This report contains detail for the following vulnerabilities:
| Tag | CVE ID | CVE Title |
|---|---|---|
| .NET Framework | CVE-2020-1476 | ASP.NET and .NET Elevation of Privilege Vulnerability |
| .NET Framework | CVE-2020-1046 | .NET Framework Remote Code Execution Vulnerability |
| ASP.NET | CVE-2020-1597 | ASP.NET Core Denial of Service Vulnerability |
| Internet Explorer | CVE-2020-1567 | MSHTML Engine Remote Code Execution Vulnerability |
| Microsoft Dynamics | CVE-2020-1591 | Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability |
| Microsoft Edge | CVE-2020-1569 | Microsoft Edge Memory Corruption Vulnerability |
| Microsoft Edge | CVE-2020-1568 | Microsoft Edge PDF Remote Code Execution Vulnerability |
| Microsoft Graphics Component | CVE-2020-1562 | Microsoft Graphics Components Remote Code Execution Vulnerability |
| Microsoft Graphics Component | CVE-2020-1577 | DirectWrite Information Disclosure Vulnerability |
| Microsoft Graphics Component | CVE-2020-1561 | Microsoft Graphics Components Remote Code Execution Vulnerability |
| Microsoft Graphics Component | CVE-2020-1510 | Win32k Information Disclosure Vulnerability |
| Microsoft Graphics Component | CVE-2020-1529 | Windows GDI Elevation of Privilege Vulnerability |
| Microsoft JET Database Engine | CVE-2020-1473 | Jet Database Engine Remote Code Execution Vulnerability |
| Microsoft JET Database Engine | CVE-2020-1558 | Jet Database Engine Remote Code Execution Vulnerability |
| Microsoft JET Database Engine | CVE-2020-1557 | Jet Database Engine Remote Code Execution Vulnerability |
| Microsoft JET Database Engine | CVE-2020-1564 | Jet Database Engine Remote Code Execution Vulnerability |
| Microsoft Office | CVE-2020-1483 | Microsoft Outlook Memory Corruption Vulnerability |
| Microsoft Office | CVE-2020-1504 | Microsoft Excel Remote Code Execution Vulnerability |
| Microsoft Office | CVE-2020-1503 | Microsoft Word Information Disclosure Vulnerability |
| Microsoft Office | CVE-2020-1495 | Microsoft Excel Remote Code Execution Vulnerability |
| Microsoft Office | CVE-2020-1494 | Microsoft Excel Remote Code Execution Vulnerability |
| Microsoft Office | CVE-2020-1493 | Microsoft Outlook Information Disclosure Vulnerability |
| Microsoft Office | CVE-2020-1496 | Microsoft Excel Remote Code Execution Vulnerability |
| Microsoft Office | CVE-2020-1502 | Microsoft Word Information Disclosure Vulnerability |
| Microsoft Office | CVE-2020-1498 | Microsoft Excel Remote Code Execution Vulnerability |
| Microsoft Office | CVE-2020-1497 | Microsoft Excel Information Disclosure Vulnerability |
| Microsoft Office | CVE-2020-1581 | Microsoft Office Click-to-Run Elevation of Privilege Vulnerability |
| Microsoft Office | CVE-2020-1563 | Microsoft Office Remote Code Execution Vulnerability |
| Microsoft Office | CVE-2020-1582 | Microsoft Access Remote Code Execution Vulnerability |
| Microsoft Office | CVE-2020-1583 | Microsoft Word Information Disclosure Vulnerability |
| Microsoft Office SharePoint | CVE-2020-1505 | Microsoft SharePoint Information Disclosure Vulnerability |
| Microsoft Office SharePoint | CVE-2020-1573 | Microsoft Office SharePoint XSS Vulnerability |
| Microsoft Office SharePoint | CVE-2020-1499 | Microsoft SharePoint Spoofing Vulnerability |
| Microsoft Office SharePoint | CVE-2020-1500 | Microsoft SharePoint Spoofing Vulnerability |
| Microsoft Office SharePoint | CVE-2020-1580 | Microsoft Office SharePoint XSS Vulnerability |
| Microsoft Office SharePoint | CVE-2020-1501 | Microsoft SharePoint Spoofing Vulnerability |
| Microsoft Scripting Engine | CVE-2020-1570 | Scripting Engine Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2020-1555 | Scripting Engine Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2020-1380 | Scripting Engine Memory Corruption Vulnerability |
| Microsoft Video Control | CVE-2020-1492 | Media Foundation Memory Corruption Vulnerability |
| Microsoft Windows | CVE-2020-1485 | Windows Image Acquisition Service Information Disclosure Vulnerability |
| Microsoft Windows | CVE-2020-1587 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2020-1551 | Windows Backup Engine Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2020-1484 | Windows Work Folders Service Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2020-1489 | Windows CSC Service Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2020-1584 | Windows dnsrslvr.dll Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2020-1486 | Windows Kernel Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2020-1488 | Windows AppX Deployment Extensions Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2020-1490 | Windows Storage Service Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2020-1515 | Windows Telephony Server Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2020-1513 | Windows CSC Service Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2020-1553 | Windows Runtime Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2020-1552 | Windows Work Folder Service Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2020-1566 | Windows Kernel Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2020-1579 | Windows Function Discovery SSDP Provider Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2020-1512 | Windows State Repository Service Information Disclosure Vulnerability |
| Microsoft Windows | CVE-2020-1511 | Connected User Experiences and Telemetry Service Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2020-1480 | Windows GDI Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2020-1542 | Windows Backup Engine Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2020-1543 | Windows Backup Engine Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2020-1540 | Windows Backup Engine Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2020-1541 | Windows Backup Engine Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2020-1544 | Windows Backup Engine Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2020-1547 | Windows Backup Engine Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2020-1519 | Windows UPnP Device Host Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2020-1545 | Windows Backup Engine Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2020-1546 | Windows Backup Engine Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2020-1539 | Windows Backup Engine Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2020-1528 | Windows Radio Manager API Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2020-1530 | Windows Remote Access Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2020-1526 | Windows Network Connection Broker Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2020-1527 | Windows Custom Protocol Engine Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2020-1534 | Windows Backup Service Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2020-1537 | Windows Remote Access Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2020-1520 | Windows Font Driver Host Remote Code Execution Vulnerability |
| Microsoft Windows | CVE-2020-1535 | Windows Backup Engine Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2020-1536 | Windows Backup Engine Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2020-1470 | Windows Work Folders Service Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2020-1509 | Local Security Authority Subsystem Service Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2020-1459 | Windows ARM Information Disclosure Vulnerability |
| Microsoft Windows | CVE-2020-1538 | Windows UPnP Device Host Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2020-1475 | Windows Server Resource Management Service Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2020-1464 | Windows Spoofing Vulnerability |
| Microsoft Windows | CVE-2020-1467 | Windows Hard Link Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2020-1550 | Windows CDP User Components Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2020-1517 | Windows File Server Resource Management Service Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2020-1518 | Windows File Server Resource Management Service Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2020-1516 | Windows Work Folders Service Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2020-1549 | Windows CDP User Components Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2020-1383 | Windows RRAS Service Information Disclosure Vulnerability |
| Microsoft Windows Codecs Library | CVE-2020-1574 | Microsoft Windows Codecs Library Remote Code Execution Vulnerability |
| Microsoft Windows Codecs Library | CVE-2020-1560 | Microsoft Windows Codecs Library Remote Code Execution Vulnerability |
| Microsoft Windows Codecs Library | CVE-2020-1585 | Microsoft Windows Codecs Library Remote Code Execution Vulnerability |
| Netlogon | CVE-2020-1472 | Netlogon Elevation of Privilege Vulnerability |
| SQL Server | CVE-2020-1455 | Microsoft SQL Server Management Studio Denial of Service Vulnerability |
| Visual Studio | CVE-2020-0604 | Visual Studio Code Remote Code Execution Vulnerability |
| Windows AI | CVE-2020-1521 | Windows Speech Runtime Elevation of Privilege Vulnerability |
| Windows AI | CVE-2020-1522 | Windows Speech Runtime Elevation of Privilege Vulnerability |
| Windows AI | CVE-2020-1524 | Windows Speech Shell Components Elevation of Privilege Vulnerability |
| Windows COM | CVE-2020-1474 | Windows Image Acquisition Service Information Disclosure Vulnerability |
| Windows Kernel | CVE-2020-1578 | Windows Kernel Information Disclosure Vulnerability |
| Windows Kernel | CVE-2020-1417 | Windows Kernel Elevation of Privilege Vulnerability |
| Windows Kernel | CVE-2020-1479 | DirectX Elevation of Privilege Vulnerability |
| Windows Media | CVE-2020-1379 | Media Foundation Memory Corruption Vulnerability |
| Windows Media | CVE-2020-1554 | Media Foundation Memory Corruption Vulnerability |
| Windows Media | CVE-2020-1339 | Windows Media Remote Code Execution Vulnerability |
| Windows Media | CVE-2020-1525 | Media Foundation Memory Corruption Vulnerability |
| Windows Media | CVE-2020-1487 | Media Foundation Information Disclosure Vulnerability |
| Windows Media Player | CVE-2020-1478 | Media Foundation Memory Corruption Vulnerability |
| Windows Media Player | CVE-2020-1477 | Media Foundation Memory Corruption Vulnerability |
| Windows Print Spooler Components | CVE-2020-1337 | Windows Print Spooler Elevation of Privilege Vulnerability |
| Windows RDP | CVE-2020-1466 | Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability |
| Windows Registry | CVE-2020-1377 | Windows Registry Elevation of Privilege Vulnerability |
| Windows Registry | CVE-2020-1378 | Windows Registry Elevation of Privilege Vulnerability |
| Windows Shell | CVE-2020-1565 | Windows Elevation of Privilege Vulnerability |
| Windows Shell | CVE-2020-1531 | Windows Accounts Control Elevation of Privilege Vulnerability |
| Windows Update Stack | CVE-2020-1571 | Windows Setup Elevation of Privilege Vulnerability |
| Windows Update Stack | CVE-2020-1548 | Windows WaasMedic Service Information Disclosure Vulnerability |
| Windows WalletService | CVE-2020-1556 | Windows WalletService Elevation of Privilege Vulnerability |
| Windows WalletService | CVE-2020-1533 | Windows WalletService Elevation of Privilege Vulnerability |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2020-1417 MITRE NVD |
CVE Title: Windows Kernel Elevation of Privilege Vulnerability
Description: An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application to take control of an affected system. The update addresses the vulnerability by correcting how the Windows kernel handles objects in memory. FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2020-08-11T07:00:00Z Information published. This CVE was addressed by updates that were released in July 2020, but the CVE was inadvertently omitted from the July 2020 Security Updates. This is an informational change only. Customers who have already installed the July 2020 update do not need to take any further action. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2020-1417 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Windows 10 Version 1709 for 32-bit Systems | 4571741 (Security Update) | Important | Elevation of Privilege | 4565508 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for ARM64-based Systems | 4571741 (Security Update) | Important | Elevation of Privilege | 4565508 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for x64-based Systems | 4571741 (Security Update) | Important | Elevation of Privilege | 4565508 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for 32-bit Systems | 4571709 (Security Update) | Important | Elevation of Privilege | 4565489 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 4571709 (Security Update) | Important | Elevation of Privilege | 4565489 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 4571709 (Security Update) | Important | Elevation of Privilege | 4565489 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for 32-bit Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for ARM64-based Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for x64-based Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 4566782 (Security Update) | Important | Elevation of Privilege | 4565503 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 4566782 (Security Update) | Important | Elevation of Privilege | 4565503 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 4566782 (Security Update) | Important | Elevation of Privilege | 4565503 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1903 (Server Core installation) | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1909 (Server Core installation) | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 4566782 (Security Update) | Important | Elevation of Privilege | 4565503 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2020-1417 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2020-1464 MITRE NVD |
CVE Title: Windows Spoofing Vulnerability
Description: A spoofing vulnerability exists when Windows incorrectly validates file signatures. An attacker who successfully exploited this vulnerability could bypass security features and load improperly signed files. In an attack scenario, an attacker could bypass security features intended to prevent improperly signed files from being loaded. The update addresses the vulnerability by correcting how Windows validates file signatures. FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2020-08-11T07:00:00Z Information published. |
Important | Spoofing |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Detected | Exploitation Detected | Not Applicable | Yes | Yes |
The following tables list the affected software details for the vulnerability.
| CVE-2020-1464 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 4571692 (Security Update) | Important | Spoofing | 4565513 | Base: 5.3 Temporal: 5.1 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:H/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 4571692 (Security Update) | Important | Spoofing | 4565513 | Base: 5.3 Temporal: 5.1 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:H/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 4571694 (Security Update) | Important | Spoofing | 4565511 |
Base: 5.3 Temporal: 5.1 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:H/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 4571694 (Security Update) | Important | Spoofing | 4565511 |
Base: 5.3 Temporal: 5.1 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:H/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for 32-bit Systems | 4571741 (Security Update) | Important | Spoofing | 4565508 | Base: 5.3 Temporal: 5.1 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:H/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for ARM64-based Systems | 4571741 (Security Update) | Important | Spoofing | 4565508 | Base: 5.3 Temporal: 5.1 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:H/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for x64-based Systems | 4571741 (Security Update) | Important | Spoofing | 4565508 | Base: 5.3 Temporal: 5.1 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:H/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for 32-bit Systems | 4571709 (Security Update) | Important | Spoofing | 4565489 | Base: 5.3 Temporal: 5.1 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:H/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 4571709 (Security Update) | Important | Spoofing | 4565489 | Base: 5.3 Temporal: 5.1 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:H/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 4571709 (Security Update) | Important | Spoofing | 4565489 | Base: 5.3 Temporal: 5.1 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:H/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 4565349 (Security Update) | Important | Spoofing | 4558998 |
Base: 5.3 Temporal: 5.1 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:H/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 4565349 (Security Update) | Important | Spoofing | 4558998 |
Base: 5.3 Temporal: 5.1 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:H/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 4565349 (Security Update) | Important | Spoofing | 4558998 |
Base: 5.3 Temporal: 5.1 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:H/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for 32-bit Systems | 4565351 (Security Update) | Important | Spoofing | 4565483 | Base: 5.3 Temporal: 5.1 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:H/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for ARM64-based Systems | 4565351 (Security Update) | Important | Spoofing | 4565483 | Base: 5.3 Temporal: 5.1 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:H/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for x64-based Systems | 4565351 (Security Update) | Important | Spoofing | 4565483 | Base: 5.3 Temporal: 5.1 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:H/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 4565351 (Security Update) | Important | Spoofing | 4565483 | Base: 5.3 Temporal: 5.1 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:H/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 4565351 (Security Update) | Important | Spoofing | 4565483 | Base: 5.3 Temporal: 5.1 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:H/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 4565351 (Security Update) | Important | Spoofing | 4565483 | Base: 5.3 Temporal: 5.1 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:H/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 4566782 (Security Update) | Important | Spoofing | 4565503 |
Base: 5.3 Temporal: 5.1 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:H/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 4566782 (Security Update) | Important | Spoofing | 4565503 |
Base: 5.3 Temporal: 5.1 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:H/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 4566782 (Security Update) | Important | Spoofing | 4565503 |
Base: 5.3 Temporal: 5.1 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:H/RL:O/RC:C |
Yes |
| Windows 7 for 32-bit Systems Service Pack 1 | 4571729 (Monthly Rollup) 4571719 (Security Only) |
Important | Spoofing | 4565524 |
Base: 5.3 Temporal: 5.1 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:H/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 4571729 (Monthly Rollup) 4571719 (Security Only) |
Important | Spoofing | 4565524 |
Base: 5.3 Temporal: 5.1 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:H/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 4571703 (Monthly Rollup) 4571723 (Security Only) |
Important | Spoofing | 4565541 |
Base: 5.3 Temporal: 5.1 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:H/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 4571703 (Monthly Rollup) 4571723 (Security Only) |
Important | Spoofing | 4565541 |
Base: 5.3 Temporal: 5.1 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:H/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 4571703 (Monthly Rollup) | Important | Spoofing | 4565541 |
Base: 5.3 Temporal: 5.1 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:H/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 4571730 (Monthly Rollup) 4571746 (Security Only) |
Important | Spoofing | 4565536 |
Base: 5.3 Temporal: 5.1 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:H/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 4571730 (Monthly Rollup) 4571746 (Security Only) |
Important | Spoofing | 4565536 |
Base: 5.3 Temporal: 5.1 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:H/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 4571730 (Monthly Rollup) 4571746 (Security Only) |
Important | Spoofing | 4565536 |
Base: 5.3 Temporal: 5.1 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:H/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 4571730 (Monthly Rollup) 4571746 (Security Only) |
Important | Spoofing | 4565536 |
Base: 5.3 Temporal: 5.1 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:H/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 4571729 (Monthly Rollup) 4571719 (Security Only) |
Important | Spoofing | 4565524 |
Base: 5.3 Temporal: 5.1 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:H/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 4571729 (Monthly Rollup) 4571719 (Security Only) |
Important | Spoofing | 4565524 |
Base: 5.3 Temporal: 5.1 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:H/RL:O/RC:C |
Yes |
| Windows Server 2012 | 4571736 (Monthly Rollup) 4571702 (Security Only) |
Important | Spoofing | 4565537 |
Base: 5.3 Temporal: 5.1 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:H/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 4571736 (Monthly Rollup) 4571702 (Security Only) |
Important | Spoofing | 4565537 |
Base: 5.3 Temporal: 5.1 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:H/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 4571703 (Monthly Rollup) 4571723 (Security Only) |
Important | Spoofing | 4565541 |
Base: 5.3 Temporal: 5.1 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:H/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 4571703 (Monthly Rollup) 4571723 (Security Only) |
Important | Spoofing | 4565541 |
Base: 5.3 Temporal: 5.1 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:H/RL:O/RC:C |
Yes |
| Windows Server 2016 | 4571694 (Security Update) | Important | Spoofing | 4565511 |
Base: 5.3 Temporal: 5.1 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:H/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 4571694 (Security Update) | Important | Spoofing | 4565511 |
Base: 5.3 Temporal: 5.1 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:H/RL:O/RC:C |
Yes |
| Windows Server 2019 | 4565349 (Security Update) | Important | Spoofing | 4558998 |
Base: 5.3 Temporal: 5.1 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:H/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 4565349 (Security Update) | Important | Spoofing | 4558998 |
Base: 5.3 Temporal: 5.1 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:H/RL:O/RC:C |
Yes |
| Windows Server, version 1903 (Server Core installation) | 4565351 (Security Update) | Important | Spoofing | 4565483 | Base: 5.3 Temporal: 5.1 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:H/RL:O/RC:C |
Yes |
| Windows Server, version 1909 (Server Core installation) | 4565351 (Security Update) | Important | Spoofing | 4565483 | Base: 5.3 Temporal: 5.1 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:H/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 4566782 (Security Update) | Important | Spoofing | 4565503 |
Base: 5.3 Temporal: 5.1 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:H/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2020-1464 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2020-1470 MITRE NVD |
CVE Title: Windows Work Folders Service Elevation of Privilege Vulnerability
Description: An elevation of privilege vulnerability exists when the Windows Work Folders Service improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges. The security update addresses the vulnerability by correcting how the Windows Work Folders Service handles memory. FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2020-08-11T07:00:00Z Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2020-1470 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 4571692 (Security Update) | Important | Elevation of Privilege | 4565513 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 4571692 (Security Update) | Important | Elevation of Privilege | 4565513 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 4571694 (Security Update) | Important | Elevation of Privilege | 4565511 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 4571694 (Security Update) | Important | Elevation of Privilege | 4565511 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for 32-bit Systems | 4571741 (Security Update) | Important | Elevation of Privilege | 4565508 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for ARM64-based Systems | 4571741 (Security Update) | Important | Elevation of Privilege | 4565508 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for x64-based Systems | 4571741 (Security Update) | Important | Elevation of Privilege | 4565508 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for 32-bit Systems | 4571709 (Security Update) | Important | Elevation of Privilege | 4565489 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 4571709 (Security Update) | Important | Elevation of Privilege | 4565489 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 4571709 (Security Update) | Important | Elevation of Privilege | 4565489 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for 32-bit Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for ARM64-based Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for x64-based Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 4566782 (Security Update) | Important | Elevation of Privilege | 4565503 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 4566782 (Security Update) | Important | Elevation of Privilege | 4565503 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 4566782 (Security Update) | Important | Elevation of Privilege | 4565503 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 7 for 32-bit Systems Service Pack 1 | 4571729 (Monthly Rollup) 4571719 (Security Only) |
Important | Elevation of Privilege | 4565524 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 4571729 (Monthly Rollup) 4571719 (Security Only) |
Important | Elevation of Privilege | 4565524 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 4571703 (Monthly Rollup) 4571723 (Security Only) |
Important | Elevation of Privilege | 4565541 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 4571703 (Monthly Rollup) 4571723 (Security Only) |
Important | Elevation of Privilege | 4565541 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 4571703 (Monthly Rollup) | Important | Elevation of Privilege | 4565541 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 4571729 (Monthly Rollup) 4571719 (Security Only) |
Important | Elevation of Privilege | 4565524 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 4571729 (Monthly Rollup) 4571719 (Security Only) |
Important | Elevation of Privilege | 4565524 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 4571703 (Monthly Rollup) 4571723 (Security Only) |
Important | Elevation of Privilege | 4565541 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 4571703 (Monthly Rollup) 4571723 (Security Only) |
Important | Elevation of Privilege | 4565541 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 | 4571694 (Security Update) | Important | Elevation of Privilege | 4565511 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 4571694 (Security Update) | Important | Elevation of Privilege | 4565511 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1903 (Server Core installation) | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1909 (Server Core installation) | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 4566782 (Security Update) | Important | Elevation of Privilege | 4565503 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2020-1470 | anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2020-1509 MITRE NVD |
CVE Title: Local Security Authority Subsystem Service Elevation of Privilege Vulnerability
Description: An elevation of privilege vulnerability exists in the Local Security Authority Subsystem Service (LSASS) when an authenticated attacker sends a specially crafted authentication request. A remote attacker who successfully exploited this vulnerability could cause an elevation of privilege on the target system's LSASS service. The security update addresses the vulnerability by changing the way that LSASS handles specially crafted authentication requests. FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2020-08-11T07:00:00Z Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2020-1509 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 4571692 (Security Update) | Important | Elevation of Privilege | 4565513 | Base: 8.8 Temporal: 7.9 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 4571692 (Security Update) | Important | Elevation of Privilege | 4565513 | Base: 8.8 Temporal: 7.9 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 4571694 (Security Update) | Important | Elevation of Privilege | 4565511 |
Base: 8.8 Temporal: 7.9 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 4571694 (Security Update) | Important | Elevation of Privilege | 4565511 |
Base: 8.8 Temporal: 7.9 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for 32-bit Systems | 4571741 (Security Update) | Important | Elevation of Privilege | 4565508 | Base: 8.8 Temporal: 7.9 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for ARM64-based Systems | 4571741 (Security Update) | Important | Elevation of Privilege | 4565508 | Base: 8.8 Temporal: 7.9 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for x64-based Systems | 4571741 (Security Update) | Important | Elevation of Privilege | 4565508 | Base: 8.8 Temporal: 7.9 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for 32-bit Systems | 4571709 (Security Update) | Important | Elevation of Privilege | 4565489 | Base: 8.8 Temporal: 7.9 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 4571709 (Security Update) | Important | Elevation of Privilege | 4565489 | Base: 8.8 Temporal: 7.9 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 4571709 (Security Update) | Important | Elevation of Privilege | 4565489 | Base: 8.8 Temporal: 7.9 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: 8.8 Temporal: 7.9 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: 8.8 Temporal: 7.9 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: 8.8 Temporal: 7.9 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for 32-bit Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 8.8 Temporal: 7.9 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for ARM64-based Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 8.8 Temporal: 7.9 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for x64-based Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 8.8 Temporal: 7.9 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 8.8 Temporal: 7.9 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 8.8 Temporal: 7.9 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 8.8 Temporal: 7.9 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 4566782 (Security Update) | Important | Elevation of Privilege | 4565503 |
Base: 8.8 Temporal: 7.9 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 4566782 (Security Update) | Important | Elevation of Privilege | 4565503 |
Base: 8.8 Temporal: 7.9 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 4566782 (Security Update) | Important | Elevation of Privilege | 4565503 |
Base: 8.8 Temporal: 7.9 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 4571703 (Monthly Rollup) 4571723 (Security Only) |
Important | Elevation of Privilege | 4565541 |
Base: 8.8 Temporal: 7.9 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 4571703 (Monthly Rollup) 4571723 (Security Only) |
Important | Elevation of Privilege | 4565541 |
Base: 8.8 Temporal: 7.9 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 4571703 (Monthly Rollup) | Important | Elevation of Privilege | 4565541 |
Base: 8.8 Temporal: 7.9 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 | 4571736 (Monthly Rollup) 4571702 (Security Only) |
Important | Elevation of Privilege | 4565537 |
Base: 8.8 Temporal: 7.9 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 4571736 (Monthly Rollup) 4571702 (Security Only) |
Important | Elevation of Privilege | 4565537 |
Base: 8.8 Temporal: 7.9 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 4571703 (Monthly Rollup) 4571723 (Security Only) |
Important | Elevation of Privilege | 4565541 |
Base: 8.8 Temporal: 7.9 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 4571703 (Monthly Rollup) 4571723 (Security Only) |
Important | Elevation of Privilege | 4565541 |
Base: 8.8 Temporal: 7.9 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 | 4571694 (Security Update) | Important | Elevation of Privilege | 4565511 |
Base: 8.8 Temporal: 7.9 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 4571694 (Security Update) | Important | Elevation of Privilege | 4565511 |
Base: 8.8 Temporal: 7.9 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: 8.8 Temporal: 7.9 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: 8.8 Temporal: 7.9 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1903 (Server Core installation) | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 8.8 Temporal: 7.9 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1909 (Server Core installation) | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 8.8 Temporal: 7.9 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 4566782 (Security Update) | Important | Elevation of Privilege | 4565503 |
Base: 8.8 Temporal: 7.9 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2020-1509 | James Forshaw of Google Project Zero |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2020-1510 MITRE NVD |
CVE Title: Win32k Information Disclosure Vulnerability
Description: An information disclosure vulnerability exists when the win32k component improperly provides kernel information. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The security update addresses the vulnerability by correcting how win32k handles objects in memory. FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is memory layout - the vulnerability allows an attacker to collect information that facilitates predicting addressing of the memory. Mitigations: None Workarounds: None Revision: 1.0 2020-08-11T07:00:00Z Information published. This CVE was addressed by updates that were released in June 2020, but the CVE was inadvertently omitted from the June 2020 Security Updates. This is an informational change only. Customers who have already installed the June 2020 update do not need to take any further action. |
Important | Information Disclosure |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2020-1510 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 4571692 (Security Update) | Important | Information Disclosure | 4565513 | Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 4571692 (Security Update) | Important | Information Disclosure | 4565513 | Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 4571694 (Security Update) | Important | Information Disclosure | 4565511 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 4571694 (Security Update) | Important | Information Disclosure | 4565511 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for 32-bit Systems | 4571741 (Security Update) | Important | Information Disclosure | 4565508 | Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for ARM64-based Systems | 4571741 (Security Update) | Important | Information Disclosure | 4565508 | Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for x64-based Systems | 4571741 (Security Update) | Important | Information Disclosure | 4565508 | Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for 32-bit Systems | 4571709 (Security Update) | Important | Information Disclosure | 4565489 | Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 4571709 (Security Update) | Important | Information Disclosure | 4565489 | Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 4571709 (Security Update) | Important | Information Disclosure | 4565489 | Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 4565349 (Security Update) | Important | Information Disclosure | 4558998 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 4565349 (Security Update) | Important | Information Disclosure | 4558998 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 4565349 (Security Update) | Important | Information Disclosure | 4558998 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for 32-bit Systems | 4565351 (Security Update) | Important | Information Disclosure | 4565483 | Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for ARM64-based Systems | 4565351 (Security Update) | Important | Information Disclosure | 4565483 | Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for x64-based Systems | 4565351 (Security Update) | Important | Information Disclosure | 4565483 | Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 4565351 (Security Update) | Important | Information Disclosure | 4565483 | Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 4565351 (Security Update) | Important | Information Disclosure | 4565483 | Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 4565351 (Security Update) | Important | Information Disclosure | 4565483 | Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 4566782 (Security Update) | Important | Information Disclosure | 4565503 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 4566782 (Security Update) | Important | Information Disclosure | 4565503 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 4566782 (Security Update) | Important | Information Disclosure | 4565503 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2020-1510 | Netanel Ben-Simon and Yoav Alon from Check Point Research fd8d355055 |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2020-1516 MITRE NVD |
CVE Title: Windows Work Folders Service Elevation of Privilege Vulnerability
Description: An elevation of privilege vulnerability exists when the Windows Work Folders Service improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges. The security update addresses the vulnerability by correcting how the Windows Work Folders Service handles memory. FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2020-08-11T07:00:00Z Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2020-1516 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 4571692 (Security Update) | Important | Elevation of Privilege | 4565513 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 4571692 (Security Update) | Important | Elevation of Privilege | 4565513 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 4571694 (Security Update) | Important | Elevation of Privilege | 4565511 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 4571694 (Security Update) | Important | Elevation of Privilege | 4565511 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for 32-bit Systems | 4571741 (Security Update) | Important | Elevation of Privilege | 4565508 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for ARM64-based Systems | 4571741 (Security Update) | Important | Elevation of Privilege | 4565508 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for x64-based Systems | 4571741 (Security Update) | Important | Elevation of Privilege | 4565508 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for 32-bit Systems | 4571709 (Security Update) | Important | Elevation of Privilege | 4565489 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 4571709 (Security Update) | Important | Elevation of Privilege | 4565489 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 4571709 (Security Update) | Important | Elevation of Privilege | 4565489 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for 32-bit Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for ARM64-based Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for x64-based Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 4566782 (Security Update) | Important | Elevation of Privilege | 4565503 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 4566782 (Security Update) | Important | Elevation of Privilege | 4565503 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 4566782 (Security Update) | Important | Elevation of Privilege | 4565503 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 7 for 32-bit Systems Service Pack 1 | 4571729 (Monthly Rollup) 4571719 (Security Only) |
Important | Elevation of Privilege | 4565524 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 4571729 (Monthly Rollup) 4571719 (Security Only) |
Important | Elevation of Privilege | 4565524 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 4571703 (Monthly Rollup) 4571723 (Security Only) |
Important | Elevation of Privilege | 4565541 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 4571703 (Monthly Rollup) 4571723 (Security Only) |
Important | Elevation of Privilege | 4565541 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 4571703 (Monthly Rollup) | Important | Elevation of Privilege | 4565541 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 4571729 (Monthly Rollup) 4571719 (Security Only) |
Important | Elevation of Privilege | 4565524 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 4571729 (Monthly Rollup) 4571719 (Security Only) |
Important | Elevation of Privilege | 4565524 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 4571703 (Monthly Rollup) 4571723 (Security Only) |
Important | Elevation of Privilege | 4565541 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 4571703 (Monthly Rollup) 4571723 (Security Only) |
Important | Elevation of Privilege | 4565541 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 | 4571694 (Security Update) | Important | Elevation of Privilege | 4565511 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 4571694 (Security Update) | Important | Elevation of Privilege | 4565511 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1903 (Server Core installation) | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1909 (Server Core installation) | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 4566782 (Security Update) | Important | Elevation of Privilege | 4565503 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2020-1516 | Zhiniang Peng (@edwardzpeng) & Xuefeng Li |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2020-1517 MITRE NVD |
CVE Title: Windows File Server Resource Management Service Elevation of Privilege Vulnerability
Description: An elevation of privilege vulnerability exists when the Windows File Server Resource Management Service improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges. The security update addresses the vulnerability by correcting how the Windows File Server Resource Management Service handles memory. FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2020-08-11T07:00:00Z Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2020-1517 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Windows 10 Version 1607 for 32-bit Systems | 4571694 (Security Update) | Important | Elevation of Privilege | 4565511 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 4571694 (Security Update) | Important | Elevation of Privilege | 4565511 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for 32-bit Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for ARM64-based Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for x64-based Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 4566782 (Security Update) | Important | Elevation of Privilege | 4565503 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 4566782 (Security Update) | Important | Elevation of Privilege | 4565503 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 4566782 (Security Update) | Important | Elevation of Privilege | 4565503 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 7 for 32-bit Systems Service Pack 1 | 4571729 (Monthly Rollup) 4571719 (Security Only) |
Important | Elevation of Privilege | 4565524 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 4571729 (Monthly Rollup) 4571719 (Security Only) |
Important | Elevation of Privilege | 4565524 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 4571703 (Monthly Rollup) 4571723 (Security Only) |
Important | Elevation of Privilege | 4565541 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 4571703 (Monthly Rollup) 4571723 (Security Only) |
Important | Elevation of Privilege | 4565541 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 4571703 (Monthly Rollup) | Important | Elevation of Privilege | 4565541 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 4571730 (Monthly Rollup) 4571746 (Security Only) |
Important | Elevation of Privilege | 4565536 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 4571730 (Monthly Rollup) 4571746 (Security Only) |
Important | Elevation of Privilege | 4565536 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 4571730 (Monthly Rollup) 4571746 (Security Only) |
Important | Elevation of Privilege | 4565536 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 4571730 (Monthly Rollup) 4571746 (Security Only) |
Important | Elevation of Privilege | 4565536 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 4571729 (Monthly Rollup) 4571719 (Security Only) |
Important | Elevation of Privilege | 4565524 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 4571729 (Monthly Rollup) 4571719 (Security Only) |
Important | Elevation of Privilege | 4565524 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 | 4571736 (Monthly Rollup) 4571702 (Security Only) |
Important | Elevation of Privilege | 4565537 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 4571736 (Monthly Rollup) 4571702 (Security Only) |
Important | Elevation of Privilege | 4565537 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 4571703 (Monthly Rollup) 4571723 (Security Only) |
Important | Elevation of Privilege | 4565541 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 4571703 (Monthly Rollup) 4571723 (Security Only) |
Important | Elevation of Privilege | 4565541 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 | 4571694 (Security Update) | Important | Elevation of Privilege | 4565511 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 4571694 (Security Update) | Important | Elevation of Privilege | 4565511 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1903 (Server Core installation) | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1909 (Server Core installation) | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 4566782 (Security Update) | Important | Elevation of Privilege | 4565503 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2020-1517 | Zhiniang Peng (@edwardzpeng) & Xuefeng Li |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2020-1518 MITRE NVD |
CVE Title: Windows File Server Resource Management Service Elevation of Privilege Vulnerability
Description: An elevation of privilege vulnerability exists when the Windows File Server Resource Management Service improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges. The security update addresses the vulnerability by correcting how the Windows File Server Resource Management Service handles memory. FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2020-08-11T07:00:00Z Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2020-1518 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Windows 10 Version 1607 for 32-bit Systems | 4571694 (Security Update) | Important | Elevation of Privilege | 4565511 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 4571694 (Security Update) | Important | Elevation of Privilege | 4565511 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for 32-bit Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for ARM64-based Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for x64-based Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 4566782 (Security Update) | Important | Elevation of Privilege | 4565503 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 4566782 (Security Update) | Important | Elevation of Privilege | 4565503 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 4566782 (Security Update) | Important | Elevation of Privilege | 4565503 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 7 for 32-bit Systems Service Pack 1 | 4571729 (Monthly Rollup) 4571719 (Security Only) |
Important | Elevation of Privilege | 4565524 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 4571729 (Monthly Rollup) 4571719 (Security Only) |
Important | Elevation of Privilege | 4565524 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 4571703 (Monthly Rollup) 4571723 (Security Only) |
Important | Elevation of Privilege | 4565541 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 4571703 (Monthly Rollup) 4571723 (Security Only) |
Important | Elevation of Privilege | 4565541 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 4571703 (Monthly Rollup) | Important | Elevation of Privilege | 4565541 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 4571730 (Monthly Rollup) 4571746 (Security Only) |
Important | Elevation of Privilege | 4565536 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 4571730 (Monthly Rollup) 4571746 (Security Only) |
Important | Elevation of Privilege | 4565536 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 4571730 (Monthly Rollup) 4571746 (Security Only) |
Important | Elevation of Privilege | 4565536 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 4571730 (Monthly Rollup) 4571746 (Security Only) |
Important | Elevation of Privilege | 4565536 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 4571729 (Monthly Rollup) 4571719 (Security Only) |
Important | Elevation of Privilege | 4565524 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 4571729 (Monthly Rollup) 4571719 (Security Only) |
Important | Elevation of Privilege | 4565524 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 | 4571736 (Monthly Rollup) 4571702 (Security Only) |
Important | Elevation of Privilege | 4565537 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 4571736 (Monthly Rollup) 4571702 (Security Only) |
Important | Elevation of Privilege | 4565537 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 4571703 (Monthly Rollup) 4571723 (Security Only) |
Important | Elevation of Privilege | 4565541 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 4571703 (Monthly Rollup) 4571723 (Security Only) |
Important | Elevation of Privilege | 4565541 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 | 4571694 (Security Update) | Important | Elevation of Privilege | 4565511 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 4571694 (Security Update) | Important | Elevation of Privilege | 4565511 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1903 (Server Core installation) | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1909 (Server Core installation) | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 4566782 (Security Update) | Important | Elevation of Privilege | 4565503 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2020-1518 | Zhiniang Peng (@edwardzpeng) & Xuefeng Li |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2020-1519 MITRE NVD |
CVE Title: Windows UPnP Device Host Elevation of Privilege Vulnerability
Description: An elevation of privilege vulnerability exists when the Windows UPnP Device Host improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges. The security update addresses the vulnerability by correcting how the Windows UPnP Device Host handles memory. FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2020-08-11T07:00:00Z Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2020-1519 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 4571692 (Security Update) | Important | Elevation of Privilege | 4565513 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 4571692 (Security Update) | Important | Elevation of Privilege | 4565513 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 4571694 (Security Update) | Important | Elevation of Privilege | 4565511 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 4571694 (Security Update) | Important | Elevation of Privilege | 4565511 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for 32-bit Systems | 4571741 (Security Update) | Important | Elevation of Privilege | 4565508 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for ARM64-based Systems | 4571741 (Security Update) | Important | Elevation of Privilege | 4565508 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for x64-based Systems | 4571741 (Security Update) | Important | Elevation of Privilege | 4565508 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for 32-bit Systems | 4571709 (Security Update) | Important | Elevation of Privilege | 4565489 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 4571709 (Security Update) | Important | Elevation of Privilege | 4565489 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 4571709 (Security Update) | Important | Elevation of Privilege | 4565489 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for 32-bit Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for ARM64-based Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for x64-based Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 4566782 (Security Update) | Important | Elevation of Privilege | 4565503 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 4566782 (Security Update) | Important | Elevation of Privilege | 4565503 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 4566782 (Security Update) | Important | Elevation of Privilege | 4565503 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 7 for 32-bit Systems Service Pack 1 | 4571729 (Monthly Rollup) 4571719 (Security Only) |
Important | Elevation of Privilege | 4565524 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 4571729 (Monthly Rollup) 4571719 (Security Only) |
Important | Elevation of Privilege | 4565524 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 4571703 (Monthly Rollup) 4571723 (Security Only) |
Important | Elevation of Privilege | 4565541 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 4571703 (Monthly Rollup) 4571723 (Security Only) |
Important | Elevation of Privilege | 4565541 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 4571703 (Monthly Rollup) | Important | Elevation of Privilege | 4565541 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 4571730 (Monthly Rollup) 4571746 (Security Only) |
Important | Elevation of Privilege | 4565536 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 4571730 (Monthly Rollup) 4571746 (Security Only) |
Important | Elevation of Privilege | 4565536 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 4571730 (Monthly Rollup) 4571746 (Security Only) |
Important | Elevation of Privilege | 4565536 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 4571730 (Monthly Rollup) 4571746 (Security Only) |
Important | Elevation of Privilege | 4565536 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 4571729 (Monthly Rollup) 4571719 (Security Only) |
Important | Elevation of Privilege | 4565524 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 4571729 (Monthly Rollup) 4571719 (Security Only) |
Important | Elevation of Privilege | 4565524 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 | 4571736 (Monthly Rollup) 4571702 (Security Only) |
Important | Elevation of Privilege | 4565537 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 4571736 (Monthly Rollup) 4571702 (Security Only) |
Important | Elevation of Privilege | 4565537 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 4571703 (Monthly Rollup) 4571723 (Security Only) |
Important | Elevation of Privilege | 4565541 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 4571703 (Monthly Rollup) 4571723 (Security Only) |
Important | Elevation of Privilege | 4565541 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 | 4571694 (Security Update) | Important | Elevation of Privilege | 4565511 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 4571694 (Security Update) | Important | Elevation of Privilege | 4565511 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1903 (Server Core installation) | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1909 (Server Core installation) | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 4566782 (Security Update) | Important | Elevation of Privilege | 4565503 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2020-1519 | Zhiniang Peng (@edwardzpeng) & Haoran Qin Yuki Chen |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2020-1520 MITRE NVD |
CVE Title: Windows Font Driver Host Remote Code Execution Vulnerability
Description: A remote code execution vulnerability exists when the Windows Font Driver Host improperly handles memory. An attacker who successfully exploited the vulnerability would gain execution on a victim system. The security update addresses the vulnerability by correcting how the Windows Font Driver Host handles memory. FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2020-08-11T07:00:00Z Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2020-1520 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 4571692 (Security Update) | Important | Remote Code Execution | 4565513 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 4571692 (Security Update) | Important | Remote Code Execution | 4565513 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 4571694 (Security Update) | Important | Remote Code Execution | 4565511 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 4571694 (Security Update) | Important | Remote Code Execution | 4565511 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for 32-bit Systems | 4571741 (Security Update) | Important | Remote Code Execution | 4565508 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for ARM64-based Systems | 4571741 (Security Update) | Important | Remote Code Execution | 4565508 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for x64-based Systems | 4571741 (Security Update) | Important | Remote Code Execution | 4565508 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for 32-bit Systems | 4571709 (Security Update) | Important | Remote Code Execution | 4565489 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 4571709 (Security Update) | Important | Remote Code Execution | 4565489 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 4571709 (Security Update) | Important | Remote Code Execution | 4565489 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 4565349 (Security Update) | Important | Remote Code Execution | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 4565349 (Security Update) | Important | Remote Code Execution | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 4565349 (Security Update) | Important | Remote Code Execution | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for 32-bit Systems | 4565351 (Security Update) | Important | Remote Code Execution | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for ARM64-based Systems | 4565351 (Security Update) | Important | Remote Code Execution | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for x64-based Systems | 4565351 (Security Update) | Important | Remote Code Execution | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 4565351 (Security Update) | Important | Remote Code Execution | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 4565351 (Security Update) | Important | Remote Code Execution | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 4565351 (Security Update) | Important | Remote Code Execution | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 4566782 (Security Update) | Important | Remote Code Execution | 4565503 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 4566782 (Security Update) | Important | Remote Code Execution | 4565503 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 4566782 (Security Update) | Important | Remote Code Execution | 4565503 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 7 for 32-bit Systems Service Pack 1 | 4571729 (Monthly Rollup) 4571719 (Security Only) |
Important | Remote Code Execution | 4565524 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 4571729 (Monthly Rollup) 4571719 (Security Only) |
Important | Remote Code Execution | 4565524 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 4571703 (Monthly Rollup) 4571723 (Security Only) |
Important | Remote Code Execution | 4565541 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 4571703 (Monthly Rollup) 4571723 (Security Only) |
Important | Remote Code Execution | 4565541 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 4571703 (Monthly Rollup) | Important | Remote Code Execution | 4565541 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 4571730 (Monthly Rollup) 4571746 (Security Only) |
Important | Remote Code Execution | 4565536 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 4571730 (Monthly Rollup) 4571746 (Security Only) |
Important | Remote Code Execution | 4565536 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 4571730 (Monthly Rollup) 4571746 (Security Only) |
Important | Remote Code Execution | 4565536 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 4571730 (Monthly Rollup) 4571746 (Security Only) |
Important | Remote Code Execution | 4565536 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 4571729 (Monthly Rollup) 4571719 (Security Only) |
Important | Remote Code Execution | 4565524 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 4571729 (Monthly Rollup) 4571719 (Security Only) |
Important | Remote Code Execution | 4565524 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 | 4571736 (Monthly Rollup) 4571702 (Security Only) |
Important | Remote Code Execution | 4565537 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 4571736 (Monthly Rollup) 4571702 (Security Only) |
Important | Remote Code Execution | 4565537 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 4571703 (Monthly Rollup) 4571723 (Security Only) |
Important | Remote Code Execution | 4565541 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 4571703 (Monthly Rollup) 4571723 (Security Only) |
Important | Remote Code Execution | 4565541 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 | 4571694 (Security Update) | Important | Remote Code Execution | 4565511 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 4571694 (Security Update) | Important | Remote Code Execution | 4565511 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 | 4565349 (Security Update) | Important | Remote Code Execution | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 4565349 (Security Update) | Important | Remote Code Execution | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1903 (Server Core installation) | 4565351 (Security Update) | Important | Remote Code Execution | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1909 (Server Core installation) | 4565351 (Security Update) | Important | Remote Code Execution | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 4566782 (Security Update) | Important | Remote Code Execution | 4565503 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2020-1520 | Keqi Hu Anonymous working with Trend Micro's Zero Day Initiative |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2020-1521 MITRE NVD |
CVE Title: Windows Speech Runtime Elevation of Privilege Vulnerability
Description: An elevation of privilege vulnerability exists when the Windows Speech Runtime improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges. The security update addresses the vulnerability by correcting how the Windows Speech Runtime handles memory. FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2020-08-11T07:00:00Z Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2020-1521 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Windows 10 Version 1607 for 32-bit Systems | 4571694 (Security Update) | Important | Elevation of Privilege | 4565511 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 4571694 (Security Update) | Important | Elevation of Privilege | 4565511 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for 32-bit Systems | 4571741 (Security Update) | Important | Elevation of Privilege | 4565508 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for ARM64-based Systems | 4571741 (Security Update) | Important | Elevation of Privilege | 4565508 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for x64-based Systems | 4571741 (Security Update) | Important | Elevation of Privilege | 4565508 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for 32-bit Systems | 4571709 (Security Update) | Important | Elevation of Privilege | 4565489 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 4571709 (Security Update) | Important | Elevation of Privilege | 4565489 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 4571709 (Security Update) | Important | Elevation of Privilege | 4565489 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for 32-bit Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for ARM64-based Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for x64-based Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 4566782 (Security Update) | Important | Elevation of Privilege | 4565503 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 4566782 (Security Update) | Important | Elevation of Privilege | 4565503 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 4566782 (Security Update) | Important | Elevation of Privilege | 4565503 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 | 4571694 (Security Update) | Important | Elevation of Privilege | 4565511 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 4571694 (Security Update) | Important | Elevation of Privilege | 4565511 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1903 (Server Core installation) | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1909 (Server Core installation) | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 4566782 (Security Update) | Important | Elevation of Privilege | 4565503 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2020-1521 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2020-1522 MITRE NVD |
CVE Title: Windows Speech Runtime Elevation of Privilege Vulnerability
Description: An elevation of privilege vulnerability exists when the Windows Speech Runtime improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges. The security update addresses the vulnerability by correcting how the Windows Speech Runtime handles memory. FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2020-08-11T07:00:00Z Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2020-1522 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Windows 10 Version 1607 for 32-bit Systems | 4571694 (Security Update) | Important | Elevation of Privilege | 4565511 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 4571694 (Security Update) | Important | Elevation of Privilege | 4565511 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for 32-bit Systems | 4571741 (Security Update) | Important | Elevation of Privilege | 4565508 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for ARM64-based Systems | 4571741 (Security Update) | Important | Elevation of Privilege | 4565508 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for x64-based Systems | 4571741 (Security Update) | Important | Elevation of Privilege | 4565508 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for 32-bit Systems | 4571709 (Security Update) | Important | Elevation of Privilege | 4565489 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 4571709 (Security Update) | Important | Elevation of Privilege | 4565489 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 4571709 (Security Update) | Important | Elevation of Privilege | 4565489 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for 32-bit Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for ARM64-based Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for x64-based Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 4566782 (Security Update) | Important | Elevation of Privilege | 4565503 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 4566782 (Security Update) | Important | Elevation of Privilege | 4565503 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 4566782 (Security Update) | Important | Elevation of Privilege | 4565503 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 | 4571694 (Security Update) | Important | Elevation of Privilege | 4565511 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 4571694 (Security Update) | Important | Elevation of Privilege | 4565511 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1903 (Server Core installation) | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1909 (Server Core installation) | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 4566782 (Security Update) | Important | Elevation of Privilege | 4565503 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2020-1522 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2020-1524 MITRE NVD |
