation of Privilege | 4571703 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 4577066 (Monthly Rollup) 4577071 (Security Only) |
Important | Elevation of Privilege | 4571703 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 4577066 (Monthly Rollup) | Important | Elevation of Privilege | 4571703 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 4577064 (Monthly Rollup) 4577070 (Security Only) |
Important | Elevation of Privilege | 4571730 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 4577064 (Monthly Rollup) 4577070 (Security Only) |
Important | Elevation of Privilege | 4571730 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 4577064 (Monthly Rollup) 4577070 (Security Only) |
Important | Elevation of Privilege | 4571730 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 4577064 (Monthly Rollup) 4577070 (Security Only) |
Important | Elevation of Privilege | 4571730 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 4577051 (Monthly Rollup) 4577053 (Security Only) |
Important | Elevation of Privilege | 4571729 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 4577051 (Monthly Rollup) 4577053 (Security Only) |
Important | Elevation of Privilege | 4571729 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 | 4577038 (Monthly Rollup) 4577048 (Security Only) |
Important | Elevation of Privilege | 4571736 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 4577038 (Monthly Rollup) 4577048 (Security Only) |
Important | Elevation of Privilege | 4571736 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 4577066 (Monthly Rollup) 4577071 (Security Only) |
Important | Elevation of Privilege | 4571703 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 4577066 (Monthly Rollup) 4577071 (Security Only) |
Important | Elevation of Privilege | 4571703 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 | 4577015 (Security Update) | Important | Elevation of Privilege | 4571694 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 4577015 (Security Update) | Important | Elevation of Privilege | 4571694 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 | 4570333 (Security Update) | Important | Elevation of Privilege | 4565349 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 4570333 (Security Update) | Important | Elevation of Privilege | 4565349 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1903 (Server Core installation) | 4574727 (Security Update) | Important | Elevation of Privilege | 4565351 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1909 (Server Core installation) | 4574727 (Security Update) | Important | Elevation of Privilege | 4565351 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 4571756 (Security Update) | Important | Elevation of Privilege | 4566782 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2020-0648 | Zhiniang Peng (@edwardzpeng) & Haoran Qin |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2020-0664 MITRE NVD |
CVE Title: Active Directory Information Disclosure Vulnerability
Description: An information disclosure vulnerability exists when Active Directory integrated DNS (ADIDNS) mishandles objects in memory. An authenticated attacker who successfully exploited this vulnerability would be able to read sensitive information about the target system. To exploit this condition, an authenticated attacker would need to send a specially crafted request to the AD|DNS service. Note that the information disclosure vulnerability by itself would not be sufficient for an attacker to compromise a system. However, an attacker could combine this vulnerability with additional vulnerabilities to further exploit the system. The update addresses the vulnerability by correcting how Active Directory integrated DNS (ADIDNS) handles objects in memory. FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is sensitive information. Mitigations: None Workarounds: None Revision: 1.0 2020-09-08T07:00:00Z Information published. |
Important | Information Disclosure |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation More Likely | Exploitation More Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2020-0664 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 4577064 (Monthly Rollup) 4577070 (Security Only) |
Important | Information Disclosure | 4571730 |
Base: 6.5 Temporal: 5.9 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 4577064 (Monthly Rollup) 4577070 (Security Only) |
Important | Information Disclosure | 4571730 |
Base: 6.5 Temporal: 5.9 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 4577064 (Monthly Rollup) 4577070 (Security Only) |
Important | Information Disclosure | 4571730 |
Base: 6.5 Temporal: 5.9 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 4577064 (Monthly Rollup) 4577070 (Security Only) |
Important | Information Disclosure | 4571730 |
Base: 6.5 Temporal: 5.9 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 4577051 (Monthly Rollup) 4577053 (Security Only) |
Important | Information Disclosure | 4571729 |
Base: 6.5 Temporal: 5.9 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 4577051 (Monthly Rollup) 4577053 (Security Only) |
Important | Information Disclosure | 4571729 |
