Microsoft CVE Summary

This report contains detail for the following vulnerabilities:

Tag CVE ID CVE Title
Android App CVE-2020-0943 Microsoft YourPhone Application for Android Authentication Bypass Vulnerability
Apps CVE-2020-1019 Microsoft RMS Sharing App for Mac Elevation of Privilege Vulnerability
Microsoft Dynamics CVE-2020-1050 Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability
Microsoft Dynamics CVE-2020-1018 Microsoft Dynamics Business Central/NAV Information Disclosure
Microsoft Dynamics CVE-2020-1049 Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability
Microsoft Dynamics CVE-2020-1022 Dynamics Business Central Remote Code Execution Vulnerability
Microsoft Graphics Component CVE-2020-0952 Windows GDI Information Disclosure Vulnerability
Microsoft Graphics Component CVE-2020-0938 Adobe Font Manager Library Remote Code Execution Vulnerability
Microsoft Graphics Component CVE-2020-0687 Microsoft Graphics Remote Code Execution Vulnerability
Microsoft Graphics Component CVE-2020-0987 Microsoft Graphics Component Information Disclosure Vulnerability
Microsoft Graphics Component CVE-2020-1004 Windows Graphics Component Elevation of Privilege Vulnerability
Microsoft Graphics Component CVE-2020-1005 Microsoft Graphics Component Information Disclosure Vulnerability
Microsoft Graphics Component CVE-2020-0958 Win32k Elevation of Privilege Vulnerability
Microsoft Graphics Component CVE-2020-0907 Microsoft Graphics Components Remote Code Execution Vulnerability
Microsoft Graphics Component CVE-2020-0982 Microsoft Graphics Component Information Disclosure Vulnerability
Microsoft Graphics Component CVE-2020-0964 GDI+ Remote Code Execution Vulnerability
Microsoft Graphics Component CVE-2020-1020 Adobe Font Manager Library Remote Code Execution Vulnerability
Microsoft Graphics Component CVE-2020-0784 DirectX Elevation of Privilege Vulnerability
Microsoft JET Database Engine CVE-2020-0995 Jet Database Engine Remote Code Execution Vulnerability
Microsoft JET Database Engine CVE-2020-0999 Jet Database Engine Remote Code Execution Vulnerability
Microsoft JET Database Engine CVE-2020-0988 Jet Database Engine Remote Code Execution Vulnerability
Microsoft JET Database Engine CVE-2020-0992 Jet Database Engine Remote Code Execution Vulnerability
Microsoft JET Database Engine CVE-2020-0994 Jet Database Engine Remote Code Execution Vulnerability
Microsoft JET Database Engine CVE-2020-0953 Jet Database Engine Remote Code Execution Vulnerability
Microsoft JET Database Engine CVE-2020-0889 Jet Database Engine Remote Code Execution Vulnerability
Microsoft JET Database Engine CVE-2020-0959 Jet Database Engine Remote Code Execution Vulnerability
Microsoft JET Database Engine CVE-2020-0960 Jet Database Engine Remote Code Execution Vulnerability
Microsoft JET Database Engine CVE-2020-1008 Jet Database Engine Remote Code Execution Vulnerability
Microsoft Office CVE-2020-0979 Microsoft Excel Remote Code Execution Vulnerability
Microsoft Office CVE-2020-0980 Microsoft Word Remote Code Execution Vulnerability
Microsoft Office CVE-2020-0984 Microsoft (MAU) Office Elevation of Privilege Vulnerability
Microsoft Office CVE-2020-0760 Microsoft Office Remote Code Execution Vulnerability
Microsoft Office CVE-2020-0991 Microsoft Office Remote Code Execution Vulnerability
Microsoft Office CVE-2020-0961 Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability
Microsoft Office CVE-2020-0931 Microsoft SharePoint Remote Code Execution Vulnerability
Microsoft Office CVE-2020-0906 Microsoft Excel Remote Code Execution Vulnerability
Microsoft Office CVE-2020-0935 OneDrive for Windows Elevation of Privilege Vulnerability
Microsoft Office SharePoint CVE-2020-0927 Microsoft Office SharePoint XSS Vulnerability
Microsoft Office SharePoint CVE-2020-0923 Microsoft Office SharePoint XSS Vulnerability
Microsoft Office SharePoint CVE-2020-0925 Microsoft Office SharePoint XSS Vulnerability
Microsoft Office SharePoint CVE-2020-0924 Microsoft Office SharePoint XSS Vulnerability
Microsoft Office SharePoint CVE-2020-0932 Microsoft SharePoint Remote Code Execution Vulnerability
Microsoft Office SharePoint CVE-2020-0930 Microsoft Office SharePoint XSS Vulnerability
Microsoft Office SharePoint CVE-2020-0933 Microsoft Office SharePoint XSS Vulnerability
Microsoft Office SharePoint CVE-2020-0920 Microsoft SharePoint Remote Code Execution Vulnerability
Microsoft Office SharePoint CVE-2020-0929 Microsoft SharePoint Remote Code Execution Vulnerability
Microsoft Office SharePoint CVE-2020-0971 Microsoft SharePoint Remote Code Execution Vulnerability
Microsoft Office SharePoint CVE-2020-0975 Microsoft SharePoint Spoofing Vulnerability
Microsoft Office SharePoint CVE-2020-0978 Microsoft Office SharePoint XSS Vulnerability
Microsoft Office SharePoint CVE-2020-0977 Microsoft SharePoint Spoofing Vulnerability
Microsoft Office SharePoint CVE-2020-0976 Microsoft SharePoint Spoofing Vulnerability
Microsoft Office SharePoint CVE-2020-0974 Microsoft SharePoint Remote Code Execution Vulnerability
Microsoft Office SharePoint CVE-2020-0973 Microsoft Office SharePoint XSS Vulnerability
Microsoft Office SharePoint CVE-2020-0972 Microsoft SharePoint Spoofing Vulnerability