CVE Title: Windows Speech Shell Components Elevation of Privilege Vulnerability
Description: An elevation of privilege vulnerability exists when the Windows Speech Shell Components improperly handle memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges. The security update addresses the vulnerability by correcting how the Windows Speech Shell Components handle memory. FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2020-08-11T07:00:00Z Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2020-1524 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Windows 10 Version 1803 for 32-bit Systems | 4571709 (Security Update) | Important | Elevation of Privilege | 4565489 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 4571709 (Security Update) | Important | Elevation of Privilege | 4565489 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 4571709 (Security Update) | Important | Elevation of Privilege | 4565489 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for 32-bit Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for ARM64-based Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for x64-based Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 4566782 (Security Update) | Important | Elevation of Privilege | 4565503 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 4566782 (Security Update) | Important | Elevation of Privilege | 4565503 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 4566782 (Security Update) | Important | Elevation of Privilege | 4565503 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1903 (Server Core installation) | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1909 (Server Core installation) | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 4566782 (Security Update) | Important | Elevation of Privilege | 4565503 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2020-1524 | anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2020-1525 MITRE NVD |
CVE Title: Media Foundation Memory Corruption Vulnerability
Description: A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory. An attacker who successfully exploited the vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit a malicious webpage. The security update addresses the vulnerability by correcting how Windows Media Foundation handles objects in memory. FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2020-08-11T07:00:00Z Information published. |
Critical | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2020-1525 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 4571692 (Security Update) | Critical | Remote Code Execution | 4565513 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 4571692 (Security Update) | Critical | Remote Code Execution | 4565513 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 4571694 (Security Update) | Critical | Remote Code Execution | 4565511 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 4571694 (Security Update) | Critical | Remote Code Execution | 4565511 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for 32-bit Systems | 4571741 (Security Update) | Critical | Remote Code Execution | 4565508 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for ARM64-based Systems | 4571741 (Security Update) | Critical | Remote Code Execution | 4565508 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for x64-based Systems | 4571741 (Security Update) | Critical | Remote Code Execution | 4565508 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for 32-bit Systems | 4571709 (Security Update) | Critical | Remote Code Execution | 4565489 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 4571709 (Security Update) | Critical | Remote Code Execution | 4565489 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 4571709 (Security Update) | Critical | Remote Code Execution | 4565489 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 4565349 (Security Update) | Critical | Remote Code Execution | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 4565349 (Security Update) | Critical | Remote Code Execution | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 4565349 (Security Update) | Critical | Remote Code Execution | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for 32-bit Systems | 4565351 (Security Update) | Critical | Remote Code Execution | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for ARM64-based Systems | 4565351 (Security Update) | Critical | Remote Code Execution | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for x64-based Systems | 4565351 (Security Update) | Critical | Remote Code Execution | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 4565351 (Security Update) | Critical | Remote Code Execution | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 4565351 (Security Update) | Critical | Remote Code Execution | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 4565351 (Security Update) | Critical | Remote Code Execution | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 4566782 (Security Update) | Critical | Remote Code Execution | 4565503 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 4566782 (Security Update) | Critical | Remote Code Execution | 4565503 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 4566782 (Security Update) | Critical | Remote Code Execution | 4565503 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 | 4571694 (Security Update) | Critical | Remote Code Execution | 4565511 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 4571694 (Security Update) | Critical | Remote Code Execution | 4565511 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 | 4565349 (Security Update) | Critical | Remote Code Execution | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 4565349 (Security Update) | Critical | Remote Code Execution | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1903 (Server Core installation) | 4565351 (Security Update) | Critical | Remote Code Execution | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1909 (Server Core installation) | 4565351 (Security Update) | Critical | Remote Code Execution | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 4566782 (Security Update) | Critical | Remote Code Execution | 4565503 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2020-1525 | Ke Liu of Tencent Security Xuanwu Lab |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2020-1526 MITRE NVD |
CVE Title: Windows Network Connection Broker Elevation of Privilege Vulnerability
Description: An elevation of privilege vulnerability exists when the Windows Network Connection Broker improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges. The security update addresses the vulnerability by correcting how the Windows Network Connection Broker handles memory. FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2020-08-11T07:00:00Z Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2020-1526 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 4571692 (Security Update) | Important | Elevation of Privilege | 4565513 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 4571692 (Security Update) | Important | Elevation of Privilege | 4565513 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 4571694 (Security Update) | Important | Elevation of Privilege | 4565511 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 4571694 (Security Update) | Important | Elevation of Privilege | 4565511 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for 32-bit Systems | 4571741 (Security Update) | Important | Elevation of Privilege | 4565508 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for ARM64-based Systems | 4571741 (Security Update) | Important | Elevation of Privilege | 4565508 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for x64-based Systems | 4571741 (Security Update) | Important | Elevation of Privilege | 4565508 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for 32-bit Systems | 4571709 (Security Update) | Important | Elevation of Privilege | 4565489 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 4571709 (Security Update) | Important | Elevation of Privilege | 4565489 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 4571709 (Security Update) | Important | Elevation of Privilege | 4565489 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for 32-bit Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for ARM64-based Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for x64-based Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 4566782 (Security Update) | Important | Elevation of Privilege | 4565503 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 4566782 (Security Update) | Important | Elevation of Privilege | 4565503 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 4566782 (Security Update) | Important | Elevation of Privilege | 4565503 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 | 4571694 (Security Update) | Important | Elevation of Privilege | 4565511 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 4571694 (Security Update) | Important | Elevation of Privilege | 4565511 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1903 (Server Core installation) | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1909 (Server Core installation) | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 4566782 (Security Update) | Important | Elevation of Privilege | 4565503 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2020-1526 | pgboy |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2020-1527 MITRE NVD |
CVE Title: Windows Custom Protocol Engine Elevation of Privilege Vulnerability
Description: An elevation of privilege vulnerability exists when the Windows Custom Protocol Engine improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges. The security update addresses the vulnerability by correcting how the Windows Custom Protocol Engine handles memory. FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2020-08-11T07:00:00Z Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2020-1527 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 4571692 (Security Update) | Important | Elevation of Privilege | 4565513 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 4571692 (Security Update) | Important | Elevation of Privilege | 4565513 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 4571694 (Security Update) | Important | Elevation of Privilege | 4565511 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 4571694 (Security Update) | Important | Elevation of Privilege | 4565511 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for 32-bit Systems | 4571741 (Security Update) | Important | Elevation of Privilege | 4565508 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for ARM64-based Systems | 4571741 (Security Update) | Important | Elevation of Privilege | 4565508 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for x64-based Systems | 4571741 (Security Update) | Important | Elevation of Privilege | 4565508 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for 32-bit Systems | 4571709 (Security Update) | Important | Elevation of Privilege | 4565489 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 4571709 (Security Update) | Important | Elevation of Privilege | 4565489 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 4571709 (Security Update) | Important | Elevation of Privilege | 4565489 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for 32-bit Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for ARM64-based Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for x64-based Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 4566782 (Security Update) | Important | Elevation of Privilege | 4565503 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 4566782 (Security Update) | Important | Elevation of Privilege | 4565503 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 4566782 (Security Update) | Important | Elevation of Privilege | 4565503 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 | 4571694 (Security Update) | Important | Elevation of Privilege | 4565511 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 4571694 (Security Update) | Important | Elevation of Privilege | 4565511 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1903 (Server Core installation) | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1909 (Server Core installation) | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 4566782 (Security Update) | Important | Elevation of Privilege | 4565503 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2020-1527 | pgboy |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2020-1528 MITRE NVD |
CVE Title: Windows Radio Manager API Elevation of Privilege Vulnerability
Description: An elevation of privilege vulnerability exists when the Windows Radio Manager API improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges. The security update addresses the vulnerability by correcting how the Windows Radio Manager API handles memory. FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2020-08-11T07:00:00Z Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2020-1528 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Windows 10 Version 1709 for 32-bit Systems | 4571741 (Security Update) | Important | Elevation of Privilege | 4565508 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for ARM64-based Systems | 4571741 (Security Update) | Important | Elevation of Privilege | 4565508 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for x64-based Systems | 4571741 (Security Update) | Important | Elevation of Privilege | 4565508 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for 32-bit Systems | 4571709 (Security Update) | Important | Elevation of Privilege | 4565489 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 4571709 (Security Update) | Important | Elevation of Privilege | 4565489 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 4571709 (Security Update) | Important | Elevation of Privilege | 4565489 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for 32-bit Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for ARM64-based Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for x64-based Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 4566782 (Security Update) | Important | Elevation of Privilege | 4565503 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 4566782 (Security Update) | Important | Elevation of Privilege | 4565503 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 4566782 (Security Update) | Important | Elevation of Privilege | 4565503 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1903 (Server Core installation) | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1909 (Server Core installation) | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 4566782 (Security Update) | Important | Elevation of Privilege | 4565503 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2020-1528 | Zhiniang Peng (@edwardzpeng) & Xuefeng Li |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2020-1529 MITRE NVD |
CVE Title: Windows GDI Elevation of Privilege Vulnerability
Description: An elevation of privilege vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system. The update addresses the vulnerability by correcting how GDI handles objects in memory and by preventing instances of unintended user-mode privilege elevation. FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2020-08-11T07:00:00Z Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation More Likely | Exploitation More Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2020-1529 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 4571692 (Security Update) | Important | Elevation of Privilege | 4565513 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 4571692 (Security Update) | Important | Elevation of Privilege | 4565513 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 4571694 (Security Update) | Important | Elevation of Privilege | 4565511 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 4571694 (Security Update) | Important | Elevation of Privilege | 4565511 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for 32-bit Systems | 4571741 (Security Update) | Important | Elevation of Privilege | 4565508 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for ARM64-based Systems | 4571741 (Security Update) | Important | Elevation of Privilege | 4565508 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for x64-based Systems | 4571741 (Security Update) | Important | Elevation of Privilege | 4565508 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for 32-bit Systems | 4571709 (Security Update) | Important | Elevation of Privilege | 4565489 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 4571709 (Security Update) | Important | Elevation of Privilege | 4565489 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 4571709 (Security Update) | Important | Elevation of Privilege | 4565489 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for 32-bit Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for ARM64-based Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for x64-based Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 4566782 (Security Update) | Important | Elevation of Privilege | 4565503 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 4566782 (Security Update) | Important | Elevation of Privilege | 4565503 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 4566782 (Security Update) | Important | Elevation of Privilege | 4565503 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 7 for 32-bit Systems Service Pack 1 | 4571729 (Monthly Rollup) 4571719 (Security Only) |
Important | Elevation of Privilege | 4565524 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 4571729 (Monthly Rollup) 4571719 (Security Only) |
Important | Elevation of Privilege | 4565524 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 4571703 (Monthly Rollup) 4571723 (Security Only) |
Important | Elevation of Privilege | 4565541 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 4571703 (Monthly Rollup) 4571723 (Security Only) |
Important | Elevation of Privilege | 4565541 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 4571703 (Monthly Rollup) | Important | Elevation of Privilege | 4565541 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 4571730 (Monthly Rollup) 4571746 (Security Only) |
Important | Elevation of Privilege | 4565536 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 4571730 (Monthly Rollup) 4571746 (Security Only) |
Important | Elevation of Privilege | 4565536 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 4571730 (Monthly Rollup) 4571746 (Security Only) |
Important | Elevation of Privilege | 4565536 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 4571730 (Monthly Rollup) 4571746 (Security Only) |
Important | Elevation of Privilege | 4565536 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 4571729 (Monthly Rollup) 4571719 (Security Only) |
Important | Elevation of Privilege | 4565524 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 4571729 (Monthly Rollup) 4571719 (Security Only) |
Important | Elevation of Privilege | 4565524 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 | 4571736 (Monthly Rollup) 4571702 (Security Only) |
Important | Elevation of Privilege | 4565537 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 4571736 (Monthly Rollup) 4571702 (Security Only) |
Important | Elevation of Privilege | 4565537 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 4571703 (Monthly Rollup) 4571723 (Security Only) |
Important | Elevation of Privilege | 4565541 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 4571703 (Monthly Rollup) 4571723 (Security Only) |
Important | Elevation of Privilege | 4565541 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 | 4571694 (Security Update) | Important | Elevation of Privilege | 4565511 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 4571694 (Security Update) | Important | Elevation of Privilege | 4565511 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1903 (Server Core installation) | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1909 (Server Core installation) | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 4566782 (Security Update) | Important | Elevation of Privilege | 4565503 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2020-1529 | Hillstone Network Neuron Security Team (https://www.hillstonenet.com.cn/) - Zhang WangJunJie and He YiSheng (https://www.weibo.com/234391451) |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2020-1530 MITRE NVD |
CVE Title: Windows Remote Access Elevation of Privilege Vulnerability
Description: An elevation of privilege vulnerability exists when Windows Remote Access improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges. The security update addresses the vulnerability by correcting how Windows Remote Access handles memory. FAQ: I am running Windows 8.1 or Windows Server 2012 R2. Are the updates for these operating systems currently available? The security update for supported editions of Windows 8.1 and Windows Server 2012 R2 are not immediately available. The updates will be released as soon as possible, and when they are available, customers will be notified via a revision to this CVE information. Mitigations: None Workarounds: None Revision: 1.0 2020-08-11T07:00:00Z Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2020-1530 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 4571692 (Security Update) | Important | Elevation of Privilege | 4565513 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 4571692 (Security Update) | Important | Elevation of Privilege | 4565513 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 4571694 (Security Update) | Important | Elevation of Privilege | 4565511 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 4571694 (Security Update) | Important | Elevation of Privilege | 4565511 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for 32-bit Systems | 4571741 (Security Update) | Important | Elevation of Privilege | 4565508 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for ARM64-based Systems | 4571741 (Security Update) | Important | Elevation of Privilege | 4565508 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for x64-based Systems | 4571741 (Security Update) | Important | Elevation of Privilege | 4565508 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for 32-bit Systems | 4571709 (Security Update) | Important | Elevation of Privilege | 4565489 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 4571709 (Security Update) | Important | Elevation of Privilege | 4565489 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 4571709 (Security Update) | Important | Elevation of Privilege | 4565489 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for 32-bit Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for ARM64-based Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for x64-based Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 4566782 (Security Update) | Important | Elevation of Privilege | 4565503 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 4566782 (Security Update) | Important | Elevation of Privilege | 4565503 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 4566782 (Security Update) | Important | Elevation of Privilege | 4565503 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 7 for 32-bit Systems Service Pack 1 | 4571729 (Monthly Rollup) 4571719 (Security Only) |
Important | Elevation of Privilege | 4565524 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 4571729 (Monthly Rollup) 4571719 (Security Only) |
Important | Elevation of Privilege | 4565524 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Unknown | |
| Windows 8.1 for x64-based systems | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Unknown | |
| Windows RT 8.1 | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Unknown | |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 4571729 (Monthly Rollup) 4571719 (Security Only) |
Important | Elevation of Privilege | 4565524 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 4571729 (Monthly Rollup) 4571719 (Security Only) |
Important | Elevation of Privilege | 4565524 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 | 4571736 (Monthly Rollup) 4571702 (Security Only) |
Important | Elevation of Privilege | 4565537 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 4571736 (Monthly Rollup) 4571702 (Security Only) |
Important | Elevation of Privilege | 4565537 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Unknown | |
| Windows Server 2012 R2 (Server Core installation) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Unknown | |
| Windows Server 2016 | 4571694 (Security Update) | Important | Elevation of Privilege | 4565511 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 4571694 (Security Update) | Important | Elevation of Privilege | 4565511 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1903 (Server Core installation) | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1909 (Server Core installation) | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 4566782 (Security Update) | Important | Elevation of Privilege | 4565503 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2020-1530 | Symeon Paraschoudis of Pen Test Partners LLP |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2020-1531 MITRE NVD |
CVE Title: Windows Accounts Control Elevation of Privilege Vulnerability
Description: An elevation of privilege vulnerability exists when the Windows Accounts Control improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges. The security update addresses the vulnerability by correcting how the Windows Accounts Control handles memory. FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2020-08-11T07:00:00Z Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2020-1531 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 4571692 (Security Update) | Important | Elevation of Privilege | 4565513 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 4571692 (Security Update) | Important | Elevation of Privilege | 4565513 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 4571694 (Security Update) | Important | Elevation of Privilege | 4565511 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 4571694 (Security Update) | Important | Elevation of Privilege | 4565511 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for 32-bit Systems | 4571741 (Security Update) | Important | Elevation of Privilege | 4565508 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for ARM64-based Systems | 4571741 (Security Update) | Important | Elevation of Privilege | 4565508 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for x64-based Systems | 4571741 (Security Update) | Important | Elevation of Privilege | 4565508 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for 32-bit Systems | 4571709 (Security Update) | Important | Elevation of Privilege | 4565489 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 4571709 (Security Update) | Important | Elevation of Privilege | 4565489 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 4571709 (Security Update) | Important | Elevation of Privilege | 4565489 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for 32-bit Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for ARM64-based Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for x64-based Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 4566782 (Security Update) | Important | Elevation of Privilege | 4565503 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 4566782 (Security Update) | Important | Elevation of Privilege | 4565503 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 4566782 (Security Update) | Important | Elevation of Privilege | 4565503 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 | 4571694 (Security Update) | Important | Elevation of Privilege | 4565511 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 4571694 (Security Update) | Important | Elevation of Privilege | 4565511 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1903 (Server Core installation) | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1909 (Server Core installation) | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 4566782 (Security Update) | Important | Elevation of Privilege | 4565503 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2020-1531 | anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2020-1533 MITRE NVD |
CVE Title: Windows WalletService Elevation of Privilege Vulnerability
Description: An elevation of privilege vulnerability exists in the way that the Windows WalletService handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. To exploit the vulnerability, a locally authenticated attacker could run a specially crafted application. The security update addresses the vulnerability by ensuring the Windows WalletService properly handles objects in memory. FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2020-08-11T07:00:00Z Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2020-1533 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 4571692 (Security Update) | Important | Elevation of Privilege | 4565513 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 4571692 (Security Update) | Important | Elevation of Privilege | 4565513 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 4571694 (Security Update) | Important | Elevation of Privilege | 4565511 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 4571694 (Security Update) | Important | Elevation of Privilege | 4565511 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for 32-bit Systems | 4571741 (Security Update) | Important | Elevation of Privilege | 4565508 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for ARM64-based Systems | 4571741 (Security Update) | Important | Elevation of Privilege | 4565508 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for x64-based Systems | 4571741 (Security Update) | Important | Elevation of Privilege | 4565508 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for 32-bit Systems | 4571709 (Security Update) | Important | Elevation of Privilege | 4565489 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 4571709 (Security Update) | Important | Elevation of Privilege | 4565489 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 4571709 (Security Update) | Important | Elevation of Privilege | 4565489 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for 32-bit Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for ARM64-based Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for x64-based Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 4566782 (Security Update) | Important | Elevation of Privilege | 4565503 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 4566782 (Security Update) | Important | Elevation of Privilege | 4565503 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 4566782 (Security Update) | Important | Elevation of Privilege | 4565503 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 | 4571694 (Security Update) | Important | Elevation of Privilege | 4565511 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 4571694 (Security Update) | Important | Elevation of Privilege | 4565511 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1903 (Server Core installation) | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1909 (Server Core installation) | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 4566782 (Security Update) | Important | Elevation of Privilege | 4565503 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2020-1533 | anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2020-1534 MITRE NVD |
CVE Title: Windows Backup Service Elevation of Privilege Vulnerability
Description: An elevation of privilege vulnerability exists when the Windows Backup Service improperly handles file operations. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges. The security update addresses the vulnerability by correcting how the Windows Backup Service handles file operations. FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2020-08-11T07:00:00Z Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2020-1534 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 4571692 (Security Update) | Important | Elevation of Privilege | 4565513 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 4571692 (Security Update) | Important | Elevation of Privilege | 4565513 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 4571694 (Security Update) | Important | Elevation of Privilege | 4565511 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 4571694 (Security Update) | Important | Elevation of Privilege | 4565511 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for 32-bit Systems | 4571741 (Security Update) | Important | Elevation of Privilege | 4565508 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for ARM64-based Systems | 4571741 (Security Update) | Important | Elevation of Privilege | 4565508 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for x64-based Systems | 4571741 (Security Update) | Important | Elevation of Privilege | 4565508 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for 32-bit Systems | 4571709 (Security Update) | Important | Elevation of Privilege | 4565489 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 4571709 (Security Update) | Important | Elevation of Privilege | 4565489 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 4571709 (Security Update) | Important | Elevation of Privilege | 4565489 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for 32-bit Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for ARM64-based Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for x64-based Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 4566782 (Security Update) | Important | Elevation of Privilege | 4565503 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 4566782 (Security Update) | Important | Elevation of Privilege | 4565503 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 4566782 (Security Update) | Important | Elevation of Privilege | 4565503 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 7 for 32-bit Systems Service Pack 1 | 4571729 (Monthly Rollup) 4571719 (Security Only) |
Important | Elevation of Privilege | 4565524 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 4571729 (Monthly Rollup) 4571719 (Security Only) |
Important | Elevation of Privilege | 4565524 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 4571729 (Monthly Rollup) 4571719 (Security Only) |
Important | Elevation of Privilege | 4565524 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 4571729 (Monthly Rollup) 4571719 (Security Only) |
Important | Elevation of Privilege | 4565524 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 | 4571694 (Security Update) | Important | Elevation of Privilege | 4565511 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 4571694 (Security Update) | Important | Elevation of Privilege | 4565511 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1903 (Server Core installation) | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1909 (Server Core installation) | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 4566782 (Security Update) | Important | Elevation of Privilege | 4565503 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2020-1534 | Yuki Chen |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2020-1535 MITRE NVD |
CVE Title: Windows Backup Engine Elevation of Privilege Vulnerability
Description: An elevation of privilege vulnerability exists when the Windows Backup Engine improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges. The security update addresses the vulnerability by correcting how the Windows Backup Engine handles memory. FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2020-08-11T07:00:00Z Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2020-1535 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 4571692 (Security Update) | Important | Elevation of Privilege | 4565513 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 4571692 (Security Update) | Important | Elevation of Privilege | 4565513 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 4571694 (Security Update) | Important | Elevation of Privilege | 4565511 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 4571694 (Security Update) | Important | Elevation of Privilege | 4565511 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for 32-bit Systems | 4571741 (Security Update) | Important | Elevation of Privilege | 4565508 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for ARM64-based Systems | 4571741 (Security Update) | Important | Elevation of Privilege | 4565508 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for x64-based Systems | 4571741 (Security Update) | Important | Elevation of Privilege | 4565508 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for 32-bit Systems | 4571709 (Security Update) | Important | Elevation of Privilege | 4565489 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 4571709 (Security Update) | Important | Elevation of Privilege | 4565489 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 4571709 (Security Update) | Important | Elevation of Privilege | 4565489 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for 32-bit Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for ARM64-based Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for x64-based Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 4566782 (Security Update) | Important | Elevation of Privilege | 4565503 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 4566782 (Security Update) | Important | Elevation of Privilege | 4565503 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 4566782 (Security Update) | Important | Elevation of Privilege | 4565503 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 7 for 32-bit Systems Service Pack 1 | 4571729 (Monthly Rollup) 4571719 (Security Only) |
Important | Elevation of Privilege | 4565524 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 4571729 (Monthly Rollup) 4571719 (Security Only) |
Important | Elevation of Privilege | 4565524 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 4571703 (Monthly Rollup) 4571723 (Security Only) |
Important | Elevation of Privilege | 4565541 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 4571703 (Monthly Rollup) 4571723 (Security Only) |
Important | Elevation of Privilege | 4565541 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 4571703 (Monthly Rollup) | Important | Elevation of Privilege | 4565541 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2020-1535 | Yuki Chen |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2020-1536 MITRE NVD |
CVE Title: Windows Backup Engine Elevation of Privilege Vulnerability
Description: An elevation of privilege vulnerability exists when the Windows Backup Engine improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges. The security update addresses the vulnerability by correcting how the Windows Backup Engine handles memory. FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2020-08-11T07:00:00Z Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2020-1536 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 4571692 (Security Update) | Important | Elevation of Privilege | 4565513 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 4571692 (Security Update) | Important | Elevation of Privilege | 4565513 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 4571694 (Security Update) | Important | Elevation of Privilege | 4565511 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 4571694 (Security Update) | Important | Elevation of Privilege | 4565511 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for 32-bit Systems | 4571741 (Security Update) | Important | Elevation of Privilege | 4565508 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for ARM64-based Systems | 4571741 (Security Update) | Important | Elevation of Privilege | 4565508 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for x64-based Systems | 4571741 (Security Update) | Important | Elevation of Privilege | 4565508 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for 32-bit Systems | 4571709 (Security Update) | Important | Elevation of Privilege | 4565489 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 4571709 (Security Update) | Important | Elevation of Privilege | 4565489 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 4571709 (Security Update) | Important | Elevation of Privilege | 4565489 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for 32-bit Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for ARM64-based Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for x64-based Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 4566782 (Security Update) | Important | Elevation of Privilege | 4565503 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 4566782 (Security Update) | Important | Elevation of Privilege | 4565503 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 4566782 (Security Update) | Important | Elevation of Privilege | 4565503 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 7 for 32-bit Systems Service Pack 1 | 4571729 (Monthly Rollup) 4571719 (Security Only) |
Important | Elevation of Privilege | 4565524 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 4571729 (Monthly Rollup) 4571719 (Security Only) |
Important | Elevation of Privilege | 4565524 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 4571703 (Monthly Rollup) 4571723 (Security Only) |
Important | Elevation of Privilege | 4565541 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 4571703 (Monthly Rollup) 4571723 (Security Only) |
Important | Elevation of Privilege | 4565541 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 4571703 (Monthly Rollup) | Important | Elevation of Privilege | 4565541 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2020-1536 | Yuki Chen |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2020-1537 MITRE NVD |
CVE Title: Windows Remote Access Elevation of Privilege Vulnerability
Description: An elevation of privilege vulnerability exists when the Windows Remote Access improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges. To exploit the vulnerability, an attacker would first need code execution on a victim system. An attacker could then run a specially crafted application. The security update addresses the vulnerability by ensuring the Windows Remote Access properly handles file operations. FAQ: I am running Windows 8.1 or Windows Server 2012 R2. Are the updates for these operating systems currently available? The security update for supported editions of Windows 8.1 and Windows Server 2012 R2 are not immediately available. The updates will be released as soon as possible, and when they are available, customers will be notified via a revision to this CVE information. Mitigations: None Workarounds: None Revision: 1.0 2020-08-11T07:00:00Z Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2020-1537 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 4571692 (Security Update) | Important | Elevation of Privilege | 4565513 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 4571692 (Security Update) | Important | Elevation of Privilege | 4565513 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 4571694 (Security Update) | Important | Elevation of Privilege | 4565511 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 4571694 (Security Update) | Important | Elevation of Privilege | 4565511 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for 32-bit Systems | 4571741 (Security Update) | Important | Elevation of Privilege | 4565508 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for ARM64-based Systems | 4571741 (Security Update) | Important | Elevation of Privilege | 4565508 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for x64-based Systems | 4571741 (Security Update) | Important | Elevation of Privilege | 4565508 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for 32-bit Systems | 4571709 (Security Update) | Important | Elevation of Privilege | 4565489 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 4571709 (Security Update) | Important | Elevation of Privilege | 4565489 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 4571709 (Security Update) | Important | Elevation of Privilege | 4565489 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for 32-bit Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for ARM64-based Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for x64-based Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 4566782 (Security Update) | Important | Elevation of Privilege | 4565503 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 4566782 (Security Update) | Important | Elevation of Privilege | 4565503 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 4566782 (Security Update) | Important | Elevation of Privilege | 4565503 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 7 for 32-bit Systems Service Pack 1 | 4571729 (Monthly Rollup) 4571719 (Security Only) |
Important | Elevation of Privilege | 4565524 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 4571729 (Monthly Rollup) 4571719 (Security Only) |
Important | Elevation of Privilege | 4565524 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Unknown | |
| Windows 8.1 for x64-based systems | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Unknown | |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 4571730 (Monthly Rollup) 4571746 (Security Only) |
Important | Elevation of Privilege | 4565536 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 4571730 (Monthly Rollup) 4571746 (Security Only) |
Important | Elevation of Privilege | 4565536 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 4571730 (Monthly Rollup) 4571746 (Security Only) |
Important | Elevation of Privilege | 4565536 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 4571730 (Monthly Rollup) 4571746 (Security Only) |
Important | Elevation of Privilege | 4565536 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 4571729 (Monthly Rollup) 4571719 (Security Only) |
Important | Elevation of Privilege | 4565524 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 4571729 (Monthly Rollup) 4571719 (Security Only) |
Important | Elevation of Privilege | 4565524 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 | 4571736 (Monthly Rollup) 4571702 (Security Only) |
Important | Elevation of Privilege | 4565537 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 4571736 (Monthly Rollup) 4571702 (Security Only) |
Important | Elevation of Privilege | 4565537 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Unknown | |
| Windows Server 2012 R2 (Server Core installation) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Unknown | |
| Windows Server 2016 | 4571694 (Security Update) | Important | Elevation of Privilege | 4565511 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 4571694 (Security Update) | Important | Elevation of Privilege | 4565511 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1903 (Server Core installation) | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1909 (Server Core installation) | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 4566782 (Security Update) | Important | Elevation of Privilege | 4565503 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2020-1537 | anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2020-1538 MITRE NVD |
CVE Title: Windows UPnP Device Host Elevation of Privilege Vulnerability
Description: An elevation of privilege vulnerability exists when the Windows UPnP Device Host improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges. The security update addresses the vulnerability by correcting how the Windows UPnP Device Host handles memory. FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2020-08-11T07:00:00Z Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2020-1538 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 4571692 (Security Update) | Important | Elevation of Privilege | 4565513 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 4571692 (Security Update) | Important | Elevation of Privilege | 4565513 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 4571694 (Security Update) | Important | Elevation of Privilege | 4565511 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 4571694 (Security Update) | Important | Elevation of Privilege | 4565511 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for 32-bit Systems | 4571741 (Security Update) | Important | Elevation of Privilege | 4565508 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for ARM64-based Systems | 4571741 (Security Update) | Important | Elevation of Privilege | 4565508 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for x64-based Systems | 4571741 (Security Update) | Important | Elevation of Privilege | 4565508 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for 32-bit Systems | 4571709 (Security Update) | Important | Elevation of Privilege | 4565489 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 4571709 (Security Update) | Important | Elevation of Privilege | 4565489 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 4571709 (Security Update) | Important | Elevation of Privilege | 4565489 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for 32-bit Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for ARM64-based Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for x64-based Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 4566782 (Security Update) | Important | Elevation of Privilege | 4565503 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 4566782 (Security Update) | Important | Elevation of Privilege | 4565503 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 4566782 (Security Update) | Important | Elevation of Privilege | 4565503 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 7 for 32-bit Systems Service Pack 1 | 4571729 (Monthly Rollup) 4571719 (Security Only) |
Important | Elevation of Privilege | 4565524 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 4571729 (Monthly Rollup) 4571719 (Security Only) |
Important | Elevation of Privilege | 4565524 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 4571703 (Monthly Rollup) 4571723 (Security Only) |
Important | Elevation of Privilege | 4565541 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 4571703 (Monthly Rollup) 4571723 (Security Only) |
Important | Elevation of Privilege | 4565541 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 4571703 (Monthly Rollup) | Important | Elevation of Privilege | 4565541 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 4571730 (Monthly Rollup) 4571746 (Security Only) |
Important | Elevation of Privilege | 4565536 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 4571730 (Monthly Rollup) 4571746 (Security Only) |
Important | Elevation of Privilege | 4565536 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 4571730 (Monthly Rollup) 4571746 (Security Only) |
Important | Elevation of Privilege | 4565536 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 4571730 (Monthly Rollup) 4571746 (Security Only) |
Important | Elevation of Privilege | 4565536 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 4571729 (Monthly Rollup) 4571719 (Security Only) |
Important | Elevation of Privilege | 4565524 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 4571729 (Monthly Rollup) 4571719 (Security Only) |
Important | Elevation of Privilege | 4565524 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 | 4571736 (Monthly Rollup) 4571702 (Security Only) |
Important | Elevation of Privilege | 4565537 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 4571736 (Monthly Rollup) 4571702 (Security Only) |
Important | Elevation of Privilege | 4565537 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 4571703 (Monthly Rollup) 4571723 (Security Only) |
Important | Elevation of Privilege | 4565541 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 4571703 (Monthly Rollup) 4571723 (Security Only) |
Important | Elevation of Privilege | 4565541 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 | 4571694 (Security Update) | Important | Elevation of Privilege | 4565511 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 4571694 (Security Update) | Important | Elevation of Privilege | 4565511 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1903 (Server Core installation) | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1909 (Server Core installation) | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 4566782 (Security Update) | Important | Elevation of Privilege | 4565503 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2020-1538 | Zhiniang Peng (@edwardzpeng) & Haoran Qin |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2020-1539 MITRE NVD |
CVE Title: Windows Backup Engine Elevation of Privilege Vulnerability
Description: An elevation of privilege vulnerability exists when the Windows Backup Engine improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges. The security update addresses the vulnerability by correcting how the Windows Backup Engine handles memory. FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2020-08-11T07:00:00Z Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2020-1539 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 4571692 (Security Update) | Important | Elevation of Privilege | 4565513 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 4571692 (Security Update) | Important | Elevation of Privilege | 4565513 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 4571694 (Security Update) | Important | Elevation of Privilege | 4565511 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 4571694 (Security Update) | Important | Elevation of Privilege | 4565511 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for 32-bit Systems | 4571741 (Security Update) | Important | Elevation of Privilege | 4565508 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for ARM64-based Systems | 4571741 (Security Update) | Important | Elevation of Privilege | 4565508 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for x64-based Systems | 4571741 (Security Update) | Important | Elevation of Privilege | 4565508 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for 32-bit Systems | 4571709 (Security Update) | Important | Elevation of Privilege | 4565489 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 4571709 (Security Update) | Important | Elevation of Privilege | 4565489 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 4571709 (Security Update) | Important | Elevation of Privilege | 4565489 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for 32-bit Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for ARM64-based Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for x64-based Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 4566782 (Security Update) | Important | Elevation of Privilege | 4565503 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 4566782 (Security Update) | Important | Elevation of Privilege | 4565503 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 4566782 (Security Update) | Important | Elevation of Privilege | 4565503 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 7 for 32-bit Systems Service Pack 1 | 4571729 (Monthly Rollup) 4571719 (Security Only) |
Important | Elevation of Privilege | 4565524 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 4571729 (Monthly Rollup) 4571719 (Security Only) |
Important | Elevation of Privilege | 4565524 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 4571703 (Monthly Rollup) 4571723 (Security Only) |
Important | Elevation of Privilege | 4565541 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 4571703 (Monthly Rollup) 4571723 (Security Only) |
Important | Elevation of Privilege | 4565541 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 4571703 (Monthly Rollup) | Important | Elevation of Privilege | 4565541 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2020-1539 | Yuki Chen |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2020-1540 MITRE NVD |
CVE Title: Windows Backup Engine Elevation of Privilege Vulnerability
Description: An elevation of privilege vulnerability exists when the Windows Backup Engine improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges. The security update addresses the vulnerability by correcting how the Windows Backup Engine handles memory. FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2020-08-11T07:00:00Z Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2020-1540 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 4571692 (Security Update) | Important | Elevation of Privilege | 4565513 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 4571692 (Security Update) | Important | Elevation of Privilege | 4565513 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 4571694 (Security Update) | Important | Elevation of Privilege | 4565511 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 4571694 (Security Update) | Important | Elevation of Privilege | 4565511 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for 32-bit Systems | 4571741 (Security Update) | Important | Elevation of Privilege | 4565508 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for ARM64-based Systems | 4571741 (Security Update) | Important | Elevation of Privilege | 4565508 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for x64-based Systems | 4571741 (Security Update) | Important | Elevation of Privilege | 4565508 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for 32-bit Systems | 4571709 (Security Update) | Important | Elevation of Privilege | 4565489 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 4571709 (Security Update) | Important | Elevation of Privilege | 4565489 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 4571709 (Security Update) | Important | Elevation of Privilege | 4565489 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for 32-bit Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for ARM64-based Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for x64-based Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 4566782 (Security Update) | Important | Elevation of Privilege | 4565503 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 4566782 (Security Update) | Important | Elevation of Privilege | 4565503 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 4566782 (Security Update) | Important | Elevation of Privilege | 4565503 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 7 for 32-bit Systems Service Pack 1 | 4571729 (Monthly Rollup) 4571719 (Security Only) |
Important | Elevation of Privilege | 4565524 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 4571729 (Monthly Rollup) 4571719 (Security Only) |
Important | Elevation of Privilege | 4565524 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 4571703 (Monthly Rollup) 4571723 (Security Only) |
Important | Elevation of Privilege | 4565541 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 4571703 (Monthly Rollup) 4571723 (Security Only) |
Important | Elevation of Privilege | 4565541 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 4571703 (Monthly Rollup) | Important | Elevation of Privilege | 4565541 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2020-1540 | Yuki Chen |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2020-1541 MITRE NVD |
CVE Title: Windows Backup Engine Elevation of Privilege Vulnerability
Description: An elevation of privilege vulnerability exists when the Windows Backup Engine improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges. The security update addresses the vulnerability by correcting how the Windows Backup Engine handles memory. FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2020-08-11T07:00:00Z Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2020-1541 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 4571692 (Security Update) | Important | Elevation of Privilege | 4565513 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 4571692 (Security Update) | Important | Elevation of Privilege | 4565513 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 4571694 (Security Update) | Important | Elevation of Privilege | 4565511 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 4571694 (Security Update) | Important | Elevation of Privilege | 4565511 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for 32-bit Systems | 4571741 (Security Update) | Important | Elevation of Privilege | 4565508 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for ARM64-based Systems | 4571741 (Security Update) | Important | Elevation of Privilege | 4565508 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for x64-based Systems | 4571741 (Security Update) | Important | Elevation of Privilege | 4565508 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for 32-bit Systems | 4571709 (Security Update) | Important | Elevation of Privilege | 4565489 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 4571709 (Security Update) | Important | Elevation of Privilege | 4565489 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 4571709 (Security Update) | Important | Elevation of Privilege | 4565489 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for 32-bit Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for ARM64-based Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for x64-based Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 4566782 (Security Update) | Important | Elevation of Privilege | 4565503 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 4566782 (Security Update) | Important | Elevation of Privilege | 4565503 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 4566782 (Security Update) | Important | Elevation of Privilege | 4565503 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 7 for 32-bit Systems Service Pack 1 | 4571729 (Monthly Rollup) 4571719 (Security Only) |
Important | Elevation of Privilege | 4565524 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 4571729 (Monthly Rollup) 4571719 (Security Only) |
Important | Elevation of Privilege | 4565524 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 4571703 (Monthly Rollup) 4571723 (Security Only) |
Important | Elevation of Privilege | 4565541 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 4571703 (Monthly Rollup) 4571723 (Security Only) |
Important | Elevation of Privilege | 4565541 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 4571703 (Monthly Rollup) | Important | Elevation of Privilege | 4565541 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2020-1541 | Yuki Chen |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2020-1542 MITRE NVD |
CVE Title: Windows Backup Engine Elevation of Privilege Vulnerability
Description: An elevation of privilege vulnerability exists when the Windows Backup Engine improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges. The security update addresses the vulnerability by correcting how the Windows Backup Engine handles memory. FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2020-08-11T07:00:00Z Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2020-1542 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 4571692 (Security Update) | Important | Elevation of Privilege | 4565513 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 4571692 (Security Update) | Important | Elevation of Privilege | 4565513 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 4571694 (Security Update) | Important | Elevation of Privilege | 4565511 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 4571694 (Security Update) | Important | Elevation of Privilege | 4565511 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for 32-bit Systems | 4571741 (Security Update) | Important | Elevation of Privilege | 4565508 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for ARM64-based Systems | 4571741 (Security Update) | Important | Elevation of Privilege | 4565508 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for x64-based Systems | 4571741 (Security Update) | Important | Elevation of Privilege | 4565508 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for 32-bit Systems | 4571709 (Security Update) | Important | Elevation of Privilege | 4565489 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 4571709 (Security Update) | Important | Elevation of Privilege | 4565489 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 4571709 (Security Update) | Important | Elevation of Privilege | 4565489 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for 32-bit Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for ARM64-based Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for x64-based Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 4566782 (Security Update) | Important | Elevation of Privilege | 4565503 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 4566782 (Security Update) | Important | Elevation of Privilege | 4565503 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 4566782 (Security Update) | Important | Elevation of Privilege | 4565503 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 7 for 32-bit Systems Service Pack 1 | 4571729 (Monthly Rollup) 4571719 (Security Only) |
Important | Elevation of Privilege | 4565524 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 4571729 (Monthly Rollup) 4571719 (Security Only) |
Important | Elevation of Privilege | 4565524 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 4571703 (Monthly Rollup) 4571723 (Security Only) |
Important | Elevation of Privilege | 4565541 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 4571703 (Monthly Rollup) 4571723 (Security Only) |
Important | Elevation of Privilege | 4565541 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 4571703 (Monthly Rollup) | Important | Elevation of Privilege | 4565541 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2020-1542 | Yuki Chen |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2020-1543 MITRE NVD |
CVE Title: Windows Backup Engine Elevation of Privilege Vulnerability
Description: An elevation of privilege vulnerability exists when the Windows Backup Engine improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges. The security update addresses the vulnerability by correcting how the Windows Backup Engine handles memory. FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2020-08-11T07:00:00Z Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2020-1543 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 4571692 (Security Update) | Important | Elevation of Privilege | 4565513 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 4571692 (Security Update) | Important | Elevation of Privilege | 4565513 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 4571694 (Security Update) | Important | Elevation of Privilege | 4565511 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 4571694 (Security Update) | Important | Elevation of Privilege | 4565511 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for 32-bit Systems | 4571741 (Security Update) | Important | Elevation of Privilege | 4565508 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for ARM64-based Systems | 4571741 (Security Update) | Important | Elevation of Privilege | 4565508 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for x64-based Systems | 4571741 (Security Update) | Important | Elevation of Privilege | 4565508 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for 32-bit Systems | 4571709 (Security Update) | Important | Elevation of Privilege | 4565489 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 4571709 (Security Update) | Important | Elevation of Privilege | 4565489 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 4571709 (Security Update) | Important | Elevation of Privilege | 4565489 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for 32-bit Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for ARM64-based Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for x64-based Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 4566782 (Security Update) | Important | Elevation of Privilege | 4565503 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 4566782 (Security Update) | Important | Elevation of Privilege | 4565503 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 4566782 (Security Update) | Important | Elevation of Privilege | 4565503 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 7 for 32-bit Systems Service Pack 1 | 4571729 (Monthly Rollup) 4571719 (Security Only) |