Base: 6.5 Temporal: 5.9 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 | 4577038 (Monthly Rollup) 4577048 (Security Only) |
Important | Information Disclosure | 4571736 |
Base: 6.5 Temporal: 5.9 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 4577038 (Monthly Rollup) 4577048 (Security Only) |
Important | Information Disclosure | 4571736 |
Base: 6.5 Temporal: 5.9 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 4577066 (Monthly Rollup) 4577071 (Security Only) |
Important | Information Disclosure | 4571703 |
Base: 6.5 Temporal: 5.9 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 4577066 (Monthly Rollup) 4577071 (Security Only) |
Important | Information Disclosure | 4571703 |
Base: 6.5 Temporal: 5.9 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 | 4577015 (Security Update) | Important | Information Disclosure | 4571694 |
Base: 6.5 Temporal: 5.9 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 4577015 (Security Update) | Important | Information Disclosure | 4571694 |
Base: 6.5 Temporal: 5.9 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 | 4570333 (Security Update) | Important | Information Disclosure | 4565349 |
Base: 6.5 Temporal: 5.9 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 4570333 (Security Update) | Important | Information Disclosure | 4565349 |
Base: 6.5 Temporal: 5.9 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1903 (Server Core installation) | 4574727 (Security Update) | Important | Information Disclosure | 4565351 | Base: 6.5 Temporal: 5.9 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1909 (Server Core installation) | 4574727 (Security Update) | Important | Information Disclosure | 4565351 | Base: 6.5 Temporal: 5.9 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 4571756 (Security Update) | Important | Information Disclosure | 4566782 |
Base: 6.5 Temporal: 5.9 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2020-0664 | Dirk-jan Mollema (@_dirkjan) |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2020-0718 MITRE NVD |
CVE Title: Active Directory Remote Code Execution Vulnerability
Description: A remote code execution vulnerability exists when Active Directory integrated DNS (ADIDNS) mishandles objects in memory. An authenticated attacker who successfully exploited the vulnerability could run arbitrary code in the context of the Local System Account To exploit the vulnerability, an authenticated attacker could send malicious requests to an Active Directory integrated DNS (ADIDNS) server. The update addresses the vulnerability by correcting how Active Directory integrated DNS (ADIDNS) handles objects in memory. FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2020-09-08T07:00:00Z Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2020-0718 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 4577064 (Monthly Rollup) 4577070 (Security Only) |
Important | Remote Code Execution | 4571730 |
Base: 8.8 Temporal: 7.9 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 4577064 (Monthly Rollup) 4577070 (Security Only) |
Important | Remote Code Execution | 4571730 |
Base: 8.8 Temporal: 7.9 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 4577064 (Monthly Rollup) 4577070 (Security Only) |
Important | Remote Code Execution | 4571730 |
Base: 8.8 Temporal: 7.9 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 4577064 (Monthly Rollup) 4577070 (Security Only) |
Important | Remote Code Execution | 4571730 |
Base: 8.8 Temporal: 7.9 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 4577051 (Monthly Rollup) 4577053 (Security Only) |
Important | Remote Code Execution | 4571729 |
Base: 8.8 Temporal: 7.9 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 4577051 (Monthly Rollup) 4577053 (Security Only) |
Important | Remote Code Execution | 4571729 |
Base: 8.8 Temporal: 7.9 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 | 4577038 (Monthly Rollup) 4577048 (Security Only) |
Important | Remote Code Execution | 4571736 |
Base: 8.8 Temporal: 7.9 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 4577038 (Monthly Rollup) 4577048 (Security Only) |
Important | Remote Code Execution | 4571736 |
Base: 8.8 Temporal: 7.9 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 4577066 (Monthly Rollup) 4577071 (Security Only) |
Important | Remote Code Execution | 4571703 |
Base: 8.8 Temporal: 7.9 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 4577066 (Monthly Rollup) 4577071 (Security Only) |
Important | Remote Code Execution | 4571703 |
Base: 8.8 Temporal: 7.9 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 | 4577015 (Security Update) | Important | Remote Code Execution | 4571694 |
Base: 8.8 Temporal: 7.9 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 4577015 (Security Update) | Important | Remote Code Execution | 4571694 |
Base: 8.8 Temporal: 7.9 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 | 4570333 (Security Update) | Important | Remote Code Execution | 4565349 |
Base: 8.8 Temporal: 7.9 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 4570333 (Security Update) | Important | Remote Code Execution | 4565349 |