Microsoft Office SharePoint CVE-2020-0954 Microsoft Office SharePoint XSS Vulnerability
Microsoft Office SharePoint CVE-2020-0926 Microsoft Office SharePoint XSS Vulnerability
Microsoft Scripting Engine CVE-2020-0968 Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2020-0966 VBScript Remote Code Execution Vulnerability
Microsoft Scripting Engine CVE-2020-0895 Windows VBScript Engine Remote Code Execution Vulnerability
Microsoft Scripting Engine CVE-2020-0969 Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2020-0970 Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2020-0967 VBScript Remote Code Execution Vulnerability
Microsoft Windows CVE-2020-0942 Connected User Experiences and Telemetry Service Elevation of Privilege Vulnerability
Microsoft Windows CVE-2020-0965 Microsoft Windows Codecs Library Remote Code Execution Vulnerability
Microsoft Windows CVE-2020-0940 Windows Push Notification Service Elevation of Privilege Vulnerability
Microsoft Windows CVE-2020-0934 Windows Elevation of Privilege Vulnerability
Microsoft Windows CVE-2020-1029 Connected User Experiences and Telemetry Service Elevation of Privilege Vulnerability
Microsoft Windows CVE-2020-1011 Windows Elevation of Privilege Vulnerability
Microsoft Windows CVE-2020-1094 Windows Work Folder Service Elevation of Privilege Vulnerability
Microsoft Windows CVE-2020-1016 Windows Push Notification Service Information Disclosure Vulnerability
Microsoft Windows CVE-2020-0794 Windows Denial of Service Vulnerability
Microsoft Windows CVE-2020-1017 Windows Push Notification Service Elevation of Privilege Vulnerability
Microsoft Windows CVE-2020-0944 Connected User Experiences and Telemetry Service Elevation of Privilege Vulnerability
Microsoft Windows CVE-2020-1006 Windows Push Notification Service Elevation of Privilege Vulnerability
Microsoft Windows CVE-2020-1009 Windows Elevation of Privilege Vulnerability
Microsoft Windows CVE-2020-0981 Windows Token Security Feature Bypass Vulnerability
Microsoft Windows CVE-2020-1001 Windows Push Notification Service Elevation of Privilege Vulnerability
Microsoft Windows DNS CVE-2020-0993 Windows DNS Denial of Service Vulnerability
Open Source Software CVE-2020-1026 MSR JavaScript Cryptography Library Security Feature Bypass Vulnerability
Remote Desktop Client CVE-2020-0919 Microsoft Remote Desktop App for Mac Elevation of Privilege Vulnerability
Visual Studio CVE-2020-0899 Microsoft Visual Studio Elevation of Privilege Vulnerability
Visual Studio CVE-2020-0900 Visual Studio Extension Installer Service Elevation of Privilege Vulnerability
Windows Defender CVE-2020-1002 Microsoft Defender Elevation of Privilege Vulnerability
Windows Defender CVE-2020-0835 Windows Defender Antimalware Platform Hard Link Elevation of Privilege Vulnerability
Windows Hyper-V CVE-2020-0918 Windows Hyper-V Elevation of Privilege Vulnerability
Windows Hyper-V CVE-2020-0910 Windows Hyper-V Remote Code Execution Vulnerability
Windows Hyper-V CVE-2020-0917 Windows Hyper-V Elevation of Privilege Vulnerability
Windows Kernel CVE-2020-0699 Win32k Information Disclosure Vulnerability
Windows Kernel CVE-2020-1027 Windows Kernel Elevation of Privilege Vulnerability
Windows Kernel CVE-2020-1003 Windows Kernel Elevation of Privilege Vulnerability
Windows Kernel CVE-2020-0955 Windows Kernel Information Disclosure in CPU Memory Access
Windows Kernel CVE-2020-1015 Windows Elevation of Privilege Vulnerability
Windows Kernel CVE-2020-1000 Windows Kernel Elevation of Privilege Vulnerability
Windows Kernel CVE-2020-1007 Windows Kernel Information Disclosure Vulnerability
Windows Kernel CVE-2020-0957 Win32k Elevation of Privilege Vulnerability
Windows Kernel CVE-2020-0936 Windows Scheduled Task Elevation of Privilege Vulnerability
Windows Kernel CVE-2020-0956 Win32k Elevation of Privilege Vulnerability
Windows Kernel CVE-2020-0962 Win32k Information Disclosure Vulnerability
Windows Kernel CVE-2020-0821 Windows Kernel Information Disclosure Vulnerability
Windows Kernel CVE-2020-0913 Windows Kernel Elevation of Privilege Vulnerability
Windows Kernel CVE-2020-0888 DirectX Elevation of Privilege Vulnerability
Windows Media CVE-2020-0948 Media Foundation Memory Corruption Vulnerability
Windows Media CVE-2020-0937 Media Foundation Information Disclosure Vulnerability
Windows Media CVE-2020-0949 Media Foundation Memory Corruption Vulnerability
Windows Media CVE-2020-0939 Media Foundation Information Disclosure Vulnerability
Windows Media CVE-2020-0950 Media Foundation Memory Corruption Vulnerability
Windows Media CVE-2020-0946 Media Foundation Information Disclosure Vulnerability
Windows Media CVE-2020-0947 Media Foundation Information Disclosure Vulnerability
Windows Media CVE-2020-0945 Media Foundation Information Disclosure Vulnerability
Windows Update Stack CVE-2020-0996 Windows Update Stack Elevation of Privilege Vulnerability
Windows Update Stack CVE-2020-1014 Microsoft Windows Update Client Elevation of Privilege Vulnerability
Windows Update Stack CVE-2020-0983 Windows Elevation of Privilege Vulnerability
Windows Update Stack CVE-2020-0985 Windows Update Stack Elevation of Privilege Vulnerability