Important | Elevation of Privilege | 4565524 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 4571729 (Monthly Rollup) 4571719 (Security Only) |
Important | Elevation of Privilege | 4565524 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 4571703 (Monthly Rollup) 4571723 (Security Only) |
Important | Elevation of Privilege | 4565541 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 4571703 (Monthly Rollup) 4571723 (Security Only) |
Important | Elevation of Privilege | 4565541 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 4571703 (Monthly Rollup) | Important | Elevation of Privilege | 4565541 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2020-1543 | Yuki Chen |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2020-1544 MITRE NVD |
CVE Title: Windows Backup Engine Elevation of Privilege Vulnerability
Description: An elevation of privilege vulnerability exists when the Windows Backup Engine improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges. The security update addresses the vulnerability by correcting how the Windows Backup Engine handles memory. FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2020-08-11T07:00:00Z Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2020-1544 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 4571692 (Security Update) | Important | Elevation of Privilege | 4565513 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 4571692 (Security Update) | Important | Elevation of Privilege | 4565513 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 4571694 (Security Update) | Important | Elevation of Privilege | 4565511 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 4571694 (Security Update) | Important | Elevation of Privilege | 4565511 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for 32-bit Systems | 4571741 (Security Update) | Important | Elevation of Privilege | 4565508 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for ARM64-based Systems | 4571741 (Security Update) | Important | Elevation of Privilege | 4565508 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for x64-based Systems | 4571741 (Security Update) | Important | Elevation of Privilege | 4565508 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for 32-bit Systems | 4571709 (Security Update) | Important | Elevation of Privilege | 4565489 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 4571709 (Security Update) | Important | Elevation of Privilege | 4565489 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 4571709 (Security Update) | Important | Elevation of Privilege | 4565489 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for 32-bit Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for ARM64-based Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for x64-based Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 4566782 (Security Update) | Important | Elevation of Privilege | 4565503 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 4566782 (Security Update) | Important | Elevation of Privilege | 4565503 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 4566782 (Security Update) | Important | Elevation of Privilege | 4565503 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 7 for 32-bit Systems Service Pack 1 | 4571729 (Monthly Rollup) 4571719 (Security Only) |
Important | Elevation of Privilege | 4565524 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 4571729 (Monthly Rollup) 4571719 (Security Only) |
Important | Elevation of Privilege | 4565524 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 4571703 (Monthly Rollup) 4571723 (Security Only) |
Important | Elevation of Privilege | 4565541 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 4571703 (Monthly Rollup) 4571723 (Security Only) |
Important | Elevation of Privilege | 4565541 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 4571703 (Monthly Rollup) | Important | Elevation of Privilege | 4565541 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2020-1544 | Yuki Chen |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2020-1545 MITRE NVD |
CVE Title: Windows Backup Engine Elevation of Privilege Vulnerability
Description: An elevation of privilege vulnerability exists when the Windows Backup Engine improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges. The security update addresses the vulnerability by correcting how the Windows Backup Engine handles memory. FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2020-08-11T07:00:00Z Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2020-1545 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 4571692 (Security Update) | Important | Elevation of Privilege | 4565513 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 4571692 (Security Update) | Important | Elevation of Privilege | 4565513 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 4571694 (Security Update) | Important | Elevation of Privilege | 4565511 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 4571694 (Security Update) | Important | Elevation of Privilege | 4565511 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for 32-bit Systems | 4571741 (Security Update) | Important | Elevation of Privilege | 4565508 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for ARM64-based Systems | 4571741 (Security Update) | Important | Elevation of Privilege | 4565508 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for x64-based Systems | 4571741 (Security Update) | Important | Elevation of Privilege | 4565508 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for 32-bit Systems | 4571709 (Security Update) | Important | Elevation of Privilege | 4565489 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 4571709 (Security Update) | Important | Elevation of Privilege | 4565489 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 4571709 (Security Update) | Important | Elevation of Privilege | 4565489 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for 32-bit Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for ARM64-based Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for x64-based Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 4566782 (Security Update) | Important | Elevation of Privilege | 4565503 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 4566782 (Security Update) | Important | Elevation of Privilege | 4565503 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 4566782 (Security Update) | Important | Elevation of Privilege | 4565503 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 7 for 32-bit Systems Service Pack 1 | 4571729 (Monthly Rollup) 4571719 (Security Only) |
Important | Elevation of Privilege | 4565524 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 4571729 (Monthly Rollup) 4571719 (Security Only) |
Important | Elevation of Privilege | 4565524 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 4571703 (Monthly Rollup) 4571723 (Security Only) |
Important | Elevation of Privilege | 4565541 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 4571703 (Monthly Rollup) 4571723 (Security Only) |
Important | Elevation of Privilege | 4565541 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 4571703 (Monthly Rollup) | Important | Elevation of Privilege | 4565541 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2020-1545 | Yuki Chen |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2020-1546 MITRE NVD |
CVE Title: Windows Backup Engine Elevation of Privilege Vulnerability
Description: An elevation of privilege vulnerability exists when the Windows Backup Engine improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges. The security update addresses the vulnerability by correcting how the Windows Backup Engine handles memory. FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2020-08-11T07:00:00Z Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2020-1546 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 4571692 (Security Update) | Important | Elevation of Privilege | 4565513 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 4571692 (Security Update) | Important | Elevation of Privilege | 4565513 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 4571694 (Security Update) | Important | Elevation of Privilege | 4565511 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 4571694 (Security Update) | Important | Elevation of Privilege | 4565511 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for 32-bit Systems | 4571741 (Security Update) | Important | Elevation of Privilege | 4565508 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for ARM64-based Systems | 4571741 (Security Update) | Important | Elevation of Privilege | 4565508 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for x64-based Systems | 4571741 (Security Update) | Important | Elevation of Privilege | 4565508 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for 32-bit Systems | 4571709 (Security Update) | Important | Elevation of Privilege | 4565489 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 4571709 (Security Update) | Important | Elevation of Privilege | 4565489 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 4571709 (Security Update) | Important | Elevation of Privilege | 4565489 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for 32-bit Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for ARM64-based Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for x64-based Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 4566782 (Security Update) | Important | Elevation of Privilege | 4565503 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 4566782 (Security Update) | Important | Elevation of Privilege | 4565503 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 4566782 (Security Update) | Important | Elevation of Privilege | 4565503 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 7 for 32-bit Systems Service Pack 1 | 4571729 (Monthly Rollup) 4571719 (Security Only) |
Important | Elevation of Privilege | 4565524 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 4571729 (Monthly Rollup) 4571719 (Security Only) |
Important | Elevation of Privilege | 4565524 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 4571703 (Monthly Rollup) 4571723 (Security Only) |
Important | Elevation of Privilege | 4565541 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 4571703 (Monthly Rollup) 4571723 (Security Only) |
Important | Elevation of Privilege | 4565541 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 4571703 (Monthly Rollup) | Important | Elevation of Privilege | 4565541 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2020-1546 | Yuki Chen |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2020-1547 MITRE NVD |
CVE Title: Windows Backup Engine Elevation of Privilege Vulnerability
Description: An elevation of privilege vulnerability exists when the Windows Backup Engine improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges. The security update addresses the vulnerability by correcting how the Windows Backup Engine handles memory. FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2020-08-11T07:00:00Z Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2020-1547 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 4571692 (Security Update) | Important | Elevation of Privilege | 4565513 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 4571692 (Security Update) | Important | Elevation of Privilege | 4565513 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 4571694 (Security Update) | Important | Elevation of Privilege | 4565511 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 4571694 (Security Update) | Important | Elevation of Privilege | 4565511 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for 32-bit Systems | 4571741 (Security Update) | Important | Elevation of Privilege | 4565508 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for ARM64-based Systems | 4571741 (Security Update) | Important | Elevation of Privilege | 4565508 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for x64-based Systems | 4571741 (Security Update) | Important | Elevation of Privilege | 4565508 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for 32-bit Systems | 4571709 (Security Update) | Important | Elevation of Privilege | 4565489 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 4571709 (Security Update) | Important | Elevation of Privilege | 4565489 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 4571709 (Security Update) | Important | Elevation of Privilege | 4565489 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for 32-bit Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for ARM64-based Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for x64-based Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 4566782 (Security Update) | Important | Elevation of Privilege | 4565503 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 4566782 (Security Update) | Important | Elevation of Privilege | 4565503 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 4566782 (Security Update) | Important | Elevation of Privilege | 4565503 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 7 for 32-bit Systems Service Pack 1 | 4571729 (Monthly Rollup) 4571719 (Security Only) |
Important | Elevation of Privilege | 4565524 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 4571729 (Monthly Rollup) 4571719 (Security Only) |
Important | Elevation of Privilege | 4565524 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 4571703 (Monthly Rollup) 4571723 (Security Only) |
Important | Elevation of Privilege | 4565541 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 4571703 (Monthly Rollup) 4571723 (Security Only) |
Important | Elevation of Privilege | 4565541 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 4571703 (Monthly Rollup) | Important | Elevation of Privilege | 4565541 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2020-1547 | Yuki Chen |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2020-1548 MITRE NVD |
CVE Title: Windows WaasMedic Service Information Disclosure Vulnerability
Description: An information disclosure vulnerability exists when the Windows WaasMedic Service improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to improperly disclose memory. The security update addresses the vulnerability by correcting how the Windows WaasMedic Service handles memory. FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is memory layout - the vulnerability allows an attacker to collect information that facilitates predicting addressing of the memory. Mitigations: None Workarounds: None Revision: 1.0 2020-08-11T07:00:00Z Information published. |
Important | Information Disclosure |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2020-1548 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Windows 10 Version 1803 for 32-bit Systems | 4571709 (Security Update) | Important | Information Disclosure | 4565489 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 4571709 (Security Update) | Important | Information Disclosure | 4565489 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 4571709 (Security Update) | Important | Information Disclosure | 4565489 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 4565349 (Security Update) | Important | Information Disclosure | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 4565349 (Security Update) | Important | Information Disclosure | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 4565349 (Security Update) | Important | Information Disclosure | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for 32-bit Systems | 4565351 (Security Update) | Important | Information Disclosure | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for ARM64-based Systems | 4565351 (Security Update) | Important | Information Disclosure | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for x64-based Systems | 4565351 (Security Update) | Important | Information Disclosure | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 4565351 (Security Update) | Important | Information Disclosure | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 4565351 (Security Update) | Important | Information Disclosure | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 4565351 (Security Update) | Important | Information Disclosure | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 4566782 (Security Update) | Important | Information Disclosure | 4565503 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 4566782 (Security Update) | Important | Information Disclosure | 4565503 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 4566782 (Security Update) | Important | Information Disclosure | 4565503 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 | 4565349 (Security Update) | Important | Information Disclosure | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 4565349 (Security Update) | Important | Information Disclosure | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1903 (Server Core installation) | 4565351 (Security Update) | Important | Information Disclosure | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1909 (Server Core installation) | 4565351 (Security Update) | Important | Information Disclosure | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 4566782 (Security Update) | Important | Information Disclosure | 4565503 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2020-1548 | Zhiniang Peng (@edwardzpeng) & Haoran Qin |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2020-1549 MITRE NVD |
CVE Title: Windows CDP User Components Elevation of Privilege Vulnerability
Description: An elevation of privilege vulnerability exists when the Windows CDP User Components improperly handle memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges. The security update addresses the vulnerability by correcting how the Windows CDP User Components handle memory. FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2020-08-11T07:00:00Z Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2020-1549 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Windows 10 Version 1607 for 32-bit Systems | 4571694 (Security Update) | Important | Elevation of Privilege | 4565511 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 4571694 (Security Update) | Important | Elevation of Privilege | 4565511 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for 32-bit Systems | 4571741 (Security Update) | Important | Elevation of Privilege | 4565508 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for ARM64-based Systems | 4571741 (Security Update) | Important | Elevation of Privilege | 4565508 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for x64-based Systems | 4571741 (Security Update) | Important | Elevation of Privilege | 4565508 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for 32-bit Systems | 4571709 (Security Update) | Important | Elevation of Privilege | 4565489 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 4571709 (Security Update) | Important | Elevation of Privilege | 4565489 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 4571709 (Security Update) | Important | Elevation of Privilege | 4565489 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for 32-bit Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for ARM64-based Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for x64-based Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 4566782 (Security Update) | Important | Elevation of Privilege | 4565503 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 4566782 (Security Update) | Important | Elevation of Privilege | 4565503 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 4566782 (Security Update) | Important | Elevation of Privilege | 4565503 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 | 4571694 (Security Update) | Important | Elevation of Privilege | 4565511 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 4571694 (Security Update) | Important | Elevation of Privilege | 4565511 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1903 (Server Core installation) | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1909 (Server Core installation) | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 4566782 (Security Update) | Important | Elevation of Privilege | 4565503 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2020-1549 | Zhiniang Peng (@edwardzpeng) & Jiadong Lu |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2020-1550 MITRE NVD |
CVE Title: Windows CDP User Components Elevation of Privilege Vulnerability
Description: An elevation of privilege vulnerability exists when the Windows CDP User Components improperly handle memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges. The security update addresses the vulnerability by correcting how the Windows CDP User Components handle memory. FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2020-08-11T07:00:00Z Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2020-1550 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Windows 10 Version 1607 for 32-bit Systems | 4571694 (Security Update) | Important | Elevation of Privilege | 4565511 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 4571694 (Security Update) | Important | Elevation of Privilege | 4565511 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for 32-bit Systems | 4571741 (Security Update) | Important | Elevation of Privilege | 4565508 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for ARM64-based Systems | 4571741 (Security Update) | Important | Elevation of Privilege | 4565508 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for x64-based Systems | 4571741 (Security Update) | Important | Elevation of Privilege | 4565508 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for 32-bit Systems | 4571709 (Security Update) | Important | Elevation of Privilege | 4565489 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 4571709 (Security Update) | Important | Elevation of Privilege | 4565489 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 4571709 (Security Update) | Important | Elevation of Privilege | 4565489 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for 32-bit Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for ARM64-based Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for x64-based Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 4566782 (Security Update) | Important | Elevation of Privilege | 4565503 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 4566782 (Security Update) | Important | Elevation of Privilege | 4565503 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 4566782 (Security Update) | Important | Elevation of Privilege | 4565503 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 | 4571694 (Security Update) | Important | Elevation of Privilege | 4565511 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 4571694 (Security Update) | Important | Elevation of Privilege | 4565511 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1903 (Server Core installation) | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1909 (Server Core installation) | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 4566782 (Security Update) | Important | Elevation of Privilege | 4565503 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2020-1550 | anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2020-1377 MITRE NVD |
CVE Title: Windows Registry Elevation of Privilege Vulnerability
Description: An elevation of privilege vulnerability exists when the Windows Kernel API improperly handles registry objects in memory. An attacker who successfully exploited the vulnerability could gain elevated privileges on a targeted system. A locally authenticated attacker could exploit this vulnerability by running a specially crafted application. The security update addresses the vulnerability by helping to ensure that the Windows Kernel API properly handles objects in memory. FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2020-08-11T07:00:00Z Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2020-1377 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 4571692 (Security Update) | Important | Elevation of Privilege | 4565513 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 4571692 (Security Update) | Important | Elevation of Privilege | 4565513 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 4571694 (Security Update) | Important | Elevation of Privilege | 4565511 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 4571694 (Security Update) | Important | Elevation of Privilege | 4565511 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for 32-bit Systems | 4571741 (Security Update) | Important | Elevation of Privilege | 4565508 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for ARM64-based Systems | 4571741 (Security Update) | Important | Elevation of Privilege | 4565508 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for x64-based Systems | 4571741 (Security Update) | Important | Elevation of Privilege | 4565508 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for 32-bit Systems | 4571709 (Security Update) | Important | Elevation of Privilege | 4565489 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 4571709 (Security Update) | Important | Elevation of Privilege | 4565489 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 4571709 (Security Update) | Important | Elevation of Privilege | 4565489 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for 32-bit Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for ARM64-based Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for x64-based Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 4566782 (Security Update) | Important | Elevation of Privilege | 4565503 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 4566782 (Security Update) | Important | Elevation of Privilege | 4565503 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 4566782 (Security Update) | Important | Elevation of Privilege | 4565503 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 7 for 32-bit Systems Service Pack 1 | 4571729 (Monthly Rollup) 4571719 (Security Only) |
Important | Elevation of Privilege | 4565524 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 4571729 (Monthly Rollup) 4571719 (Security Only) |
Important | Elevation of Privilege | 4565524 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 4571703 (Monthly Rollup) 4571723 (Security Only) |
Important | Elevation of Privilege | 4565541 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 4571703 (Monthly Rollup) 4571723 (Security Only) |
Important | Elevation of Privilege | 4565541 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 4571703 (Monthly Rollup) | Important | Elevation of Privilege | 4565541 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 4571730 (Monthly Rollup) 4571746 (Security Only) |
Important | Elevation of Privilege | 4565536 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 4571730 (Monthly Rollup) 4571746 (Security Only) |
Important | Elevation of Privilege | 4565536 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 4571730 (Monthly Rollup) 4571746 (Security Only) |
Important | Elevation of Privilege | 4565536 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 4571730 (Monthly Rollup) 4571746 (Security Only) |
Important | Elevation of Privilege | 4565536 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 4571729 (Monthly Rollup) 4571719 (Security Only) |
Important | Elevation of Privilege | 4565524 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 4571729 (Monthly Rollup) 4571719 (Security Only) |
Important | Elevation of Privilege | 4565524 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 | 4571736 (Monthly Rollup) 4571702 (Security Only) |
Important | Elevation of Privilege | 4565537 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 4571736 (Monthly Rollup) 4571702 (Security Only) |
Important | Elevation of Privilege | 4565537 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 4571703 (Monthly Rollup) 4571723 (Security Only) |
Important | Elevation of Privilege | 4565541 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 4571703 (Monthly Rollup) 4571723 (Security Only) |
Important | Elevation of Privilege | 4565541 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 | 4571694 (Security Update) | Important | Elevation of Privilege | 4565511 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 4571694 (Security Update) | Important | Elevation of Privilege | 4565511 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1903 (Server Core installation) | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1909 (Server Core installation) | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 4566782 (Security Update) | Important | Elevation of Privilege | 4565503 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2020-1377 | James Forshaw of Google Project Zero |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2020-1378 MITRE NVD |
CVE Title: Windows Registry Elevation of Privilege Vulnerability
Description: An elevation of privilege vulnerability exists when the Windows Kernel API improperly handles registry objects in memory. An attacker who successfully exploited the vulnerability could gain elevated privileges on a targeted system. A locally authenticated attacker could exploit this vulnerability by running a specially crafted application. The security update addresses the vulnerability by helping to ensure that the Windows Kernel API properly handles objects in memory. FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2020-08-11T07:00:00Z Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2020-1378 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 4571692 (Security Update) | Important | Elevation of Privilege | 4565513 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 4571692 (Security Update) | Important | Elevation of Privilege | 4565513 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 4571694 (Security Update) | Important | Elevation of Privilege | 4565511 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 4571694 (Security Update) | Important | Elevation of Privilege | 4565511 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for 32-bit Systems | 4571741 (Security Update) | Important | Elevation of Privilege | 4565508 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for ARM64-based Systems | 4571741 (Security Update) | Important | Elevation of Privilege | 4565508 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for x64-based Systems | 4571741 (Security Update) | Important | Elevation of Privilege | 4565508 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for 32-bit Systems | 4571709 (Security Update) | Important | Elevation of Privilege | 4565489 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 4571709 (Security Update) | Important | Elevation of Privilege | 4565489 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 4571709 (Security Update) | Important | Elevation of Privilege | 4565489 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for 32-bit Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for ARM64-based Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for x64-based Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 4566782 (Security Update) | Important | Elevation of Privilege | 4565503 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 4566782 (Security Update) | Important | Elevation of Privilege | 4565503 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 4566782 (Security Update) | Important | Elevation of Privilege | 4565503 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 7 for 32-bit Systems Service Pack 1 | 4571729 (Monthly Rollup) 4571719 (Security Only) |
Important | Elevation of Privilege | 4565524 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 4571729 (Monthly Rollup) 4571719 (Security Only) |
Important | Elevation of Privilege | 4565524 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 4571703 (Monthly Rollup) 4571723 (Security Only) |
Important | Elevation of Privilege | 4565541 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 4571703 (Monthly Rollup) 4571723 (Security Only) |
Important | Elevation of Privilege | 4565541 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 4571703 (Monthly Rollup) | Important | Elevation of Privilege | 4565541 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 4571730 (Monthly Rollup) 4571746 (Security Only) |
Important | Elevation of Privilege | 4565536 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 4571730 (Monthly Rollup) 4571746 (Security Only) |
Important | Elevation of Privilege | 4565536 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 4571730 (Monthly Rollup) 4571746 (Security Only) |
Important | Elevation of Privilege | 4565536 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 4571730 (Monthly Rollup) 4571746 (Security Only) |
Important | Elevation of Privilege | 4565536 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 4571729 (Monthly Rollup) 4571719 (Security Only) |
Important | Elevation of Privilege | 4565524 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 4571729 (Monthly Rollup) 4571719 (Security Only) |
Important | Elevation of Privilege | 4565524 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 | 4571736 (Monthly Rollup) 4571702 (Security Only) |
Important | Elevation of Privilege | 4565537 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 4571736 (Monthly Rollup) 4571702 (Security Only) |
Important | Elevation of Privilege | 4565537 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 4571703 (Monthly Rollup) 4571723 (Security Only) |
Important | Elevation of Privilege | 4565541 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 4571703 (Monthly Rollup) 4571723 (Security Only) |
Important | Elevation of Privilege | 4565541 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 | 4571694 (Security Update) | Important | Elevation of Privilege | 4565511 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 4571694 (Security Update) | Important | Elevation of Privilege | 4565511 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1903 (Server Core installation) | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1909 (Server Core installation) | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 4566782 (Security Update) | Important | Elevation of Privilege | 4565503 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2020-1378 | James Forshaw of Google Project Zero |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2020-1379 MITRE NVD |
CVE Title: Media Foundation Memory Corruption Vulnerability
Description: A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory. An attacker who successfully exploited the vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit a malicious webpage. The security update addresses the vulnerability by correcting how Windows Media Foundation handles objects in memory. FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2020-08-11T07:00:00Z Information published. |
Critical | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2020-1379 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 4571692 (Security Update) | Critical | Remote Code Execution | 4565513 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 4571692 (Security Update) | Critical | Remote Code Execution | 4565513 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 4571694 (Security Update) | Critical | Remote Code Execution | 4565511 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 4571694 (Security Update) | Critical | Remote Code Execution | 4565511 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for 32-bit Systems | 4571741 (Security Update) | Critical | Remote Code Execution | 4565508 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for ARM64-based Systems | 4571741 (Security Update) | Critical | Remote Code Execution | 4565508 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for x64-based Systems | 4571741 (Security Update) | Critical | Remote Code Execution | 4565508 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for 32-bit Systems | 4571709 (Security Update) | Critical | Remote Code Execution | 4565489 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 4571709 (Security Update) | Critical | Remote Code Execution | 4565489 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 4571709 (Security Update) | Critical | Remote Code Execution | 4565489 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 4565349 (Security Update) | Critical | Remote Code Execution | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 4565349 (Security Update) | Critical | Remote Code Execution | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 4565349 (Security Update) | Critical | Remote Code Execution | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for 32-bit Systems | 4565351 (Security Update) | Critical | Remote Code Execution | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for ARM64-based Systems | 4565351 (Security Update) | Critical | Remote Code Execution | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for x64-based Systems | 4565351 (Security Update) | Critical | Remote Code Execution | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 4565351 (Security Update) | Critical | Remote Code Execution | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 4565351 (Security Update) | Critical | Remote Code Execution | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 4565351 (Security Update) | Critical | Remote Code Execution | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 4566782 (Security Update) | Critical | Remote Code Execution | 4565503 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 4566782 (Security Update) | Critical | Remote Code Execution | 4565503 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 4566782 (Security Update) | Critical | Remote Code Execution | 4565503 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 7 for 32-bit Systems Service Pack 1 | 4571729 (Monthly Rollup) 4571719 (Security Only) |
Critical | Remote Code Execution | 4565524 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 4571729 (Monthly Rollup) 4571719 (Security Only) |
Critical | Remote Code Execution | 4565524 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 4571703 (Monthly Rollup) 4571723 (Security Only) |
Critical | Remote Code Execution | 4565541 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 4571703 (Monthly Rollup) 4571723 (Security Only) |
Critical | Remote Code Execution | 4565541 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 4571703 (Monthly Rollup) | Critical | Remote Code Execution | 4565541 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 4571730 (Monthly Rollup) 4571746 (Security Only) |
Critical | Remote Code Execution | 4565536 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 4571730 (Monthly Rollup) 4571746 (Security Only) |
Critical | Remote Code Execution | 4565536 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 4571730 (Monthly Rollup) 4571746 (Security Only) |
Critical | Remote Code Execution | 4565536 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 4571730 (Monthly Rollup) 4571746 (Security Only) |
Critical | Remote Code Execution | 4565536 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 4571729 (Monthly Rollup) 4571719 (Security Only) |
Critical | Remote Code Execution | 4565524 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 4571729 (Monthly Rollup) 4571719 (Security Only) |
Critical | Remote Code Execution | 4565524 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 | 4571736 (Monthly Rollup) 4571702 (Security Only) |
Critical | Remote Code Execution | 4565537 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 4571736 (Monthly Rollup) 4571702 (Security Only) |
Critical | Remote Code Execution | 4565537 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 4571703 (Monthly Rollup) 4571723 (Security Only) |
Critical | Remote Code Execution | 4565541 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 4571703 (Monthly Rollup) 4571723 (Security Only) |
Critical | Remote Code Execution | 4565541 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 | 4571694 (Security Update) | Critical | Remote Code Execution | 4565511 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 4571694 (Security Update) | Critical | Remote Code Execution | 4565511 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 | 4565349 (Security Update) | Critical | Remote Code Execution | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 4565349 (Security Update) | Critical | Remote Code Execution | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1903 (Server Core installation) | 4565351 (Security Update) | Critical | Remote Code Execution | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1909 (Server Core installation) | 4565351 (Security Update) | Critical | Remote Code Execution | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 4566782 (Security Update) | Critical | Remote Code Execution | 4565503 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2020-1379 | yangkang3 (@dnpushme) |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2020-1383 MITRE NVD |
CVE Title: Windows RRAS Service Information Disclosure Vulnerability
Description: An information disclosure vulnerability exists in RPC if the server has Routing and Remote Access enabled. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system To exploit this vulnerability, an attacker would need to run a specially crafted application against an RPC server which has Routing and Remote Access enabled. Routing and Remote Access is a non-default configuration; systems without it enabled are not vulnerable. The security update addresses the vulnerability by correcting how the Routing and Remote Access service handles requests. FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is the contents of Kernel memory. An attacker could read the contents of Kernel memory from a user mode process. Mitigations: None Workarounds: None Revision: 1.0 2020-08-11T07:00:00Z Information published. |
Important | Information Disclosure |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2020-1383 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 4571692 (Security Update) | Important | Information Disclosure | 4565513 | Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 4571692 (Security Update) | Important | Information Disclosure | 4565513 | Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 4571694 (Security Update) | Important | Information Disclosure | 4565511 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 4571694 (Security Update) | Important | Information Disclosure | 4565511 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for 32-bit Systems | 4571741 (Security Update) | Important | Information Disclosure | 4565508 | Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for ARM64-based Systems | 4571741 (Security Update) | Important | Information Disclosure | 4565508 | Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for x64-based Systems | 4571741 (Security Update) | Important | Information Disclosure | 4565508 | Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for 32-bit Systems | 4571709 (Security Update) | Important | Information Disclosure | 4565489 | Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 4571709 (Security Update) | Important | Information Disclosure | 4565489 | Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 4571709 (Security Update) | Important | Information Disclosure | 4565489 | Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 4565349 (Security Update) | Important | Information Disclosure | 4558998 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 4565349 (Security Update) | Important | Information Disclosure | 4558998 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 4565349 (Security Update) | Important | Information Disclosure | 4558998 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for 32-bit Systems | 4565351 (Security Update) | Important | Information Disclosure | 4565483 | Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for ARM64-based Systems | 4565351 (Security Update) | Important | Information Disclosure | 4565483 | Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for x64-based Systems | 4565351 (Security Update) | Important | Information Disclosure | 4565483 | Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 4565351 (Security Update) | Important | Information Disclosure | 4565483 | Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 4565351 (Security Update) | Important | Information Disclosure | 4565483 | Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 4565351 (Security Update) | Important | Information Disclosure | 4565483 | Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 4566782 (Security Update) | Important | Information Disclosure | 4565503 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 4566782 (Security Update) | Important | Information Disclosure | 4565503 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 4566782 (Security Update) | Important | Information Disclosure | 4565503 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 7 for 32-bit Systems Service Pack 1 | 4571729 (Monthly Rollup) 4571719 (Security Only) |
Important | Information Disclosure | 4565524 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 4571729 (Monthly Rollup) 4571719 (Security Only) |
Important | Information Disclosure | 4565524 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 4571703 (Monthly Rollup) 4571723 (Security Only) |
Important | Information Disclosure | 4565541 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 4571703 (Monthly Rollup) 4571723 (Security Only) |
Important | Information Disclosure | 4565541 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 4571703 (Monthly Rollup) | Important | Information Disclosure | 4565541 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 4571729 (Monthly Rollup) 4571719 (Security Only) |
Important | Information Disclosure | 4565524 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 4571729 (Monthly Rollup) 4571719 (Security Only) |
Important | Information Disclosure | 4565524 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 | 4571736 (Monthly Rollup) 4571702 (Security Only) |
Important | Information Disclosure | 4565537 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 4571736 (Monthly Rollup) 4571702 (Security Only) |
Important | Information Disclosure | 4565537 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 4571703 (Monthly Rollup) 4571723 (Security Only) |
Important | Information Disclosure | 4565541 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 4571703 (Monthly Rollup) 4571723 (Security Only) |
Important | Information Disclosure | 4565541 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 | 4571694 (Security Update) | Important | Information Disclosure | 4565511 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 4571694 (Security Update) | Important | Information Disclosure | 4565511 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 | 4565349 (Security Update) | Important | Information Disclosure | 4558998 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 4565349 (Security Update) | Important | Information Disclosure | 4558998 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1903 (Server Core installation) | 4565351 (Security Update) | Important | Information Disclosure | 4565483 | Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1909 (Server Core installation) | 4565351 (Security Update) | Important | Information Disclosure | 4565483 | Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 4566782 (Security Update) | Important | Information Disclosure | 4565503 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2020-1383 | Yuki Chen |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2020-1380 MITRE NVD |
CVE Title: Scripting Engine Memory Corruption Vulnerability
Description: A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website. An attacker could also embed an ActiveX control marked "safe for initialization" in an application or Microsoft Office document that hosts the IE rendering engine. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability. The security update addresses the vulnerability by modifying how the scripting engine handles objects in memory. FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2020-08-11T07:00:00Z Information published. |
Critical | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Detected | N/A | Not Applicable | No | Yes |
The following tables list the affected software details for the vulnerability.
| CVE-2020-1380 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Internet Explorer 11 on Windows 10 for 32-bit Systems | 4571692 (Security Update) | Critical | Remote Code Execution | 4565513 | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 10 for x64-based Systems | 4571692 (Security Update) | Critical | Remote Code Execution | 4565513 | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 10 Version 1607 for 32-bit Systems | 4571694 (Security Update) | Critical | Remote Code Execution | 4565511 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 10 Version 1607 for x64-based Systems | 4571694 (Security Update) | Critical | Remote Code Execution | 4565511 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 10 Version 1709 for 32-bit Systems | 4571741 (Security Update) | Critical | Remote Code Execution | 4565508 | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 10 Version 1709 for ARM64-based Systems | 4571741 (Security Update) | Critical | Remote Code Execution | 4565508 | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 10 Version 1709 for x64-based Systems | 4571741 (Security Update) | Critical | Remote Code Execution | 4565508 | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 10 Version 1803 for 32-bit Systems | 4571709 (Security Update) | Critical | Remote Code Execution | 4565489 | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 10 Version 1803 for ARM64-based Systems | 4571709 (Security Update) | Critical | Remote Code Execution | 4565489 | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 10 Version 1803 for x64-based Systems | 4571709 (Security Update) | Critical | Remote Code Execution | 4565489 | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 10 Version 1809 for 32-bit Systems | 4565349 (Security Update) | Critical | Remote Code Execution | 4558998 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 10 Version 1809 for ARM64-based Systems | 4565349 (Security Update) | Critical | Remote Code Execution | 4558998 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 10 Version 1809 for x64-based Systems | 4565349 (Security Update) | Critical | Remote Code Execution | 4558998 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 10 Version 1903 for 32-bit Systems | 4565351 (Security Update) | Critical | Remote Code Execution | 4565483 | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 10 Version 1903 for ARM64-based Systems | 4565351 (Security Update) | Critical | Remote Code Execution | 4565483 | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 10 Version 1903 for x64-based Systems | 4565351 (Security Update) | Critical | Remote Code Execution | 4565483 | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 10 Version 1909 for 32-bit Systems | 4565351 (Security Update) | Critical | Remote Code Execution | 4565483 | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 10 Version 1909 for ARM64-based Systems | 4565351 (Security Update) | Critical | Remote Code Execution | 4565483 | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 10 Version 1909 for x64-based Systems | 4565351 (Security Update) | Critical | Remote Code Execution | 4565483 | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 10 Version 2004 for 32-bit Systems | 4566782 (Security Update) | Critical | Remote Code Execution | 4565503 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 10 Version 2004 for ARM64-based Systems | 4566782 (Security Update) | Critical | Remote Code Execution | 4565503 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 10 Version 2004 for x64-based Systems | 4566782 (Security Update) | Critical | Remote Code Execution | 4565503 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 7 for 32-bit Systems Service Pack 1 | 4571729 (Monthly Rollup) 4571687 (IE Cumulative) |
Critical | Remote Code Execution | 4565524 4565479 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 7 for x64-based Systems Service Pack 1 | 4571729 (Monthly Rollup) 4571687 (IE Cumulative) |
Critical | Remote Code Execution | 4565524 4565479 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 8.1 for 32-bit systems | 4571687 (IE Cumulative) 4571703 (Monthly Rollup) |
Critical | Remote Code Execution | 4565479 4565541 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 8.1 for x64-based systems | 4571687 (IE Cumulative) 4571703 (Monthly Rollup) |
Critical | Remote Code Execution | 4565479 4565541 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows RT 8.1 | 4571703 (Monthly Rollup) | Critical | Remote Code Execution | 4565541 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 4571729 (Monthly Rollup) 4571687 (IE Cumulative) |
Moderate | Remote Code Execution | 4565524 4565479 |
Base: 6.4 Temporal: 5.8 Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows Server 2012 | 4571687 (IE Cumulative) 4571736 (Monthly Rollup) |
Moderate | Remote Code Execution | 4565479 4565537 |
Base: 6.4 Temporal: 5.8 Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows Server 2012 R2 | 4571687 (IE Cumulative) 4571703 (Monthly Rollup) |
Moderate | Remote Code Execution | 4565479 4565541 |
Base: 6.4 Temporal: 5.8 Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows Server 2016 | 4571694 (Security Update) | Moderate | Remote Code Execution | 4565511 |
Base: 6.4 Temporal: 5.8 Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows Server 2019 | 4565349 (Security Update) | Moderate | Remote Code Execution | 4558998 |
Base: 6.4 Temporal: 5.8 Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2020-1380 | Boris Larin (Oct0xor) of Kaspersky Lab |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2020-1455 MITRE NVD |
CVE Title: Microsoft SQL Server Management Studio Denial of Service Vulnerability
Description: A denial of service vulnerability exists when Microsoft SQL Server Management Studio (SSMS) improperly handles files. An attacker could exploit the vulnerability to trigger a denial of service. To exploit the vulnerability, an attacker would first require execution on the victim system. The security update addresses the vulnerability by ensuring Microsoft SQL Server Management Studio properly handles files. FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2020-08-11T07:00:00Z Information published. |
Important | Denial of Service |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | N/A | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2020-1455 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| SQL Server Management Studio 18.6 | Release Notes (Security Update) | Important | Denial of Service | None | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| CVE ID | Acknowledgements |
| CVE-2020-1455 | Tobias Neitzel of usd AG |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2020-1459 MITRE NVD |
CVE Title: Windows ARM Information Disclosure Vulnerability
Description: An information disclosure vulnerability exists on ARM implementations that use speculative execution in control flow via a side-channel analysis, aka "straight-line speculation." To exploit this vulnerability, an attacker with local privileges would need to run a specially crafted application. The security update addresses the vulnerability by bypassing the speculative execution. FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is the contents of Kernel memory. An attacker could read the contents of Kernel memory from a user mode process. Mitigations: None Workarounds: None Revision: 1.0 2020-08-11T07:00:00Z Information published. |
Important | Information Disclosure |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2020-1459 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Windows 10 Version 1809 for ARM64-based Systems | 4565349 (Security Update) | Important | Information Disclosure | 4558998 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for ARM64-based Systems | 4565351 (Security Update) | Important | Information Disclosure | 4565483 | Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 4565351 (Security Update) | Important | Information Disclosure | 4565483 | Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 4566782 (Security Update) | Important | Information Disclosure | 4565503 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2020-1459 | Anthony Steinhauser, Google's Safeside project, https://github.com/google/safeside |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2020-1339 MITRE NVD |
CVE Title: Windows Media Remote Code Execution Vulnerability
Description: A remote code execution vulnerability exists when Windows Media Audio Codec improperly handles objects. An attacker who successfully exploited the vulnerability could take control of an affected system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit a malicious webpage. The security update addresses the vulnerability by correcting how Windows Media Audio Codec handles objects. FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2020-08-11T07:00:00Z Information published. |
Critical | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2020-1339 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 4571692 (Security Update) | Critical | Remote Code Execution | 4565513 | Base: 7.3 Temporal: 6.6 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 4571692 (Security Update) | Critical | Remote Code Execution | 4565513 | Base: 7.3 Temporal: 6.6 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 4571694 (Security Update) | Critical | Remote Code Execution | 4565511 |
Base: 7.3 Temporal: 6.6 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 4571694 (Security Update) | Critical | Remote Code Execution | 4565511 |
Base: 7.3 Temporal: 6.6 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for 32-bit Systems | 4571741 (Security Update) | Critical | Remote Code Execution | 4565508 | Base: 7.3 Temporal: 6.6 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for ARM64-based Systems | 4571741 (Security Update) | Critical | Remote Code Execution | 4565508 | Base: 7.3 Temporal: 6.6 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for x64-based Systems | 4571741 (Security Update) | Critical | Remote Code Execution | 4565508 | Base: 7.3 Temporal: 6.6 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for 32-bit Systems | 4571709 (Security Update) | Critical | Remote Code Execution | 4565489 | Base: 7.3 Temporal: 6.6 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 4571709 (Security Update) | Critical | Remote Code Execution | 4565489 | Base: 7.3 Temporal: 6.6 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 4571709 (Security Update) | Critical | Remote Code Execution | 4565489 | Base: 7.3 Temporal: 6.6 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 4565349 (Security Update) | Critical | Remote Code Execution | 4558998 |
Base: 7.3 Temporal: 6.6 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 4565349 (Security Update) | Critical | Remote Code Execution | 4558998 |
Base: 7.3 Temporal: 6.6 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 4565349 (Security Update) | Critical | Remote Code Execution | 4558998 |
Base: 7.3 Temporal: 6.6 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for 32-bit Systems | 4565351 (Security Update) | Critical | Remote Code Execution | 4565483 | Base: 7.3 Temporal: 6.6 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for ARM64-based Systems | 4565351 (Security Update) | Critical | Remote Code Execution | 4565483 | Base: 7.3 Temporal: 6.6 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for x64-based Systems | 4565351 (Security Update) | Critical | Remote Code Execution | 4565483 | Base: 7.3 Temporal: 6.6 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 4565351 (Security Update) | Critical | Remote Code Execution | 4565483 | Base: 7.3 Temporal: 6.6 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 4565351 (Security Update) | Critical | Remote Code Execution | 4565483 | Base: 7.3 Temporal: 6.6 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 4565351 (Security Update) | Critical | Remote Code Execution | 4565483 | Base: 7.3 Temporal: 6.6 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 4566782 (Security Update) | Critical | Remote Code Execution | 4565503 |
Base: 7.3 Temporal: 6.6 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 4566782 (Security Update) | Critical | Remote Code Execution | 4565503 |
Base: 7.3 Temporal: 6.6 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 4566782 (Security Update) | Critical | Remote Code Execution | 4565503 |
Base: 7.3 Temporal: 6.6 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 7 for 32-bit Systems Service Pack 1 | 4571729 (Monthly Rollup) 4571719 (Security Only) |
Critical | Remote Code Execution | 4565524 |
Base: 7.3 Temporal: 6.6 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 4571729 (Monthly Rollup) 4571719 (Security Only) |
Critical | Remote Code Execution | 4565524 |
Base: 7.3 Temporal: 6.6 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 4571703 (Monthly Rollup) 4571723 (Security Only) |
Critical | Remote Code Execution | 4565541 |
Base: 7.3 Temporal: 6.6 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 4571703 (Monthly Rollup) 4571723 (Security Only) |
Critical | Remote Code Execution | 4565541 |
Base: 7.3 Temporal: 6.6 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 4571703 (Monthly Rollup) | Critical | Remote Code Execution | 4565541 |
Base: 7.3 Temporal: 6.6 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 4571730 (Monthly Rollup) 4571746 (Security Only) |
Critical | Remote Code Execution | 4565536 |
Base: 7.3 Temporal: 6.6 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 4571730 (Monthly Rollup) 4571746 (Security Only) |
Critical | Remote Code Execution | 4565536 |
Base: 7.3 Temporal: 6.6 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 4571730 (Monthly Rollup) 4571746 (Security Only) |
Critical | Remote Code Execution | 4565536 |
Base: 7.3 Temporal: 6.6 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 4571730 (Monthly Rollup) 4571746 (Security Only) |
Critical | Remote Code Execution | 4565536 |
Base: 7.3 Temporal: 6.6 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 4571729 (Monthly Rollup) 4571719 (Security Only) |
Critical | Remote Code Execution | 4565524 |
Base: 7.3 Temporal: 6.6 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 4571729 (Monthly Rollup) 4571719 (Security Only) |
Critical | Remote Code Execution | 4565524 |
Base: 7.3 Temporal: 6.6 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 | 4571736 (Monthly Rollup) 4571702 (Security Only) |
Critical | Remote Code Execution | 4565537 |
Base: 7.3 Temporal: 6.6 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 4571736 (Monthly Rollup) 4571702 (Security Only) |
Critical | Remote Code Execution | 4565537 |
Base: 7.3 Temporal: 6.6 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 4571703 (Monthly Rollup) 4571723 (Security Only) |
Critical | Remote Code Execution | 4565541 |
Base: 7.3 Temporal: 6.6 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 4571703 (Monthly Rollup) 4571723 (Security Only) |
Critical | Remote Code Execution | 4565541 |
Base: 7.3 Temporal: 6.6 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 | 4571694 (Security Update) | Critical | Remote Code Execution | 4565511 |
Base: 7.3 Temporal: 6.6 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 4571694 (Security Update) | Critical | Remote Code Execution | 4565511 |
Base: 7.3 Temporal: 6.6 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 | 4565349 (Security Update) | Critical | Remote Code Execution | 4558998 |
Base: 7.3 Temporal: 6.6 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 4565349 (Security Update) | Critical | Remote Code Execution | 4558998 |
Base: 7.3 Temporal: 6.6 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1903 (Server Core installation) | 4565351 (Security Update) | Critical | Remote Code Execution | 4565483 | Base: 7.3 Temporal: 6.6 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1909 (Server Core installation) | 4565351 (Security Update) | Critical | Remote Code Execution | 4565483 | Base: 7.3 Temporal: 6.6 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 4566782 (Security Update) | Critical | Remote Code Execution | 4565503 |
Base: 7.3 Temporal: 6.6 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2020-1339 | yangkang (@dnpushme) |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2020-1337 MITRE NVD |
CVE Title: Windows Print Spooler Elevation of Privilege Vulnerability
Description: An elevation of privilege vulnerability exists when the Windows Print Spooler service improperly allows arbitrary writing to the file system. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted script or application. The update addresses the vulnerability by correcting how the Windows Print Spooler Component writes to the file system. FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2020-08-11T07:00:00Z Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2020-1337 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 4571692 (Security Update) | Important | Elevation of Privilege | 4565513 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 4571692 (Security Update) | Important | Elevation of Privilege | 4565513 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 4571694 (Security Update) | Important | Elevation of Privilege | 4565511 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 4571694 (Security Update) | Important | Elevation of Privilege | 4565511 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for 32-bit Systems | 4571741 (Security Update) | Important | Elevation of Privilege | 4565508 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for ARM64-based Systems | 4571741 (Security Update) | Important | Elevation of Privilege | 4565508 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for x64-based Systems | 4571741 (Security Update) | Important | Elevation of Privilege | 4565508 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for 32-bit Systems | 4571709 (Security Update) | Important | Elevation of Privilege | 4565489 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 4571709 (Security Update) | Important | Elevation of Privilege | 4565489 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 4571709 (Security Update) | Important | Elevation of Privilege | 4565489 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for 32-bit Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for ARM64-based Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for x64-based Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 4566782 (Security Update) | Important | Elevation of Privilege | 4565503 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 4566782 (Security Update) | Important | Elevation of Privilege | 4565503 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 4566782 (Security Update) | Important | Elevation of Privilege | 4565503 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 7 for 32-bit Systems Service Pack 1 | 4571729 (Monthly Rollup) 4571719 (Security Only) |
Important | Elevation of Privilege | 4565524 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 4571729 (Monthly Rollup) 4571719 (Security Only) |
Important | Elevation of Privilege | 4565524 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 4571703 (Monthly Rollup) 4571723 (Security Only) |
Important | Elevation of Privilege | 4565541 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 4571703 (Monthly Rollup) 4571723 (Security Only) |
Important | Elevation of Privilege | 4565541 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 4571703 (Monthly Rollup) | Important | Elevation of Privilege | 4565541 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 4571730 (Monthly Rollup) 4571746 (Security Only) |
Important | Elevation of Privilege | 4565536 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 4571730 (Monthly Rollup) 4571746 (Security Only) |
Important | Elevation of Privilege | 4565536 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 4571730 (Monthly Rollup) 4571746 (Security Only) |
Important | Elevation of Privilege | 4565536 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 4571730 (Monthly Rollup) 4571746 (Security Only) |
Important | Elevation of Privilege | 4565536 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 4571729 (Monthly Rollup) 4571719 (Security Only) |
Important | Elevation of Privilege | 4565524 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 4571729 (Monthly Rollup) 4571719 (Security Only) |