Base: 8.8 Temporal: 7.9 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1903 (Server Core installation) | 4574727 (Security Update) | Important | Remote Code Execution | 4565351 | Base: 8.8 Temporal: 7.9 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1909 (Server Core installation) | 4574727 (Security Update) | Important | Remote Code Execution | 4565351 | Base: 8.8 Temporal: 7.9 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 4571756 (Security Update) | Important | Remote Code Execution | 4566782 |
Base: 8.8 Temporal: 7.9 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2020-0718 | Dirk-jan Mollema (@_dirkjan) |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2020-0761 MITRE NVD |
CVE Title: Active Directory Remote Code Execution Vulnerability
Description: A remote code execution vulnerability exists when Active Directory integrated DNS (ADIDNS) mishandles objects in memory. An authenticated attacker who successfully exploited the vulnerability could run arbitrary code in the context of the Local System Account To exploit the vulnerability, an authenticated attacker could send malicious requests to an Active Directory integrated DNS (ADIDNS) server. The update addresses the vulnerability by correcting how Active Directory integrated DNS (ADIDNS) handles objects in memory. FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2020-09-08T07:00:00Z Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2020-0761 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 4577064 (Monthly Rollup) 4577070 (Security Only) |
Important | Remote Code Execution | 4571730 |
Base: 8.8 Temporal: 7.9 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 4577064 (Monthly Rollup) 4577070 (Security Only) |
Important | Remote Code Execution | 4571730 |
Base: 8.8 Temporal: 7.9 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 4577064 (Monthly Rollup) 4577070 (Security Only) |
Important | Remote Code Execution | 4571730 |
Base: 8.8 Temporal: 7.9 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 4577064 (Monthly Rollup) 4577070 (Security Only) |
Important | Remote Code Execution | 4571730 |
Base: 8.8 Temporal: 7.9 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 4577051 (Monthly Rollup) 4577053 (Security Only) |
Important | Remote Code Execution | 4571729 |
Base: 8.8 Temporal: 7.9 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 4577051 (Monthly Rollup) 4577053 (Security Only) |
Important | Remote Code Execution | 4571729 |
Base: 8.8 Temporal: 7.9 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 | 4577038 (Monthly Rollup) 4577048 (Security Only) |
Important | Remote Code Execution | 4571736 |
Base: 8.8 Temporal: 7.9 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 4577038 (Monthly Rollup) 4577048 (Security Only) |
Important | Remote Code Execution | 4571736 |
Base: 8.8 Temporal: 7.9 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 4577066 (Monthly Rollup) 4577071 (Security Only) |
Important | Remote Code Execution | 4571703 |
Base: 8.8 Temporal: 7.9 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 4577066 (Monthly Rollup) 4577071 (Security Only) |
Important | Remote Code Execution | 4571703 |
Base: 8.8 Temporal: 7.9 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 | 4577015 (Security Update) | Important | Remote Code Execution | 4571694 |
Base: 8.8 Temporal: 7.9 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 4577015 (Security Update) | Important | Remote Code Execution | 4571694 |
Base: 8.8 Temporal: 7.9 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 | 4570333 (Security Update) | Important | Remote Code Execution | 4565349 |
Base: 8.8 Temporal: 7.9 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 4570333 (Security Update) | Important | Remote Code Execution | 4565349 |
Base: 8.8 Temporal: 7.9 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1903 (Server Core installation) | 4574727 (Security Update) | Important | Remote Code Execution | 4565351 | Base: 8.8 Temporal: 7.9 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1909 (Server Core installation) | 4574727 (Security Update) | Important | Remote Code Execution | 4565351 | Base: 8.8 Temporal: 7.9 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 4571756 (Security Update) | Important | Remote Code Execution | 4566782 |
Base: 8.8 Temporal: 7.9 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2020-0761 | Dirk-jan Mollema (@_dirkjan) |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2020-0766 MITRE NVD |
CVE Title: Microsoft Store Runtime Elevation of Privilege Vulnerability
Description: An elevation of privilege vulnerability exists when the Microsoft Store Runtime improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges. The security update addresses the vulnerability by correcting how the Microsoft Store Runtime handles memory. FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2020-09-08T07:00:00Z Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2020-0766 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Windows 10 Version 1607 for 32-bit Systems | 4577015 (Security Update) | Important | Elevation of Privilege | 4571694 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 4577015 (Security Update) | Important | Elevation of Privilege | 4571694 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for 32-bit Systems | 4577041 (Security Update) | Important | Elevation of Privilege | 4571741 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for ARM64-based Systems | 4577041 (Security Update) | Important | Elevation of Privilege | 4571741 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for x64-based Systems | 4577041 (Security Update) | Important | Elevation of Privilege | 4571741 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for 32-bit Systems | 4577032 (Security Update) | Important | Elevation of Privilege | 4571709 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 4577032 (Security Update) | Important | Elevation of Privilege | 4571709 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 4577032 (Security Update) | Important | Elevation of Privilege | 4571709 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 4570333 (Security Update) | Important | Elevation of Privilege | 4565349 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 4570333 (Security Update) | Important | Elevation of Privilege | 4565349 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 4570333 (Security Update) | Important | Elevation of Privilege | 4565349 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for 32-bit Systems | 4574727 (Security Update) | Important | Elevation of Privilege | 4565351 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for ARM64-based Systems | 4574727 (Security Update) | Important | Elevation of Privilege | 4565351 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for x64-based Systems | 4574727 (Security Update) | Important | Elevation of Privilege | 4565351 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 4574727 (Security Update) | Important | Elevation of Privilege | 4565351 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 4574727 (Security Update) | Important | Elevation of Privilege | 4565351 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 4574727 (Security Update) | Important | Elevation of Privilege | 4565351 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 4571756 (Security Update) | Important | Elevation of Privilege | 4566782 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 4571756 (Security Update) | Important | Elevation of Privilege | 4566782 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 4571756 (Security Update) | Important | Elevation of Privilege | 4566782 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 | 4577015 (Security Update) | Important | Elevation of Privilege | 4571694 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 4577015 (Security Update) | Important | Elevation of Privilege | 4571694 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 | 4570333 (Security Update) | Important | Elevation of Privilege | 4565349 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 4570333 (Security Update) | Important | Elevation of Privilege | 4565349 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1903 (Server Core installation) | 4574727 (Security Update) | Important | Elevation of Privilege | 4565351 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1909 (Server Core installation) | 4574727 (Security Update) | Important | Elevation of Privilege | 4565351 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 4571756 (Security Update) | Important | Elevation of Privilege | 4566782 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2020-0766 | anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2020-0782 MITRE NVD |
CVE Title: Windows Cryptographic Catalog Services Elevation of Privilege Vulnerability
Description: An elevation of privilege vulnerability exists when the Windows Cryptographic Catalog Services improperly handle objects in memory. An attacker who successfully exploited this vulnerability could modify the cryptographic catalog. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system. The security update addresses the vulnerability by addressing how the Windows Cryptographic Catalog Services handle objects in memory. FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2020-09-08T07:00:00Z Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2020-0782 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 4577049 (Security Update) | Important | Elevation of Privilege | 4571692 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 4577049 (Security Update) | Important | Elevation of Privilege | 4571692 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 4577015 (Security Update) | Important | Elevation of Privilege | 4571694 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 4577015 (Security Update) | Important | Elevation of Privilege | 4571694 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for 32-bit Systems | 4577041 (Security Update) | Important | Elevation of Privilege | 4571741 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for ARM64-based Systems | 4577041 (Security Update) | Important | Elevation of Privilege | 4571741 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for x64-based Systems | 4577041 (Security Update) | Important | Elevation of Privilege | 4571741 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for 32-bit Systems | 4577032 (Security Update) | Important | Elevation of Privilege | 4571709 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Sy | ||||||