Important | Elevation of Privilege | 4565524 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 | 4571736 (Monthly Rollup) 4571702 (Security Only) |
Important | Elevation of Privilege | 4565537 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 4571736 (Monthly Rollup) 4571702 (Security Only) |
Important | Elevation of Privilege | 4565537 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 4571703 (Monthly Rollup) 4571723 (Security Only) |
Important | Elevation of Privilege | 4565541 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 4571703 (Monthly Rollup) 4571723 (Security Only) |
Important | Elevation of Privilege | 4565541 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 | 4571694 (Security Update) | Important | Elevation of Privilege | 4565511 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 4571694 (Security Update) | Important | Elevation of Privilege | 4565511 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1903 (Server Core installation) | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1909 (Server Core installation) | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 4566782 (Security Update) | Important | Elevation of Privilege | 4565503 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2020-1337 | Vte. Javier García Mayén Junyu Zhou (@md5_salt) of Tencent Security Xuanwu Lab and Wenxu Wu EoP Master working with iDefense Labs, Accenture. Alex Ionescu, CrowdStrike Inc. Zhiniang Peng (@edwardzpeng) & Xuefeng Li Paolo Stagno aka VoidSec Anonymous working with Trend Micro's Zero Day Initiative Peleg Hadar (@peleghd) and Tomer Bar of SafeBreach Labs. |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2020-1466 MITRE NVD |
CVE Title: Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability
Description: A denial of service vulnerability exists in Windows Remote Desktop Gateway (RD Gateway) when an attacker connects to the target system using RDP and sends specially crafted requests. An attacker who successfully exploited this vulnerability could cause the RD Gateway service on the target system to stop responding. To exploit this vulnerability, an attacker would need to run a specially crafted application against a server which provides RD Gateway services. The update addresses the vulnerability by correcting how RD Gateway handles connection requests. FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2020-08-11T07:00:00Z Information published. |
Important | Denial of Service |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| N/A | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2020-1466 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Windows Server 2012 | 4571736 (Monthly Rollup) 4571702 (Security Only) |
Important | Denial of Service | 4565537 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 4571736 (Monthly Rollup) 4571702 (Security Only) |
Important | Denial of Service | 4565537 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 4571703 (Monthly Rollup) 4571723 (Security Only) |
Important | Denial of Service | 4565541 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 4571703 (Monthly Rollup) 4571723 (Security Only) |
Important | Denial of Service | 4565541 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 | 4571694 (Security Update) | Important | Denial of Service | 4565511 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 4571694 (Security Update) | Important | Denial of Service | 4565511 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 | 4565349 (Security Update) | Important | Denial of Service | 4558998 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 4565349 (Security Update) | Important | Denial of Service | 4558998 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2020-1466 | Microsoft Platform Security Assurance & Vulnerability Research |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2020-1467 MITRE NVD |
CVE Title: Windows Hard Link Elevation of Privilege Vulnerability
Description: An elevation of privilege vulnerability exists when Windows improperly handles hard links. An attacker who successfully exploited this vulnerability could overwrite a targeted file leading to an elevated status. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system. The security update addresses the vulnerability by correcting how Windows handles hard links. FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2020-08-11T07:00:00Z Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2020-1467 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Windows 10 Version 1607 for 32-bit Systems | 4571694 (Security Update) | Important | Elevation of Privilege | 4565511 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 4571694 (Security Update) | Important | Elevation of Privilege | 4565511 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for 32-bit Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for ARM64-based Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for x64-based Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 4566782 (Security Update) | Important | Elevation of Privilege | 4565503 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 4566782 (Security Update) | Important | Elevation of Privilege | 4565503 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 4566782 (Security Update) | Important | Elevation of Privilege | 4565503 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 7 for 32-bit Systems Service Pack 1 | 4571729 (Monthly Rollup) 4571719 (Security Only) |
Important | Elevation of Privilege | 4565524 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 4571729 (Monthly Rollup) 4571719 (Security Only) |
Important | Elevation of Privilege | 4565524 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 4571703 (Monthly Rollup) 4571723 (Security Only) |
Important | Elevation of Privilege | 4565541 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 4571703 (Monthly Rollup) 4571723 (Security Only) |
Important | Elevation of Privilege | 4565541 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 4571703 (Monthly Rollup) | Important | Elevation of Privilege | 4565541 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 4571730 (Monthly Rollup) 4571746 (Security Only) |
Important | Elevation of Privilege | 4565536 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 4571730 (Monthly Rollup) 4571746 (Security Only) |
Important | Elevation of Privilege | 4565536 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 4571730 (Monthly Rollup) 4571746 (Security Only) |
Important | Elevation of Privilege | 4565536 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 4571730 (Monthly Rollup) 4571746 (Security Only) |
Important | Elevation of Privilege | 4565536 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 4571729 (Monthly Rollup) 4571719 (Security Only) |
Important | Elevation of Privilege | 4565524 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 4571729 (Monthly Rollup) 4571719 (Security Only) |
Important | Elevation of Privilege | 4565524 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 | 4571736 (Monthly Rollup) 4571702 (Security Only) |
Important | Elevation of Privilege | 4565537 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 4571736 (Monthly Rollup) 4571702 (Security Only) |
Important | Elevation of Privilege | 4565537 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 4571703 (Monthly Rollup) 4571723 (Security Only) |
Important | Elevation of Privilege | 4565541 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 4571703 (Monthly Rollup) 4571723 (Security Only) |
Important | Elevation of Privilege | 4565541 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 | 4571694 (Security Update) | Important | Elevation of Privilege | 4565511 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 4571694 (Security Update) | Important | Elevation of Privilege | 4565511 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1903 (Server Core installation) | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1909 (Server Core installation) | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 4566782 (Security Update) | Important | Elevation of Privilege | 4565503 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2020-1467 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2020-1472 MITRE NVD |
CVE Title: Netlogon Elevation of Privilege Vulnerability
Description: An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC). An attacker who successfully exploited the vulnerability could run a specially crafted application on a device on the network. To exploit the vulnerability, an unauthenticated attacker would be required to use MS-NRPC to connect to a domain controller to obtain domain administrator access. Microsoft is addressing the vulnerability in a phased two-part rollout. These updates address the vulnerability by modifying how Netlogon handles the usage of Netlogon secure channels. For guidelines on how to manage the changes required for this vulnerability and more information on the phased rollout, see How to manage the changes in Netlogon secure channel connections associated with CVE-2020-1472. When the second phase of Windows updates become available in Q1 2021, customers will be notified via a revision to this security vulnerability. If you wish to be notified when these updates are released, we recommend that you register for the security notifications mailer to be alerted of content changes to this advisory. See Microsoft Technical Security Notifications. FAQ: Do I need to take further steps to be protected from this vulnerability? Yes. After installing the security updates released on August 11, 2020, you can deploy Domain Controller (DC) enforcement mode now or wait for the Q1 2021 update. See How to manage the changes in Netlogon secure channel connections associated with CVE-2020-1472 for more details. If I install the updates and take no further action, what will be the impact? During the initial deployment phase starting with the updates released August 11, 2020, the updates can be installed without added further action, and Windows devices and Domain Controllers (DCs) will be protected from this vulnerability. Organizations will need to monitor for and address potential issues before the Q1 2021 DC enforcement phase or risk devices being denied access. For more information, see How to manage the changes in Netlogon secure channel connections associated with CVE-2020-1472. How does Microsoft plan to address this vulnerability? Microsoft is addressing this vulnerability in a phased rollout. The initial deployment phase starts with the Windows updates released on August 11, 2020. The updates will enable the Domain Controllers (DCs) to protect Windows devices by default, log events for non-compliant device discovery, and have the option to enable protection for all domain-joined devices with explicit exceptions. The second phase, planned for a Q1 2021 release, marks the transition into the enforcement phase. The DCs will be placed in enforcement mode, which requires all Windows and non-Windows devices to use secure Remote Procedure Call (RPC) with Netlogon secure channel or to explicitly allow the account by adding an exception for any non-compliant device. What is a non-compliant device? A non-compliant device is one that uses a vulnerable Netlogon secure channel connection. Why is there a staged or phased rollout? There are many non-Windows device implementations of the Netlogon Remote Protocol (also called MS-NRPC). To ensure that vendors of non-compliant implementations can provide customers with updates, a second release that is planned for Q1 2021 will enforce protection for all domain-joined devices. Why do I need to follow the guidelines in How to manage the changes in Netlogon secure channel connections associated with CVE-2020-1472? If the guidelines from the KB article are not followed, your organization risks devices in your environment being denied access when the enforcement phase starts in Q1 2021. If there are currently no non-compliant devices in your environment, you can move to enforcement mode for further protection in advance of required enforcement. How can I be notified when the second release is available in Q1 2021? When the second phase of Windows updates become available, customers will be notified via a revision to this security vulnerability. If you wish to be notified when these updates are released, we recommend that you register for the security notifications mailer to be alerted of content changes to this advisory. See Microsoft Technical Security Notifications. Mitigations: None Workarounds: None Revision: 1.0 2020-08-11T07:00:00Z Information published. |
Critical | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2020-1472 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 4571729 (Monthly Rollup) 4571719 (Security Only) |
Critical | Elevation of Privilege | 4565524 |
Base: 8.8 Temporal: 7.9 Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 4571729 (Monthly Rollup) 4571719 (Security Only) |
Critical | Elevation of Privilege | 4565524 |
Base: 8.8 Temporal: 7.9 Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 | 4571736 (Monthly Rollup) 4571702 (Security Only) |
Critical | Elevation of Privilege | 4565537 |
Base: 8.8 Temporal: 7.9 Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 4571736 (Monthly Rollup) 4571702 (Security Only) |
Critical | Elevation of Privilege | 4565537 |
Base: 8.8 Temporal: 7.9 Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 4571703 (Monthly Rollup) 4571723 (Security Only) |
Critical | Elevation of Privilege | 4565541 |
Base: 8.8 Temporal: 7.9 Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 4571703 (Monthly Rollup) 4571723 (Security Only) |
Critical | Elevation of Privilege | 4565541 |
Base: 8.8 Temporal: 7.9 Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 | 4571694 (Security Update) | Critical | Elevation of Privilege | 4565511 |
Base: 8.8 Temporal: 7.9 Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 4571694 (Security Update) | Critical | Elevation of Privilege | 4565511 |
Base: 8.8 Temporal: 7.9 Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 | 4565349 (Security Update) | Critical | Elevation of Privilege | 4558998 |
Base: 8.8 Temporal: 7.9 Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 4565349 (Security Update) | Critical | Elevation of Privilege | 4558998 |
Base: 8.8 Temporal: 7.9 Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1903 (Server Core installation) | 4565351 (Security Update) | Critical | Elevation of Privilege | 4565483 | Base: 8.8 Temporal: 7.9 Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1909 (Server Core installation) | 4565351 (Security Update) | Critical | Elevation of Privilege | 4565483 | Base: 8.8 Temporal: 7.9 Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 4566782 (Security Update) | Critical | Elevation of Privilege | 4565503 |
Base: 8.8 Temporal: 7.9 Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2020-1472 | Tom Tervoort of Secura |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2020-1473 MITRE NVD |
CVE Title: Jet Database Engine Remote Code Execution Vulnerability
Description: A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory. FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2020-08-11T07:00:00Z Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2020-1473 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 4571692 (Security Update) | Important | Remote Code Execution | 4565513 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 4571692 (Security Update) | Important | Remote Code Execution | 4565513 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 4571694 (Security Update) | Important | Remote Code Execution | 4565511 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 4571694 (Security Update) | Important | Remote Code Execution | 4565511 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for 32-bit Systems | 4571741 (Security Update) | Important | Remote Code Execution | 4565508 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for ARM64-based Systems | 4571741 (Security Update) | Important | Remote Code Execution | 4565508 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for x64-based Systems | 4571741 (Security Update) | Important | Remote Code Execution | 4565508 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for 32-bit Systems | 4571709 (Security Update) | Important | Remote Code Execution | 4565489 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 4571709 (Security Update) | Important | Remote Code Execution | 4565489 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 4571709 (Security Update) | Important | Remote Code Execution | 4565489 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 4565349 (Security Update) | Important | Remote Code Execution | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 4565349 (Security Update) | Important | Remote Code Execution | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 4565349 (Security Update) | Important | Remote Code Execution | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for 32-bit Systems | 4565351 (Security Update) | Important | Remote Code Execution | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for ARM64-based Systems | 4565351 (Security Update) | Important | Remote Code Execution | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for x64-based Systems | 4565351 (Security Update) | Important | Remote Code Execution | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 4565351 (Security Update) | Important | Remote Code Execution | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 4565351 (Security Update) | Important | Remote Code Execution | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 4565351 (Security Update) | Important | Remote Code Execution | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 4566782 (Security Update) | Important | Remote Code Execution | 4565503 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 4566782 (Security Update) | Important | Remote Code Execution | 4565503 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 4566782 (Security Update) | Important | Remote Code Execution | 4565503 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 7 for 32-bit Systems Service Pack 1 | 4571729 (Monthly Rollup) 4571719 (Security Only) |
Important | Remote Code Execution | 4565524 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 4571729 (Monthly Rollup) 4571719 (Security Only) |
Important | Remote Code Execution | 4565524 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 4571703 (Monthly Rollup) 4571723 (Security Only) |
Important | Remote Code Execution | 4565541 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 4571703 (Monthly Rollup) 4571723 (Security Only) |
Important | Remote Code Execution | 4565541 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 4571703 (Monthly Rollup) | Important | Remote Code Execution | 4565541 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 4571730 (Monthly Rollup) 4571746 (Security Only) |
Important | Remote Code Execution | 4565536 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 4571730 (Monthly Rollup) 4571746 (Security Only) |
Important | Remote Code Execution | 4565536 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 4571730 (Monthly Rollup) 4571746 (Security Only) |
Important | Remote Code Execution | 4565536 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 4571730 (Monthly Rollup) 4571746 (Security Only) |
Important | Remote Code Execution | 4565536 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 4571729 (Monthly Rollup) 4571719 (Security Only) |
Important | Remote Code Execution | 4565524 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 4571729 (Monthly Rollup) 4571719 (Security Only) |
Important | Remote Code Execution | 4565524 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 | 4571736 (Monthly Rollup) 4571702 (Security Only) |
Important | Remote Code Execution | 4565537 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 4571736 (Monthly Rollup) 4571702 (Security Only) |
Important | Remote Code Execution | 4565537 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 4571703 (Monthly Rollup) 4571723 (Security Only) |
Important | Remote Code Execution | 4565541 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 4571703 (Monthly Rollup) 4571723 (Security Only) |
Important | Remote Code Execution | 4565541 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 | 4571694 (Security Update) | Important | Remote Code Execution | 4565511 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 4571694 (Security Update) | Important | Remote Code Execution | 4565511 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 | 4565349 (Security Update) | Important | Remote Code Execution | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 4565349 (Security Update) | Important | Remote Code Execution | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1903 (Server Core installation) | 4565351 (Security Update) | Important | Remote Code Execution | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1909 (Server Core installation) | 4565351 (Security Update) | Important | Remote Code Execution | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 4566782 (Security Update) | Important | Remote Code Execution | 4565503 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2020-1473 | Zhibin Zhang of Palo Alto Networks |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2020-1474 MITRE NVD |
CVE Title: Windows Image Acquisition Service Information Disclosure Vulnerability
Description: An information disclosure vulnerability exists when the Windows Image Acquisition (WIA) Service improperly discloses contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. To exploit the vulnerability, an authenticated attacker could connect an imaging device (camera, scanner, cellular phone) to an affected system and run a specially crafted application to disclose information. The security update addresses the vulnerability by correcting how the WIA Service handles objects in memory. FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized memory. Mitigations: None Workarounds: None Revision: 1.0 2020-08-11T07:00:00Z Information published. |
Important | Information Disclosure |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2020-1474 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 4571692 (Security Update) | Important | Information Disclosure | 4565513 | Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 4571692 (Security Update) | Important | Information Disclosure | 4565513 | Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 4571694 (Security Update) | Important | Information Disclosure | 4565511 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 4571694 (Security Update) | Important | Information Disclosure | 4565511 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for 32-bit Systems | 4571741 (Security Update) | Important | Information Disclosure | 4565508 | Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for ARM64-based Systems | 4571741 (Security Update) | Important | Information Disclosure | 4565508 | Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for x64-based Systems | 4571741 (Security Update) | Important | Information Disclosure | 4565508 | Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for 32-bit Systems | 4571709 (Security Update) | Important | Information Disclosure | 4565489 | Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 4571709 (Security Update) | Important | Information Disclosure | 4565489 | Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 4571709 (Security Update) | Important | Information Disclosure | 4565489 | Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 4565349 (Security Update) | Important | Information Disclosure | 4558998 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 4565349 (Security Update) | Important | Information Disclosure | 4558998 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 4565349 (Security Update) | Important | Information Disclosure | 4558998 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for 32-bit Systems | 4565351 (Security Update) | Important | Information Disclosure | 4565483 | Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for ARM64-based Systems | 4565351 (Security Update) | Important | Information Disclosure | 4565483 | Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for x64-based Systems | 4565351 (Security Update) | Important | Information Disclosure | 4565483 | Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 4565351 (Security Update) | Important | Information Disclosure | 4565483 | Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 4565351 (Security Update) | Important | Information Disclosure | 4565483 | Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 4565351 (Security Update) | Important | Information Disclosure | 4565483 | Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 4566782 (Security Update) | Important | Information Disclosure | 4565503 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 4566782 (Security Update) | Important | Information Disclosure | 4565503 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 4566782 (Security Update) | Important | Information Disclosure | 4565503 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 7 for 32-bit Systems Service Pack 1 | 4571729 (Monthly Rollup) 4571719 (Security Only) |
Important | Information Disclosure | 4565524 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 4571729 (Monthly Rollup) 4571719 (Security Only) |
Important | Information Disclosure | 4565524 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 4571703 (Monthly Rollup) 4571723 (Security Only) |
Important | Information Disclosure | 4565541 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 4571703 (Monthly Rollup) 4571723 (Security Only) |
Important | Information Disclosure | 4565541 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 4571703 (Monthly Rollup) | Important | Information Disclosure | 4565541 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 4571730 (Monthly Rollup) 4571746 (Security Only) |
Important | Information Disclosure | 4565536 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 4571730 (Monthly Rollup) 4571746 (Security Only) |
Important | Information Disclosure | 4565536 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 4571730 (Monthly Rollup) 4571746 (Security Only) |
Important | Information Disclosure | 4565536 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 4571730 (Monthly Rollup) 4571746 (Security Only) |
Important | Information Disclosure | 4565536 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 4571729 (Monthly Rollup) 4571719 (Security Only) |
Important | Information Disclosure | 4565524 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 4571729 (Monthly Rollup) 4571719 (Security Only) |
Important | Information Disclosure | 4565524 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 | 4571736 (Monthly Rollup) 4571702 (Security Only) |
Important | Information Disclosure | 4565537 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 4571736 (Monthly Rollup) 4571702 (Security Only) |
Important | Information Disclosure | 4565537 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 4571703 (Monthly Rollup) 4571723 (Security Only) |
Important | Information Disclosure | 4565541 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 4571703 (Monthly Rollup) 4571723 (Security Only) |
Important | Information Disclosure | 4565541 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 | 4571694 (Security Update) | Important | Information Disclosure | 4565511 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 4571694 (Security Update) | Important | Information Disclosure | 4565511 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 | 4565349 (Security Update) | Important | Information Disclosure | 4558998 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 4565349 (Security Update) | Important | Information Disclosure | 4558998 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1903 (Server Core installation) | 4565351 (Security Update) | Important | Information Disclosure | 4565483 | Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1909 (Server Core installation) | 4565351 (Security Update) | Important | Information Disclosure | 4565483 | Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 4566782 (Security Update) | Important | Information Disclosure | 4565503 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2020-1474 | Zhiniang Peng (@edwardzpeng) & Jiadong Lu |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2020-1475 MITRE NVD |
CVE Title: Windows Server Resource Management Service Elevation of Privilege Vulnerability
Description: An elevation of privilege vulnerability exists in the way that the srmsvc.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. To exploit the vulnerability, a locally authenticated attacker could run a specially crafted application. The security update addresses the vulnerability by ensuring the srmsvc.dll properly handles objects in memory. FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2020-08-11T07:00:00Z Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2020-1475 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Windows 10 Version 1607 for 32-bit Systems | 4571694 (Security Update) | Important | Elevation of Privilege | 4565511 |
Base: 7.0 Temporal: 6.3 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 4571694 (Security Update) | Important | Elevation of Privilege | 4565511 |
Base: 7.0 Temporal: 6.3 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: 7.0 Temporal: 6.3 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: 7.0 Temporal: 6.3 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: 7.0 Temporal: 6.3 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for 32-bit Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.0 Temporal: 6.3 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for ARM64-based Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.0 Temporal: 6.3 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for x64-based Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.0 Temporal: 6.3 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.0 Temporal: 6.3 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.0 Temporal: 6.3 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.0 Temporal: 6.3 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 4566782 (Security Update) | Important | Elevation of Privilege | 4565503 |
Base: 7.0 Temporal: 6.3 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 4566782 (Security Update) | Important | Elevation of Privilege | 4565503 |
Base: 7.0 Temporal: 6.3 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 4566782 (Security Update) | Important | Elevation of Privilege | 4565503 |
Base: 7.0 Temporal: 6.3 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 7 for 32-bit Systems Service Pack 1 | 4571729 (Monthly Rollup) 4571719 (Security Only) |
Important | Elevation of Privilege | 4565524 |
Base: 7.0 Temporal: 6.3 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 4571729 (Monthly Rollup) 4571719 (Security Only) |
Important | Elevation of Privilege | 4565524 |
Base: 7.0 Temporal: 6.3 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 4571703 (Monthly Rollup) 4571723 (Security Only) |
Important | Elevation of Privilege | 4565541 |
Base: 7.0 Temporal: 6.3 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 4571703 (Monthly Rollup) 4571723 (Security Only) |
Important | Elevation of Privilege | 4565541 |
Base: 7.0 Temporal: 6.3 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 4571703 (Monthly Rollup) | Important | Elevation of Privilege | 4565541 |
Base: 7.0 Temporal: 6.3 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 4571730 (Monthly Rollup) 4571746 (Security Only) |
Important | Elevation of Privilege | 4565536 |
Base: 7.0 Temporal: 6.3 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 4571730 (Monthly Rollup) 4571746 (Security Only) |
Important | Elevation of Privilege | 4565536 |
Base: 7.0 Temporal: 6.3 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 4571730 (Monthly Rollup) 4571746 (Security Only) |
Important | Elevation of Privilege | 4565536 |
Base: 7.0 Temporal: 6.3 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 4571730 (Monthly Rollup) 4571746 (Security Only) |
Important | Elevation of Privilege | 4565536 |
Base: 7.0 Temporal: 6.3 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 4571729 (Monthly Rollup) 4571719 (Security Only) |
Important | Elevation of Privilege | 4565524 |
Base: 7.0 Temporal: 6.3 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 4571729 (Monthly Rollup) 4571719 (Security Only) |
Important | Elevation of Privilege | 4565524 |
Base: 7.0 Temporal: 6.3 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 | 4571736 (Monthly Rollup) 4571702 (Security Only) |
Important | Elevation of Privilege | 4565537 |
Base: 7.0 Temporal: 6.3 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 4571736 (Monthly Rollup) 4571702 (Security Only) |
Important | Elevation of Privilege | 4565537 |
Base: 7.0 Temporal: 6.3 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 4571703 (Monthly Rollup) 4571723 (Security Only) |
Important | Elevation of Privilege | 4565541 |
Base: 7.0 Temporal: 6.3 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 4571703 (Monthly Rollup) 4571723 (Security Only) |
Important | Elevation of Privilege | 4565541 |
Base: 7.0 Temporal: 6.3 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 | 4571694 (Security Update) | Important | Elevation of Privilege | 4565511 |
Base: 7.0 Temporal: 6.3 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 4571694 (Security Update) | Important | Elevation of Privilege | 4565511 |
Base: 7.0 Temporal: 6.3 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: 7.0 Temporal: 6.3 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: 7.0 Temporal: 6.3 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1903 (Server Core installation) | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.0 Temporal: 6.3 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1909 (Server Core installation) | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.0 Temporal: 6.3 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 4566782 (Security Update) | Important | Elevation of Privilege | 4565503 |
Base: 7.0 Temporal: 6.3 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2020-1475 | Zhiniang Peng (@edwardzpeng) & Xuefeng Li |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2020-1476 MITRE NVD |
CVE Title: ASP.NET and .NET Elevation of Privilege Vulnerability
Description: An elevation of privilege vulnerability exists when ASP.NET or .NET web applications running on IIS improperly allow access to cached files. An attacker who successfully exploited this vulnerability could gain access to restricted files. To exploit this vulnerability, an attacker would need to send a specially crafted request to an affected server. The update addresses the vulnerability by changing how ASP.NET and .NET handle requests. FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2020-08-11T07:00:00Z Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2020-1476 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Microsoft .NET Framework 2.0 Service Pack 2 on Windows Server 2008 for 32-bit Systems Service Pack 2 | 4570509 (Monthly Rollup) 4570503 (Security Only) |
Important | Elevation of Privilege | 4566520 |
Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft .NET Framework 2.0 Service Pack 2 on Windows Server 2008 for x64-based Systems Service Pack 2 | 4570509 (Monthly Rollup) 4570503 (Security Only) |
Important | Elevation of Privilege | 4566520 |
Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows 10 Version 1607 for 32-bit Systems | 4571694 (Security Update) | Important | Elevation of Privilege | 4565511 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows 10 Version 1607 for x64-based Systems | 4571694 (Security Update) | Important | Elevation of Privilege | 4565511 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2016 | 4571694 (Security Update) | Important | Elevation of Privilege | 4565511 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2016 (Server Core installation) | 4571694 (Security Update) | Important | Elevation of Privilege | 4565511 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Microsoft .NET Framework 3.5 AND 4.6/4.6.1/4.6.2 on Windows 10 for 32-bit Systems | 4571692 (Security Update) | Important | Elevation of Privilege | 4565513 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Microsoft .NET Framework 3.5 AND 4.6/4.6.1/4.6.2 on Windows 10 for x64-based Systems | 4571692 (Security Update) | Important | Elevation of Privilege | 4565513 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Microsoft .NET Framework 3.5 AND 4.7.1/4.7.2 on Windows 10 Version 1709 for 32-bit Systems | 4571741 (Security Update) | Important | Elevation of Privilege | 4565508 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Microsoft .NET Framework 3.5 AND 4.7.1/4.7.2 on Windows 10 Version 1709 for ARM64-based Systems | 4571741 (Security Update) | Important | Elevation of Privilege | 4565508 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Microsoft .NET Framework 3.5 AND 4.7.1/4.7.2 on Windows 10 Version 1709 for x64-based Systems | 4571741 (Security Update) | Important | Elevation of Privilege | 4565508 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1803 for 32-bit Systems | 4571709 (Security Update) | Important | Elevation of Privilege | 4565489 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1803 for ARM64-based Systems | 4571709 (Security Update) | Important | Elevation of Privilege | 4565489 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1803 for x64-based Systems | 4571709 (Security Update) | Important | Elevation of Privilege | 4565489 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1809 for 32-bit Systems | 4570505 (Security Update) | Important | Elevation of Privilege | 4567327 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1809 for ARM64-based Systems | 4570505 (Security Update) | Important | Elevation of Privilege | 4567327 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1809 for x64-based Systems | 4570505 (Security Update) | Important | Elevation of Privilege | 4567327 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server 2019 | 4570505 (Security Update) | Important | Elevation of Privilege | 4567327 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server 2019 (Server Core installation) | 4570505 (Security Update) | Important | Elevation of Privilege | 4567327 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1809 for 32-bit Systems | 4570505 (Security Update) | Important | Elevation of Privilege | 4567327 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1809 for x64-based Systems | 4570505 (Security Update) | Important | Elevation of Privilege | 4567327 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1903 for 32-bit Systems | 4569751 (Security Update) | Important | Elevation of Privilege | 4562900 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1903 for ARM64-based Systems | 4569751 (Security Update) | Important | Elevation of Privilege | 4562900 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1903 for x64-based Systems | 4569751 (Security Update) | Important | Elevation of Privilege | 4562900 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1909 for 32-bit Systems | 4569751 (Security Update) | Important | Elevation of Privilege | 4562900 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1909 for ARM64-based Systems | 4569751 (Security Update) | Important | Elevation of Privilege | 4562900 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1909 for x64-based Systems | 4569751 (Security Update) | Important | Elevation of Privilege | 4562900 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 2004 for 32-bit Systems | 4569745 (Security Update) | Important | Elevation of Privilege | 4567327 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 2004 for ARM64-based Systems | 4569745 (Security Update) | Important | Elevation of Privilege | 4567327 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 2004 for x64-based Systems | 4569745 (Security Update) | Important | Elevation of Privilege | 4567327 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2019 | 4570505 (Security Update) | Important | Elevation of Privilege | 4567327 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2019 (Server Core installation) | 4570505 (Security Update) | Important | Elevation of Privilege | 4567327 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft .NET Framework 3.5 AND 4.8 on Windows Server, version 1903 (Server Core installation) | 4569751 (Security Update) | Important | Elevation of Privilege | 4562900 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft .NET Framework 3.5 AND 4.8 on Windows Server, version 1909 (Server Core installation) | 4569751 (Security Update) | Important | Elevation of Privilege | 4562900 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft .NET Framework 3.5 AND 4.8 on Windows Server, version 2004 (Server Core installation) | 4569745 (Security Update) | Important | Elevation of Privilege | 4567327 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft .NET Framework 3.5 on Windows 8.1 for 32-bit systems | 4570508 (Monthly Rollup) 4570502 (Security Only) |
Important | Elevation of Privilege | 4566519 |
Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft .NET Framework 3.5 on Windows 8.1 for x64-based systems | 4570508 (Monthly Rollup) 4570502 (Security Only) |
Important | Elevation of Privilege | 4566519 |
Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft .NET Framework 3.5 on Windows Server 2012 | 4570507 (Monthly Rollup) 4570501 (Security Only) |
Important | Elevation of Privilege | 4566518 |
Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft .NET Framework 3.5 on Windows Server 2012 (Server Core installation) | 4570507 (Monthly Rollup) 4570501 (Security Only) |
Important | Elevation of Privilege | 4566518 |
Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft .NET Framework 3.5 on Windows Server 2012 R2 | 4570508 (Monthly Rollup) 4570502 (Security Only) |
Important | Elevation of Privilege | 4566519 |
Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft .NET Framework 3.5 on Windows Server 2012 R2 (Server Core installation) | 4570508 (Monthly Rollup) 4570502 (Security Only) |
Important | Elevation of Privilege | 4566519 |
Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft .NET Framework 3.5.1 on Windows 7 for 32-bit Systems Service Pack 1 | 4570506 (Monthly Rollup) 4570500 (Security Only) |
Important | Elevation of Privilege | 4566517 |
Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft .NET Framework 3.5.1 on Windows 7 for x64-based Systems Service Pack 1 | 4570506 (Monthly Rollup) 4570500 (Security Only) |
Important | Elevation of Privilege | 4566517 |
Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft .NET Framework 3.5.1 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 4570506 (Monthly Rollup) 4570500 (Security Only) |
Important | Elevation of Privilege | 4566517 |
Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft .NET Framework 4.5.2 on Windows 7 for 32-bit Systems Service Pack 1 | 4570506 (Monthly Rollup) 4570500 (Security Only) |
Important | Elevation of Privilege | 4566517 |
Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft .NET Framework 4.5.2 on Windows 7 for x64-based Systems Service Pack 1 | 4570506 (Monthly Rollup) 4570500 (Security Only) |
Important | Elevation of Privilege | 4566517 |
Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft .NET Framework 4.5.2 on Windows 8.1 for 32-bit systems | 4570508 (Monthly Rollup) 4570502 (Security Only) |
Important | Elevation of Privilege | 4566519 |
Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft .NET Framework 4.5.2 on Windows 8.1 for x64-based systems | 4570508 (Monthly Rollup) 4570502 (Security Only) |
Important | Elevation of Privilege | 4566519 |
Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft .NET Framework 4.5.2 on Windows RT 8.1 | 4570508 (Monthly Rollup) | Important | Elevation of Privilege | 4566519 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft .NET Framework 4.5.2 on Windows Server 2008 for 32-bit Systems Service Pack 2 | 4570509 (Monthly Rollup) 4570503 (Security Only) |
Important | Elevation of Privilege | 4566520 |
Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft .NET Framework 4.5.2 on Windows Server 2008 for x64-based Systems Service Pack 2 | 4570509 (Monthly Rollup) 4570503 (Security Only) |
Important | Elevation of Privilege | 4566520 |
Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft .NET Framework 4.5.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 4570506 (Monthly Rollup) 4570500 (Security Only) |
Important | Elevation of Privilege | 4566517 |
Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft .NET Framework 4.5.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 4570506 (Monthly Rollup) 4570500 (Security Only) |
Important | Elevation of Privilege | 4566517 |
Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft .NET Framework 4.5.2 on Windows Server 2012 | 4570507 (Monthly Rollup) 4570501 (Security Only) |
Important | Elevation of Privilege | 4566518 |
Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft .NET Framework 4.5.2 on Windows Server 2012 (Server Core installation) | 4570507 (Monthly Rollup) 4570501 (Security Only) |
Important | Elevation of Privilege | 4566518 |
Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft .NET Framework 4.5.2 on Windows Server 2012 R2 | 4570508 (Monthly Rollup) 4570502 (Security Only) |
Important | Elevation of Privilege | 4566519 |
Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft .NET Framework 4.5.2 on Windows Server 2012 R2 (Server Core installation) | 4570508 (Monthly Rollup) 4570502 (Security Only) |
Important | Elevation of Privilege | 4566519 |
Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft .NET Framework 4.6 on Windows Server 2008 for 32-bit Systems Service Pack 2 | 4570509 (Monthly Rollup) 4570503 (Security Only) |
Important | Elevation of Privilege | 4566520 |
Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft .NET Framework 4.6 on Windows Server 2008 for x64-based Systems Service Pack 2 | 4570509 (Monthly Rollup) 4570503 (Security Only) |
Important | Elevation of Privilege | 4566520 |
Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 on Windows 7 for 32-bit Systems Service Pack 1 | 4570506 (Monthly Rollup) 4570500 (Security Only) |
Important | Elevation of Privilege | 4566517 |
Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 on Windows 7 for x64-based Systems Service Pack 1 | 4570506 (Monthly Rollup) 4570500 (Security Only) |
Important | Elevation of Privilege | 4566517 |
Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 on Windows 8.1 for 32-bit systems | 4570508 (Monthly Rollup) 4570502 (Security Only) |
Important | Elevation of Privilege | 4566519 |
Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 on Windows 8.1 for x64-based systems | 4570508 (Monthly Rollup) 4570502 (Security Only) |
Important | Elevation of Privilege | 4566519 |
Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 on Windows RT 8.1 | 4570508 (Monthly Rollup) | Important | Elevation of Privilege | 4566519 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 4570506 (Monthly Rollup) 4570500 (Security Only) |
Important | Elevation of Privilege | 4566517 |
Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 4570506 (Monthly Rollup) 4570500 (Security Only) |
Important | Elevation of Privilege | 4566517 |
Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2012 | 4570507 (Monthly Rollup) 4570501 (Security Only) |
Important | Elevation of Privilege | 4566518 |
Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2012 (Server Core installation) | 4570507 (Monthly Rollup) 4570501 (Security Only) |
Important | Elevation of Privilege | 4566518 |
Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2012 R2 | 4570508 (Monthly Rollup) 4570502 (Security Only) |
Important | Elevation of Privilege | 4566519 |
Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2012 R2 (Server Core installation) | 4570508 (Monthly Rollup) 4570502 (Security Only) |
Important | Elevation of Privilege | 4566519 |
Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft .NET Framework 4.8 on Windows 10 Version 1607 for 32-bit Systems | 4569746 (Security Update) | Important | Elevation of Privilege | None | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft .NET Framework 4.8 on Windows 10 Version 1607 for x64-based Systems | 4569746 (Security Update) | Important | Elevation of Privilege | None | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft .NET Framework 4.8 on Windows 10 Version 1709 for 32-bit Systems | 4569748 (Security Update) | Important | Elevation of Privilege | None | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft .NET Framework 4.8 on Windows 10 Version 1709 for x64-based Systems | 4569748 (Security Update) | Important | Elevation of Privilege | None | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft .NET Framework 4.8 on Windows 10 Version 1803 for 32-bit Systems | 4569749 (Security Update) | Important | Elevation of Privilege | None | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft .NET Framework 4.8 on Windows 10 Version 1803 for x64-based Systems | 4569749 (Security Update) | Important | Elevation of Privilege | None | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft .NET Framework 4.8 on Windows 7 for 32-bit Systems Service Pack 1 | 4570506 (Monthly Rollup) 4570500 (Security Only) |
Important | Elevation of Privilege | 4566517 |
Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft .NET Framework 4.8 on Windows 7 for x64-based Systems Service Pack 1 | 4570506 (Monthly Rollup) 4570500 (Security Only) |
Important | Elevation of Privilege | 4566517 |
Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft .NET Framework 4.8 on Windows 8.1 for 32-bit systems | 4570508 (Monthly Rollup) 4570502 (Security Only) |
Important | Elevation of Privilege | 4566519 |
Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft .NET Framework 4.8 on Windows 8.1 for x64-based systems | 4570508 (Monthly Rollup) 4570502 (Security Only) |
Important | Elevation of Privilege | 4566519 |
Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft .NET Framework 4.8 on Windows RT 8.1 | 4570508 (Monthly Rollup) | Important | Elevation of Privilege | 4566519 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft .NET Framework 4.8 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 4570506 (Monthly Rollup) 4570500 (Security Only) |
Important | Elevation of Privilege | 4566517 |
Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft .NET Framework 4.8 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 4570506 (Monthly Rollup) 4570500 (Security Only) |
Important | Elevation of Privilege | 4566517 |
Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft .NET Framework 4.8 on Windows Server 2012 | 4570507 (Monthly Rollup) 4570501 (Security Only) |
Important | Elevation of Privilege | 4566518 |
Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft .NET Framework 4.8 on Windows Server 2012 (Server Core installation) | 4570507 (Monthly Rollup) 4570501 (Security Only) |
Important | Elevation of Privilege | 4566518 |
Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft .NET Framework 4.8 on Windows Server 2012 R2 | 4570508 (Monthly Rollup) 4570502 (Security Only) |
Important | Elevation of Privilege | 4566519 |
Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft .NET Framework 4.8 on Windows Server 2012 R2 (Server Core installation) | 4570508 (Monthly Rollup) 4570502 (Security Only) |
Important | Elevation of Privilege | 4566519 |
Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft .NET Framework 4.8 on Windows Server 2016 | 4569746 (Security Update) | Important | Elevation of Privilege | None | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft .NET Framework 4.8 on Windows Server 2016 (Server Core installation) | 4569746 (Security Update) | Important | Elevation of Privilege | None | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| CVE ID | Acknowledgements |
| CVE-2020-1476 | Pham Van Khanh (@rskvp93) from Viettel Cyber Security |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2020-1477 MITRE NVD |
CVE Title: Media Foundation Memory Corruption Vulnerability
Description: A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory. An attacker who successfully exploited the vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit a malicious webpage. The security update addresses the vulnerability by correcting how Windows Media Foundation handles objects in memory. FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2020-08-11T07:00:00Z Information published. |
Critical | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2020-1477 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 4571692 (Security Update) | Critical | Remote Code Execution | 4565513 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 4571692 (Security Update) | Critical | Remote Code Execution | 4565513 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 4571694 (Security Update) | Critical | Remote Code Execution | 4565511 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 4571694 (Security Update) | Critical | Remote Code Execution | 4565511 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for 32-bit Systems | 4571741 (Security Update) | Critical | Remote Code Execution | 4565508 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for ARM64-based Systems | 4571741 (Security Update) | Critical | Remote Code Execution | 4565508 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for x64-based Systems | 4571741 (Security Update) | Critical | Remote Code Execution | 4565508 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for 32-bit Systems | 4571709 (Security Update) | Critical | Remote Code Execution | 4565489 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 4571709 (Security Update) | Critical | Remote Code Execution | 4565489 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 4571709 (Security Update) | Critical | Remote Code Execution | 4565489 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 4565349 (Security Update) | Critical | Remote Code Execution | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 4565349 (Security Update) | Critical | Remote Code Execution | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 4565349 (Security Update) | Critical | Remote Code Execution | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for 32-bit Systems | 4565351 (Security Update) | Critical | Remote Code Execution | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for ARM64-based Systems | 4565351 (Security Update) | Critical | Remote Code Execution | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for x64-based Systems | 4565351 (Security Update) | Critical | Remote Code Execution | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 4565351 (Security Update) | Critical | Remote Code Execution | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 4565351 (Security Update) | Critical | Remote Code Execution | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 4565351 (Security Update) | Critical | Remote Code Execution | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 4566782 (Security Update) | Critical | Remote Code Execution | 4565503 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 4566782 (Security Update) | Critical | Remote Code Execution | 4565503 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 4566782 (Security Update) | Critical | Remote Code Execution | 4565503 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 7 for 32-bit Systems Service Pack 1 | 4571729 (Monthly Rollup) 4571719 (Security Only) |
Critical | Remote Code Execution | 4565524 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 4571729 (Monthly Rollup) 4571719 (Security Only) |
Critical | Remote Code Execution | 4565524 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 4571703 (Monthly Rollup) 4571723 (Security Only) |
Critical | Remote Code Execution | 4565541 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 4571703 (Monthly Rollup) 4571723 (Security Only) |
Critical | Remote Code Execution | 4565541 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 4571703 (Monthly Rollup) | Critical | Remote Code Execution | 4565541 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 4571730 (Monthly Rollup) 4571746 (Security Only) |
Critical | Remote Code Execution | 4565536 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 4571730 (Monthly Rollup) 4571746 (Security Only) |
Critical | Remote Code Execution | 4565536 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 4571730 (Monthly Rollup) 4571746 (Security Only) |
Critical | Remote Code Execution | 4565536 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 4571730 (Monthly Rollup) 4571746 (Security Only) |
Critical | Remote Code Execution | 4565536 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 4571729 (Monthly Rollup) 4571719 (Security Only) |
Critical | Remote Code Execution | 4565524 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 4571729 (Monthly Rollup) 4571719 (Security Only) |
Critical | Remote Code Execution | 4565524 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 | 4571736 (Monthly Rollup) 4571702 (Security Only) |
Critical | Remote Code Execution | 4565537 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 4571736 (Monthly Rollup) 4571702 (Security Only) |
Critical | Remote Code Execution | 4565537 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 4571703 (Monthly Rollup) 4571723 (Security Only) |
Critical | Remote Code Execution | 4565541 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 4571703 (Monthly Rollup) 4571723 (Security Only) |
Critical | Remote Code Execution | 4565541 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 | 4571694 (Security Update) | Critical | Remote Code Execution | 4565511 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 4571694 (Security Update) | Critical | Remote Code Execution | 4565511 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 | 4565349 (Security Update) | Critical | Remote Code Execution | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 4565349 (Security Update) | Critical | Remote Code Execution | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1903 (Server Core installation) | 4565351 (Security Update) | Critical | Remote Code Execution | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1909 (Server Core installation) | 4565351 (Security Update) | Critical | Remote Code Execution | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 4566782 (Security Update) | Critical | Remote Code Execution | 4565503 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2020-1477 | yangkang (@dnpushme) |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2020-1478 MITRE NVD |
CVE Title: Media Foundation Memory Corruption Vulnerability
Description: A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory. An attacker who successfully exploited the vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit a malicious webpage. The security update addresses the vulnerability by correcting how Windows Media Foundation handles objects in memory. FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2020-08-11T07:00:00Z Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2020-1478 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 4571692 (Security Update) | Important | Remote Code Execution | 4565513 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 4571692 (Security Update) | Important | Remote Code Execution | 4565513 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 4571694 (Security Update) | Important | Remote Code Execution | 4565511 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 4571694 (Security Update) | Important | Remote Code Execution | 4565511 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for 32-bit Systems | 4571741 (Security Update) | Important | Remote Code Execution | 4565508 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for ARM64-based Systems | 4571741 (Security Update) | Important | Remote Code Execution | 4565508 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for x64-based Systems | 4571741 (Security Update) | Important | Remote Code Execution | 4565508 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for 32-bit Systems | 4571709 (Security Update) | Important | Remote Code Execution | 4565489 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 4571709 (Security Update) | Important | Remote Code Execution | 4565489 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 4571709 (Security Update) | Important | Remote Code Execution | 4565489 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 4565349 (Security Update) | Important | Remote Code Execution | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 4565349 (Security Update) | Important | Remote Code Execution | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 4565349 (Security Update) | Important | Remote Code Execution | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for 32-bit Systems | 4565351 (Security Update) | Important | Remote Code Execution | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for ARM64-based Systems | 4565351 (Security Update) | Important | Remote Code Execution | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for x64-based Systems | 4565351 (Security Update) | Important | Remote Code Execution | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 4565351 (Security Update) | Important | Remote Code Execution | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 4565351 (Security Update) | Important | Remote Code Execution | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 4565351 (Security Update) | Important | Remote Code Execution | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 4566782 (Security Update) | Important | Remote Code Execution | 4565503 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 4566782 (Security Update) | Important | Remote Code Execution | 4565503 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 4566782 (Security Update) | Important | Remote Code Execution | 4565503 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 7 for 32-bit Systems Service Pack 1 | 4571729 (Monthly Rollup) 4571719 (Security Only) |
Important | Remote Code Execution | 4565524 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 4571729 (Monthly Rollup) 4571719 (Security Only) |
Important | Remote Code Execution | 4565524 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 4571703 (Monthly Rollup) 4571723 (Security Only) |
Important | Remote Code Execution | 4565541 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 4571703 (Monthly Rollup) 4571723 (Security Only) |
Important | Remote Code Execution | 4565541 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 4571703 (Monthly Rollup) | Important | Remote Code Execution | 4565541 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 4571730 (Monthly Rollup) 4571746 (Security Only) |
Important | Remote Code Execution | 4565536 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 4571730 (Monthly Rollup) 4571746 (Security Only) |
Important | Remote Code Execution | 4565536 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 4571730 (Monthly Rollup) 4571746 (Security Only) |
Important | Remote Code Execution | 4565536 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 4571730 (Monthly Rollup) 4571746 (Security Only) |
Important | Remote Code Execution | 4565536 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 4571729 (Monthly Rollup) 4571719 (Security Only) |
Important | Remote Code Execution | 4565524 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 4571729 (Monthly Rollup) 4571719 (Security Only) |
Important | Remote Code Execution | 4565524 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 | 4571736 (Monthly Rollup) 4571702 (Security Only) |
Important | Remote Code Execution | 4565537 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 4571736 (Monthly Rollup) 4571702 (Security Only) |
Important | Remote Code Execution | 4565537 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 4571703 (Monthly Rollup) 4571723 (Security Only) |
Important | Remote Code Execution | 4565541 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 4571703 (Monthly Rollup) 4571723 (Security Only) |
Important | Remote Code Execution | 4565541 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 | 4571694 (Security Update) | Important | Remote Code Execution | 4565511 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 4571694 (Security Update) | Important | Remote Code Execution | 4565511 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 | 4565349 (Security Update) | Important | Remote Code Execution | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 4565349 (Security Update) | Important | Remote Code Execution | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1903 (Server Core installation) | 4565351 (Security Update) | Important | Remote Code Execution | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1909 (Server Core installation) | 4565351 (Security Update) | Important | Remote Code Execution | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 4566782 (Security Update) | Important | Remote Code Execution | 4565503 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2020-1478 | yangkang (@dnpushme) |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2020-1479 MITRE NVD |
CVE Title: DirectX Elevation of Privilege Vulnerability
Description: An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system. The update addresses the vulnerability by correcting how DirectX handles objects in memory. FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2020-08-11T07:00:00Z Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2020-1479 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Windows 10 Version 1709 for 32-bit Systems | 4571741 (Security Update) | Important | Elevation of Privilege | 4565508 | Base: 7.0 Temporal: 6.3 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for ARM64-based Systems | 4571741 (Security Update) | Important | Elevation of Privilege | 4565508 | Base: 7.0 Temporal: 6.3 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for x64-based Systems | 4571741 (Security Update) | Important | Elevation of Privilege | 4565508 | Base: 7.0 Temporal: 6.3 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for 32-bit Systems | 4571709 (Security Update) | Important | Elevation of Privilege | 4565489 | Base: 7.0 Temporal: 6.3 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 4571709 (Security Update) | Important | Elevation of Privilege | 4565489 | Base: 7.0 Temporal: 6.3 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 4571709 (Security Update) | Important | Elevation of Privilege | 4565489 | Base: 7.0 Temporal: 6.3 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: 7.0 Temporal: 6.3 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: 7.0 Temporal: 6.3 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: 7.0 Temporal: 6.3 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for 32-bit Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.0 Temporal: 6.3 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for ARM64-based Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.0 Temporal: 6.3 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for x64-based Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.0 Temporal: 6.3 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.0 Temporal: 6.3 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.0 Temporal: 6.3 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.0 Temporal: 6.3 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 4566782 (Security Update) | Important | Elevation of Privilege | 4565503 |
Base: 7.0 Temporal: 6.3 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 4566782 (Security Update) | Important | Elevation of Privilege | 4565503 |
Base: 7.0 Temporal: 6.3 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 4566782 (Security Update) | Important | Elevation of Privilege | 4565503 |
Base: 7.0 Temporal: 6.3 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: 7.0 Temporal: 6.3 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: 7.0 Temporal: 6.3 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1903 (Server Core installation) | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.0 Temporal: 6.3 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1909 (Server Core installation) | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.0 Temporal: 6.3 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 4566782 (Security Update) | Important | Elevation of Privilege | 4565503 |
Base: 7.0 Temporal: 6.3 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2020-1479 | liuxiaoliang and pjf |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2020-1480 MITRE NVD |
CVE Title: Windows GDI Elevation of Privilege Vulnerability
Description: An elevation of privilege vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system. The update addresses the vulnerability by correcting how GDI handles objects in memory and by preventing instances of unintended user-mode privilege elevation. FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2020-08-11T07:00:00Z Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation More Likely | Exploitation More Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2020-1480 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Windows 10 Version 1709 for 32-bit Systems | 4571741 (Security Update) | Important | Elevation of Privilege | 4565508 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for ARM64-based Systems | 4571741 (Security Update) | Important | Elevation of Privilege | 4565508 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for x64-based Systems | 4571741 (Security Update) | Important | Elevation of Privilege | 4565508 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for 32-bit Systems | 4571709 (Security Update) | Important | Elevation of Privilege | 4565489 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 4571709 (Security Update) | Important | Elevation of Privilege | 4565489 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 4571709 (Security Update) | Important | Elevation of Privilege | 4565489 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for 32-bit Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for ARM64-based Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for x64-based Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 4566782 (Security Update) | Important | Elevation of Privilege | 4565503 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 4566782 (Security Update) | Important | Elevation of Privilege | 4565503 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 4566782 (Security Update) | Important | Elevation of Privilege | 4565503 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1903 (Server Core installation) | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1909 (Server Core installation) | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 4566782 (Security Update) | Important | Elevation of Privilege | 4565503 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2020-1480 | Anonymous Finder Anonymous researcher |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2020-1483 MITRE NVD |
CVE Title: Microsoft Outlook Memory Corruption Vulnerability
Description: A remote code execution vulnerability exists in Microsoft Outlook when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Outlook software. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file designed to exploit the vulnerability. An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file. Note that where severity is indicated as Critical in the Affected Products table, the Preview Pane is an attack vector. The security update addresses the vulnerability by correcting how Outlook handles objects in memory. FAQ: Is the Preview Pane an attack vector for this vulnerability? Yes, the Preview Pane is an attack vector. Mitigations: None Workarounds: None Revision: 1.0 2020-08-11T07:00:00Z Information published. |
Critical | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2020-1483 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Microsoft 365 Apps for Enterprise for 32-bit Systems | Click to Run (Security Update) | Critical | Remote Code Execution | None | Base: N/A Temporal: N/A Vector: N/A |
No |
| Microsoft 365 Apps for Enterprise for 64-bit Systems | Click to Run (Security Update) | Critical | Remote Code Execution | None | Base: N/A Temporal: N/A Vector: N/A |
No |
| Microsoft Office 2019 for 32-bit editions | Click to Run (Security Update) | Critical | Remote Code Execution | None | Base: N/A Temporal: N/A Vector: N/A |
No |
| Microsoft Office 2019 for 64-bit editions | Click to Run (Security Update) | Critical | Remote Code Execution | None | Base: N/A Temporal: N/A Vector: N/A |
No |
| Microsoft Outlook 2010 Service Pack 2 (32-bit editions) | 4484497 (Security Update) | Critical | Remote Code Execution | 4484382 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft Outlook 2010 Service Pack 2 (64-bit editions) | 4484497 (Security Update) | Critical | Remote Code Execution | 4484382 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft Outlook 2013 RT Service Pack 1 | 4484486 (Security Update) | Critical | Remote Code Execution | 4484363 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft Outlook 2013 Service Pack 1 (32-bit editions) | 4484486 (Security Update) | Critical | Remote Code Execution | 4484363 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft Outlook 2013 Service Pack 1 (64-bit editions) | 4484486 (Security Update) | Critical | Remote Code Execution | 4484363 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft Outlook 2016 (32-bit edition) | 4484475 (Security Update) | Critical | Remote Code Execution | 4484433 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft Outlook 2016 (64-bit edition) | 4484475 (Security Update) | Critical | Remote Code Execution | 4484433 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| CVE ID | Acknowledgements |
| CVE-2020-1483 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2020-1484 MITRE NVD |
CVE Title: Windows Work Folders Service Elevation of Privilege Vulnerability
Description: An elevation of privilege vulnerability exists when the Windows Work Folders Service improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges. The security update addresses the vulnerability by correcting how the Windows Work Folders Service handles memory. FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2020-08-11T07:00:00Z Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2020-1484 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 4571692 (Security Update) | Important | Elevation of Privilege | 4565513 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 4571692 (Security Update) | Important | Elevation of Privilege | 4565513 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 4571694 (Security Update) | Important | Elevation of Privilege | 4565511 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 4571694 (Security Update) | Important | Elevation of Privilege | 4565511 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for 32-bit Systems | 4571741 (Security Update) | Important | Elevation of Privilege | 4565508 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for ARM64-based Systems | 4571741 (Security Update) | Important | Elevation of Privilege | 4565508 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for x64-based Systems | 4571741 (Security Update) | Important | Elevation of Privilege | 4565508 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for 32-bit Systems | 4571709 (Security Update) | Important | Elevation of Privilege | 4565489 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 4571709 (Security Update) | Important | Elevation of Privilege | 4565489 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 4571709 (Security Update) | Important | Elevation of Privilege | 4565489 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for 32-bit Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for ARM64-based Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for x64-based Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 4566782 (Security Update) | Important | Elevation of Privilege | 4565503 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 4566782 (Security Update) | Important | Elevation of Privilege | 4565503 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 4566782 (Security Update) | Important | Elevation of Privilege | 4565503 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 7 for 32-bit Systems Service Pack 1 | 4571729 (Monthly Rollup) 4571719 (Security Only) |
Important | Elevation of Privilege | 4565524 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 4571729 (Monthly Rollup) 4571719 (Security Only) |
Important | Elevation of Privilege | 4565524 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 4571703 (Monthly Rollup) 4571723 (Security Only) |
Important | Elevation of Privilege | 4565541 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 4571703 (Monthly Rollup) 4571723 (Security Only) |
Important | Elevation of Privilege | 4565541 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 4571703 (Monthly Rollup) | Important | Elevation of Privilege | 4565541 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 4571729 (Monthly Rollup) 4571719 (Security Only) |
Important | Elevation of Privilege | 4565524 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 4571729 (Monthly Rollup) 4571719 (Security Only) |
Important | Elevation of Privilege | 4565524 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 4571703 (Monthly Rollup) 4571723 (Security Only) |
Important | Elevation of Privilege | 4565541 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 4571703 (Monthly Rollup) 4571723 (Security Only) |
Important | Elevation of Privilege | 4565541 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 | 4571694 (Security Update) | Important | Elevation of Privilege | 4565511 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 4571694 (Security Update) | Important | Elevation of Privilege | 4565511 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1903 (Server Core installation) | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1909 (Server Core installation) | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 4566782 (Security Update) | Important | Elevation of Privilege | 4565503 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2020-1484 | Zhiniang Peng (@edwardzpeng) & Xuefeng Li |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2020-1485 MITRE NVD |
CVE Title: Windows Image Acquisition Service Information Disclosure Vulnerability
Description: An information disclosure vulnerability exists when the Windows Image Acquisition (WIA) Service improperly discloses contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. To exploit the vulnerability, an authenticated attacker could connect an imaging device (camera, scanner, cellular phone) to an affected system and run a specially crafted application to disclose information. The security update addresses the vulnerability by correcting how the WIA Service handles objects in memory. FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2020-08-11T07:00:00Z Information published. |
Important | Information Disclosure |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2020-1485 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 4571692 (Security Update) | Important | Information Disclosure | 4565513 | Base: 5.0 Temporal: 4.5 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 4571692 (Security Update) | Important | Information Disclosure | 4565513 | Base: 5.0 Temporal: 4.5 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 4571694 (Security Update) | Important | Information Disclosure | 4565511 |
Base: 5.0 Temporal: 4.5 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 4571694 (Security Update) | Important | Information Disclosure | 4565511 |
Base: 5.0 Temporal: 4.5 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for 32-bit Systems | 4571741 (Security Update) | Important | Information Disclosure | 4565508 | Base: 5.0 Temporal: 4.5 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for ARM64-based Systems | 4571741 (Security Update) | Important | Information Disclosure | 4565508 | Base: 5.0 Temporal: 4.5 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for x64-based Systems | 4571741 (Security Update) | Important | Information Disclosure | 4565508 | Base: 5.0 Temporal: 4.5 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for 32-bit Systems | 4571709 (Security Update) | Important | Information Disclosure | 4565489 | Base: 5.0 Temporal: 4.5 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 4571709 (Security Update) | Important | Information Disclosure | 4565489 | Base: 5.0 Temporal: 4.5 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 4571709 (Security Update) | Important | Information Disclosure | 4565489 | Base: 5.0 Temporal: 4.5 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 4565349 (Security Update) | Important | Information Disclosure | 4558998 |
Base: 5.0 Temporal: 4.5 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 4565349 (Security Update) | Important | Information Disclosure | 4558998 |
Base: 5.0 Temporal: 4.5 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 4565349 (Security Update) | Important | Information Disclosure | 4558998 |
Base: 5.0 Temporal: 4.5 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for 32-bit Systems | 4565351 (Security Update) | Important | Information Disclosure | 4565483 | Base: 5.0 Temporal: 4.5 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for ARM64-based Systems | 4565351 (Security Update) | Important | Information Disclosure | 4565483 | Base: 5.0 Temporal: 4.5 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for x64-based Systems | 4565351 (Security Update) | Important | Information Disclosure | 4565483 | Base: 5.0 Temporal: 4.5 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 4565351 (Security Update) | Important | Information Disclosure | 4565483 | Base: 5.0 Temporal: 4.5 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 4565351 (Security Update) | Important | Information Disclosure | 4565483 | Base: 5.0 Temporal: 4.5 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 4565351 (Security Update) | Important | Information Disclosure | 4565483 | Base: 5.0 Temporal: 4.5 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 4566782 (Security Update) | Important | Information Disclosure | 4565503 |
Base: 5.0 Temporal: 4.5 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 4566782 (Security Update) | Important | Information Disclosure | 4565503 |
Base: 5.0 Temporal: 4.5 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 4566782 (Security Update) | Important | Information Disclosure | 4565503 |
Base: 5.0 Temporal: 4.5 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 7 for 32-bit Systems Service Pack 1 | 4571729 (Monthly Rollup) 4571719 (Security Only) |
Important | Information Disclosure | 4565524 |
Base: 5.0 Temporal: 4.5 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 4571729 (Monthly Rollup) 4571719 (Security Only) |
Important | Information Disclosure | 4565524 |
Base: 5.0 Temporal: 4.5 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 4571703 (Monthly Rollup) 4571723 (Security Only) |
Important | Information Disclosure | 4565541 |
Base: 5.0 Temporal: 4.5 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 4571703 (Monthly Rollup) 4571723 (Security Only) |
Important | Information Disclosure | 4565541 |
Base: 5.0 Temporal: 4.5 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 4571703 (Monthly Rollup) | Important | Information Disclosure | 4565541 |
Base: 5.0 Temporal: 4.5 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 4571730 (Monthly Rollup) 4571746 (Security Only) |
Important | Information Disclosure | 4565536 |
Base: 5.0 Temporal: 4.5 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 4571730 (Monthly Rollup) 4571746 (Security Only) |
Important | Information Disclosure | 4565536 |
Base: 5.0 Temporal: 4.5 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 4571730 (Monthly Rollup) 4571746 (Security Only) |
Important | Information Disclosure | 4565536 |
Base: 5.0 Temporal: 4.5 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 4571730 (Monthly Rollup) 4571746 (Security Only) |
Important | Information Disclosure | 4565536 |
Base: 5.0 Temporal: 4.5 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 4571729 (Monthly Rollup) 4571719 (Security Only) |
Important | Information Disclosure | 4565524 |
Base: 5.0 Temporal: 4.5 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 4571729 (Monthly Rollup) 4571719 (Security Only) |
Important | Information Disclosure | 4565524 |
Base: 5.0 Temporal: 4.5 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 | 4571736 (Monthly Rollup) 4571702 (Security Only) |
Important | Information Disclosure | 4565537 |
Base: 5.0 Temporal: 4.5 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 4571736 (Monthly Rollup) 4571702 (Security Only) |
Important | Information Disclosure | 4565537 |
Base: 5.0 Temporal: 4.5 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 4571703 (Monthly Rollup) 4571723 (Security Only) |
Important | Information Disclosure | 4565541 |
Base: 5.0 Temporal: 4.5 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 4571703 (Monthly Rollup) 4571723 (Security Only) |
Important | Information Disclosure | 4565541 |
Base: 5.0 Temporal: 4.5 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 | 4571694 (Security Update) | Important | Information Disclosure | 4565511 |
Base: 5.0 Temporal: 4.5 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 4571694 (Security Update) | Important | Information Disclosure | 4565511 |
Base: 5.0 Temporal: 4.5 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 | 4565349 (Security Update) | Important | Information Disclosure | 4558998 |
Base: 5.0 Temporal: 4.5 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 4565349 (Security Update) | Important | Information Disclosure | 4558998 |
Base: 5.0 Temporal: 4.5 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1903 (Server Core installation) | 4565351 (Security Update) | Important | Information Disclosure | 4565483 | Base: 5.0 Temporal: 4.5 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1909 (Server Core installation) | 4565351 (Security Update) | Important | Information Disclosure | 4565483 | Base: 5.0 Temporal: 4.5 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 4566782 (Security Update) | Important | Information Disclosure | 4565503 |
Base: 5.0 Temporal: 4.5 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2020-1485 | Zhiniang Peng (@edwardzpeng) & Haoran Qin |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2020-1486 MITRE NVD |
CVE Title: Windows Kernel Elevation of Privilege Vulnerability
Description: An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application to take control of an affected system. The update addresses the vulnerability by correcting how the Windows kernel handles objects in memory. FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2020-08-11T07:00:00Z Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2020-1486 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 4571692 (Security Update) | Important | Elevation of Privilege | 4565513 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 for x64-based Systems | 4571692 (Security Update) | Important | Elevation of Privilege | 4565513 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 4571694 (Security Update) | Important | Elevation of Privilege | 4565511 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 4571694 (Security Update) | Important | Elevation of Privilege | 4565511 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 1709 for 32-bit Systems | 4571741 (Security Update) | Important | Elevation of Privilege | 4565508 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 1709 for ARM64-based Systems | 4571741 (Security Update) | Important | Elevation of Privilege | 4565508 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 1709 for x64-based Systems | 4571741 (Security Update) | Important | Elevation of Privilege | 4565508 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 1803 for 32-bit Systems | 4571709 (Security Update) | Important | Elevation of Privilege | 4565489 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 4571709 (Security Update) | Important | Elevation of Privilege | 4565489 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 4571709 (Security Update) | Important | Elevation of Privilege | 4565489 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 1903 for 32-bit Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 1903 for ARM64-based Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 1903 for x64-based Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 4566782 (Security Update) | Important | Elevation of Privilege | 4565503 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 4566782 (Security Update) | Important | Elevation of Privilege | 4565503 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 4566782 (Security Update) | Important | Elevation of Privilege | 4565503 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 7 for 32-bit Systems Service Pack 1 | 4571729 (Monthly Rollup) 4571719 (Security Only) |
Important | Elevation of Privilege | 4565524 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 4571729 (Monthly Rollup) 4571719 (Security Only) |
Important | Elevation of Privilege | 4565524 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 8.1 for 32-bit systems | 4571703 (Monthly Rollup) 4571723 (Security Only) |
Important | Elevation of Privilege | 4565541 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 8.1 for x64-based systems | 4571703 (Monthly Rollup) 4571723 (Security Only) |
Important | Elevation of Privilege | 4565541 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows RT 8.1 | 4571703 (Monthly Rollup) | Important | Elevation of Privilege | 4565541 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 4571730 (Monthly Rollup) 4571746 (Security Only) |
Important | Elevation of Privilege | 4565536 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 4571730 (Monthly Rollup) 4571746 (Security Only) |
Important | Elevation of Privilege | 4565536 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 4571730 (Monthly Rollup) 4571746 (Security Only) |
Important | Elevation of Privilege | 4565536 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 4571730 (Monthly Rollup) 4571746 (Security Only) |
Important | Elevation of Privilege | 4565536 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 4571729 (Monthly Rollup) 4571719 (Security Only) |
Important | Elevation of Privilege | 4565524 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 4571729 (Monthly Rollup) 4571719 (Security Only) |
Important | Elevation of Privilege | 4565524 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows Server 2012 | 4571736 (Monthly Rollup) 4571702 (Security Only) |
Important | Elevation of Privilege | 4565537 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows Server 2012 (Server Core installation) | 4571736 (Monthly Rollup) 4571702 (Security Only) |
Important | Elevation of Privilege | 4565537 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows Server 2012 R2 | 4571703 (Monthly Rollup) 4571723 (Security Only) |
Important | Elevation of Privilege | 4565541 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 4571703 (Monthly Rollup) 4571723 (Security Only) |
Important | Elevation of Privilege | 4565541 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows Server 2016 | 4571694 (Security Update) | Important | Elevation of Privilege | 4565511 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows Server 2016 (Server Core installation) | 4571694 (Security Update) | Important | Elevation of Privilege | 4565511 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows Server 2019 | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows Server 2019 (Server Core installation) | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows Server, version 1903 (Server Core installation) | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows Server, version 1909 (Server Core installation) | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows Server, version 2004 (Server Core installation) | 4566782 (Security Update) | Important | Elevation of Privilege | 4565503 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| CVE ID | Acknowledgements |
| CVE-2020-1486 | anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2020-1487 MITRE NVD |
CVE Title: Media Foundation Information Disclosure Vulnerability
Description: An information disclosure vulnerability exists when Media Foundation improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system. To exploit this vulnerability, an attacker would have to log onto an affected system and open a specially crafted file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file that is designed to exploit the vulnerability. However, an attacker would have no way to force the user to visit the website. Instead, an attacker would have to convince the user to click a link, typically by way of an enticement in an email or Instant Messenger message, and then convince the user to open the specially crafted file. The update addresses the vulnerability by correcting how Media Foundation handles objects in memory. FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized memory. Mitigations: None Workarounds: None Revision: 1.0 2020-08-11T07:00:00Z Information published. |
Important | Information Disclosure |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2020-1487 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 4571692 (Security Update) | Important | Information Disclosure | 4565513 | Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 4571692 (Security Update) | Important | Information Disclosure | 4565513 | Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 4571694 (Security Update) | Important | Information Disclosure | 4565511 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 4571694 (Security Update) | Important | Information Disclosure | 4565511 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for 32-bit Systems | 4571741 (Security Update) | Important | Information Disclosure | 4565508 | Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for ARM64-based Systems | 4571741 (Security Update) | Important | Information Disclosure | 4565508 | Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for x64-based Systems | 4571741 (Security Update) | Important | Information Disclosure | 4565508 | Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for 32-bit Systems | 4571709 (Security Update) | Important | Information Disclosure | 4565489 | Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 4571709 (Security Update) | Important | Information Disclosure | 4565489 | Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 4571709 (Security Update) | Important | Information Disclosure | 4565489 | Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 4565349 (Security Update) | Important | Information Disclosure | 4558998 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 4565349 (Security Update) | Important | Information Disclosure | 4558998 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 4565349 (Security Update) | Important | Information Disclosure | 4558998 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for 32-bit Systems | 4565351 (Security Update) | Important | Information Disclosure | 4565483 | Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for ARM64-based Systems | 4565351 (Security Update) | Important | Information Disclosure | 4565483 | Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for x64-based Systems | 4565351 (Security Update) | Important | Information Disclosure | 4565483 | Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 4565351 (Security Update) | Important | Information Disclosure | 4565483 | Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 4565351 (Security Update) | Important | Information Disclosure | 4565483 | Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 4565351 (Security Update) | Important | Information Disclosure | 4565483 | Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 4566782 (Security Update) | Important | Information Disclosure | 4565503 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 4566782 (Security Update) | Important | Information Disclosure | 4565503 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 4566782 (Security Update) | Important | Information Disclosure | 4565503 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 4571703 (Monthly Rollup) 4571723 (Security Only) |
Important | Information Disclosure | 4565541 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 4571703 (Monthly Rollup) 4571723 (Security Only) |
Important | Information Disclosure | 4565541 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 4571703 (Monthly Rollup) | Important | Information Disclosure | 4565541 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 4571703 (Monthly Rollup) 4571723 (Security Only) |
Important | Information Disclosure | 4565541 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 4571703 (Monthly Rollup) 4571723 (Security Only) |
Important | Information Disclosure | 4565541 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 | 4571694 (Security Update) | Important | Information Disclosure | 4565511 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 4571694 (Security Update) | Important | Information Disclosure | 4565511 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 | 4565349 (Security Update) | Important | Information Disclosure | 4558998 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 4565349 (Security Update) | Important | Information Disclosure | 4558998 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1903 (Server Core installation) | 4565351 (Security Update) | Important | Information Disclosure | 4565483 | Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1909 (Server Core installation) | 4565351 (Security Update) | Important | Information Disclosure | 4565483 | Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 4566782 (Security Update) | Important | Information Disclosure | 4565503 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2020-1487 | Ke Liu of Tencent Security Xuanwu Lab |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2020-1488 MITRE NVD |
CVE Title: Windows AppX Deployment Extensions Elevation of Privilege Vulnerability
Description: An elevation of privilege vulnerability exists when the Windows AppX Deployment Extensions improperly performs privilege management, resulting in access to system files. To exploit this vulnerability, an authenticated attacker would need to run a specially crafted application to elevate privileges. The security update addresses the vulnerability by correcting how AppX Deployment Extensions manages privileges. FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2020-08-11T07:00:00Z Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2020-1488 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 4571692 (Security Update) | Important | Elevation of Privilege | 4565513 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 4571692 (Security Update) | Important | Elevation of Privilege | 4565513 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 4571694 (Security Update) | Important | Elevation of Privilege | 4565511 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 4571694 (Security Update) | Important | Elevation of Privilege | 4565511 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for 32-bit Systems | 4571741 (Security Update) | Important | Elevation of Privilege | 4565508 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for ARM64-based Systems | 4571741 (Security Update) | Important | Elevation of Privilege | 4565508 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for x64-based Systems | 4571741 (Security Update) | Important | Elevation of Privilege | 4565508 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for 32-bit Systems | 4571709 (Security Update) | Important | Elevation of Privilege | 4565489 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 4571709 (Security Update) | Important | Elevation of Privilege | 4565489 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 4571709 (Security Update) | Important | Elevation of Privilege | 4565489 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for 32-bit Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for ARM64-based Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for x64-based Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 4566782 (Security Update) | Important | Elevation of Privilege | 4565503 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 4566782 (Security Update) | Important | Elevation of Privilege | 4565503 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 4566782 (Security Update) | Important | Elevation of Privilege | 4565503 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 4571703 (Monthly Rollup) 4571723 (Security Only) |
Important | Elevation of Privilege | 4565541 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 4571703 (Monthly Rollup) 4571723 (Security Only) |
Important | Elevation of Privilege | 4565541 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 4571703 (Monthly Rollup) | Important | Elevation of Privilege | 4565541 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 | 4571736 (Monthly Rollup) 4571702 (Security Only) |
Important | Elevation of Privilege | 4565537 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 4571736 (Monthly Rollup) 4571702 (Security Only) |
Important | Elevation of Privilege | 4565537 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 4571703 (Monthly Rollup) 4571723 (Security Only) |
Important | Elevation of Privilege | 4565541 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 4571703 (Monthly Rollup) 4571723 (Security Only) |
Important | Elevation of Privilege | 4565541 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 | 4571694 (Security Update) | Important | Elevation of Privilege | 4565511 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 4571694 (Security Update) | Important | Elevation of Privilege | 4565511 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1903 (Server Core installation) | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1909 (Server Core installation) | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 4566782 (Security Update) | Important | Elevation of Privilege | 4565503 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2020-1488 | Hashim Jawad (@ihack4falafel) of ACTIVELabs |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2020-1489 MITRE NVD |
CVE Title: Windows CSC Service Elevation of Privilege Vulnerability
Description: An elevation of privilege vulnerability exists when the Windows CSC Service improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges. The security update addresses the vulnerability by correcting how the Windows CSC Service handles memory. FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2020-08-11T07:00:00Z Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2020-1489 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 4571692 (Security Update) | Important | Elevation of Privilege | 4565513 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 4571692 (Security Update) | Important | Elevation of Privilege | 4565513 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 4571694 (Security Update) | Important | Elevation of Privilege | 4565511 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 4571694 (Security Update) | Important | Elevation of Privilege | 4565511 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for 32-bit Systems | 4571741 (Security Update) | Important | Elevation of Privilege | 4565508 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for ARM64-based Systems | 4571741 (Security Update) | Important | Elevation of Privilege | 4565508 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for x64-based Systems | 4571741 (Security Update) | Important | Elevation of Privilege | 4565508 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for 32-bit Systems | 4571709 (Security Update) | Important | Elevation of Privilege | 4565489 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 4571709 (Security Update) | Important | Elevation of Privilege | 4565489 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 4571709 (Security Update) | Important | Elevation of Privilege | 4565489 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for 32-bit Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for ARM64-based Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for x64-based Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 4566782 (Security Update) | Important | Elevation of Privilege | 4565503 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 4566782 (Security Update) | Important | Elevation of Privilege | 4565503 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 4566782 (Security Update) | Important | Elevation of Privilege | 4565503 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 7 for 32-bit Systems Service Pack 1 | 4571729 (Monthly Rollup) 4571719 (Security Only) |
Important | Elevation of Privilege | 4565524 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 4571729 (Monthly Rollup) 4571719 (Security Only) |
Important | Elevation of Privilege | 4565524 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 4571703 (Monthly Rollup) 4571723 (Security Only) |
Important | Elevation of Privilege | 4565541 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 4571703 (Monthly Rollup) 4571723 (Security Only) |
Important | Elevation of Privilege | 4565541 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 4571703 (Monthly Rollup) | Important | Elevation of Privilege | 4565541 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 4571730 (Monthly Rollup) 4571746 (Security Only) |
Important | Elevation of Privilege | 4565536 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 4571730 (Monthly Rollup) 4571746 (Security Only) |
Important | Elevation of Privilege | 4565536 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 4571730 (Monthly Rollup) 4571746 (Security Only) |
Important | Elevation of Privilege | 4565536 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 4571730 (Monthly Rollup) 4571746 (Security Only) |
Important | Elevation of Privilege | 4565536 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 4571729 (Monthly Rollup) 4571719 (Security Only) |
Important | Elevation of Privilege | 4565524 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 4571729 (Monthly Rollup) 4571719 (Security Only) |
Important | Elevation of Privilege | 4565524 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 | 4571736 (Monthly Rollup) 4571702 (Security Only) |
Important | Elevation of Privilege | 4565537 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 4571736 (Monthly Rollup) 4571702 (Security Only) |
Important | Elevation of Privilege | 4565537 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 4571703 (Monthly Rollup) 4571723 (Security Only) |
Important | Elevation of Privilege | 4565541 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 4571703 (Monthly Rollup) 4571723 (Security Only) |
Important | Elevation of Privilege | 4565541 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 | 4571694 (Security Update) | Important | Elevation of Privilege | 4565511 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 4571694 (Security Update) | Important | Elevation of Privilege | 4565511 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1903 (Server Core installation) | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1909 (Server Core installation) | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 4566782 (Security Update) | Important | Elevation of Privilege | 4565503 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2020-1489 | anonymous researcher |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2020-1490 MITRE NVD |
CVE Title: Windows Storage Service Elevation of Privilege Vulnerability
Description: An elevation of privilege vulnerability exists when the Storage Service improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges on the victim system. To exploit the vulnerability, an attacker would first have to gain execution on the victim system, then run a specially crafted application. The security update addresses the vulnerability by correcting how the Storage Services handles file operations. FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2020-08-11T07:00:00Z Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2020-1490 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 4571692 (Security Update) | Important | Elevation of Privilege | 4565513 | Base: 7.0 Temporal: 6.3 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 4571692 (Security Update) | Important | Elevation of Privilege | 4565513 | Base: 7.0 Temporal: 6.3 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 4571694 (Security Update) | Important | Elevation of Privilege | 4565511 |
Base: 7.0 Temporal: 6.3 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 4571694 (Security Update) | Important | Elevation of Privilege | 4565511 |
Base: 7.0 Temporal: 6.3 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for 32-bit Systems | 4571741 (Security Update) | Important | Elevation of Privilege | 4565508 | Base: 7.0 Temporal: 6.3 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for ARM64-based Systems | 4571741 (Security Update) | Important | Elevation of Privilege | 4565508 | Base: 7.0 Temporal: 6.3 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for x64-based Systems | 4571741 (Security Update) | Important | Elevation of Privilege | 4565508 | Base: 7.0 Temporal: 6.3 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for 32-bit Systems | 4571709 (Security Update) | Important | Elevation of Privilege | 4565489 | Base: 7.0 Temporal: 6.3 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 4571709 (Security Update) | Important | Elevation of Privilege | 4565489 | Base: 7.0 Temporal: 6.3 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 4571709 (Security Update) | Important | Elevation of Privilege | 4565489 | Base: 7.0 Temporal: 6.3 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: 7.0 Temporal: 6.3 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: 7.0 Temporal: 6.3 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: 7.0 Temporal: 6.3 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for 32-bit Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.0 Temporal: 6.3 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for ARM64-based Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.0 Temporal: 6.3 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for x64-based Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.0 Temporal: 6.3 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.0 Temporal: 6.3 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.0 Temporal: 6.3 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.0 Temporal: 6.3 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 4566782 (Security Update) | Important | Elevation of Privilege | 4565503 |
Base: 7.0 Temporal: 6.3 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 4566782 (Security Update) | Important | Elevation of Privilege | 4565503 |
Base: 7.0 Temporal: 6.3 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 4566782 (Security Update) | Important | Elevation of Privilege | 4565503 |
Base: 7.0 Temporal: 6.3 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 | 4571694 (Security Update) | Important | Elevation of Privilege | 4565511 |
Base: 7.0 Temporal: 6.3 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 4571694 (Security Update) | Important | Elevation of Privilege | 4565511 |
Base: 7.0 Temporal: 6.3 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: 7.0 Temporal: 6.3 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: 7.0 Temporal: 6.3 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1903 (Server Core installation) | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.0 Temporal: 6.3 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1909 (Server Core installation) | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.0 Temporal: 6.3 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 4566782 (Security Update) | Important | Elevation of Privilege | 4565503 |
Base: 7.0 Temporal: 6.3 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2020-1490 | Jonas Lykkegård |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2020-1492 MITRE NVD |
CVE Title: Media Foundation Memory Corruption Vulnerability
Description: A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory. An attacker who successfully exploited the vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit a malicious webpage. The security update addresses the vulnerability by correcting how Windows Media Foundation handles objects in memory. FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2020-08-11T07:00:00Z Information published. |
Critical | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2020-1492 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 4571692 (Security Update) | Critical | Remote Code Execution | 4565513 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 4571692 (Security Update) | Critical | Remote Code Execution | 4565513 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 4571694 (Security Update) | Critical | Remote Code Execution | 4565511 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 4571694 (Security Update) | Critical | Remote Code Execution | 4565511 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for 32-bit Systems | 4571741 (Security Update) | Critical | Remote Code Execution | 4565508 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for ARM64-based Systems | 4571741 (Security Update) | Critical | Remote Code Execution | 4565508 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for x64-based Systems | 4571741 (Security Update) | Critical | Remote Code Execution | 4565508 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for 32-bit Systems | 4571709 (Security Update) | Critical | Remote Code Execution | 4565489 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 4571709 (Security Update) | Critical | Remote Code Execution | 4565489 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 4571709 (Security Update) | Critical | Remote Code Execution | 4565489 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 4565349 (Security Update) | Critical | Remote Code Execution | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 4565349 (Security Update) | Critical | Remote Code Execution | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 4565349 (Security Update) | Critical | Remote Code Execution | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for 32-bit Systems | 4565351 (Security Update) | Critical | Remote Code Execution | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for ARM64-based Systems | 4565351 (Security Update) | Critical | Remote Code Execution | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for x64-based Systems | 4565351 (Security Update) | Critical | Remote Code Execution | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 4565351 (Security Update) | Critical | Remote Code Execution | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 4565351 (Security Update) | Critical | Remote Code Execution | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 4565351 (Security Update) | Critical | Remote Code Execution | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 4566782 (Security Update) | Critical | Remote Code Execution | 4565503 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 4566782 (Security Update) | Critical | Remote Code Execution | 4565503 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 4566782 (Security Update) | Critical | Remote Code Execution | 4565503 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 4571703 (Monthly Rollup) 4571723 (Security Only) |
Critical | Remote Code Execution | 4565541 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 4571703 (Monthly Rollup) 4571723 (Security Only) |
Critical | Remote Code Execution | 4565541 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 4571703 (Monthly Rollup) | Critical | Remote Code Execution | 4565541 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 4571703 (Monthly Rollup) 4571723 (Security Only) |
Critical | Remote Code Execution | 4565541 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 4571703 (Monthly Rollup) 4571723 (Security Only) |
Critical | Remote Code Execution | 4565541 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 | 4571694 (Security Update) | Critical | Remote Code Execution | 4565511 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 4571694 (Security Update) | Critical | Remote Code Execution | 4565511 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 | 4565349 (Security Update) | Critical | Remote Code Execution | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 4565349 (Security Update) | Critical | Remote Code Execution | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1903 (Server Core installation) | 4565351 (Security Update) | Critical | Remote Code Execution | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1909 (Server Core installation) | 4565351 (Security Update) | Critical | Remote Code Execution | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 4566782 (Security Update) | Critical | Remote Code Execution | 4565503 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2020-1492 | @expend20 working with Trend Micro's Zero Day Initiative Xingwei Lin of Ant Financial Light-Year Security Lab |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2020-1493 MITRE NVD |
CVE Title: Microsoft Outlook Information Disclosure Vulnerability
Description: An information disclosure vulnerability exists when attaching files to Outlook messages. This vulnerability could potentially allow users to share attached files such that they are accessible by anonymous users where they should be restricted to specific users. To exploit this vulnerability, an attacker would have to attach a file as a link to an email. The email could then be shared with individuals that should not have access to the files, ignoring the default organizational setting. The security update addresses the vulnerability by correcting how Outlook handles file attachment links. FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized memory. Is the Preview Pane an attack vector for this vulnerability? Yes, the Preview Pane is an attack vector. If the preview pane is an attack vector, why is the severity for this vulnerability Important and not Critical? Even though the preview pane is an attack vector, the attacker cannot achieve remote code execution if they successfully exploit the vulnerability, but can only gain information from the victim. Mitigations: None Workarounds: None Revision: 1.0 2020-08-11T07:00:00Z Information published. |
Important | Information Disclosure |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2020-1493 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Microsoft 365 Apps for Enterprise for 32-bit Systems | Click to Run (Security Update) | Important | Information Disclosure | None | Base: N/A Temporal: N/A Vector: N/A |
No |
| Microsoft 365 Apps for Enterprise for 64-bit Systems | Click to Run (Security Update) | Important | Information Disclosure | None | Base: N/A Temporal: N/A Vector: N/A |
No |
| Microsoft Office 2019 for 32-bit editions | Click to Run (Security Update) | Important | Information Disclosure | None | Base: N/A Temporal: N/A Vector: N/A |
No |
| Microsoft Office 2019 for 64-bit editions | Click to Run (Security Update) | Important | Information Disclosure | None | Base: N/A Temporal: N/A Vector: N/A |
No |
| Microsoft Outlook 2010 Service Pack 2 (32-bit editions) | 4484497 (Security Update) | Important | Information Disclosure | 4484382 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft Outlook 2010 Service Pack 2 (64-bit editions) | 4484497 (Security Update) | Important | Information Disclosure | 4484382 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft Outlook 2013 RT Service Pack 1 | 4484486 (Security Update) | Important | Information Disclosure | 4484363 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft Outlook 2013 Service Pack 1 (32-bit editions) | 4484486 (Security Update) | Important | Information Disclosure | 4484363 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft Outlook 2013 Service Pack 1 (64-bit editions) | 4484486 (Security Update) | Important | Information Disclosure | 4484363 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft Outlook 2016 (32-bit edition) | 4484475 (Security Update) | Important | Information Disclosure | 4484433 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft Outlook 2016 (64-bit edition) | 4484475 (Security Update) | Important | Information Disclosure | 4484433 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| CVE ID | Acknowledgements |
| CVE-2020-1493 | 0neb1n working with Trend Micro's Zero Day Initiative |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2020-1494 MITRE NVD |
CVE Title: Microsoft Excel Remote Code Execution Vulnerability
Description: A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Excel. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability. An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file. The security update addresses the vulnerability by correcting how Microsoft Excel handles objects in memory. FAQ: Is the Preview Pane an attack vector for this vulnerability? No, the Preview Pane is not an attack vector. Mitigations: None Workarounds: None Revision: 1.0 2020-08-11T07:00:00Z Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2020-1494 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Microsoft 365 Apps for Enterprise for 32-bit Systems | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: N/A Temporal: N/A Vector: N/A |
No |
| Microsoft 365 Apps for Enterprise for 64-bit Systems | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: N/A Temporal: N/A Vector: N/A |
No |
| Microsoft Excel 2010 Service Pack 2 (32-bit editions) | 4484461 (Security Update) | Important | Remote Code Execution | 4484415 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft Excel 2010 Service Pack 2 (64-bit editions) | 4484461 (Security Update) | Important | Remote Code Execution | 4484415 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft Excel 2013 RT Service Pack 1 | 4484449 (Security Update) | Important | Remote Code Execution | None | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft Excel 2013 Service Pack 1 (32-bit editions) | 4484449 (Security Update) | Important | Remote Code Execution | None | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft Excel 2013 Service Pack 1 (64-bit editions) | 4484449 (Security Update) | Important | Remote Code Execution | None | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft Excel 2016 (32-bit edition) | 4484465 (Security Update) | Important | Remote Code Execution | 4484403 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft Excel 2016 (64-bit edition) | 4484465 (Security Update) | Important | Remote Code Execution | 4484403 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft Office 2010 Service Pack 2 (32-bit editions) | 4484375 (Security Update) | Important | Remote Code Execution | 4484266 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft Office 2010 Service Pack 2 (64-bit editions) | 4484375 (Security Update) | Important | Remote Code Execution | 4484266 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft Office 2013 RT Service Pack 1 | 4484354 (Security Update) | Important | Remote Code Execution | 4484229 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft Office 2013 Service Pack 1 (32-bit editions) | 4484354 (Security Update) | Important | Remote Code Execution | 4484229 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft Office 2013 Service Pack 1 (64-bit editions) | 4484354 (Security Update) | Important | Remote Code Execution | 4484229 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft Office 2016 (32-bit edition) | 4484346 (Security Update) | Important | Remote Code Execution | 4484258 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft Office 2016 (64-bit edition) | 4484346 (Security Update) | Important | Remote Code Execution | 4484258 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft Office 2019 for 32-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: N/A Temporal: N/A Vector: N/A |
No |
| Microsoft Office 2019 for 64-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: N/A Temporal: N/A Vector: N/A |
No |
| CVE ID | Acknowledgements |
| CVE-2020-1494 | Jinquan(@jq0904) of DBAPPSecurity Co., Ltd |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2020-1495 MITRE NVD |
CVE Title: Microsoft Excel Remote Code Execution Vulnerability
Description: A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Excel. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability. An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file. The security update addresses the vulnerability by correcting how Microsoft Excel handles objects in memory. FAQ: Is the Preview Pane an attack vector for this vulnerability? No, the Preview Pane is not an attack vector. Mitigations: None Workarounds: None Revision: 1.0 2020-08-11T07:00:00Z Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2020-1495 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Microsoft 365 Apps for Enterprise for 32-bit Systems | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: N/A Temporal: N/A Vector: N/A |
No |
| Microsoft 365 Apps for Enterprise for 64-bit Systems | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: N/A Temporal: N/A Vector: N/A |
No |
| Microsoft Excel 2010 Service Pack 2 (32-bit editions) | 4484461 (Security Update) | Important | Remote Code Execution | 4484415 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft Excel 2010 Service Pack 2 (64-bit editions) | 4484461 (Security Update) | Important | Remote Code Execution | 4484415 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft Excel 2013 RT Service Pack 1 | 4484449 (Security Update) | Important | Remote Code Execution | None | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft Excel 2013 Service Pack 1 (32-bit editions) | 4484449 (Security Update) | Important | Remote Code Execution | None | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft Excel 2013 Service Pack 1 (64-bit editions) | 4484449 (Security Update) | Important | Remote Code Execution | None | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft Excel 2016 (32-bit edition) | 4484465 (Security Update) | Important | Remote Code Execution | 4484403 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft Excel 2016 (64-bit edition) | 4484465 (Security Update) | Important | Remote Code Execution | 4484403 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft Office 2010 Service Pack 2 (32-bit editions) | 4484375 (Security Update) | Important | Remote Code Execution | 4484266 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft Office 2010 Service Pack 2 (64-bit editions) | 4484375 (Security Update) | Important | Remote Code Execution | 4484266 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft Office 2013 RT Service Pack 1 | 4484354 (Security Update) | Important | Remote Code Execution | 4484229 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft Office 2013 Service Pack 1 (32-bit editions) | 4484354 (Security Update) | Important | Remote Code Execution | 4484229 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft Office 2013 Service Pack 1 (64-bit editions) | 4484354 (Security Update) | Important | Remote Code Execution | 4484229 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft Office 2016 (32-bit edition) | 4484346 (Security Update) | Important | Remote Code Execution | 4484258 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft Office 2016 (64-bit edition) | 4484346 (Security Update) | Important | Remote Code Execution | 4484258 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft Office 2016 for Mac | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: N/A Temporal: N/A Vector: N/A |
No |
| Microsoft Office 2019 for 32-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: N/A Temporal: N/A Vector: N/A |
No |
| Microsoft Office 2019 for 64-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: N/A Temporal: N/A Vector: N/A |
No |
| Microsoft Office 2019 for Mac | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: N/A Temporal: N/A Vector: N/A |
No |
| Microsoft SharePoint Enterprise Server 2013 Service Pack 1 | 4484183 (Security Update) | Important | Remote Code Execution | 4484151 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft SharePoint Server 2010 Service Pack 2 | 4484191 (Security Update) | Important | Remote Code Execution | 4484159 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Office Online Server | 4484470 (Security Update) | Important | Remote Code Execution | 4484451 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| CVE ID | Acknowledgements |
| CVE-2020-1495 | Ying Xinlei of Ant-Financial Light-Year Security Lab Jinquan(@jq0904) of DBAPPSecurity Co., Ltd |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2020-1496 MITRE NVD |
CVE Title: Microsoft Excel Remote Code Execution Vulnerability
Description: A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Excel. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability. An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file. The security update addresses the vulnerability by correcting how Microsoft Excel handles objects in memory. FAQ: Is the Preview Pane an attack vector for this vulnerability? No, the Preview Pane is not an attack vector. Mitigations: None Workarounds: None Revision: 1.0 2020-08-11T07:00:00Z Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2020-1496 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Microsoft 365 Apps for Enterprise for 32-bit Systems | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: N/A Temporal: N/A Vector: N/A |
No |
| Microsoft 365 Apps for Enterprise for 64-bit Systems | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: N/A Temporal: N/A Vector: N/A |
No |
| Microsoft Excel 2010 Service Pack 2 (32-bit editions) | 4484461 (Security Update) | Important | Remote Code Execution | 4484415 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft Excel 2010 Service Pack 2 (64-bit editions) | 4484461 (Security Update) | Important | Remote Code Execution | 4484415 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft Excel 2013 RT Service Pack 1 | 4484449 (Security Update) | Important | Remote Code Execution | None | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft Excel 2013 Service Pack 1 (32-bit editions) | 4484449 (Security Update) | Important | Remote Code Execution | None | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft Excel 2013 Service Pack 1 (64-bit editions) | 4484449 (Security Update) | Important | Remote Code Execution | None | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft Excel 2016 (32-bit edition) | 4484465 (Security Update) | Important | Remote Code Execution | 4484403 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft Excel 2016 (64-bit edition) | 4484465 (Security Update) | Important | Remote Code Execution | 4484403 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft Office 2010 Service Pack 2 (32-bit editions) | 4484375 (Security Update) | Important | Remote Code Execution | 4484266 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft Office 2010 Service Pack 2 (64-bit editions) | 4484375 (Security Update) | Important | Remote Code Execution | 4484266 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft Office 2013 RT Service Pack 1 | 4484354 (Security Update) | Important | Remote Code Execution | 4484229 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft Office 2013 Service Pack 1 (32-bit editions) | 4484354 (Security Update) | Important | Remote Code Execution | 4484229 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft Office 2013 Service Pack 1 (64-bit editions) | 4484354 (Security Update) | Important | Remote Code Execution | 4484229 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft Office 2016 (32-bit edition) | 4484346 (Security Update) | Important | Remote Code Execution | 4484258 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft Office 2016 (64-bit edition) | 4484346 (Security Update) | Important | Remote Code Execution | 4484258 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft Office 2019 for 32-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: N/A Temporal: N/A Vector: N/A |
No |
| Microsoft Office 2019 for 64-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: N/A Temporal: N/A Vector: N/A |
No |
| CVE ID | Acknowledgements |
| CVE-2020-1496 | Jinquan(@jq0904) of DBAPPSecurity Co., Ltd |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2020-1497 MITRE NVD |
CVE Title: Microsoft Excel Information Disclosure Vulnerability
Description: An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory. An attacker who exploited the vulnerability could use the information to compromise the user’s computer or data. To exploit the vulnerability, an attacker could craft a special document file and then convince the user to open it. An attacker must know the memory address location where the object was created. The update addresses the vulnerability by changing the way certain Excel functions handle objects in memory. FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized memory. Is the Preview Pane an attack vector for this vulnerability? No, the Preview Pane is not an attack vector. Mitigations: None Workarounds: None Revision: 1.0 2020-08-11T07:00:00Z Information published. |
Important | Information Disclosure |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2020-1497 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Microsoft 365 Apps for Enterprise for 32-bit Systems | Click to Run (Security Update) | Important | Information Disclosure | None | Base: N/A Temporal: N/A Vector: N/A |
No |
| Microsoft 365 Apps for Enterprise for 64-bit Systems | Click to Run (Security Update) | Important | Information Disclosure | None | Base: N/A Temporal: N/A Vector: N/A |
No |
| Microsoft Excel 2010 Service Pack 2 (32-bit editions) | 4484461 (Security Update) | Important | Information Disclosure | 4484415 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft Excel 2010 Service Pack 2 (64-bit editions) | 4484461 (Security Update) | Important | Information Disclosure | 4484415 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft Excel 2013 RT Service Pack 1 | 4484449 (Security Update) | Important | Information Disclosure | None | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft Excel 2013 Service Pack 1 (32-bit editions) | 4484449 (Security Update) | Important | Information Disclosure | None | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft Excel 2013 Service Pack 1 (64-bit editions) | 4484449 (Security Update) | Important | Information Disclosure | None | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft Excel 2016 (32-bit edition) | 4484465 (Security Update) | Important | Information Disclosure | 4484403 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft Excel 2016 (64-bit edition) | 4484465 (Security Update) | Important | Information Disclosure | 4484403 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft Office 2010 Service Pack 2 (32-bit editions) | 4484375 (Security Update) | Important | Information Disclosure | 4484266 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft Office 2010 Service Pack 2 (64-bit editions) | 4484375 (Security Update) | Important | Information Disclosure | 4484266 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft Office 2013 RT Service Pack 1 | 4484354 (Security Update) | Important | Information Disclosure | 4484229 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft Office 2013 Service Pack 1 (32-bit editions) | 4484354 (Security Update) | Important | Information Disclosure | 4484229 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft Office 2013 Service Pack 1 (64-bit editions) | 4484354 (Security Update) | Important | Information Disclosure | 4484229 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft Office 2016 (32-bit edition) | 4484346 (Security Update) | Important | Information Disclosure | 4484258 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft Office 2016 (64-bit edition) | 4484346 (Security Update) | Important | Information Disclosure | 4484258 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft Office 2019 for 32-bit editions | Click to Run (Security Update) | Important | Information Disclosure | None | Base: N/A Temporal: N/A Vector: N/A |
No |
| Microsoft Office 2019 for 64-bit editions | Click to Run (Security Update) | Important | Information Disclosure | None | Base: N/A Temporal: N/A Vector: N/A |
No |
| CVE ID | Acknowledgements |
| CVE-2020-1497 | Jinquan(@jq0904) of DBAPPSecurity Co., Ltd |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2020-1498 MITRE NVD |
CVE Title: Microsoft Excel Remote Code Execution Vulnerability
Description: A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Excel. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability. An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file. The security update addresses the vulnerability by correcting how Microsoft Excel handles objects in memory. FAQ: Is the Preview Pane an attack vector for this vulnerability? No, the Preview Pane is not an attack vector. Mitigations: None Workarounds: None Revision: 1.0 2020-08-11T07:00:00Z Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2020-1498 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Microsoft 365 Apps for Enterprise for 32-bit Systems | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: N/A Temporal: N/A Vector: N/A |
No |
| Microsoft 365 Apps for Enterprise for 64-bit Systems | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: N/A Temporal: N/A Vector: N/A |
No |
| Microsoft Excel 2010 Service Pack 2 (32-bit editions) | 4484461 (Security Update) | Important | Remote Code Execution | 4484415 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft Excel 2010 Service Pack 2 (64-bit editions) | 4484461 (Security Update) | Important | Remote Code Execution | 4484415 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft Excel 2013 RT Service Pack 1 | 4484449 (Security Update) | Important | Remote Code Execution | None | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft Excel 2013 Service Pack 1 (32-bit editions) | 4484449 (Security Update) | Important | Remote Code Execution | None | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft Excel 2013 Service Pack 1 (64-bit editions) | 4484449 (Security Update) | Important | Remote Code Execution | None | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft Excel 2016 (32-bit edition) | 4484465 (Security Update) | Important | Remote Code Execution | 4484403 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft Excel 2016 (64-bit edition) | 4484465 (Security Update) | Important | Remote Code Execution | 4484403 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft Office 2016 for Mac | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: N/A Temporal: N/A Vector: N/A |
No |
| Microsoft Office 2019 for 32-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: N/A Temporal: N/A Vector: N/A |
No |
| Microsoft Office 2019 for 64-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: N/A Temporal: N/A Vector: N/A |
No |
| Microsoft Office 2019 for Mac | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: N/A Temporal: N/A Vector: N/A |
No |
| CVE ID | Acknowledgements |
| CVE-2020-1498 | Jinquan(@jq0904) of DBAPPSecurity Co., Ltd |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2020-1499 MITRE NVD |
CVE Title: Microsoft SharePoint Spoofing Vulnerability
Description: A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server. The attacker who successfully exploited the vulnerability could then perform cross-site scripting attacks on affected systems and run script in the security context of the current user. These attacks could allow the attacker to read content that the attacker is not authorized to read, use the victim's identity to take actions on the SharePoint site on behalf of the user, such as change permissions and delete content, and inject malicious content in the browser of the user. The security update addresses the vulnerability by helping to ensure that SharePoint Server properly sanitizes web requests. FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2020-08-11T07:00:00Z Information published. |
Important | Spoofing |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2020-1499 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Microsoft SharePoint Enterprise Server 2013 Service Pack 1 | 4484479 (Security Update) | Important | Spoofing | 4484443 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft SharePoint Enterprise Server 2016 | 4484473 (Security Update) | Important | Spoofing | 4484436 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft SharePoint Foundation 2010 Service Pack 2 | 4484462 (Security Update) | Important | Spoofing | 4484391 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft SharePoint Foundation 2013 Service Pack 1 | 4484487 (Security Update) | Important | Spoofing | 4484448 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft SharePoint Server 2019 | 4484472 (Security Update) | Important | Spoofing | 4484453 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| CVE ID | Acknowledgements |
| CVE-2020-1499 | Huynh Phuoc Hung, @hph0var |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2020-1500 MITRE NVD |
CVE Title: Microsoft SharePoint Spoofing Vulnerability
Description: A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server. The attacker who successfully exploited the vulnerability could then perform cross-site scripting attacks on affected systems and run script in the security context of the current user. These attacks could allow the attacker to read content that the attacker is not authorized to read, use the victim's identity to take actions on the SharePoint site on behalf of the user, such as change permissions and delete content, and inject malicious content in the browser of the user. The security update addresses the vulnerability by helping to ensure that SharePoint Server properly sanitizes web requests. FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2020-08-11T07:00:00Z Information published. |
Important | Spoofing |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2020-1500 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Microsoft SharePoint Enterprise Server 2013 Service Pack 1 | 4484479 (Security Update) | Important | Spoofing | 4484443 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft SharePoint Enterprise Server 2016 | 4484473 (Security Update) | Important | Spoofing | 4484436 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft SharePoint Server 2010 Service Pack 2 | 4484498 (Security Update) | Important | Spoofing | 4484460 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft SharePoint Server 2019 | 4484472 (Security Update) | Important | Spoofing | 4484453 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| CVE ID | Acknowledgements |
| CVE-2020-1500 | Huynh Phuoc Hung, @hph0var |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2020-1501 MITRE NVD |
CVE Title: Microsoft SharePoint Spoofing Vulnerability
Description: A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server. The attacker who successfully exploited the vulnerability could then perform cross-site scripting attacks on affected systems and run script in the security context of the current user. These attacks could allow the attacker to read content that the attacker is not authorized to read, use the victim's identity to take actions on the SharePoint site on behalf of the user, such as change permissions and delete content, and inject malicious content in the browser of the user. The security update addresses the vulnerability by helping to ensure that SharePoint Server properly sanitizes web requests. FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2020-08-11T07:00:00Z Information published. |
Important | Spoofing |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2020-1501 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Microsoft SharePoint Enterprise Server 2016 | 4484473 (Security Update) | Important | Spoofing | 4484436 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft SharePoint Foundation 2013 Service Pack 1 | 4484487 (Security Update) | Important | Spoofing | 4484448 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft SharePoint Server 2010 Service Pack 2 | 4484498 (Security Update) | Important | Spoofing | 4484460 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft SharePoint Server 2019 | 4484472 (Security Update) | Important | Spoofing | 4484453 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| CVE ID | Acknowledgements |
| CVE-2020-1501 | Mohammad Deilamy (MDM) |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2020-1502 MITRE NVD |
CVE Title: Microsoft Word Information Disclosure Vulnerability
Description: An information disclosure vulnerability exists when Microsoft Word improperly discloses the contents of its memory. An attacker who exploited the vulnerability could use the information to compromise the user’s computer or data. To exploit the vulnerability, an attacker could craft a special document file and then convince the user to open it. An attacker must know the memory address location where the object was created. The update addresses the vulnerability by changing the way certain Word functions handle objects in memory. FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized memory. Is the Preview Pane an attack vector for this vulnerability? No, the Preview Pane is not an attack vector. Mitigations: None Workarounds: None Revision: 1.0 2020-08-11T07:00:00Z Information published. |
Important | Information Disclosure |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2020-1502 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Microsoft 365 Apps for Enterprise for 32-bit Systems | Click to Run (Security Update) | Important | Information Disclosure | None | Base: N/A Temporal: N/A Vector: N/A |
No |
| Microsoft 365 Apps for Enterprise for 64-bit Systems | Click to Run (Security Update) | Important | Information Disclosure | None | Base: N/A Temporal: N/A Vector: N/A |
No |
| Microsoft Office 2019 for 32-bit editions | Click to Run (Security Update) | Important | Information Disclosure | None | Base: N/A Temporal: N/A Vector: N/A |
No |
| Microsoft Office 2019 for 64-bit editions | Click to Run (Security Update) | Important | Information Disclosure | None | Base: N/A Temporal: N/A Vector: N/A |
No |
| Microsoft Office Online Server | 4484470 (Security Update) | Important | Information Disclosure | 4484451 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft SharePoint Server 2019 | 4484472 (Security Update) 4484471 (Security Update) |
Important | Information Disclosure | 4484453 |
Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| CVE ID | Acknowledgements |
| CVE-2020-1502 | Haifei Li of McAfee IPS Security Research Team |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2020-1503 MITRE NVD |
CVE Title: Microsoft Word Information Disclosure Vulnerability
Description: An information disclosure vulnerability exists when Microsoft Word improperly discloses the contents of its memory. An attacker who exploited the vulnerability could use the information to compromise the user’s computer or data. To exploit the vulnerability, an attacker could craft a special document file and then convince the user to open it. An attacker must know the memory address location where the object was created. The update addresses the vulnerability by changing the way certain Word functions handle objects in memory. FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized memory. Is the Preview Pane an attack vector for this vulnerability? No, the Preview Pane is not an attack vector. I have Microsoft Office 2010 installed. Why am I not being offered the 4484492 update? The 4484492 update only applies to systems running specific configurations of Microsoft Office 2010. Some configurations will not be offered the update. Mitigations: None Workarounds: None Revision: 1.0 2020-08-11T07:00:00Z Information published. |
Important | Information Disclosure |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2020-1503 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Microsoft 365 Apps for Enterprise for 32-bit Systems | Click to Run (Security Update) | Important | Information Disclosure | None | Base: N/A Temporal: N/A Vector: N/A |
No |
| Microsoft 365 Apps for Enterprise for 64-bit Systems | Click to Run (Security Update) | Important | Information Disclosure | None | Base: N/A Temporal: N/A Vector: N/A |
No |
| Microsoft Office 2010 Service Pack 2 (32-bit editions) | 4484492 (Security Update) | Important | Information Disclosure | 4484456 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft Office 2010 Service Pack 2 (64-bit editions) | 4484492 (Security Update) | Important | Information Disclosure | 4484456 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft Office 2016 for Mac | Release Notes (Security Update) | Important | Information Disclosure | None | Base: N/A Temporal: N/A Vector: N/A |
No |
| Microsoft Office 2019 for 32-bit editions | Click to Run (Security Update) | Important | Information Disclosure | None | Base: N/A Temporal: N/A Vector: N/A |
No |
| Microsoft Office 2019 for 64-bit editions | Click to Run (Security Update) | Important | Information Disclosure | None | Base: N/A Temporal: N/A Vector: N/A |
No |
| Microsoft Office 2019 for Mac | Release Notes (Security Update) | Important | Information Disclosure | None | Base: N/A Temporal: N/A Vector: N/A |
No |
| Microsoft Office Online Server | 4484470 (Security Update) | Important | Information Disclosure | 4484451 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft Office Web Apps 2010 Service Pack 2 | 4484495 (Security Update) | Important | Information Disclosure | 4484381 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft Office Web Apps 2013 Service Pack 1 | 4484481 (Security Update) | Important | Information Disclosure | None | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft SharePoint Enterprise Server 2013 Service Pack 1 | 4484478 (Security Update) | Important | Information Disclosure | 4484348 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft SharePoint Enterprise Server 2016 | 4484473 (Security Update) 4484476 (Security Update) |
Important | Information Disclosure | 4484436 |
Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft SharePoint Server 2010 Service Pack 2 | 4484490 (Security Update) | Important | Information Disclosure | 4484370 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft SharePoint Server 2019 | 4484472 (Security Update) 4484471 (Security Update) |
Important | Information Disclosure | 4484453 |
Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft Word 2010 Service Pack 2 (32-bit editions) | 4484494 (Security Update) | Important | Information Disclosure | 4484458 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft Word 2010 Service Pack 2 (64-bit editions) | 4484494 (Security Update) | Important | Information Disclosure | 4484458 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft Word 2013 RT Service Pack 1 | 4484484 (Security Update) | Important | Information Disclosure | 4484446 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft Word 2013 Service Pack 1 (32-bit editions) | 4484484 (Security Update) | Important | Information Disclosure | 4484446 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft Word 2013 Service Pack 1 (64-bit editions) | 4484484 (Security Update) | Important | Information Disclosure | 4484446 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft Word 2016 (32-bit edition) | 4484474 (Security Update) | Important | Information Disclosure | 4484438 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft Word 2016 (64-bit edition) | 4484474 (Security Update) | Important | Information Disclosure | 4484438 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| CVE ID | Acknowledgements |
| CVE-2020-1503 | Haifei Li of McAfee IPS Security Research Team |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2020-1504 MITRE NVD |
CVE Title: Microsoft Excel Remote Code Execution Vulnerability
Description: A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Excel. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability. An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file. The security update addresses the vulnerability by correcting how Microsoft Excel handles objects in memory. FAQ: Is the Preview Pane an attack vector for this vulnerability? No, the Preview Pane is not an attack vector. Mitigations: None Workarounds: None Revision: 1.0 2020-08-11T07:00:00Z Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| N/A | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2020-1504 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Microsoft Excel 2010 Service Pack 2 (32-bit editions) | 4484461 (Security Update) | Important | Remote Code Execution | 4484415 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft Excel 2010 Service Pack 2 (64-bit editions) | 4484461 (Security Update) | Important | Remote Code Execution | 4484415 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| CVE ID | Acknowledgements |
| CVE-2020-1504 | Jinquan(@jq0904) of DBAPPSecurity Co., Ltd |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2020-1505 MITRE NVD |
CVE Title: Microsoft SharePoint Information Disclosure Vulnerability
Description: An information disclosure vulnerability exists when Microsoft SharePoint Server fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system. To exploit the vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The security update addresses the vulnerability by correcting how Microsoft SharePoint Server handles objects in memory. FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is sensitive information. Mitigations: None Workarounds: None Revision: 1.0 2020-08-11T07:00:00Z Information published. |
Important | Information Disclosure |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2020-1505 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Microsoft SharePoint Enterprise Server 2016 | 4484473 (Security Update) | Important | Information Disclosure | 4484436 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft SharePoint Foundation 2013 Service Pack 1 | 4484487 (Security Update) | Important | Information Disclosure | 4484448 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft SharePoint Server 2010 Service Pack 2 | 4484498 (Security Update) | Important | Information Disclosure | 4484460 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft SharePoint Server 2019 | 4484472 (Security Update) | Important | Information Disclosure | 4484453 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| CVE ID | Acknowledgements |
| CVE-2020-1505 | Cameron Vincent |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2020-1511 MITRE NVD |
CVE Title: Connected User Experiences and Telemetry Service Elevation of Privilege Vulnerability
Description: An elevation of privilege vulnerability exists when Connected User Experiences and Telemetry Service improperly handles file operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The security update addresses the vulnerability by correcting how the Connected User Experiences and Telemetry Service handles file operations. FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2020-08-11T07:00:00Z Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2020-1511 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 4571692 (Security Update) | Important | Elevation of Privilege | 4565513 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 4571692 (Security Update) | Important | Elevation of Privilege | 4565513 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 4571694 (Security Update) | Important | Elevation of Privilege | 4565511 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 4571694 (Security Update) | Important | Elevation of Privilege | 4565511 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for 32-bit Systems | 4571741 (Security Update) | Important | Elevation of Privilege | 4565508 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for ARM64-based Systems | 4571741 (Security Update) | Important | Elevation of Privilege | 4565508 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for x64-based Systems | 4571741 (Security Update) | Important | Elevation of Privilege | 4565508 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for 32-bit Systems | 4571709 (Security Update) | Important | Elevation of Privilege | 4565489 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 4571709 (Security Update) | Important | Elevation of Privilege | 4565489 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 4571709 (Security Update) | Important | Elevation of Privilege | 4565489 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for 32-bit Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for ARM64-based Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for x64-based Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 4566782 (Security Update) | Important | Elevation of Privilege | 4565503 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 4566782 (Security Update) | Important | Elevation of Privilege | 4565503 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 4566782 (Security Update) | Important | Elevation of Privilege | 4565503 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 | 4571694 (Security Update) | Important | Elevation of Privilege | 4565511 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 4571694 (Security Update) | Important | Elevation of Privilege | 4565511 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1903 (Server Core installation) | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1909 (Server Core installation) | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 4566782 (Security Update) | Important | Elevation of Privilege | 4565503 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2020-1511 | Zhiniang Peng (@edwardzpeng) & Jiadong Lu |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2020-1512 MITRE NVD |
CVE Title: Windows State Repository Service Information Disclosure Vulnerability
Description: An information disclosure vulnerability exists when the Windows State Repository Service improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The update addresses the vulnerability by correcting the way the Windows State Repository Service handles objects in memory. FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is the contents of Kernel memory. An attacker could read the contents of Kernel memory from a user mode process. Mitigations: None Workarounds: None Revision: 1.0 2020-08-11T07:00:00Z Information published. |
Important | Information Disclosure |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2020-1512 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 4571692 (Security Update) | Important | Information Disclosure | 4565513 | Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 4571692 (Security Update) | Important | Information Disclosure | 4565513 | Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 4571694 (Security Update) | Important | Information Disclosure | 4565511 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 4571694 (Security Update) | Important | Information Disclosure | 4565511 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for 32-bit Systems | 4571741 (Security Update) | Important | Information Disclosure | 4565508 | Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for ARM64-based Systems | 4571741 (Security Update) | Important | Information Disclosure | 4565508 | Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for x64-based Systems | 4571741 (Security Update) | Important | Information Disclosure | 4565508 | Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for 32-bit Systems | 4571709 (Security Update) | Important | Information Disclosure | 4565489 | Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 4571709 (Security Update) | Important | Information Disclosure | 4565489 | Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 4571709 (Security Update) | Important | Information Disclosure | 4565489 | Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 4565349 (Security Update) | Important | Information Disclosure | 4558998 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 4565349 (Security Update) | Important | Information Disclosure | 4558998 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 4565349 (Security Update) | Important | Information Disclosure | 4558998 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for 32-bit Systems | 4565351 (Security Update) | Important | Information Disclosure | 4565483 | Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for ARM64-based Systems | 4565351 (Security Update) | Important | Information Disclosure | 4565483 | Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for x64-based Systems | 4565351 (Security Update) | Important | Information Disclosure | 4565483 | Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 4565351 (Security Update) | Important | Information Disclosure | 4565483 | Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 4565351 (Security Update) | Important | Information Disclosure | 4565483 | Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 4565351 (Security Update) | Important | Information Disclosure | 4565483 | Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 4566782 (Security Update) | Important | Information Disclosure | 4565503 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 4566782 (Security Update) | Important | Information Disclosure | 4565503 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 4566782 (Security Update) | Important | Information Disclosure | 4565503 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 | 4571694 (Security Update) | Important | Information Disclosure | 4565511 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 4571694 (Security Update) | Important | Information Disclosure | 4565511 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 | 4565349 (Security Update) | Important | Information Disclosure | 4558998 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 4565349 (Security Update) | Important | Information Disclosure | 4558998 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1903 (Server Core installation) | 4565351 (Security Update) | Important | Information Disclosure | 4565483 | Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1909 (Server Core installation) | 4565351 (Security Update) | Important | Information Disclosure | 4565483 | Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 4566782 (Security Update) | Important | Information Disclosure | 4565503 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2020-1512 | Haoran Qin(@atQ4n) |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2020-1513 MITRE NVD |
CVE Title: Windows CSC Service Elevation of Privilege Vulnerability
Description: An elevation of privilege vulnerability exists when the Windows CSC Service improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges. The security update addresses the vulnerability by correcting how the Windows CSC Service handles memory. FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2020-08-11T07:00:00Z Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2020-1513 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 4571692 (Security Update) | Important | Elevation of Privilege | 4565513 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 4571692 (Security Update) | Important | Elevation of Privilege | 4565513 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 4571694 (Security Update) | Important | Elevation of Privilege | 4565511 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 4571694 (Security Update) | Important | Elevation of Privilege | 4565511 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for 32-bit Systems | 4571741 (Security Update) | Important | Elevation of Privilege | 4565508 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for ARM64-based Systems | 4571741 (Security Update) | Important | Elevation of Privilege | 4565508 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for x64-based Systems | 4571741 (Security Update) | Important | Elevation of Privilege | 4565508 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for 32-bit Systems | 4571709 (Security Update) | Important | Elevation of Privilege | 4565489 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 4571709 (Security Update) | Important | Elevation of Privilege | 4565489 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 4571709 (Security Update) | Important | Elevation of Privilege | 4565489 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for 32-bit Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for ARM64-based Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for x64-based Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 4566782 (Security Update) | Important | Elevation of Privilege | 4565503 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 4566782 (Security Update) | Important | Elevation of Privilege | 4565503 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 4566782 (Security Update) | Important | Elevation of Privilege | 4565503 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 7 for 32-bit Systems Service Pack 1 | 4571729 (Monthly Rollup) 4571719 (Security Only) |
Important | Elevation of Privilege | 4565524 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 4571729 (Monthly Rollup) 4571719 (Security Only) |
Important | Elevation of Privilege | 4565524 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 4571703 (Monthly Rollup) 4571723 (Security Only) |
Important | Elevation of Privilege | 4565541 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 4571703 (Monthly Rollup) 4571723 (Security Only) |
Important | Elevation of Privilege | 4565541 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 4571703 (Monthly Rollup) | Important | Elevation of Privilege | 4565541 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 4571729 (Monthly Rollup) 4571719 (Security Only) |
Important | Elevation of Privilege | 4565524 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 4571729 (Monthly Rollup) 4571719 (Security Only) |
Important | Elevation of Privilege | 4565524 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 | 4571736 (Monthly Rollup) 4571702 (Security Only) |
Important | Elevation of Privilege | 4565537 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 4571736 (Monthly Rollup) 4571702 (Security Only) |
Important | Elevation of Privilege | 4565537 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 4571703 (Monthly Rollup) 4571723 (Security Only) |
Important | Elevation of Privilege | 4565541 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 4571703 (Monthly Rollup) 4571723 (Security Only) |
Important | Elevation of Privilege | 4565541 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 | 4571694 (Security Update) | Important | Elevation of Privilege | 4565511 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 4571694 (Security Update) | Important | Elevation of Privilege | 4565511 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1903 (Server Core installation) | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1909 (Server Core installation) | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 4566782 (Security Update) | Important | Elevation of Privilege | 4565503 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2020-1513 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2020-1515 MITRE NVD |
CVE Title: Windows Telephony Server Elevation of Privilege Vulnerability
Description: An elevation of privilege vulnerability exists when the Windows Telephony Server improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges. The security update addresses the vulnerability by correcting how the Windows Telephony Server handles memory. FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2020-08-11T07:00:00Z Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2020-1515 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 4571692 (Security Update) | Important | Elevation of Privilege | 4565513 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 4571692 (Security Update) | Important | Elevation of Privilege | 4565513 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 4571694 (Security Update) | Important | Elevation of Privilege | 4565511 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 4571694 (Security Update) | Important | Elevation of Privilege | 4565511 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for 32-bit Systems | 4571741 (Security Update) | Important | Elevation of Privilege | 4565508 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for ARM64-based Systems | 4571741 (Security Update) | Important | Elevation of Privilege | 4565508 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for x64-based Systems | 4571741 (Security Update) | Important | Elevation of Privilege | 4565508 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for 32-bit Systems | 4571709 (Security Update) | Important | Elevation of Privilege | 4565489 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 4571709 (Security Update) | Important | Elevation of Privilege | 4565489 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 4571709 (Security Update) | Important | Elevation of Privilege | 4565489 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for 32-bit Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for ARM64-based Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for x64-based Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 4566782 (Security Update) | Important | Elevation of Privilege | 4565503 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 4566782 (Security Update) | Important | Elevation of Privilege | 4565503 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 4566782 (Security Update) | Important | Elevation of Privilege | 4565503 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 7 for 32-bit Systems Service Pack 1 | 4571729 (Monthly Rollup) 4571719 (Security Only) |
Important | Elevation of Privilege | 4565524 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 4571729 (Monthly Rollup) 4571719 (Security Only) |
Important | Elevation of Privilege | 4565524 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 4571703 (Monthly Rollup) 4571723 (Security Only) |
Important | Elevation of Privilege | 4565541 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 4571703 (Monthly Rollup) 4571723 (Security Only) |
Important | Elevation of Privilege | 4565541 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 4571703 (Monthly Rollup) | Important | Elevation of Privilege | 4565541 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 4571730 (Monthly Rollup) 4571746 (Security Only) |
Important | Elevation of Privilege | 4565536 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 4571730 (Monthly Rollup) 4571746 (Security Only) |
Important | Elevation of Privilege | 4565536 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 4571730 (Monthly Rollup) 4571746 (Security Only) |
Important | Elevation of Privilege | 4565536 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 4571730 (Monthly Rollup) 4571746 (Security Only) |
Important | Elevation of Privilege | 4565536 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 4571729 (Monthly Rollup) 4571719 (Security Only) |
Important | Elevation of Privilege | 4565524 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 4571729 (Monthly Rollup) 4571719 (Security Only) |
Important | Elevation of Privilege | 4565524 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 | 4571736 (Monthly Rollup) 4571702 (Security Only) |
Important | Elevation of Privilege | 4565537 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 4571736 (Monthly Rollup) 4571702 (Security Only) |
Important | Elevation of Privilege | 4565537 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 4571703 (Monthly Rollup) 4571723 (Security Only) |
Important | Elevation of Privilege | 4565541 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 4571703 (Monthly Rollup) 4571723 (Security Only) |
Important | Elevation of Privilege | 4565541 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 | 4571694 (Security Update) | Important | Elevation of Privilege | 4565511 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 4571694 (Security Update) | Important | Elevation of Privilege | 4565511 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1903 (Server Core installation) | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1909 (Server Core installation) | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 4566782 (Security Update) | Important | Elevation of Privilege | 4565503 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2020-1515 | Clément Rouault @hakril from Exatrack |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2020-1551 MITRE NVD |
CVE Title: Windows Backup Engine Elevation of Privilege Vulnerability
Description: An elevation of privilege vulnerability exists when the Windows Backup Engine improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges. The security update addresses the vulnerability by correcting how the Windows Backup Engine handles memory. FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2020-08-11T07:00:00Z Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2020-1551 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 4571692 (Security Update) | Important | Elevation of Privilege | 4565513 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 4571692 (Security Update) | Important | Elevation of Privilege | 4565513 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 4571694 (Security Update) | Important | Elevation of Privilege | 4565511 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 4571694 (Security Update) | Important | Elevation of Privilege | 4565511 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for 32-bit Systems | 4571741 (Security Update) | Important | Elevation of Privilege | 4565508 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for ARM64-based Systems | 4571741 (Security Update) | Important | Elevation of Privilege | 4565508 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for x64-based Systems | 4571741 (Security Update) | Important | Elevation of Privilege | 4565508 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for 32-bit Systems | 4571709 (Security Update) | Important | Elevation of Privilege | 4565489 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 4571709 (Security Update) | Important | Elevation of Privilege | 4565489 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 4571709 (Security Update) | Important | Elevation of Privilege | 4565489 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for 32-bit Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for ARM64-based Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for x64-based Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 4566782 (Security Update) | Important | Elevation of Privilege | 4565503 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 4566782 (Security Update) | Important | Elevation of Privilege | 4565503 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 4566782 (Security Update) | Important | Elevation of Privilege | 4565503 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 7 for 32-bit Systems Service Pack 1 | 4571729 (Monthly Rollup) 4571719 (Security Only) |
Important | Elevation of Privilege | 4565524 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 4571729 (Monthly Rollup) 4571719 (Security Only) |
Important | Elevation of Privilege | 4565524 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 4571703 (Monthly Rollup) 4571723 (Security Only) |
Important | Elevation of Privilege | 4565541 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 4571703 (Monthly Rollup) 4571723 (Security Only) |
Important | Elevation of Privilege | 4565541 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 4571703 (Monthly Rollup) | Important | Elevation of Privilege | 4565541 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2020-1551 | Yuki Chen
|
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2020-1552 MITRE NVD |
CVE Title: Windows Work Folder Service Elevation of Privilege Vulnerability
Description: An elevation of privilege vulnerability exists when the Windows Work Folder Service improperly handles file operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The update addresses the vulnerability by correcting the way the Windows Work Folder Service handles file operations. FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2020-08-11T07:00:00Z Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2020-1552 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 4571692 (Security Update) | Important | Elevation of Privilege | 4565513 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 for x64-based Systems | 4571692 (Security Update) | Important | Elevation of Privilege | 4565513 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 4571694 (Security Update) | Important | Elevation of Privilege | 4565511 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 4571694 (Security Update) | Important | Elevation of Privilege | 4565511 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 1709 for 32-bit Systems | 4571741 (Security Update) | Important | Elevation of Privilege | 4565508 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 1709 for ARM64-based Systems | 4571741 (Security Update) | Important | Elevation of Privilege | 4565508 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 1709 for x64-based Systems | 4571741 (Security Update) | Important | Elevation of Privilege | 4565508 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 1803 for 32-bit Systems | 4571709 (Security Update) | Important | Elevation of Privilege | 4565489 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 4571709 (Security Update) | Important | Elevation of Privilege | 4565489 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 4571709 (Security Update) | Important | Elevation of Privilege | 4565489 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 1903 for 32-bit Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 1903 for ARM64-based Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 1903 for x64-based Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 4566782 (Security Update) | Important | Elevation of Privilege | 4565503 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 4566782 (Security Update) | Important | Elevation of Privilege | 4565503 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 4566782 (Security Update) | Important | Elevation of Privilege | 4565503 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 7 for 32-bit Systems Service Pack 1 | 4571729 (Monthly Rollup) 4571719 (Security Only) |
Important | Elevation of Privilege | 4565524 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 4571729 (Monthly Rollup) 4571719 (Security Only) |
Important | Elevation of Privilege | 4565524 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 8.1 for 32-bit systems | 4571703 (Monthly Rollup) 4571723 (Security Only) |
Important | Elevation of Privilege | 4565541 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 8.1 for x64-based systems | 4571703 (Monthly Rollup) 4571723 (Security Only) |
Important | Elevation of Privilege | 4565541 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows RT 8.1 | 4571703 (Monthly Rollup) | Important | Elevation of Privilege | 4565541 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 4571729 (Monthly Rollup) 4571719 (Security Only) |
Important | Elevation of Privilege | 4565524 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 4571729 (Monthly Rollup) 4571719 (Security Only) |
Important | Elevation of Privilege | 4565524 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows Server 2012 R2 | 4571703 (Monthly Rollup) 4571723 (Security Only) |
Important | Elevation of Privilege | 4565541 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 4571703 (Monthly Rollup) 4571723 (Security Only) |
Important | Elevation of Privilege | 4565541 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows Server 2016 | 4571694 (Security Update) | Important | Elevation of Privilege | 4565511 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows Server 2016 (Server Core installation) | 4571694 (Security Update) | Important | Elevation of Privilege | 4565511 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows Server 2019 | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows Server 2019 (Server Core installation) | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows Server, version 1903 (Server Core installation) | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows Server, version 1909 (Server Core installation) | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows Server, version 2004 (Server Core installation) | 4566782 (Security Update) | Important | Elevation of Privilege | 4565503 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| CVE ID | Acknowledgements |
| CVE-2020-1552 | Zhiniang Peng (@edwardzpeng) & Jiadong Lu |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2020-1553 MITRE NVD |
CVE Title: Windows Runtime Elevation of Privilege Vulnerability
Description: An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The update addresses the vulnerability by correcting the way the Windows Runtime handles objects in memory. FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2020-08-11T07:00:00Z Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2020-1553 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 4571692 (Security Update) | Important | Elevation of Privilege | 4565513 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 4571692 (Security Update) | Important | Elevation of Privilege | 4565513 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 4571694 (Security Update) | Important | Elevation of Privilege | 4565511 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 4571694 (Security Update) | Important | Elevation of Privilege | 4565511 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for 32-bit Systems | 4571741 (Security Update) | Important | Elevation of Privilege | 4565508 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for ARM64-based Systems | 4571741 (Security Update) | Important | Elevation of Privilege | 4565508 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for x64-based Systems | 4571741 (Security Update) | Important | Elevation of Privilege | 4565508 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for 32-bit Systems | 4571709 (Security Update) | Important | Elevation of Privilege | 4565489 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 4571709 (Security Update) | Important | Elevation of Privilege | 4565489 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 4571709 (Security Update) | Important | Elevation of Privilege | 4565489 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for 32-bit Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for ARM64-based Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for x64-based Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 4566782 (Security Update) | Important | Elevation of Privilege | 4565503 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 4566782 (Security Update) | Important | Elevation of Privilege | 4565503 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 4566782 (Security Update) | Important | Elevation of Privilege | 4565503 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 | 4571694 (Security Update) | Important | Elevation of Privilege | 4565511 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 4571694 (Security Update) | Important | Elevation of Privilege | 4565511 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1903 (Server Core installation) | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1909 (Server Core installation) | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 4566782 (Security Update) | Important | Elevation of Privilege | 4565503 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2020-1553 | Anonymous researcher |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2020-1554 MITRE NVD |
CVE Title: Media Foundation Memory Corruption Vulnerability
Description: A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory. An attacker who successfully exploited the vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit a malicious webpage. The security update addresses the vulnerability by correcting how Windows Media Foundation handles objects in memory. FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2020-08-11T07:00:00Z Information published. |
Critical | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2020-1554 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 4571692 (Security Update) | Critical | Remote Code Execution | 4565513 | Base: 8.0 Temporal: 7.6 Vector: CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:U/RC:C |
Yes |
| Windows 10 for x64-based Systems | 4571692 (Security Update) | Critical | Remote Code Execution | 4565513 | Base: 8.0 Temporal: 7.6 Vector: CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:U/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 4571694 (Security Update) | Critical | Remote Code Execution | 4565511 |
Base: 8.0 Temporal: 7.6 Vector: CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:U/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 4571694 (Security Update) | Critical | Remote Code Execution | 4565511 |
Base: 8.0 Temporal: 7.6 Vector: CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:U/RC:C |
Yes |
| Windows 10 Version 1709 for 32-bit Systems | 4571741 (Security Update) | Critical | Remote Code Execution | 4565508 | Base: 8.0 Temporal: 7.6 Vector: CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:U/RC:C |
Yes |
| Windows 10 Version 1709 for ARM64-based Systems | 4571741 (Security Update) | Critical | Remote Code Execution | 4565508 | Base: 8.0 Temporal: 7.6 Vector: CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:U/RC:C |
Yes |
| Windows 10 Version 1709 for x64-based Systems | 4571741 (Security Update) | Critical | Remote Code Execution | 4565508 | Base: 8.0 Temporal: 7.6 Vector: CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:U/RC:C |
Yes |
| Windows 10 Version 1803 for 32-bit Systems | 4571709 (Security Update) | Critical | Remote Code Execution | 4565489 | Base: 8.0 Temporal: 7.6 Vector: CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:U/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 4571709 (Security Update) | Critical | Remote Code Execution | 4565489 | Base: 8.0 Temporal: 7.6 Vector: CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:U/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 4571709 (Security Update) | Critical | Remote Code Execution | 4565489 | Base: 8.0 Temporal: 7.6 Vector: CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:U/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 4565349 (Security Update) | Critical | Remote Code Execution | 4558998 |
Base: 8.0 Temporal: 7.6 Vector: CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:U/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 4565349 (Security Update) | Critical | Remote Code Execution | 4558998 |
Base: 8.0 Temporal: 7.6 Vector: CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:U/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 4565349 (Security Update) | Critical | Remote Code Execution | 4558998 |
Base: 8.0 Temporal: 7.6 Vector: CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:U/RC:C |
Yes |
| Windows 10 Version 1903 for 32-bit Systems | 4565351 (Security Update) | Critical | Remote Code Execution | 4565483 | Base: 8.0 Temporal: 7.6 Vector: CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:U/RC:C |
Yes |
| Windows 10 Version 1903 for ARM64-based Systems | 4565351 (Security Update) | Critical | Remote Code Execution | 4565483 | Base: 8.0 Temporal: 7.6 Vector: CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:U/RC:C |
Yes |
| Windows 10 Version 1903 for x64-based Systems | 4565351 (Security Update) | Critical | Remote Code Execution | 4565483 | Base: 8.0 Temporal: 7.6 Vector: CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:U/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 4565351 (Security Update) | Critical | Remote Code Execution | 4565483 | Base: 8.0 Temporal: 7.6 Vector: CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:U/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 4565351 (Security Update) | Critical | Remote Code Execution | 4565483 | Base: 8.0 Temporal: 7.6 Vector: CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:U/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 4565351 (Security Update) | Critical | Remote Code Execution | 4565483 | Base: 8.0 Temporal: 7.6 Vector: CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:U/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 4566782 (Security Update) | Critical | Remote Code Execution | 4565503 |
Base: 8.0 Temporal: 7.6 Vector: CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:U/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 4566782 (Security Update) | Critical | Remote Code Execution | 4565503 |
Base: 8.0 Temporal: 7.6 Vector: CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:U/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 4566782 (Security Update) | Critical | Remote Code Execution | 4565503 |
Base: 8.0 Temporal: 7.6 Vector: CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:U/RC:C |
Yes |
| Windows 7 for 32-bit Systems Service Pack 1 | 4571729 (Monthly Rollup) 4571719 (Security Only) |
Critical | Remote Code Execution | 4565524 |
Base: 8.0 Temporal: 7.6 Vector: CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:U/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 4571729 (Monthly Rollup) 4571719 (Security Only) |
Critical | Remote Code Execution | 4565524 |
Base: 8.0 Temporal: 7.6 Vector: CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:U/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 4571703 (Monthly Rollup) 4571723 (Security Only) |
Critical | Remote Code Execution | 4565541 |
Base: 8.0 Temporal: 7.6 Vector: CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:U/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 4571703 (Monthly Rollup) 4571723 (Security Only) |
Critical | Remote Code Execution | 4565541 |
Base: 8.0 Temporal: 7.6 Vector: CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:U/RC:C |
Yes |
| Windows RT 8.1 | 4571703 (Monthly Rollup) | Critical | Remote Code Execution | 4565541 |
Base: 8.0 Temporal: 7.6 Vector: CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:U/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 4571730 (Monthly Rollup) 4571746 (Security Only) |
Critical | Remote Code Execution | 4565536 |
Base: 8.0 Temporal: 7.6 Vector: CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:U/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 4571730 (Monthly Rollup) 4571746 (Security Only) |
Critical | Remote Code Execution | 4565536 |
Base: 8.0 Temporal: 7.6 Vector: CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:U/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 4571730 (Monthly Rollup) 4571746 (Security Only) |
Critical | Remote Code Execution | 4565536 |
Base: 8.0 Temporal: 7.6 Vector: CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:U/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 4571730 (Monthly Rollup) 4571746 (Security Only) |
Critical | Remote Code Execution | 4565536 |
Base: 8.0 Temporal: 7.6 Vector: CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:U/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 4571729 (Monthly Rollup) 4571719 (Security Only) |
Critical | Remote Code Execution | 4565524 |
Base: 8.0 Temporal: 7.6 Vector: CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:U/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 4571729 (Monthly Rollup) 4571719 (Security Only) |
Critical | Remote Code Execution | 4565524 |
Base: 8.0 Temporal: 7.6 Vector: CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:U/RC:C |
Yes |
| Windows Server 2012 | 4571736 (Monthly Rollup) 4571702 (Security Only) |
Critical | Remote Code Execution | 4565537 |
Base: 8.0 Temporal: 7.6 Vector: CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:U/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 4571736 (Monthly Rollup) 4571702 (Security Only) |
Critical | Remote Code Execution | 4565537 |
Base: 8.0 Temporal: 7.6 Vector: CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:U/RC:C |
Yes |
| Windows Server 2012 R2 | 4571703 (Monthly Rollup) 4571723 (Security Only) |
Critical | Remote Code Execution | 4565541 |
Base: 8.0 Temporal: 7.6 Vector: CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:U/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 4571703 (Monthly Rollup) 4571723 (Security Only) |
Critical | Remote Code Execution | 4565541 |
Base: 8.0 Temporal: 7.6 Vector: CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:U/RC:C |
Yes |
| Windows Server 2016 | 4571694 (Security Update) | Critical | Remote Code Execution | 4565511 |
Base: 8.0 Temporal: 7.6 Vector: CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:U/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 4571694 (Security Update) | Critical | Remote Code Execution | 4565511 |
Base: 8.0 Temporal: 7.6 Vector: CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:U/RC:C |
Yes |
| Windows Server 2019 | 4565349 (Security Update) | Critical | Remote Code Execution | 4558998 |
Base: 8.0 Temporal: 7.6 Vector: CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:U/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 4565349 (Security Update) | Critical | Remote Code Execution | 4558998 |
Base: 8.0 Temporal: 7.6 Vector: CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:U/RC:C |
Yes |
| Windows Server, version 1903 (Server Core installation) | 4565351 (Security Update) | Critical | Remote Code Execution | 4565483 | Base: 8.0 Temporal: 7.6 Vector: CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:U/RC:C |
Yes |
| Windows Server, version 1909 (Server Core installation) | 4565351 (Security Update) | Critical | Remote Code Execution | 4565483 | Base: 8.0 Temporal: 7.6 Vector: CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:U/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 4566782 (Security Update) | Critical | Remote Code Execution | 4565503 |
Base: 8.0 Temporal: 7.6 Vector: CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:U/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2020-1554 | yangkang3 (@dnpushme) |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2020-1555 MITRE NVD |
CVE Title: Scripting Engine Memory Corruption Vulnerability
Description: A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge (HTML-based). The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft Edge (HTML-based) and then convince a user to view the website. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability. The security update addresses the vulnerability by modifying how the scripting engine handles objects in memory. FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2020-08-11T07:00:00Z Information published. |
Critical | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | N/A | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2020-1555 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| ChakraCore | Release Notes (Security Update) | Critical | Remote Code Execution | None | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1709 for 32-bit Systems | 4571741 (Security Update) | Critical | Remote Code Execution | 4565508 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1709 for ARM64-based Systems | 4571741 (Security Update) | Critical | Remote Code Execution | 4565508 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1709 for x64-based Systems | 4571741 (Security Update) | Critical | Remote Code Execution | 4565508 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for 32-bit Systems | 4571709 (Security Update) | Critical | Remote Code Execution | 4565489 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for ARM64-based Systems | 4571709 (Security Update) | Critical | Remote Code Execution | 4565489 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for x64-based Systems | 4571709 (Security Update) | Critical | Remote Code Execution | 4565489 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for 32-bit Systems | 4565349 (Security Update) | Critical | Remote Code Execution | 4558998 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for ARM64-based Systems | 4565349 (Security Update) | Critical | Remote Code Execution | 4558998 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for x64-based Systems | 4565349 (Security Update) | Critical | Remote Code Execution | 4558998 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1903 for 32-bit Systems | 4565351 (Security Update) | Critical | Remote Code Execution | 4565483 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1903 for ARM64-based Systems | 4565351 (Security Update) | Critical | Remote Code Execution | 4565483 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1903 for x64-based Systems | 4565351 (Security Update) | Critical | Remote Code Execution | 4565483 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1909 for 32-bit Systems | 4565351 (Security Update) | Critical | Remote Code Execution | 4565483 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1909 for ARM64-based Systems | 4565351 (Security Update) | Critical | Remote Code Execution | 4565483 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1909 for x64-based Systems | 4565351 (Security Update) | Critical | Remote Code Execution | 4565483 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Microsoft Edge (EdgeHTML-based) on Windows 10 Version 2004 for 32-bit Systems | 4566782 (Security Update) | Critical | Remote Code Execution | 4565503 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Microsoft Edge (EdgeHTML-based) on Windows 10 Version 2004 for ARM64-based Systems | 4566782 (Security Update) | Critical | Remote Code Execution | 4565503 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Microsoft Edge (EdgeHTML-based) on Windows 10 Version 2004 for x64-based Systems | 4566782 (Security Update) | Critical | Remote Code Execution | 4565503 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Microsoft Edge (EdgeHTML-based) on Windows Server 2019 | 4565349 (Security Update) | Moderate | Remote Code Execution | 4558998 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| CVE ID | Acknowledgements |
| CVE-2020-1555 | Asprose working with Trend Micro's Zero Day Initiative |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2020-1556 MITRE NVD |
CVE Title: Windows WalletService Elevation of Privilege Vulnerability
Description: An elevation of privilege vulnerability exists in the way that the Windows WalletService handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. To exploit the vulnerability, a locally authenticated attacker could run a specially crafted application. The security update addresses the vulnerability by ensuring the Windows WalletService properly handles objects in memory. FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2020-08-11T07:00:00Z Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2020-1556 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 4571692 (Security Update) | Important | Elevation of Privilege | 4565513 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 for x64-based Systems | 4571692 (Security Update) | Important | Elevation of Privilege | 4565513 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 4571694 (Security Update) | Important | Elevation of Privilege | 4565511 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 4571694 (Security Update) | Important | Elevation of Privilege | 4565511 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 1709 for 32-bit Systems | 4571741 (Security Update) | Important | Elevation of Privilege | 4565508 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 1709 for ARM64-based Systems | 4571741 (Security Update) | Important | Elevation of Privilege | 4565508 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 1709 for x64-based Systems | 4571741 (Security Update) | Important | Elevation of Privilege | 4565508 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 1803 for 32-bit Systems | 4571709 (Security Update) | Important | Elevation of Privilege | 4565489 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 4571709 (Security Update) | Important | Elevation of Privilege | 4565489 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 4571709 (Security Update) | Important | Elevation of Privilege | 4565489 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 1903 for 32-bit Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 1903 for ARM64-based Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 1903 for x64-based Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 4566782 (Security Update) | Important | Elevation of Privilege | 4565503 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 4566782 (Security Update) | Important | Elevation of Privilege | 4565503 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 4566782 (Security Update) | Important | Elevation of Privilege | 4565503 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows Server 2016 | 4571694 (Security Update) | Important | Elevation of Privilege | 4565511 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows Server 2016 (Server Core installation) | 4571694 (Security Update) | Important | Elevation of Privilege | 4565511 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows Server 2019 | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows Server 2019 (Server Core installation) | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows Server, version 1903 (Server Core installation) | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows Server, version 1909 (Server Core installation) | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows Server, version 2004 (Server Core installation) | 4566782 (Security Update) | Important | Elevation of Privilege | 4565503 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| CVE ID | Acknowledgements |
| CVE-2020-1556 | Anonymous working with Trend Micro's Zero Day Initiative Jarvis_1oop of Pinduoduo Security Research Lab |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2020-1557 MITRE NVD |
CVE Title: Jet Database Engine Remote Code Execution Vulnerability
Description: A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory. FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2020-08-11T07:00:00Z Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2020-1557 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 4571692 (Security Update) | Important | Remote Code Execution | 4565513 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 for x64-based Systems | 4571692 (Security Update) | Important | Remote Code Execution | 4565513 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 4571694 (Security Update) | Important | Remote Code Execution | 4565511 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 4571694 (Security Update) | Important | Remote Code Execution | 4565511 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 1709 for 32-bit Systems | 4571741 (Security Update) | Important | Remote Code Execution | 4565508 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 1709 for ARM64-based Systems | 4571741 (Security Update) | Important | Remote Code Execution | 4565508 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 1709 for x64-based Systems | 4571741 (Security Update) | Important | Remote Code Execution | 4565508 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 1803 for 32-bit Systems | 4571709 (Security Update) | Important | Remote Code Execution | 4565489 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 4571709 (Security Update) | Important | Remote Code Execution | 4565489 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 4571709 (Security Update) | Important | Remote Code Execution | 4565489 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 4565349 (Security Update) | Important | Remote Code Execution | 4558998 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 4565349 (Security Update) | Important | Remote Code Execution | 4558998 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 4565349 (Security Update) | Important | Remote Code Execution | 4558998 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 1903 for 32-bit Systems | 4565351 (Security Update) | Important | Remote Code Execution | 4565483 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 1903 for ARM64-based Systems | 4565351 (Security Update) | Important | Remote Code Execution | 4565483 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 1903 for x64-based Systems | 4565351 (Security Update) | Important | Remote Code Execution | 4565483 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 4565351 (Security Update) | Important | Remote Code Execution | 4565483 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 4565351 (Security Update) | Important | Remote Code Execution | 4565483 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 4565351 (Security Update) | Important | Remote Code Execution | 4565483 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 4566782 (Security Update) | Important | Remote Code Execution | 4565503 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 4566782 (Security Update) | Important | Remote Code Execution | 4565503 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 4566782 (Security Update) | Important | Remote Code Execution | 4565503 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 7 for 32-bit Systems Service Pack 1 | 4571729 (Monthly Rollup) 4571719 (Security Only) |
Important | Remote Code Execution | 4565524 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 4571729 (Monthly Rollup) 4571719 (Security Only) |
Important | Remote Code Execution | 4565524 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 8.1 for 32-bit systems | 4571703 (Monthly Rollup) 4571723 (Security Only) |
Important | Remote Code Execution | 4565541 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 8.1 for x64-based systems | 4571703 (Monthly Rollup) 4571723 (Security Only) |
Important | Remote Code Execution | 4565541 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows RT 8.1 | 4571703 (Monthly Rollup) | Important | Remote Code Execution | 4565541 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 4571730 (Monthly Rollup) 4571746 (Security Only) |
Important | Remote Code Execution | 4565536 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 4571730 (Monthly Rollup) 4571746 (Security Only) |
Important | Remote Code Execution | 4565536 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 4571730 (Monthly Rollup) 4571746 (Security Only) |
Important | Remote Code Execution | 4565536 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 4571730 (Monthly Rollup) 4571746 (Security Only) |
Important | Remote Code Execution | 4565536 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 4571729 (Monthly Rollup) 4571719 (Security Only) |
Important | Remote Code Execution | 4565524 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 4571729 (Monthly Rollup) 4571719 (Security Only) |
Important | Remote Code Execution | 4565524 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows Server 2012 | 4571736 (Monthly Rollup) 4571702 (Security Only) |
Important | Remote Code Execution | 4565537 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows Server 2012 (Server Core installation) | 4571736 (Monthly Rollup) 4571702 (Security Only) |
Important | Remote Code Execution | 4565537 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows Server 2012 R2 | 4571703 (Monthly Rollup) 4571723 (Security Only) |
Important | Remote Code Execution | 4565541 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 4571703 (Monthly Rollup) 4571723 (Security Only) |
Important | Remote Code Execution | 4565541 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows Server 2016 | 4571694 (Security Update) | Important | Remote Code Execution | 4565511 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows Server 2016 (Server Core installation) | 4571694 (Security Update) | Important | Remote Code Execution | 4565511 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows Server 2019 | 4565349 (Security Update) | Important | Remote Code Execution | 4558998 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows Server 2019 (Server Core installation) | 4565349 (Security Update) | Important | Remote Code Execution | 4558998 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows Server, version 1903 (Server Core installation) | 4565351 (Security Update) | Important | Remote Code Execution | 4565483 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows Server, version 1909 (Server Core installation) | 4565351 (Security Update) | Important | Remote Code Execution | 4565483 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows Server, version 2004 (Server Core installation) | 4566782 (Security Update) | Important | Remote Code Execution | 4565503 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| CVE ID | Acknowledgements |
| CVE-2020-1557 | Zhibin Zhang of Palo Alto Networks |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2020-1558 MITRE NVD |
CVE Title: Jet Database Engine Remote Code Execution Vulnerability
Description: A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory. FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2020-08-11T07:00:00Z Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2020-1558 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 4571692 (Security Update) | Important | Remote Code Execution | 4565513 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 for x64-based Systems | 4571692 (Security Update) | Important | Remote Code Execution | 4565513 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 4571694 (Security Update) | Important | Remote Code Execution | 4565511 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 4571694 (Security Update) | Important | Remote Code Execution | 4565511 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 1709 for 32-bit Systems | 4571741 (Security Update) | Important | Remote Code Execution | 4565508 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 1709 for ARM64-based Systems | 4571741 (Security Update) | Important | Remote Code Execution | 4565508 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 1709 for x64-based Systems | 4571741 (Security Update) | Important | Remote Code Execution | 4565508 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 1803 for 32-bit Systems | 4571709 (Security Update) | Important | Remote Code Execution | 4565489 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 4571709 (Security Update) | Important | Remote Code Execution | 4565489 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 4571709 (Security Update) | Important | Remote Code Execution | 4565489 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 4565349 (Security Update) | Important | Remote Code Execution | 4558998 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 4565349 (Security Update) | Important | Remote Code Execution | 4558998 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 4565349 (Security Update) | Important | Remote Code Execution | 4558998 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 1903 for 32-bit Systems | 4565351 (Security Update) | Important | Remote Code Execution | 4565483 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 1903 for ARM64-based Systems | 4565351 (Security Update) | Important | Remote Code Execution | 4565483 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 1903 for x64-based Systems | 4565351 (Security Update) | Important | Remote Code Execution | 4565483 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 4565351 (Security Update) | Important | Remote Code Execution | 4565483 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 4565351 (Security Update) | Important | Remote Code Execution | 4565483 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 4565351 (Security Update) | Important | Remote Code Execution | 4565483 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 4566782 (Security Update) | Important | Remote Code Execution | 4565503 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 4566782 (Security Update) | Important | Remote Code Execution | 4565503 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 4566782 (Security Update) | Important | Remote Code Execution | 4565503 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 7 for 32-bit Systems Service Pack 1 | 4571729 (Monthly Rollup) 4571719 (Security Only) |
Important | Remote Code Execution | 4565524 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 4571729 (Monthly Rollup) 4571719 (Security Only) |
Important | Remote Code Execution | 4565524 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 8.1 for 32-bit systems | 4571703 (Monthly Rollup) 4571723 (Security Only) |
Important | Remote Code Execution | 4565541 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 8.1 for x64-based systems | 4571703 (Monthly Rollup) 4571723 (Security Only) |
Important | Remote Code Execution | 4565541 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows RT 8.1 | 4571703 (Monthly Rollup) | Important | Remote Code Execution | 4565541 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 4571730 (Monthly Rollup) 4571746 (Security Only) |
Important | Remote Code Execution | 4565536 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 4571730 (Monthly Rollup) 4571746 (Security Only) |
Important | Remote Code Execution | 4565536 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 4571730 (Monthly Rollup) 4571746 (Security Only) |
Important | Remote Code Execution | 4565536 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 4571730 (Monthly Rollup) 4571746 (Security Only) |
Important | Remote Code Execution | 4565536 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 4571729 (Monthly Rollup) 4571719 (Security Only) |
Important | Remote Code Execution | 4565524 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 4571729 (Monthly Rollup) 4571719 (Security Only) |
Important | Remote Code Execution | 4565524 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows Server 2012 | 4571736 (Monthly Rollup) 4571702 (Security Only) |
Important | Remote Code Execution | 4565537 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows Server 2012 (Server Core installation) | 4571736 (Monthly Rollup) 4571702 (Security Only) |
Important | Remote Code Execution | 4565537 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows Server 2012 R2 | 4571703 (Monthly Rollup) 4571723 (Security Only) |
Important | Remote Code Execution | 4565541 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 4571703 (Monthly Rollup) 4571723 (Security Only) |
Important | Remote Code Execution | 4565541 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows Server 2016 | 4571694 (Security Update) | Important | Remote Code Execution | 4565511 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows Server 2016 (Server Core installation) | 4571694 (Security Update) | Important | Remote Code Execution | 4565511 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows Server 2019 | 4565349 (Security Update) | Important | Remote Code Execution | 4558998 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows Server 2019 (Server Core installation) | 4565349 (Security Update) | Important | Remote Code Execution | 4558998 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows Server, version 1903 (Server Core installation) | 4565351 (Security Update) | Important | Remote Code Execution | 4565483 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows Server, version 1909 (Server Core installation) | 4565351 (Security Update) | Important | Remote Code Execution | 4565483 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows Server, version 2004 (Server Core installation) | 4566782 (Security Update) | Important | Remote Code Execution | 4565503 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| CVE ID | Acknowledgements |
| CVE-2020-1558 | Bo Qu of Palo Alto Networks and Heige of KnownSec 404 Team Zhibin Zhang of Palo Alto Networks |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2020-1560 MITRE NVD |
CVE Title: Microsoft Windows Codecs Library Remote Code Execution Vulnerability
Description: A remote code execution vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system. Exploitation of the vulnerability requires that a program process a specially crafted image file. The update addresses the vulnerability by correcting how Microsoft Windows Codecs Library handles objects in memory. FAQ: How does a user know if the update has been installed? You can check the version of the installed package. For example, click on Settings, Apps & Features and select AV1 Video Extension, Advanced Options. You will see the version there. The secure versions are 1.1.31753.0 and later. Is Windows vulnerable in the default configuration? Only customers who have installed the optional "AV1 Video Extension" media codec from Microsoft Store may be vulnerable. How do I get the updated Windows Media Codec? Affected customers will be automatically updated by Microsoft Store. Customers do not need to take any action to receive the update. Alternatively, customers who want to receive the update immediately can check for updates with the Microsoft Store App; more information on this process can be found here. Why are these security updates offered to affected clients via the Microsoft Store and not Windows Update? These updates are for optional apps/components that are offered to customers as a download via the Microsoft Store. Updates for optional store apps/components are provided via the Microsoft Store. My server is in a disconnected environment, is it vulnerable? AV1 is not available for offline distribution and not supported on Windows Server. Users should not have it installed in these environments. Enterprise customers using Store for Business will receive the update in the same manner as consumer Store. Why are these updates being offered outside of Update Tuesday? Servicing for store apps/components does not follow the monthly “Update Tuesday” cadence, but are offered whenever necessary. Are these updates for Microsoft store apps/components offered automatically when an affected component is on the system? Yes. However, it is possible to turn off automatic updating for store apps. In that scenario, these updates would not be installed automatically. How can I check from PowerShell if the update is installed? The following command will display the version of the installed package:
Mitigations: None Workarounds: None Revision: 1.0 2020-08-11T07:00:00Z Information published. |
Critical | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | N/A | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2020-1560 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Windows 10 Version 1709 for 32-bit Systems | Critical | Remote Code Execution | None | Base: 7.3 Temporal: 6.6 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Unknown | |
| Windows 10 Version 1709 for ARM64-based Systems | Critical | Remote Code Execution | None | Base: 7.3 Temporal: 6.6 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Unknown | |
| Windows 10 Version 1709 for x64-based Systems | Critical | Remote Code Execution | None | Base: 7.3 Temporal: 6.6 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Unknown | |
| Windows 10 Version 1803 for 32-bit Systems | Critical | Remote Code Execution | None | Base: 7.3 Temporal: 6.6 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Unknown | |
| Windows 10 Version 1803 for ARM64-based Systems | Critical | Remote Code Execution | None | Base: 7.3 Temporal: 6.6 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Unknown | |
| Windows 10 Version 1803 for x64-based Systems | Critical | Remote Code Execution | None | Base: 7.3 Temporal: 6.6 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Unknown | |
| Windows 10 Version 1809 for 32-bit Systems | Critical | Remote Code Execution | None | Base: 7.3 Temporal: 6.6 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Unknown | |
| Windows 10 Version 1809 for ARM64-based Systems | Critical | Remote Code Execution | None | Base: 7.3 Temporal: 6.6 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Unknown | |
| Windows 10 Version 1809 for x64-based Systems | Critical | Remote Code Execution | None | Base: 7.3 Temporal: 6.6 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Unknown | |
| Windows 10 Version 1903 for 32-bit Systems | Critical | Remote Code Execution | None | Base: 7.3 Temporal: 6.6 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Unknown | |
| Windows 10 Version 1903 for ARM64-based Systems | Critical | Remote Code Execution | None | Base: 7.3 Temporal: 6.6 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Unknown | |
| Windows 10 Version 1903 for x64-based Systems | Critical | Remote Code Execution | None | Base: 7.3 Temporal: 6.6 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Unknown | |
| Windows 10 Version 1909 for 32-bit Systems | Critical | Remote Code Execution | None | Base: 7.3 Temporal: 6.6 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Unknown | |
| Windows 10 Version 1909 for ARM64-based Systems | Critical | Remote Code Execution | None | Base: 7.3 Temporal: 6.6 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Unknown | |
| Windows 10 Version 1909 for x64-based Systems | Critical | Remote Code Execution | None | Base: 7.3 Temporal: 6.6 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Unknown | |
| Windows 10 Version 2004 for 32-bit Systems | Critical | Remote Code Execution | None | Base: 7.3 Temporal: 6.6 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Unknown | |
| Windows 10 Version 2004 for ARM64-based Systems | Critical | Remote Code Execution | None | Base: 7.3 Temporal: 6.6 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Unknown | |
| Windows 10 Version 2004 for x64-based Systems | Critical | Remote Code Execution | None | Base: 7.3 Temporal: 6.6 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Unknown | |
| Windows Server, version 2004 (Server Core installation) | Critical | Remote Code Execution | None | Base: 7.3 Temporal: 6.6 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Unknown | |
| CVE ID | Acknowledgements |
| CVE-2020-1560 | Abdul-Aziz Hariri of Trend Micro Zero Day Initiative |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2020-1561 MITRE NVD |
CVE Title: Microsoft Graphics Components Remote Code Execution Vulnerability
Description: A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code on a target system. To exploit the vulnerability, a user would have to open a specially crafted file. The security update addresses the vulnerability by correcting how Microsoft Graphics Components handle objects in memory. FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2020-08-11T07:00:00Z Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2020-1561 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 4571692 (Security Update) | Important | Remote Code Execution | 4565513 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 4571692 (Security Update) | Important | Remote Code Execution | 4565513 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 4571694 (Security Update) | Important | Remote Code Execution | 4565511 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 4571694 (Security Update) | Important | Remote Code Execution | 4565511 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for 32-bit Systems | 4571741 (Security Update) | Important | Remote Code Execution | 4565508 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for ARM64-based Systems | 4571741 (Security Update) | Important | Remote Code Execution | 4565508 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for x64-based Systems | 4571741 (Security Update) | Important | Remote Code Execution | 4565508 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for 32-bit Systems | 4571709 (Security Update) | Important | Remote Code Execution | 4565489 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 4571709 (Security Update) | Important | Remote Code Execution | 4565489 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 4571709 (Security Update) | Important | Remote Code Execution | 4565489 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 4565349 (Security Update) | Important | Remote Code Execution | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 4565349 (Security Update) | Important | Remote Code Execution | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 4565349 (Security Update) | Important | Remote Code Execution | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for 32-bit Systems | 4565351 (Security Update) | Important | Remote Code Execution | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for ARM64-based Systems | 4565351 (Security Update) | Important | Remote Code Execution | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for x64-based Systems | 4565351 (Security Update) | Important | Remote Code Execution | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 4565351 (Security Update) | Important | Remote Code Execution | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 4565351 (Security Update) | Important | Remote Code Execution | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 4565351 (Security Update) | Important | Remote Code Execution | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 4566782 (Security Update) | Important | Remote Code Execution | 4565503 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 4566782 (Security Update) | Important | Remote Code Execution | 4565503 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 4566782 (Security Update) | Important | Remote Code Execution | 4565503 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 | 4571694 (Security Update) | Important | Remote Code Execution | 4565511 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 4571694 (Security Update) | Important | Remote Code Execution | 4565511 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 | 4565349 (Security Update) | Important | Remote Code Execution | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 4565349 (Security Update) | Important | Remote Code Execution | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1903 (Server Core installation) | 4565351 (Security Update) | Important | Remote Code Execution | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1909 (Server Core installation) | 4565351 (Security Update) | Important | Remote Code Execution | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 4566782 (Security Update) | Important | Remote Code Execution | 4565503 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2020-1561 | Zhiyi Zhang from Codesafe Team of Legendsec at Qi'anxin Group kdot working with Trend Micro's Zero Day Initiative |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2020-1562 MITRE NVD |
CVE Title: Microsoft Graphics Components Remote Code Execution Vulnerability
Description: A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code on a target system. To exploit the vulnerability, a user would have to open a specially crafted file. The security update addresses the vulnerability by correcting how Microsoft Graphics Components handle objects in memory. FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2020-08-11T07:00:00Z Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2020-1562 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 4571692 (Security Update) | Important | Remote Code Execution | 4565513 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 4571692 (Security Update) | Important | Remote Code Execution | 4565513 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 4571694 (Security Update) | Important | Remote Code Execution | 4565511 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 4571694 (Security Update) | Important | Remote Code Execution | 4565511 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for 32-bit Systems | 4571741 (Security Update) | Important | Remote Code Execution | 4565508 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for ARM64-based Systems | 4571741 (Security Update) | Important | Remote Code Execution | 4565508 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for x64-based Systems | 4571741 (Security Update) | Important | Remote Code Execution | 4565508 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for 32-bit Systems | 4571709 (Security Update) | Important | Remote Code Execution | 4565489 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 4571709 (Security Update) | Important | Remote Code Execution | 4565489 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 4571709 (Security Update) | Important | Remote Code Execution | 4565489 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 4565349 (Security Update) | Important | Remote Code Execution | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 4565349 (Security Update) | Important | Remote Code Execution | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 4565349 (Security Update) | Important | Remote Code Execution | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for 32-bit Systems | 4565351 (Security Update) | Important | Remote Code Execution | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for ARM64-based Systems | 4565351 (Security Update) | Important | Remote Code Execution | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for x64-based Systems | 4565351 (Security Update) | Important | Remote Code Execution | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 4565351 (Security Update) | Important | Remote Code Execution | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 4565351 (Security Update) | Important | Remote Code Execution | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 4565351 (Security Update) | Important | Remote Code Execution | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 4566782 (Security Update) | Important | Remote Code Execution | 4565503 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 4566782 (Security Update) | Important | Remote Code Execution | 4565503 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 4566782 (Security Update) | Important | Remote Code Execution | 4565503 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 7 for 32-bit Systems Service Pack 1 | 4571729 (Monthly Rollup) 4571719 (Security Only) |
Important | Remote Code Execution | 4565524 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 4571729 (Monthly Rollup) 4571719 (Security Only) |
Important | Remote Code Execution | 4565524 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 4571703 (Monthly Rollup) 4571723 (Security Only) |
Important | Remote Code Execution | 4565541 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 4571703 (Monthly Rollup) 4571723 (Security Only) |
Important | Remote Code Execution | 4565541 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 4571703 (Monthly Rollup) | Important | Remote Code Execution | 4565541 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 4571730 (Monthly Rollup) 4571746 (Security Only) |
Important | Remote Code Execution | 4565536 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 4571730 (Monthly Rollup) 4571746 (Security Only) |
Important | Remote Code Execution | 4565536 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 4571730 (Monthly Rollup) 4571746 (Security Only) |
Important | Remote Code Execution | 4565536 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 4571730 (Monthly Rollup) 4571746 (Security Only) |
Important | Remote Code Execution | 4565536 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 4571729 (Monthly Rollup) 4571719 (Security Only) |
Important | Remote Code Execution | 4565524 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 4571729 (Monthly Rollup) 4571719 (Security Only) |
Important | Remote Code Execution | 4565524 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 | 4571736 (Monthly Rollup) 4571702 (Security Only) |
Important | Remote Code Execution | 4565537 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 4571736 (Monthly Rollup) 4571702 (Security Only) |
Important | Remote Code Execution | 4565537 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 4571703 (Monthly Rollup) 4571723 (Security Only) |
Important | Remote Code Execution | 4565541 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 4571703 (Monthly Rollup) 4571723 (Security Only) |
Important | Remote Code Execution | 4565541 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 | 4571694 (Security Update) | Important | Remote Code Execution | 4565511 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 4571694 (Security Update) | Important | Remote Code Execution | 4565511 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 | 4565349 (Security Update) | Important | Remote Code Execution | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 4565349 (Security Update) | Important | Remote Code Execution | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1903 (Server Core installation) | 4565351 (Security Update) | Important | Remote Code Execution | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1909 (Server Core installation) | 4565351 (Security Update) | Important | Remote Code Execution | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 4566782 (Security Update) | Important | Remote Code Execution | 4565503 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2020-1562 | Wenguang Jiao |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2020-1563 MITRE NVD |
CVE Title: Microsoft Office Remote Code Execution Vulnerability
Description: A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Office. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. The security update addresses the vulnerability by correcting how Microsoft Office handles objects in memory. FAQ: Is the Preview Pane an attack vector for this vulnerability? No, the Preview Pane is not an attack vector. Mitigations: None Workarounds: None Revision: 1.0 2020-08-11T07:00:00Z Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2020-1563 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Microsoft 365 Apps for Enterprise for 32-bit Systems | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: N/A Temporal: N/A Vector: N/A |
No |
| Microsoft 365 Apps for Enterprise for 64-bit Systems | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: N/A Temporal: N/A Vector: N/A |
No |
| Microsoft Office 2010 Service Pack 2 (32-bit editions) | 4484379 (Security Update) | Important | Remote Code Execution | 4484238 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft Office 2010 Service Pack 2 (64-bit editions) | 4484379 (Security Update) | Important | Remote Code Execution | 4484238 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft Office 2013 RT Service Pack 1 | 4484359 (Security Update) | Important | Remote Code Execution | None | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft Office 2013 Service Pack 1 (32-bit editions) | 4484359 (Security Update) | Important | Remote Code Execution | None | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft Office 2013 Service Pack 1 (64-bit editions) | 4484359 (Security Update) | Important | Remote Code Execution | None | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft Office 2016 (32-bit edition) | 4484431 (Security Update) | Important | Remote Code Execution | 4484287 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft Office 2016 (64-bit edition) | 4484431 (Security Update) | Important | Remote Code Execution | 4484287 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft Office 2019 for 32-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: N/A Temporal: N/A Vector: N/A |
No |
| Microsoft Office 2019 for 64-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: N/A Temporal: N/A Vector: N/A |
No |
| CVE ID | Acknowledgements |
| CVE-2020-1563 | Haozhe Zhang of Palo Alto Networks |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2020-1564 MITRE NVD |
CVE Title: Jet Database Engine Remote Code Execution Vulnerability
Description: A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory. FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2020-08-11T07:00:00Z Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2020-1564 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 4571692 (Security Update) | Important | Remote Code Execution | 4565513 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 for x64-based Systems | 4571692 (Security Update) | Important | Remote Code Execution | 4565513 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 4571694 (Security Update) | Important | Remote Code Execution | 4565511 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 4571694 (Security Update) | Important | Remote Code Execution | 4565511 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 1709 for 32-bit Systems | 4571741 (Security Update) | Important | Remote Code Execution | 4565508 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 1709 for ARM64-based Systems | 4571741 (Security Update) | Important | Remote Code Execution | 4565508 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 1709 for x64-based Systems | 4571741 (Security Update) | Important | Remote Code Execution | 4565508 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 1803 for 32-bit Systems | 4571709 (Security Update) | Important | Remote Code Execution | 4565489 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 4571709 (Security Update) | Important | Remote Code Execution | 4565489 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 4571709 (Security Update) | Important | Remote Code Execution | 4565489 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 4565349 (Security Update) | Important | Remote Code Execution | 4558998 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 4565349 (Security Update) | Important | Remote Code Execution | 4558998 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 4565349 (Security Update) | Important | Remote Code Execution | 4558998 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 1903 for 32-bit Systems | 4565351 (Security Update) | Important | Remote Code Execution | 4565483 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 1903 for ARM64-based Systems | 4565351 (Security Update) | Important | Remote Code Execution | 4565483 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 1903 for x64-based Systems | 4565351 (Security Update) | Important | Remote Code Execution | 4565483 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 4565351 (Security Update) | Important | Remote Code Execution | 4565483 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 4565351 (Security Update) | Important | Remote Code Execution | 4565483 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 4565351 (Security Update) | Important | Remote Code Execution | 4565483 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 4566782 (Security Update) | Important | Remote Code Execution | 4565503 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 4566782 (Security Update) | Important | Remote Code Execution | 4565503 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 4566782 (Security Update) | Important | Remote Code Execution | 4565503 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 7 for 32-bit Systems Service Pack 1 | 4571729 (Monthly Rollup) 4571719 (Security Only) |
Important | Remote Code Execution | 4565524 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 4571729 (Monthly Rollup) 4571719 (Security Only) |
Important | Remote Code Execution | 4565524 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 8.1 for 32-bit systems | 4571703 (Monthly Rollup) 4571723 (Security Only) |
Important | Remote Code Execution | 4565541 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 8.1 for x64-based systems | 4571703 (Monthly Rollup) 4571723 (Security Only) |
Important | Remote Code Execution | 4565541 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows RT 8.1 | 4571703 (Monthly Rollup) | Important | Remote Code Execution | 4565541 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 4571730 (Monthly Rollup) 4571746 (Security Only) |
Important | Remote Code Execution | 4565536 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 4571730 (Monthly Rollup) 4571746 (Security Only) |
Important | Remote Code Execution | 4565536 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 4571730 (Monthly Rollup) 4571746 (Security Only) |
Important | Remote Code Execution | 4565536 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 4571730 (Monthly Rollup) 4571746 (Security Only) |
Important | Remote Code Execution | 4565536 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 4571729 (Monthly Rollup) 4571719 (Security Only) |
Important | Remote Code Execution | 4565524 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 4571729 (Monthly Rollup) 4571719 (Security Only) |
Important | Remote Code Execution | 4565524 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows Server 2012 | 4571736 (Monthly Rollup) 4571702 (Security Only) |
Important | Remote Code Execution | 4565537 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows Server 2012 (Server Core installation) | 4571736 (Monthly Rollup) 4571702 (Security Only) |
Important | Remote Code Execution | 4565537 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows Server 2012 R2 | 4571703 (Monthly Rollup) 4571723 (Security Only) |
Important | Remote Code Execution | 4565541 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 4571703 (Monthly Rollup) 4571723 (Security Only) |
Important | Remote Code Execution | 4565541 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows Server 2016 | 4571694 (Security Update) | Important | Remote Code Execution | 4565511 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows Server 2016 (Server Core installation) | 4571694 (Security Update) | Important | Remote Code Execution | 4565511 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows Server 2019 | 4565349 (Security Update) | Important | Remote Code Execution | 4558998 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows Server 2019 (Server Core installation) | 4565349 (Security Update) | Important | Remote Code Execution | 4558998 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows Server, version 1903 (Server Core installation) | 4565351 (Security Update) | Important | Remote Code Execution | 4565483 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows Server, version 1909 (Server Core installation) | 4565351 (Security Update) | Important | Remote Code Execution | 4565483 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows Server, version 2004 (Server Core installation) | 4566782 (Security Update) | Important | Remote Code Execution | 4565503 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| CVE ID | Acknowledgements |
| CVE-2020-1564 | Zhibin Zhang of Palo Alto Networks |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2020-1565 MITRE NVD |
CVE Title: Windows Elevation of Privilege Vulnerability
Description: An elevation of privilege vulnerability exists when the "Public Account Pictures" folder improperly handles junctions. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges. The security update addresses the vulnerability by correcting how Windows handles junctions. FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2020-08-11T07:00:00Z Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2020-1565 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 4571692 (Security Update) | Important | Elevation of Privilege | 4565513 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 for x64-based Systems | 4571692 (Security Update) | Important | Elevation of Privilege | 4565513 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 4571694 (Security Update) | Important | Elevation of Privilege | 4565511 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 4571694 (Security Update) | Important | Elevation of Privilege | 4565511 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 1709 for 32-bit Systems | 4571741 (Security Update) | Important | Elevation of Privilege | 4565508 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 1709 for ARM64-based Systems | 4571741 (Security Update) | Important | Elevation of Privilege | 4565508 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 1709 for x64-based Systems | 4571741 (Security Update) | Important | Elevation of Privilege | 4565508 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 1803 for 32-bit Systems | 4571709 (Security Update) | Important | Elevation of Privilege | 4565489 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 4571709 (Security Update) | Important | Elevation of Privilege | 4565489 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 4571709 (Security Update) | Important | Elevation of Privilege | 4565489 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 1903 for 32-bit Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 1903 for ARM64-based Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 1903 for x64-based Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 4566782 (Security Update) | Important | Elevation of Privilege | 4565503 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 4566782 (Security Update) | Important | Elevation of Privilege | 4565503 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 4566782 (Security Update) | Important | Elevation of Privilege | 4565503 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 8.1 for 32-bit systems | 4571703 (Monthly Rollup) 4571723 (Security Only) |
Important | Elevation of Privilege | 4565541 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 8.1 for x64-based systems | 4571703 (Monthly Rollup) 4571723 (Security Only) |
Important | Elevation of Privilege | 4565541 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows RT 8.1 | 4571703 (Monthly Rollup) | Important | Elevation of Privilege | 4565541 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows Server 2012 | 4571736 (Monthly Rollup) 4571702 (Security Only) |
Important | Elevation of Privilege | 4565537 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows Server 2012 (Server Core installation) | 4571736 (Monthly Rollup) 4571702 (Security Only) |
Important | Elevation of Privilege | 4565537 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows Server 2012 R2 | 4571703 (Monthly Rollup) 4571723 (Security Only) |
Important | Elevation of Privilege | 4565541 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 4571703 (Monthly Rollup) 4571723 (Security Only) |
Important | Elevation of Privilege | 4565541 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows Server 2016 | 4571694 (Security Update) | Important | Elevation of Privilege | 4565511 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows Server 2016 (Server Core installation) | 4571694 (Security Update) | Important | Elevation of Privilege | 4565511 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows Server 2019 | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows Server 2019 (Server Core installation) | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows Server, version 1903 (Server Core installation) | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows Server, version 1909 (Server Core installation) | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows Server, version 2004 (Server Core installation) | 4566782 (Security Update) | Important | Elevation of Privilege | 4565503 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| CVE ID | Acknowledgements |
| CVE-2020-1565 | Jonas Lykkegård |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2020-1566 MITRE NVD |
CVE Title: Windows Kernel Elevation of Privilege Vulnerability
Description: An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application to take control of an affected system. The update addresses the vulnerability by correcting how the Windows kernel handles objects in memory. FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2020-08-11T07:00:00Z Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation More Likely | Exploitation More Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2020-1566 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 4571692 (Security Update) | Important | Elevation of Privilege | 4565513 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 for x64-based Systems | 4571692 (Security Update) | Important | Elevation of Privilege | 4565513 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 4571694 (Security Update) | Important | Elevation of Privilege | 4565511 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 4571694 (Security Update) | Important | Elevation of Privilege | 4565511 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 1709 for 32-bit Systems | 4571741 (Security Update) | Important | Elevation of Privilege | 4565508 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 1709 for ARM64-based Systems | 4571741 (Security Update) | Important | Elevation of Privilege | 4565508 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 1709 for x64-based Systems | 4571741 (Security Update) | Important | Elevation of Privilege | 4565508 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 1803 for 32-bit Systems | 4571709 (Security Update) | Important | Elevation of Privilege | 4565489 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 4571709 (Security Update) | Important | Elevation of Privilege | 4565489 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 4571709 (Security Update) | Important | Elevation of Privilege | 4565489 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 1903 for 32-bit Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 1903 for ARM64-based Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 1903 for x64-based Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 4566782 (Security Update) | Important | Elevation of Privilege | 4565503 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 4566782 (Security Update) | Important | Elevation of Privilege | 4565503 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 4566782 (Security Update) | Important | Elevation of Privilege | 4565503 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows Server 2016 | 4571694 (Security Update) | Important | Elevation of Privilege | 4565511 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows Server 2016 (Server Core installation) | 4571694 (Security Update) | Important | Elevation of Privilege | 4565511 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows Server 2019 | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows Server 2019 (Server Core installation) | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows Server, version 1903 (Server Core installation) | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows Server, version 1909 (Server Core installation) | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows Server, version 2004 (Server Core installation) | 4566782 (Security Update) | Important | Elevation of Privilege | 4565503 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| CVE ID | Acknowledgements |
| CVE-2020-1566 | Anonymous finder |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2020-1567 MITRE NVD |
CVE Title: MSHTML Engine Remote Code Execution Vulnerability
Description: A remote code execution vulnerability exists in the way that the MSHTML engine improperly validates input. An attacker could execute arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. In a HTML editing attack scenario, an attacker could trick a user into editing a specially crafted file that is designed to exploit the vulnerability. The security update addresses the vulnerability by modifying how MSHTML engine validates input. FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2020-08-11T07:00:00Z Information published. |
Critical | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation More Likely | Exploitation More Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2020-1567 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Internet Explorer 11 on Windows 10 for 32-bit Systems | 4571692 (Security Update) | Critical | Remote Code Execution | 4565513 | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 10 for x64-based Systems | 4571692 (Security Update) | Critical | Remote Code Execution | 4565513 | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 10 Version 1607 for 32-bit Systems | 4571694 (Security Update) | Critical | Remote Code Execution | 4565511 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 10 Version 1607 for x64-based Systems | 4571694 (Security Update) | Critical | Remote Code Execution | 4565511 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 10 Version 1709 for 32-bit Systems | 4571741 (Security Update) | Critical | Remote Code Execution | 4565508 | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 10 Version 1709 for ARM64-based Systems | 4571741 (Security Update) | Critical | Remote Code Execution | 4565508 | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 10 Version 1709 for x64-based Systems | 4571741 (Security Update) | Critical | Remote Code Execution | 4565508 | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 10 Version 1803 for 32-bit Systems | 4571709 (Security Update) | Critical | Remote Code Execution | 4565489 | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 10 Version 1803 for ARM64-based Systems | 4571709 (Security Update) | Critical | Remote Code Execution | 4565489 | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 10 Version 1803 for x64-based Systems | 4571709 (Security Update) | Critical | Remote Code Execution | 4565489 | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 10 Version 1809 for 32-bit Systems | 4565349 (Security Update) | Critical | Remote Code Execution | 4558998 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 10 Version 1809 for ARM64-based Systems | 4565349 (Security Update) | Critical | Remote Code Execution | 4558998 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 10 Version 1809 for x64-based Systems | 4565349 (Security Update) | Critical | Remote Code Execution | 4558998 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 10 Version 1903 for 32-bit Systems | 4565351 (Security Update) | Critical | Remote Code Execution | 4565483 | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 10 Version 1903 for ARM64-based Systems | 4565351 (Security Update) | Critical | Remote Code Execution | 4565483 | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 10 Version 1903 for x64-based Systems | 4565351 (Security Update) | Critical | Remote Code Execution | 4565483 | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 10 Version 1909 for 32-bit Systems | 4565351 (Security Update) | Critical | Remote Code Execution | 4565483 | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 10 Version 1909 for ARM64-based Systems | 4565351 (Security Update) | Critical | Remote Code Execution | 4565483 | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 10 Version 1909 for x64-based Systems | 4565351 (Security Update) | Critical | Remote Code Execution | 4565483 | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 10 Version 2004 for 32-bit Systems | 4566782 (Security Update) | Critical | Remote Code Execution | 4565503 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 10 Version 2004 for ARM64-based Systems | 4566782 (Security Update) | Critical | Remote Code Execution | 4565503 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 10 Version 2004 for x64-based Systems | 4566782 (Security Update) | Critical | Remote Code Execution | 4565503 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 7 for 32-bit Systems Service Pack 1 | 4571687 (IE Cumulative) 4571729 (Monthly Rollup) |
Critical | Remote Code Execution | 4565479 4565524 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 7 for x64-based Systems Service Pack 1 | 4571687 (IE Cumulative) 4571729 (Monthly Rollup) |
Critical | Remote Code Execution | 4565479 4565524 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 8.1 for 32-bit systems | 4571687 (IE Cumulative) 4571703 (Monthly Rollup) |
Critical | Remote Code Execution | 4565479 4565541 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 8.1 for x64-based systems | 4571687 (IE Cumulative) 4571703 (Monthly Rollup) |
Critical | Remote Code Execution | 4565479 4565541 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows RT 8.1 | 4571703 (Monthly Rollup) | Critical | Remote Code Execution | 4565541 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 4571687 (IE Cumulative) 4571729 (Monthly Rollup) |
Moderate | Remote Code Execution | 4565479 4565524 |
Base: 6.4 Temporal: 5.8 Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows Server 2012 | 4571687 (IE Cumulative) 4571736 (Monthly Rollup) |
Moderate | Remote Code Execution | 4565479 4565537 |
Base: 6.4 Temporal: 5.8 Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows Server 2012 R2 | 4571687 (IE Cumulative) 4571703 (Monthly Rollup) |
Moderate | Remote Code Execution | 4565479 4565541 |
Base: 6.4 Temporal: 5.8 Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows Server 2016 | 4571694 (Security Update) | Moderate | Remote Code Execution | 4565511 |
Base: 6.4 Temporal: 5.8 Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows Server 2019 | 4565349 (Security Update) | Moderate | Remote Code Execution | 4558998 |
Base: 6.4 Temporal: 5.8 Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 9 on Windows Server 2008 for 32-bit Systems Service Pack 2 | 4571730 (Monthly Rollup) 4571687 (IE Cumulative) |
Moderate | Remote Code Execution | 4565536 4565479 |
Base: 6.4 Temporal: 5.8 Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 9 on Windows Server 2008 for x64-based Systems Service Pack 2 | 4571730 (Monthly Rollup) 4571687 (IE Cumulative) |
Moderate | Remote Code Execution | 4565536 4565479 |
Base: 6.4 Temporal: 5.8 Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2020-1567 | Yuki Chen |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2020-1568 MITRE NVD |
CVE Title: Microsoft Edge PDF Remote Code Execution Vulnerability
Description: A remote code execution vulnerability exists when Microsoft Edge PDF Reader improperly handles objects in memory. The vulnerability could corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit the vulnerability, in a web-based attack scenario, an attacker could host a website that contains malicious PDF content. In addition, compromised websites and websites that accept or host user-provided content could contain specially crafted PDF content that could exploit the vulnerability. However, in all cases an attacker would have no way to force a user to view the attacker-controlled content. Instead, an attacker would have to convince a user to take action. For example, an attacker could trick a user into clicking a link that takes the user to the attacker's site. The security update addresses the vulnerability by modifying how Microsoft Edge PDF Reader handles objects in memory. FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2020-08-11T07:00:00Z Information published. |
Critical | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | N/A | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2020-1568 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Microsoft Edge (EdgeHTML-based) on Windows 10 for 32-bit Systems | 4571692 (Security Update) | Critical | Remote Code Execution | 4565513 | Base: 4.2 Temporal: 3.8 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge (EdgeHTML-based) on Windows 10 for x64-based Systems | 4571692 (Security Update) | Critical | Remote Code Execution | 4565513 | Base: 4.2 Temporal: 3.8 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1607 for 32-bit Systems | 4571694 (Security Update) | Critical | Remote Code Execution | 4565511 |
Base: 4.2 Temporal: 3.8 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1607 for x64-based Systems | 4571694 (Security Update) | Critical | Remote Code Execution | 4565511 |
Base: 4.2 Temporal: 3.8 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1709 for 32-bit Systems | 4571741 (Security Update) | Critical | Remote Code Execution | 4565508 | Base: 4.2 Temporal: 3.8 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1709 for ARM64-based Systems | 4571741 (Security Update) | Critical | Remote Code Execution | 4565508 | Base: 4.2 Temporal: 3.8 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1709 for x64-based Systems | 4571741 (Security Update) | Critical | Remote Code Execution | 4565508 | Base: 4.2 Temporal: 3.8 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for 32-bit Systems | 4571709 (Security Update) | Critical | Remote Code Execution | 4565489 | Base: 4.2 Temporal: 3.8 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for ARM64-based Systems | 4571709 (Security Update) | Critical | Remote Code Execution | 4565489 | Base: 4.2 Temporal: 3.8 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for x64-based Systems | 4571709 (Security Update) | Critical | Remote Code Execution | 4565489 | Base: 4.2 Temporal: 3.8 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for 32-bit Systems | 4565349 (Security Update) | Critical | Remote Code Execution | 4558998 |
Base: 4.2 Temporal: 3.8 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for ARM64-based Systems | 4565349 (Security Update) | Critical | Remote Code Execution | 4558998 |
Base: 4.2 Temporal: 3.8 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for x64-based Systems | 4565349 (Security Update) | Critical | Remote Code Execution | 4558998 |
Base: 4.2 Temporal: 3.8 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1903 for 32-bit Systems | 4565351 (Security Update) | Critical | Remote Code Execution | 4565483 | Base: 4.2 Temporal: 3.8 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1903 for ARM64-based Systems | 4565351 (Security Update) | Critical | Remote Code Execution | 4565483 | Base: 4.2 Temporal: 3.8 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1903 for x64-based Systems | 4565351 (Security Update) | Critical | Remote Code Execution | 4565483 | Base: 4.2 Temporal: 3.8 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1909 for 32-bit Systems | 4565351 (Security Update) | Critical | Remote Code Execution | 4565483 | Base: 4.2 Temporal: 3.8 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1909 for ARM64-based Systems | 4565351 (Security Update) | Critical | Remote Code Execution | 4565483 | Base: 4.2 Temporal: 3.8 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1909 for x64-based Systems | 4565351 (Security Update) | Critical | Remote Code Execution | 4565483 | Base: 4.2 Temporal: 3.8 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge (EdgeHTML-based) on Windows 10 Version 2004 for 32-bit Systems | 4566782 (Security Update) | Critical | Remote Code Execution | 4565503 |
Base: 4.2 Temporal: 3.8 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge (EdgeHTML-based) on Windows 10 Version 2004 for ARM64-based Systems | 4566782 (Security Update) | Critical | Remote Code Execution | 4565503 |
Base: 4.2 Temporal: 3.8 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge (EdgeHTML-based) on Windows 10 Version 2004 for x64-based Systems | 4566782 (Security Update) | Critical | Remote Code Execution | 4565503 |
Base: 4.2 Temporal: 3.8 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge (EdgeHTML-based) on Windows Server 2016 | 4571694 (Security Update) | Moderate | Remote Code Execution | 4565511 |
Base: 4.2 Temporal: 3.8 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge (EdgeHTML-based) on Windows Server 2019 | 4565349 (Security Update) | Moderate | Remote Code Execution | 4558998 |
Base: 4.2 Temporal: 3.8 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2020-1568 | riusksk(@riusksk) of VulWar Corp |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2020-1569 MITRE NVD |
CVE Title: Microsoft Edge Memory Corruption Vulnerability
Description: A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. An attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft Edge, and then convince a user to view the website. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements by adding specially crafted content that could exploit the vulnerability. In all cases, however, an attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically by way of enticement in an email or Instant Messenger message, or by getting them to open an attachment sent through email. The security update addresses the vulnerability by modifying how Microsoft Edge handles objects in memory. FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2020-08-11T07:00:00Z Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | N/A | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2020-1569 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for 32-bit Systems | 4571709 (Security Update) | Important | Remote Code Execution | 4565489 | Base: 4.2 Temporal: 3.8 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for ARM64-based Systems | 4571709 (Security Update) | Important | Remote Code Execution | 4565489 | Base: 4.2 Temporal: 3.8 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for x64-based Systems | 4571709 (Security Update) | Important | Remote Code Execution | 4565489 | Base: 4.2 Temporal: 3.8 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for 32-bit Systems | 4565349 (Security Update) | Important | Remote Code Execution | 4558998 |
Base: 4.2 Temporal: 3.8 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for ARM64-based Systems | 4565349 (Security Update) | Important | Remote Code Execution | 4558998 |
Base: 4.2 Temporal: 3.8 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for x64-based Systems | 4565349 (Security Update) | Important | Remote Code Execution | 4558998 |
Base: 4.2 Temporal: 3.8 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1903 for 32-bit Systems | 4565351 (Security Update) | Important | Remote Code Execution | 4565483 | Base: 4.2 Temporal: 3.8 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1903 for ARM64-based Systems | 4565351 (Security Update) | Important | Remote Code Execution | 4565483 | Base: 4.2 Temporal: 3.8 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1903 for x64-based Systems | 4565351 (Security Update) | Important | Remote Code Execution | 4565483 | Base: 4.2 Temporal: 3.8 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1909 for 32-bit Systems | 4565351 (Security Update) | Important | Remote Code Execution | 4565483 | Base: 4.2 Temporal: 3.8 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1909 for ARM64-based Systems | 4565351 (Security Update) | Important | Remote Code Execution | 4565483 | Base: 4.2 Temporal: 3.8 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1909 for x64-based Systems | 4565351 (Security Update) | Important | Remote Code Execution | 4565483 | Base: 4.2 Temporal: 3.8 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge (EdgeHTML-based) on Windows 10 Version 2004 for 32-bit Systems | 4566782 (Security Update) | Important | Remote Code Execution | 4565503 |
Base: 4.2 Temporal: 3.8 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge (EdgeHTML-based) on Windows 10 Version 2004 for ARM64-based Systems | 4566782 (Security Update) | Important | Remote Code Execution | 4565503 |
Base: 4.2 Temporal: 3.8 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge (EdgeHTML-based) on Windows 10 Version 2004 for x64-based Systems | 4566782 (Security Update) | Important | Remote Code Execution | 4565503 |
Base: 4.2 Temporal: 3.8 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| Microsoft Edge (EdgeHTML-based) on Windows Server 2019 | 4565349 (Security Update) | Low | Remote Code Execution | 4558998 |
Base: 4.2 Temporal: 3.8 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2020-1569 | Piotr Madej of AFINE |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2020-1570 MITRE NVD |
CVE Title: Scripting Engine Memory Corruption Vulnerability
Description: A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website. An attacker could also embed an ActiveX control marked "safe for initialization" in an application or Microsoft Office document that hosts the IE rendering engine. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability. The security update addresses the vulnerability by modifying how the scripting engine handles objects in memory. FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2020-08-11T07:00:00Z Information published. |
Critical | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation More Likely | Exploitation More Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2020-1570 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Internet Explorer 11 on Windows 10 for 32-bit Systems | 4571692 (Security Update) | Critical | Remote Code Execution | 4565513 | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 10 for x64-based Systems | 4571692 (Security Update) | Critical | Remote Code Execution | 4565513 | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 10 Version 1607 for 32-bit Systems | 4571694 (Security Update) | Critical | Remote Code Execution | 4565511 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 10 Version 1607 for x64-based Systems | 4571694 (Security Update) | Critical | Remote Code Execution | 4565511 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 10 Version 1709 for 32-bit Systems | 4571741 (Security Update) | Critical | Remote Code Execution | 4565508 | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 10 Version 1709 for ARM64-based Systems | 4571741 (Security Update) | Critical | Remote Code Execution | 4565508 | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 10 Version 1709 for x64-based Systems | 4571741 (Security Update) | Critical | Remote Code Execution | 4565508 | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 10 Version 1803 for 32-bit Systems | 4571709 (Security Update) | Critical | Remote Code Execution | 4565489 | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 10 Version 1803 for ARM64-based Systems | 4571709 (Security Update) | Critical | Remote Code Execution | 4565489 | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 10 Version 1803 for x64-based Systems | 4571709 (Security Update) | Critical | Remote Code Execution | 4565489 | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 10 Version 1809 for 32-bit Systems | 4565349 (Security Update) | Critical | Remote Code Execution | 4558998 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 10 Version 1809 for ARM64-based Systems | 4565349 (Security Update) | Critical | Remote Code Execution | 4558998 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 10 Version 1809 for x64-based Systems | 4565349 (Security Update) | Critical | Remote Code Execution | 4558998 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 10 Version 1903 for 32-bit Systems | 4565351 (Security Update) | Critical | Remote Code Execution | 4565483 | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 10 Version 1903 for ARM64-based Systems | 4565351 (Security Update) | Critical | Remote Code Execution | 4565483 | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 10 Version 1903 for x64-based Systems | 4565351 (Security Update) | Critical | Remote Code Execution | 4565483 | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 10 Version 1909 for 32-bit Systems | 4565351 (Security Update) | Critical | Remote Code Execution | 4565483 | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 10 Version 1909 for ARM64-based Systems | 4565351 (Security Update) | Critical | Remote Code Execution | 4565483 | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 10 Version 1909 for x64-based Systems | 4565351 (Security Update) | Critical | Remote Code Execution | 4565483 | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 10 Version 2004 for 32-bit Systems | 4566782 (Security Update) | Critical | Remote Code Execution | 4565503 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 10 Version 2004 for ARM64-based Systems | 4566782 (Security Update) | Critical | Remote Code Execution | 4565503 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 10 Version 2004 for x64-based Systems | 4566782 (Security Update) | Critical | Remote Code Execution | 4565503 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 7 for 32-bit Systems Service Pack 1 | 4571687 (IE Cumulative) 4571729 (Monthly Rollup) |
Critical | Remote Code Execution | 4565479 4565524 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 7 for x64-based Systems Service Pack 1 | 4571687 (IE Cumulative) 4571729 (Monthly Rollup) |
Critical | Remote Code Execution | 4565479 4565524 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 8.1 for 32-bit systems | 4571687 (IE Cumulative) 4571703 (Monthly Rollup) |
Critical | Remote Code Execution | 4565479 4565541 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows 8.1 for x64-based systems | 4571687 (IE Cumulative) 4571703 (Monthly Rollup) |
Critical | Remote Code Execution | 4565479 4565541 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows RT 8.1 | 4571703 (Monthly Rollup) | Critical | Remote Code Execution | 4565541 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 4571687 (IE Cumulative) 4571729 (Monthly Rollup) |
Moderate | Remote Code Execution | 4565479 4565524 |
Base: 6.4 Temporal: 5.8 Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows Server 2012 | 4571687 (IE Cumulative) 4571736 (Monthly Rollup) |
Moderate | Remote Code Execution | 4565479 4565537 |
Base: 6.4 Temporal: 5.8 Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows Server 2012 R2 | 4571687 (IE Cumulative) 4571703 (Monthly Rollup) |
Moderate | Remote Code Execution | 4565479 4565541 |
Base: 6.4 Temporal: 5.8 Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows Server 2016 | 4571694 (Security Update) | Moderate | Remote Code Execution | 4565511 |
Base: 6.4 Temporal: 5.8 Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 11 on Windows Server 2019 | 4565349 (Security Update) | Moderate | Remote Code Execution | 4558998 |
Base: 6.4 Temporal: 5.8 Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 9 on Windows Server 2008 for 32-bit Systems Service Pack 2 | 4571730 (Monthly Rollup) 4571687 (IE Cumulative) |
Moderate | Remote Code Execution | 4565536 4565479 |
Base: 6.4 Temporal: 5.8 Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Internet Explorer 9 on Windows Server 2008 for x64-based Systems Service Pack 2 | 4571730 (Monthly Rollup) 4571687 (IE Cumulative) |
Moderate | Remote Code Execution | 4565536 4565479 |
Base: 6.4 Temporal: 5.8 Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2020-1570 | bear13oy of DBAPPSecurity Co., Ltd |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||
| CVE-2020-1571 MITRE NVD |
CVE Title: Windows Setup Elevation of Privilege Vulnerability
Description: An elevation of privilege vulnerability exists in Windows Setup in the way it handles permissions. A locally authenticated attacker could run arbitrary code with elevated system privileges. After successfully exploiting the vulnerability, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. The security update addresses the vulnerability by ensuring the Windows Setup properly handles permissions. FAQ: There are no security updates listed for the affected versions of Windows. Where does this vulnerability exist? This vulnerability only exists in the Windows 10 Setup, which runs temporarily any time a customer upgrades from a previous version of Windows 10 to a newer version (for example, from Windows 10 Version 1909 to Windows 10 Version 2004). A device is vulnerable only while upgrading to a newer version of Windows. At any other time, the device is not vulnerable. How do I know if I'm protected from this vulnerability? As of this date, all in-support Feature Update bundles have been refreshed with the patched Setup binaries, so this vulnerability no longer exists. If you are using WSUS or MEM ConfigMgr or another third-party management tool, please sync the latest feature update bundles and approve those for deployment. If you are using Windows media, as applicable to your system, please download the latest refreshed media from VLSC or Visual Studio Subscriptions (formerly MSDN), or download the latest applicable Setup Dynamic Update (DU) package and patch your existing media. Following is a list of the latest Setup DU packages:
Mitigations: None Workarounds: None Revision: 1.0 2020-08-11T07:00:00Z Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2020-1571 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Windows 10 Version 1803 for 32-bit Systems | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Unknown | |
| Windows 10 Version 1803 for ARM64-based Systems | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Unknown | |
| Windows 10 Version 1803 for x64-based Systems | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Unknown | |
| Windows 10 Version 1809 for 32-bit Systems | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Unknown | |
| Windows 10 Version 1809 for ARM64-based Systems | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Unknown | |
| Windows 10 Version 1809 for x64-based Systems | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Unknown | |
| Windows 10 Version 1903 for 32-bit Systems | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Unknown | |
| Windows 10 Version 1903 for ARM64-based Systems | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Unknown | |
| Windows 10 Version 1903 for x64-based Systems | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Unknown | |
| Windows 10 Version 1909 for 32-bit Systems | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Unknown | |
| Windows 10 Version 1909 for ARM64-based Systems | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Unknown | |
| Windows 10 Version 1909 for x64-based Systems | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Unknown | |
| Windows 10 Version 2004 for 32-bit Systems | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Unknown | |
| Windows 10 Version 2004 for ARM64-based Systems | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Unknown | |
| Windows 10 Version 2004 for x64-based Systems | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Unknown | |
| CVE ID | Acknowledgements |
| CVE-2020-1571 | Abdelhamid Naceri (halov) |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2020-1573 MITRE NVD |
CVE Title: Microsoft Office SharePoint XSS Vulnerability
Description: A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server. The attacker who successfully exploited the vulnerability could then perform cross-site scripting attacks on affected systems and run script in the security context of the current user. The attacks could allow the attacker to read content that the attacker is not authorized to read, use the victim's identity to take actions on the SharePoint site on behalf of the user, such as change permissions and delete content, and inject malicious content in the browser of the user. The security update addresses the vulnerability by helping to ensure that SharePoint Server properly sanitizes web requests. FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2020-08-11T07:00:00Z Information published. |
Important | Spoofing |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2020-1573 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Microsoft SharePoint Enterprise Server 2013 Service Pack 1 | 4484479 (Security Update) | Important | Spoofing | 4484443 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft SharePoint Enterprise Server 2016 | 4484473 (Security Update) | Important | Spoofing | 4484436 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft SharePoint Foundation 2010 Service Pack 2 | 4484498 (Security Update) | Important | Spoofing | 4484460 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft SharePoint Foundation 2013 Service Pack 1 | 4484487 (Security Update) | Important | Spoofing | 4484448 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft SharePoint Server 2019 | 4484472 (Security Update) | Important | Spoofing | 4484453 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| CVE ID | Acknowledgements |
| CVE-2020-1573 | Huynh Phuoc Hung, @hph0var |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2020-1574 MITRE NVD |
CVE Title: Microsoft Windows Codecs Library Remote Code Execution Vulnerability
Description: A remote code execution vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code. Exploitation of the vulnerability requires that a program process a specially crafted image file. The update addresses the vulnerability by correcting how Microsoft Windows Codecs Library handles objects in memory. FAQ: Is Windows vulnerable in the default configuration? Yes. WebP or "WebP from Device Manufacturer" media codecs are installed by default in the operating system. Updates are available from the Microsoft Store. How do I get the updated Windows Media Codec? Affected customers will be automatically updated by Microsoft Store. Customers do not need to take any action to receive the update. Alternatively, customers who want to receive the update immediately can check for updates with the Microsoft Store App; more information on this process can be found here. Why are these security updates offered to affected clients via the Microsoft Store and not Windows Update? These updates are for optional apps/components that are offered to customers as a download via the Microsoft Store. Updates for optional store apps/components are provided via the Microsoft Store. My server is in a disconnected environment, is it vulnerable? WebP is not available for offline distribution and not supported on Windows Server. Users should not have it installed in these environments. Enterprise customers using Store for Business will receive the update in the same manner as consumer Store. Why are these updates being offered outside of Update Tuesday? Servicing for store apps/components does not follow the monthly “Update Tuesday” cadence, but are offered whenever necessary. Are these updates for Microsoft store apps/components offered automatically when an affected component is on the system? Yes. However, it is possible to turn off automatic updating for store apps. In that scenario, these updates would not be installed automatically. How can I check from PowerShell if the update is installed? The following command will display the version of the installed package:
How does a user know if the update has been installed? You can check the version of the installed package. For example, click on Settings, Apps & Features and select WebP, Advanced Options. You will see the version there. The secure versions are 1.0.31251.0 and later. Mitigations: None Workarounds: None Revision: 1.0 2020-08-11T07:00:00Z Information published. |
Critical | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2020-1574 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Windows 10 Version 1909 for 32-bit Systems | Critical | Remote Code Execution | None | Base: 7.3 Temporal: 6.6 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Unknown | |
| Windows 10 Version 1909 for ARM64-based Systems | Critical | Remote Code Execution | None | Base: 7.3 Temporal: 6.6 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Unknown | |
| Windows 10 Version 1909 for x64-based Systems | Critical | Remote Code Execution | None | Base: 7.3 Temporal: 6.6 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Unknown | |
| Windows 10 Version 2004 for 32-bit Systems | Critical | Remote Code Execution | None | Base: 7.3 Temporal: 6.6 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Unknown | |
| Windows 10 Version 2004 for ARM64-based Systems | Critical | Remote Code Execution | None | Base: 7.3 Temporal: 6.6 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Unknown | |
| Windows 10 Version 2004 for x64-based Systems | Critical | Remote Code Execution | None | Base: 7.3 Temporal: 6.6 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Unknown | |
| CVE ID | Acknowledgements |
| CVE-2020-1574 | @expend20 working with Trend Micro's Zero Day Initiative Wenguang Jiao |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2020-1577 MITRE NVD |
CVE Title: DirectWrite Information Disclosure Vulnerability
Description: An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage. The security update addresses the vulnerability by correcting how DirectWrite handles objects in memory. FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is the contents of Kernel memory. An attacker could read the contents of Kernel memory from a user mode process. Mitigations: None Workarounds: None Revision: 1.0 2020-08-11T07:00:00Z Information published. |
Important | Information Disclosure |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2020-1577 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 4571692 (Security Update) | Important | Information Disclosure | 4565513 | Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 4571692 (Security Update) | Important | Information Disclosure | 4565513 | Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 4571694 (Security Update) | Important | Information Disclosure | 4565511 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 4571694 (Security Update) | Important | Information Disclosure | 4565511 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for 32-bit Systems | 4571741 (Security Update) | Important | Information Disclosure | 4565508 | Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for ARM64-based Systems | 4571741 (Security Update) | Important | Information Disclosure | 4565508 | Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for x64-based Systems | 4571741 (Security Update) | Important | Information Disclosure | 4565508 | Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for 32-bit Systems | 4571709 (Security Update) | Important | Information Disclosure | 4565489 | Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 4571709 (Security Update) | Important | Information Disclosure | 4565489 | Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 4571709 (Security Update) | Important | Information Disclosure | 4565489 | Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 4565349 (Security Update) | Important | Information Disclosure | 4558998 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 4565349 (Security Update) | Important | Information Disclosure | 4558998 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 4565349 (Security Update) | Important | Information Disclosure | 4558998 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for 32-bit Systems | 4565351 (Security Update) | Important | Information Disclosure | 4565483 | Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for ARM64-based Systems | 4565351 (Security Update) | Important | Information Disclosure | 4565483 | Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for x64-based Systems | 4565351 (Security Update) | Important | Information Disclosure | 4565483 | Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 4565351 (Security Update) | Important | Information Disclosure | 4565483 | Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 4565351 (Security Update) | Important | Information Disclosure | 4565483 | Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 4565351 (Security Update) | Important | Information Disclosure | 4565483 | Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 4566782 (Security Update) | Important | Information Disclosure | 4565503 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 4566782 (Security Update) | Important | Information Disclosure | 4565503 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 4566782 (Security Update) | Important | Information Disclosure | 4565503 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 7 for 32-bit Systems Service Pack 1 | 4571729 (Monthly Rollup) 4571719 (Security Only) |
Important | Information Disclosure | 4565524 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 4571729 (Monthly Rollup) 4571719 (Security Only) |
Important | Information Disclosure | 4565524 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 4571703 (Monthly Rollup) 4571723 (Security Only) |
Important | Information Disclosure | 4565541 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 4571703 (Monthly Rollup) 4571723 (Security Only) |
Important | Information Disclosure | 4565541 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 4571703 (Monthly Rollup) | Important | Information Disclosure | 4565541 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 4571730 (Monthly Rollup) 4571746 (Security Only) |
Important | Information Disclosure | 4565536 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 4571730 (Monthly Rollup) 4571746 (Security Only) |
Important | Information Disclosure | 4565536 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 4571730 (Monthly Rollup) 4571746 (Security Only) |
Important | Information Disclosure | 4565536 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 4571730 (Monthly Rollup) 4571746 (Security Only) |
Important | Information Disclosure | 4565536 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 4571729 (Monthly Rollup) 4571719 (Security Only) |
Important | Information Disclosure | 4565524 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 4571729 (Monthly Rollup) 4571719 (Security Only) |
Important | Information Disclosure | 4565524 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 | 4571736 (Monthly Rollup) 4571702 (Security Only) |
Important | Information Disclosure | 4565537 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 4571736 (Monthly Rollup) 4571702 (Security Only) |
Important | Information Disclosure | 4565537 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 4571703 (Monthly Rollup) 4571723 (Security Only) |
Important | Information Disclosure | 4565541 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 4571703 (Monthly Rollup) 4571723 (Security Only) |
Important | Information Disclosure | 4565541 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 | 4571694 (Security Update) | Important | Information Disclosure | 4565511 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 4571694 (Security Update) | Important | Information Disclosure | 4565511 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 | 4565349 (Security Update) | Important | Information Disclosure | 4558998 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 4565349 (Security Update) | Important | Information Disclosure | 4558998 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1903 (Server Core installation) | 4565351 (Security Update) | Important | Information Disclosure | 4565483 | Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1909 (Server Core installation) | 4565351 (Security Update) | Important | Information Disclosure | 4565483 | Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 4566782 (Security Update) | Important | Information Disclosure | 4565503 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2020-1577 | kdot working with Trend Micro's Zero Day Initiative |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2020-1578 MITRE NVD |
CVE Title: Windows Kernel Information Disclosure Vulnerability
Description: An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass. An attacker who successfully exploited the vulnerability could retrieve the memory address of a kernel object. To exploit the vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The security update addresses the vulnerability by correcting how the Windows kernel handles memory addresses. FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is memory layout - the vulnerability allows an attacker to collect information that facilitates predicting addressing of the memory. Mitigations: None Workarounds: None Revision: 1.0 2020-08-11T07:00:00Z Information published. |
Important | Information Disclosure |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation More Likely | Exploitation More Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2020-1578 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Windows 10 Version 1803 for 32-bit Systems | 4571709 (Security Update) | Important | Information Disclosure | 4565489 | Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 4571709 (Security Update) | Important | Information Disclosure | 4565489 | Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 4571709 (Security Update) | Important | Information Disclosure | 4565489 | Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 4565349 (Security Update) | Important | Information Disclosure | 4558998 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 4565349 (Security Update) | Important | Information Disclosure | 4558998 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 4565349 (Security Update) | Important | Information Disclosure | 4558998 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for 32-bit Systems | 4565351 (Security Update) | Important | Information Disclosure | 4565483 | Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for ARM64-based Systems | 4565351 (Security Update) | Important | Information Disclosure | 4565483 | Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for x64-based Systems | 4565351 (Security Update) | Important | Information Disclosure | 4565483 | Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 4565351 (Security Update) | Important | Information Disclosure | 4565483 | Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 4565351 (Security Update) | Important | Information Disclosure | 4565483 | Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 4565351 (Security Update) | Important | Information Disclosure | 4565483 | Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 4566782 (Security Update) | Important | Information Disclosure | 4565503 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 4566782 (Security Update) | Important | Information Disclosure | 4565503 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 4566782 (Security Update) | Important | Information Disclosure | 4565503 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 | 4565349 (Security Update) | Important | Information Disclosure | 4558998 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 4565349 (Security Update) | Important | Information Disclosure | 4558998 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1903 (Server Core installation) | 4565351 (Security Update) | Important | Information Disclosure | 4565483 | Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1909 (Server Core installation) | 4565351 (Security Update) | Important | Information Disclosure | 4565483 | Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 4566782 (Security Update) | Important | Information Disclosure | 4565503 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2020-1578 | Jarvis_1oop of Pinduoduo Security Research Lab |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2020-1579 MITRE NVD |
CVE Title: Windows Function Discovery SSDP Provider Elevation of Privilege Vulnerability
Description: An elevation of privilege vulnerability exists when the Windows Function Discovery SSDP Provider improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges. The security update addresses the vulnerability by correcting how the Windows Function Discovery SSDP Provider handles memory. FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2020-08-11T07:00:00Z Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2020-1579 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 4571692 (Security Update) | Important | Elevation of Privilege | 4565513 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 4571692 (Security Update) | Important | Elevation of Privilege | 4565513 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 4571694 (Security Update) | Important | Elevation of Privilege | 4565511 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 4571694 (Security Update) | Important | Elevation of Privilege | 4565511 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for 32-bit Systems | 4571741 (Security Update) | Important | Elevation of Privilege | 4565508 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for ARM64-based Systems | 4571741 (Security Update) | Important | Elevation of Privilege | 4565508 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for x64-based Systems | 4571741 (Security Update) | Important | Elevation of Privilege | 4565508 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for 32-bit Systems | 4571709 (Security Update) | Important | Elevation of Privilege | 4565489 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 4571709 (Security Update) | Important | Elevation of Privilege | 4565489 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 4571709 (Security Update) | Important | Elevation of Privilege | 4565489 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for 32-bit Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for ARM64-based Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for x64-based Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 4566782 (Security Update) | Important | Elevation of Privilege | 4565503 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 4566782 (Security Update) | Important | Elevation of Privilege | 4565503 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 4566782 (Security Update) | Important | Elevation of Privilege | 4565503 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 7 for 32-bit Systems Service Pack 1 | 4571729 (Monthly Rollup) 4571719 (Security Only) |
Important | Elevation of Privilege | 4565524 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 4571729 (Monthly Rollup) 4571719 (Security Only) |
Important | Elevation of Privilege | 4565524 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 4571703 (Monthly Rollup) 4571723 (Security Only) |
Important | Elevation of Privilege | 4565541 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 4571703 (Monthly Rollup) 4571723 (Security Only) |
Important | Elevation of Privilege | 4565541 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 4571703 (Monthly Rollup) | Important | Elevation of Privilege | 4565541 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 4571730 (Monthly Rollup) 4571746 (Security Only) |
Important | Elevation of Privilege | 4565536 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 4571730 (Monthly Rollup) 4571746 (Security Only) |
Important | Elevation of Privilege | 4565536 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 4571730 (Monthly Rollup) 4571746 (Security Only) |
Important | Elevation of Privilege | 4565536 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 4571730 (Monthly Rollup) 4571746 (Security Only) |
Important | Elevation of Privilege | 4565536 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 4571729 (Monthly Rollup) 4571719 (Security Only) |
Important | Elevation of Privilege | 4565524 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 4571729 (Monthly Rollup) 4571719 (Security Only) |
Important | Elevation of Privilege | 4565524 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 | 4571736 (Monthly Rollup) 4571702 (Security Only) |
Important | Elevation of Privilege | 4565537 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 4571736 (Monthly Rollup) 4571702 (Security Only) |
Important | Elevation of Privilege | 4565537 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 4571703 (Monthly Rollup) 4571723 (Security Only) |
Important | Elevation of Privilege | 4565541 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 4571703 (Monthly Rollup) 4571723 (Security Only) |
Important | Elevation of Privilege | 4565541 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 | 4571694 (Security Update) | Important | Elevation of Privilege | 4565511 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 4571694 (Security Update) | Important | Elevation of Privilege | 4565511 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1903 (Server Core installation) | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1909 (Server Core installation) | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 4566782 (Security Update) | Important | Elevation of Privilege | 4565503 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2020-1579 | Yuki Chen |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2020-1580 MITRE NVD |
CVE Title: Microsoft Office SharePoint XSS Vulnerability
Description: A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server. The attacker who successfully exploited the vulnerability could then perform cross-site scripting attacks on affected systems and run script in the security context of the current user. The attacks could allow the attacker to read content that the attacker is not authorized to read, use the victim's identity to take actions on the SharePoint site on behalf of the user, such as change permissions and delete content, and inject malicious content in the browser of the user. The security update addresses the vulnerability by helping to ensure that SharePoint Server properly sanitizes web requests. FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2020-08-11T07:00:00Z Information published. |
Important | Spoofing |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2020-1580 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Microsoft SharePoint Enterprise Server 2013 Service Pack 1 | 4484479 (Security Update) | Important | Spoofing | 4484443 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft SharePoint Enterprise Server 2016 | 4484473 (Security Update) | Important | Spoofing | 4484436 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft SharePoint Foundation 2013 Service Pack 1 | 4484487 (Security Update) | Important | Spoofing | 4484448 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft SharePoint Server 2010 Service Pack 2 | 4484498 (Security Update) | Important | Spoofing | 4484460 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft SharePoint Server 2019 | 4484472 (Security Update) | Important | Spoofing | 4484453 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| CVE ID | Acknowledgements |
| CVE-2020-1580 | Huynh Phuoc Hung, @hph0var |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2020-1581 MITRE NVD |
CVE Title: Microsoft Office Click-to-Run Elevation of Privilege Vulnerability
Description: An elevation of privilege vulnerability exists in the way that Microsoft Office Click-to-Run (C2R) components handle objects in memory. An attacker who successfully exploited the vulnerability could elevate privileges. The attacker would need to already have the ability to execute code on the system. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The security update addresses the vulnerability by correcting how Microsoft Office Click-to-Run (C2R) components handle objects in memory. FAQ: Is the Preview Pane an attack vector for this vulnerability? No, the Preview Pane is not an attack vector. Mitigations: None Workarounds: None Revision: 1.0 2020-08-11T07:00:00Z Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2020-1581 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Microsoft 365 Apps for Enterprise for 32-bit Systems | Click to Run (Security Update) | Important | Elevation of Privilege | None | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft 365 Apps for Enterprise for 64-bit Systems | Click to Run (Security Update) | Important | Elevation of Privilege | None | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft Office 2013 Click-to-Run (C2R) for 32-bit editions | Click to Run (Security Update) | Important | Elevation of Privilege | None | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft Office 2013 Click-to-Run (C2R) for 64-bit editions | Click to Run (Security Update) | Important | Elevation of Privilege | None | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft Office 2019 for 32-bit editions | Click to Run (Security Update) | Important | Elevation of Privilege | None | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft Office 2019 for 64-bit editions | Click to Run (Security Update) | Important | Elevation of Privilege | None | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| CVE ID | Acknowledgements |
| CVE-2020-1581 | hackyzh and lm0963 of DBAppSecurity Zion Lab working with Trend Micro's Zero Day Initiative |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2020-1582 MITRE NVD |
CVE Title: Microsoft Access Remote Code Execution Vulnerability
Description: A remote code execution vulnerability exists in Microsoft Access software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Access. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. The security update addresses the vulnerability by correcting how Microsoft Access handles objects in memory. FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2020-08-11T07:00:00Z Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2020-1582 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Microsoft 365 Apps for Enterprise for 32-bit Systems | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: N/A Temporal: N/A Vector: N/A |
No |
| Microsoft 365 Apps for Enterprise for 64-bit Systems | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: N/A Temporal: N/A Vector: N/A |
No |
| Microsoft Access 2010 Service Pack 2 (32-bit editions) | 4484385 (Security Update) | Important | Remote Code Execution | 4464527 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft Access 2010 Service Pack 2 (64-bit editions) | 4484385 (Security Update) | Important | Remote Code Execution | 4464527 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft Access 2013 Service Pack 1 (32-bit editions) | 4484366 (Security Update) | Important | Remote Code Execution | 4462210 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft Access 2013 Service Pack 1 (64-bit editions) | 4484366 (Security Update) | Important | Remote Code Execution | 4462210 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft Access 2016 (32-bit edition) | 4484340 (Security Update) | Important | Remote Code Execution | 4484167 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft Access 2016 (64-bit edition) | 4484340 (Security Update) | Important | Remote Code Execution | 4484167 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft Office 2019 for 32-bit editions | Click to Run (Security Update) | Important | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
No |
| Microsoft Office 2019 for 64-bit editions | Click to Run (Security Update) | Important | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
No |
| CVE ID | Acknowledgements |
| CVE-2020-1582 | occulteast |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2020-1583 MITRE NVD |
CVE Title: Microsoft Word Information Disclosure Vulnerability
Description: An information disclosure vulnerability exists when Microsoft Word improperly discloses the contents of its memory. An attacker who exploited the vulnerability could use the information to compromise the user’s computer or data. To exploit the vulnerability, an attacker could craft a special document file and then convince the user to open it. An attacker must know the memory address location where the object was created. The update addresses the vulnerability by changing the way certain Word functions handle objects in memory. FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized memory. Is the Preview Pane an attack vector for this vulnerability? No, the Preview Pane is not an attack vector. I have Microsoft Office 2010 installed. Why am I not being offered the 4484492 update? The 4484492 update only applies to systems running specific configurations of Microsoft Office 2010. Some configurations will not be offered the update. Mitigations: None Workarounds: None Revision: 1.0 2020-08-11T07:00:00Z Information published. |
Important | Information Disclosure |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2020-1583 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Microsoft 365 Apps for Enterprise for 32-bit Systems | Click to Run (Security Update) | Important | Information Disclosure | None | Base: N/A Temporal: N/A Vector: N/A |
No |
| Microsoft 365 Apps for Enterprise for 64-bit Systems | Click to Run (Security Update) | Important | Information Disclosure | None | Base: N/A Temporal: N/A Vector: N/A |
No |
| Microsoft Office 2010 Service Pack 2 (32-bit editions) | 4484492 (Security Update) | Important | Information Disclosure | 4484456 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft Office 2010 Service Pack 2 (64-bit editions) | 4484492 (Security Update) | Important | Information Disclosure | 4484456 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft Office 2016 for Mac | Release Notes (Security Update) | Important | Information Disclosure | None | Base: N/A Temporal: N/A Vector: N/A |
No |
| Microsoft Office 2019 for 32-bit editions | Click to Run (Security Update) | Important | Information Disclosure | None | Base: N/A Temporal: N/A Vector: N/A |
No |
| Microsoft Office 2019 for 64-bit editions | Click to Run (Security Update) | Important | Information Disclosure | None | Base: N/A Temporal: N/A Vector: N/A |
No |
| Microsoft Office 2019 for Mac | Release Notes (Security Update) | Important | Information Disclosure | None | Base: N/A Temporal: N/A Vector: N/A |
No |
| Microsoft Office Online Server | 4484470 (Security Update) | Important | Information Disclosure | 4484451 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft Office Web Apps 2010 Service Pack 2 | 4484495 (Security Update) | Important | Information Disclosure | 4484381 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft Office Web Apps 2013 Service Pack 1 | 4484481 (Security Update) | Important | Information Disclosure | None | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft SharePoint Enterprise Server 2013 Service Pack 1 | 4484478 (Security Update) | Important | Information Disclosure | 4484348 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft SharePoint Enterprise Server 2016 | 4484473 (Security Update) 4484476 (Security Update) |
Important | Information Disclosure | 4484436 |
Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft SharePoint Server 2010 Service Pack 2 | 4484490 (Security Update) | Important | Information Disclosure | 4484370 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft SharePoint Server 2019 | 4484472 (Security Update) 4484471 (Security Update) |
Important | Information Disclosure | 4484453 |
Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft Word 2010 Service Pack 2 (32-bit editions) | 4484494 (Security Update) | Important | Information Disclosure | 4484458 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft Word 2010 Service Pack 2 (64-bit editions) | 4484494 (Security Update) | Important | Information Disclosure | 4484458 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft Word 2013 RT Service Pack 1 | 4484484 (Security Update) | Important | Information Disclosure | 4484446 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft Word 2013 Service Pack 1 (32-bit editions) | 4484484 (Security Update) | Important | Information Disclosure | 4484446 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft Word 2013 Service Pack 1 (64-bit editions) | 4484484 (Security Update) | Important | Information Disclosure | 4484446 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft Word 2016 (32-bit edition) | 4484474 (Security Update) | Important | Information Disclosure | 4484438 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft Word 2016 (64-bit edition) | 4484474 (Security Update) | Important | Information Disclosure | 4484438 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| CVE ID | Acknowledgements |
| CVE-2020-1583 | Haifei Li of McAfee IPS Security Research Team |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2020-1584 MITRE NVD |
CVE Title: Windows dnsrslvr.dll Elevation of Privilege Vulnerability
Description: An elevation of privilege vulnerability exists in the way that the dnsrslvr.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. To exploit the vulnerability, a locally authenticated attacker could run a specially crafted application. The security update addresses the vulnerability by ensuring the dnsrslvr.dll properly handles objects in memory. FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2020-08-11T07:00:00Z Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation More Likely | Exploitation More Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2020-1584 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 4571692 (Security Update) | Important | Elevation of Privilege | 4565513 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 4571692 (Security Update) | Important | Elevation of Privilege | 4565513 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 4571694 (Security Update) | Important | Elevation of Privilege | 4565511 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 4571694 (Security Update) | Important | Elevation of Privilege | 4565511 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for 32-bit Systems | 4571741 (Security Update) | Important | Elevation of Privilege | 4565508 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for ARM64-based Systems | 4571741 (Security Update) | Important | Elevation of Privilege | 4565508 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for x64-based Systems | 4571741 (Security Update) | Important | Elevation of Privilege | 4565508 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for 32-bit Systems | 4571709 (Security Update) | Important | Elevation of Privilege | 4565489 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 4571709 (Security Update) | Important | Elevation of Privilege | 4565489 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 4571709 (Security Update) | Important | Elevation of Privilege | 4565489 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for 32-bit Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for ARM64-based Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for x64-based Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 4566782 (Security Update) | Important | Elevation of Privilege | 4565503 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 4566782 (Security Update) | Important | Elevation of Privilege | 4565503 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 4566782 (Security Update) | Important | Elevation of Privilege | 4565503 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 7 for 32-bit Systems Service Pack 1 | 4571729 (Monthly Rollup) 4571719 (Security Only) |
Important | Elevation of Privilege | 4565524 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 4571729 (Monthly Rollup) 4571719 (Security Only) |
Important | Elevation of Privilege | 4565524 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 4571703 (Monthly Rollup) 4571723 (Security Only) |
Important | Elevation of Privilege | 4565541 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 4571703 (Monthly Rollup) 4571723 (Security Only) |
Important | Elevation of Privilege | 4565541 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 4571703 (Monthly Rollup) | Important | Elevation of Privilege | 4565541 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 4571729 (Monthly Rollup) 4571719 (Security Only) |
Important | Elevation of Privilege | 4565524 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 4571729 (Monthly Rollup) 4571719 (Security Only) |
Important | Elevation of Privilege | 4565524 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 | 4571736 (Monthly Rollup) 4571702 (Security Only) |
Important | Elevation of Privilege | 4565537 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 4571736 (Monthly Rollup) 4571702 (Security Only) |
Important | Elevation of Privilege | 4565537 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 4571703 (Monthly Rollup) 4571723 (Security Only) |
Important | Elevation of Privilege | 4565541 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 4571703 (Monthly Rollup) 4571723 (Security Only) |
Important | Elevation of Privilege | 4565541 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 | 4571694 (Security Update) | Important | Elevation of Privilege | 4565511 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 4571694 (Security Update) | Important | Elevation of Privilege | 4565511 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1903 (Server Core installation) | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1909 (Server Core installation) | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 4566782 (Security Update) | Important | Elevation of Privilege | 4565503 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2020-1584 | pgboy |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2020-1585 MITRE NVD |
CVE Title: Microsoft Windows Codecs Library Remote Code Execution Vulnerability
Description: A remote code execution vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Exploitation of the vulnerability requires that a program process a specially crafted image file. The update addresses the vulnerability by correcting how Microsoft Windows Codecs Library handles objects in memory. FAQ: How does a user know if the update has been installed? You can check the version of the installed package. For example, click on Settings, Apps & Features and select AV1 Video Extension, Advanced Options. You will see the version there. The secure versions are 1.1.31753.0 and later. Is Windows vulnerable in the default configuration? Only customers who have installed the optional "AV1 Video Extension" media codec from Microsoft Store may be vulnerable. How do I get the updated Windows Media Codec? Affected customers will be automatically updated by Microsoft Store. Customers do not need to take any action to receive the update. Alternatively, customers who want to receive the update immediately can check for updates with the Microsoft Store App; more information on this process can be found here. Why are these security updates offered to affected clients via the Microsoft Store and not Windows Update? These updates are for optional apps/components that are offered to customers as a download via the Microsoft Store. Updates for optional store apps/components are provided via the Microsoft Store. My server is in a disconnected environment, is it vulnerable? AV1 is not available for offline distribution and not supported on Windows Server. Users should not have it installed in these environments. Enterprise customers using Store for Business will receive the update in the same manner as consumer Store. Why are these updates being offered outside of Update Tuesday? Servicing for store apps/components does not follow the monthly “Update Tuesday” cadence, but are offered whenever necessary. Are these updates for Microsoft store apps/components offered automatically when an affected component is on the system? Yes. However, it is possible to turn off automatic updating for store apps. In that scenario, these updates would not be installed automatically. How can I check from PowerShell if the update is installed? The following command will display the version of the installed package:
Mitigations: None Workarounds: None Revision: 1.0 2020-08-11T07:00:00Z Information published. This CVE was addressed by updates that were released on the store on June 30, 2020, but the CVE was inadvertently omitted from the Security Update Guide. This is an informational change only. Customers who have already installed the June 2020 store updates do not need to take any further action. |
Critical | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| N/A | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2020-1585 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Windows 10 Version 1709 for 32-bit Systems | Critical | Remote Code Execution | None | Base: 8.8 Temporal: 7.9 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Unknown | |
| Windows 10 Version 1709 for ARM64-based Systems | Critical | Remote Code Execution | None | Base: 8.8 Temporal: 7.9 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Unknown | |
| Windows 10 Version 1709 for x64-based Systems | Critical | Remote Code Execution | None | Base: 8.8 Temporal: 7.9 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Unknown | |
| Windows 10 Version 1803 for 32-bit Systems | Critical | Remote Code Execution | None | Base: 8.8 Temporal: 7.9 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Unknown | |
| Windows 10 Version 1803 for ARM64-based Systems | Critical | Remote Code Execution | None | Base: 8.8 Temporal: 7.9 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Unknown | |
| Windows 10 Version 1803 for x64-based Systems | Critical | Remote Code Execution | None | Base: 8.8 Temporal: 7.9 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Unknown | |
| Windows 10 Version 1809 for 32-bit Systems | Critical | Remote Code Execution | None | Base: 8.8 Temporal: 7.9 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Unknown | |
| Windows 10 Version 1809 for ARM64-based Systems | Critical | Remote Code Execution | None | Base: 8.8 Temporal: 7.9 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Unknown | |
| Windows 10 Version 1809 for x64-based Systems | Critical | Remote Code Execution | None | Base: 8.8 Temporal: 7.9 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Unknown | |
| Windows 10 Version 1903 for 32-bit Systems | Critical | Remote Code Execution | None | Base: 8.8 Temporal: 7.9 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Unknown | |
| Windows 10 Version 1903 for ARM64-based Systems | Critical | Remote Code Execution | None | Base: 8.8 Temporal: 7.9 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Unknown | |
| Windows 10 Version 1903 for x64-based Systems | Critical | Remote Code Execution | None | Base: 8.8 Temporal: 7.9 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Unknown | |
| Windows 10 Version 1909 for 32-bit Systems | Critical | Remote Code Execution | None | Base: 8.8 Temporal: 7.9 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Unknown | |
| Windows 10 Version 1909 for ARM64-based Systems | Critical | Remote Code Execution | None | Base: 8.8 Temporal: 7.9 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Unknown | |
| Windows 10 Version 1909 for x64-based Systems | Critical | Remote Code Execution | None | Base: 8.8 Temporal: 7.9 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Unknown | |
| Windows 10 Version 2004 for 32-bit Systems | Critical | Remote Code Execution | None | Base: 8.8 Temporal: 7.9 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Unknown | |
| Windows 10 Version 2004 for ARM64-based Systems | Critical | Remote Code Execution | None | Base: 8.8 Temporal: 7.9 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Unknown | |
| Windows 10 Version 2004 for x64-based Systems | Critical | Remote Code Execution | None | Base: 8.8 Temporal: 7.9 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Unknown | |
| CVE ID | Acknowledgements |
| CVE-2020-1585 | Abdul-Aziz Hariri of Trend Micro Zero Day Initiative |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2020-1587 MITRE NVD |
CVE Title: Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
Description: An elevation of privilege vulnerability exists when the Windows Ancillary Function Driver for WinSock improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges. The security update addresses the vulnerability by correcting how the Windows Ancillary Function Driver for WinSock handles memory. FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2020-08-11T07:00:00Z Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation More Likely | Exploitation More Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2020-1587 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 4571692 (Security Update) | Important | Elevation of Privilege | 4565513 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 4571692 (Security Update) | Important | Elevation of Privilege | 4565513 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 4571694 (Security Update) | Important | Elevation of Privilege | 4565511 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 4571694 (Security Update) | Important | Elevation of Privilege | 4565511 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for 32-bit Systems | 4571741 (Security Update) | Important | Elevation of Privilege | 4565508 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for ARM64-based Systems | 4571741 (Security Update) | Important | Elevation of Privilege | 4565508 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1709 for x64-based Systems | 4571741 (Security Update) | Important | Elevation of Privilege | 4565508 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for 32-bit Systems | 4571709 (Security Update) | Important | Elevation of Privilege | 4565489 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 4571709 (Security Update) | Important | Elevation of Privilege | 4565489 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 4571709 (Security Update) | Important | Elevation of Privilege | 4565489 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for 32-bit Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for ARM64-based Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1903 for x64-based Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 4566782 (Security Update) | Important | Elevation of Privilege | 4565503 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 4566782 (Security Update) | Important | Elevation of Privilege | 4565503 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 4566782 (Security Update) | Important | Elevation of Privilege | 4565503 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 7 for 32-bit Systems Service Pack 1 | 4571729 (Monthly Rollup) 4571719 (Security Only) |
Important | Elevation of Privilege | 4565524 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 4571729 (Monthly Rollup) 4571719 (Security Only) |
Important | Elevation of Privilege | 4565524 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 4571703 (Monthly Rollup) 4571723 (Security Only) |
Important | Elevation of Privilege | 4565541 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 4571703 (Monthly Rollup) 4571723 (Security Only) |
Important | Elevation of Privilege | 4565541 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 4571703 (Monthly Rollup) | Important | Elevation of Privilege | 4565541 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 4571730 (Monthly Rollup) 4571746 (Security Only) |
Important | Elevation of Privilege | 4565536 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 4571730 (Monthly Rollup) 4571746 (Security Only) |
Important | Elevation of Privilege | 4565536 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 4571730 (Monthly Rollup) 4571746 (Security Only) |
Important | Elevation of Privilege | 4565536 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 4571730 (Monthly Rollup) 4571746 (Security Only) |
Important | Elevation of Privilege | 4565536 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 4571729 (Monthly Rollup) 4571719 (Security Only) |
Important | Elevation of Privilege | 4565524 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 4571729 (Monthly Rollup) 4571719 (Security Only) |
Important | Elevation of Privilege | 4565524 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 | 4571736 (Monthly Rollup) 4571702 (Security Only) |
Important | Elevation of Privilege | 4565537 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 4571736 (Monthly Rollup) 4571702 (Security Only) |
Important | Elevation of Privilege | 4565537 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 4571703 (Monthly Rollup) 4571723 (Security Only) |
Important | Elevation of Privilege | 4565541 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 4571703 (Monthly Rollup) 4571723 (Security Only) |
Important | Elevation of Privilege | 4565541 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 | 4571694 (Security Update) | Important | Elevation of Privilege | 4565511 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 4571694 (Security Update) | Important | Elevation of Privilege | 4565511 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 4565349 (Security Update) | Important | Elevation of Privilege | 4558998 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1903 (Server Core installation) | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 1909 (Server Core installation) | 4565351 (Security Update) | Important | Elevation of Privilege | 4565483 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 4566782 (Security Update) | Important | Elevation of Privilege | 4565503 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2020-1587 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2020-1591 MITRE NVD |
CVE Title: Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability
Description: A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a specially crafted web request to an affected Dynamics server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected Dynamics server. The attacker who successfully exploited the vulnerability could then perform cross-site scripting attacks on affected systems and run script in the security context of the current authenticated user. These attacks could allow the attacker to read content that the attacker is not authorized to read, use the victim's identity to take actions within Dynamics Server on behalf of the user, such as change permissions and delete content, and inject malicious content in the browser of the user. The security update addresses the vulnerability by helping to ensure that Dynamics Server properly sanitizes web requests. FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2020-08-11T07:00:00Z Information published. This CVE was addressed by updates that were released in April 2020, but the CVE was inadvertently omitted from the April 2020 Security Updates. This is an informational change only. Customers who have already installed the April 2020 update do not need to take any further action. |
Important | Spoofing |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | N/A | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2020-1591 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Microsoft Dynamics 365 (on-premises) version 9.0 | 4541722 (Security Update) | Important | Spoofing | None | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| CVE ID | Acknowledgements |
| CVE-2020-1591 | Ashar Javed of Hyundai AutoEver Europe GmbH |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2020-1597 MITRE NVD |
CVE Title: ASP.NET Core Denial of Service Vulnerability
Description: A denial of service vulnerability exists when ASP.NET Core improperly handles web requests. An attacker who successfully exploited this vulnerability could cause a denial of service against an ASP.NET Core web application. The vulnerability can be exploited remotely, without authentication. A remote unauthenticated attacker could exploit this vulnerability by issuing specially crafted requests to the ASP.NET Core application. The update addresses the vulnerability by correcting how the ASP.NET Core web application handles web requests. FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2020-08-11T07:00:00Z Information published. |
Important | Denial of Service |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2020-1597 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| ASP.NET Core 2.1 | Release Notes (Security Update) | Important | Denial of Service | None | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| ASP.NET Core 3.1 | Release Notes (Security Update) | Important | Denial of Service | None | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8) | Release Notes (Security Update) | Important | Denial of Service | None | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft Visual Studio 2019 version 16.0 | Release Notes (Security Update) | Important | Denial of Service | None | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3) | Release Notes (Security Update) | Important | Denial of Service | None | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft Visual Studio 2019 version 16.7 (includes 16.0 – 16.6) | Release Notes (Security Update) | Important | Denial of Service | None | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| CVE ID | Acknowledgements |
| CVE-2020-1597 | Microsoft Corporation Microsoft Corporation |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2020-0604 MITRE NVD |
CVE Title: Visual Studio Code Remote Code Execution Vulnerability
Description: A remote code execution vulnerability exists in Visual Studio Code when it process environment variables after opening a project. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would need to convince a target to clone a repository and open it in Visual Studio Code. Attacker-specified code would execute when the target opened the integrated terminal. The update address the vulnerability by modifying the way Visual Studio Code handles environment variables. FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2020-08-11T07:00:00Z Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2020-0604 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Visual Studio Code | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| CVE ID | Acknowledgements |
| CVE-2020-0604 | David Dworken |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2020-1046 MITRE NVD |
CVE Title: .NET Framework Remote Code Execution Vulnerability
Description: A remote code execution vulnerability exists when Microsoft .NET Framework processes input. An attacker who successfully exploited this vulnerability could take control of an affected system. To exploit the vulnerability, an attacker would need to be able to upload a specially crafted file to a web application. The security update addresses the vulnerability by correcting how .NET Framework processes input. FAQ: Why are there two Security Updates for Windows 10 version 1809 and Windows Server 2019? Both updates address this vulnerability in Microsoft .NET Framework 3.5. However, Windows 10 version 1809 or Windows Server 2019 has either .NET Framework 4.7.2 or .NET Framework 4.8 installed in addition to .NET Framework 3.5. The updates for these versions of .NET Framework are bundled in the same update as .NET Framework 3.5. Customers running Windows 10 version 1809 or Server 2019 need to install the update that applies to the 4.X version of .NET installed on their system. Mitigations: None Workarounds: None Revision: 1.0 2020-08-11T07:00:00Z Information published. |
Critical | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2020-1046 | ||||||
| Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
| Microsoft .NET Framework 2.0 Service Pack 2 on Windows Server 2008 for 32-bit Systems Service Pack 2 | 4570509 (Monthly Rollup) 4570503 (Security Only) |
Critical | Remote Code Execution | 4566520 |
Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft .NET Framework 2.0 Service Pack 2 on Windows Server 2008 for x64-based Systems Service Pack 2 | 4570509 (Monthly Rollup) 4570503 (Security Only) |
Critical | Remote Code Execution | 4566520 |
Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1809 for 32-bit Systems | 4570505 (Security Update) | Critical | Remote Code Execution | 4567327 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1809 for ARM64-based Systems | 4570505 (Security Update) | Critical | Remote Code Execution | 4567327 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1809 for x64-based Systems | 4570505 (Security Update) | Critical | Remote Code Execution | 4567327 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server 2019 | 4570505 (Security Update) | Critical | Remote Code Execution | 4567327 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server 2019 (Server Core installation) | 4570505 (Security Update) | Critical | Remote Code Execution | 4567327 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1809 for 32-bit Systems | 4570505 (Security Update) | Critical | Remote Code Execution | 4567327 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1809 for x64-based Systems | 4570505 (Security Update) | Critical | Remote Code Execution | 4567327 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2019 | 4570505 (Security Update) | Critical | Remote Code Execution | 4567327 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2019 (Server Core installation) | 4570505 (Security Update) | Critical | Remote Code Execution | 4567327 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft .NET Framework 3.5 on Windows 10 for 32-bit Systems | 4571692 (Security Update) | Critical | Remote Code Execution | 4565513 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Microsoft .NET Framework 3.5 on Windows 10 for x64-based Systems | 4571692 (Security Update) | Critical | Remote Code Execution | 4565513 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Microsoft .NET Framework 3.5 on Windows 10 Version 1607 for 32-bit Systems | 4571694 (Security Update) | Critical | Remote Code Execution | 4565511 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Microsoft .NET Framework 3.5 on Windows 10 Version 1607 for x64-based Systems | 4571694 (Security Update) | Critical | Remote Code Execution | 4565511 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Microsoft .NET Framework 3.5 on Windows 10 Version 1709 for 32-bit Systems | 4571741 (Security Update) | Critical | Remote Code Execution | 4565508 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Microsoft .NET Framework 3.5 on Windows 10 Version 1709 for ARM64-based Systems | 4571741 (Security Update) | Critical | Remote Code Execution | 4565508 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Microsoft .NET Framework 3.5 on Windows 10 Version 1709 for x64-based Systems | 4571741 (Security Update) | Critical | Remote Code Execution | 4565508 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Microsoft .NET Framework 3.5 on Windows 10 Version 1803 for 32-bit Systems | 4571709 (Security Update) | Critical | Remote Code Execution | 4565489 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Microsoft .NET Framework 3.5 on Windows 10 Version 1803 for ARM64-based Systems | 4571709 (Security Update) | Critical | Remote Code Execution | 4565489 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Microsoft .NET Framework 3.5 on Windows 10 Version 1803 for x64-based Systems | 4571709 (Security Update) | Critical | Remote Code Execution | 4565489 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Microsoft .NET Framework 3.5 on Windows 10 Version 1903 for 32-bit Systems | 4569751 (Security Update) | Critical | Remote Code Execution | 4562900 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft .NET Framework 3.5 on Windows 10 Version 1903 for ARM64-based Systems | 4569751 (Security Update) | Critical | Remote Code Execution | 4562900 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft .NET Framework 3.5 on Windows 10 Version 1903 for x64-based Systems | 4569751 (Security Update) | Critical | Remote Code Execution | 4562900 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft .NET Framework 3.5 on Windows 10 Version 1909 for 32-bit Systems | 4569751 (Security Update) | Critical | Remote Code Execution | 4562900 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft .NET Framework 3.5 on Windows 10 Version 1909 for ARM64-based Systems | 4569751 (Security Update) | Critical | Remote Code Execution | 4562900 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft .NET Framework 3.5 on Windows 10 Version 1909 for x64-based Systems | 4569751 (Security Update) | Critical | Remote Code Execution | 4562900 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft .NET Framework 3.5 on Windows 10 Version 2004 for 32-bit Systems | 4569745 (Security Update) | Critical | Remote Code Execution | 4567327 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft .NET Framework 3.5 on Windows 10 Version 2004 for ARM64-based Systems | 4569745 (Security Update) | Critical | Remote Code Execution | 4567327 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft .NET Framework 3.5 on Windows 10 Version 2004 for x64-based Systems | 4569745 (Security Update) | Critical | Remote Code Execution | 4567327 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft .NET Framework 3.5 on Windows 8.1 for 32-bit systems | 4570508 (Monthly Rollup) 4570502 (Security Only) |
Critical | Remote Code Execution | 4566519 |
Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft .NET Framework 3.5 on Windows 8.1 for x64-based systems | 4570508 (Monthly Rollup) 4570502 (Security Only) |
Critical | Remote Code Execution | 4566519 |
Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft .NET Framework 3.5 on Windows Server 2012 | 4570507 (Monthly Rollup) 4570501 (Security Only) |
Critical | Remote Code Execution | 4566518 |
Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft .NET Framework 3.5 on Windows Server 2012 (Server Core installation) | 4570507 (Monthly Rollup) 4570501 (Security Only) |
Critical | Remote Code Execution | 4566518 |
Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft .NET Framework 3.5 on Windows Server 2012 R2 | 4570508 (Monthly Rollup) 4570502 (Security Only) |
Critical | Remote Code Execution | 4566519 |
Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft .NET Framework 3.5 on Windows Server 2012 R2 (Server Core installation) | 4570508 (Monthly Rollup) 4570502 (Security Only) |
Critical | Remote Code Execution | 4566519 |
Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft .NET Framework 3.5 on Windows Server 2016 | 4571694 (Security Update) | Critical | Remote Code Execution | 4565511 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Microsoft .NET Framework 3.5 on Windows Server 2016 (Server Core installation) | 4571694 (Security Update) | Critical | Remote Code Execution | 4565511 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Microsoft .NET Framework 3.5 on Windows Server, version 1903 (Server Core installation) | 4569751 (Security Update) | Critical | Remote Code Execution | 4562900 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft .NET Framework 3.5 on Windows Server, version 1909 (Server Core installation) | 4569751 (Security Update) | Critical | Remote Code Execution | 4562900 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft .NET Framework 3.5 on Windows Server, version 2004 (Server Core installation) | 4569745 (Security Update) | Critical | Remote Code Execution | 4567327 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft .NET Framework 3.5.1 on Windows 7 for 32-bit Systems Service Pack 1 | 4570506 (Monthly Rollup) 4570500 (Security Only) |
Critical | Remote Code Execution | 4566517 |
Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft .NET Framework 3.5.1 on Windows 7 for x64-based Systems Service Pack 1 | 4570506 (Monthly Rollup) 4570500 (Security Only) |
Critical | Remote Code Execution | 4566517 |
Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| Microsoft .NET Framework 3.5.1 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 4570506 (Monthly Rollup) 4570500 (Security Only) |
Critical | Remote Code Execution | 4566517 |
Base: N/A Temporal: N/A Vector: N/A |
Maybe |
| CVE ID | Acknowledgements |
| CVE-2020-1046 | Oleksandr Mirosh (@olekmirosh) from Micro Focus Fortify |