CVE-2020-0760 - Microsoft Office Remote Code Execution Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2020-0760
MITRE
NVD
CVE Title: Microsoft Office Remote Code Execution Vulnerability
Description:

A remote code execution vulnerability exists when Microsoft Office improperly loads arbitrary type libraries. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

To exploit the vulnerability, an attacker must first convince a user to open a specially crafted Office document.

The updates address the vulnerability by correcting how Office handles type libraries.


FAQ:

Is the Preview Pane an attack vector for this vulnerability?

No, the Preview Pane is not an attack vector.


Mitigations:
None
Workarounds:
None
Revision:
1.0    2020-04-14T07:00:00Z    

Information published.


Important Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely Exploitation Less Likely Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2020-0760
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
Microsoft Access 2010 Service Pack 2 (32-bit editions) 4464527 (Security Update) Important Remote Code Execution 3114416
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Access 2010 Service Pack 2 (64-bit editions) 4464527 (Security Update) Important Remote Code Execution 3114416
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Access 2013 Service Pack 1 (32-bit editions) 4462210 (Security Update) Important Remote Code Execution 4018351
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Access 2013 Service Pack 1 (64-bit editions) 4462210 (Security Update) Important Remote Code Execution 4018351
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Access 2016 (32-bit edition) 4484167 (Security Update) Important Remote Code Execution 4018338
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Access 2016 (64-bit edition) 4484167 (Security Update) Important Remote Code Execution 4018338
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Excel 2010 Service Pack 2 (32-bit editions) 4484285 (Security Update) Important Remote Code Execution 4484267
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Excel 2010 Service Pack 2 (64-bit editions) 4484285 (Security Update) Important Remote Code Execution 4484267
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Excel 2013 RT Service Pack 1 4484283 (Security Update) Important Remote Code Execution 4484265
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Excel 2013 Service Pack 1 (32-bit editions) 4484283 (Security Update) Important Remote Code Execution 4484265
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Excel 2013 Service Pack 1 (64-bit editions) 4484283 (Security Update) Important Remote Code Execution 4484265
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Excel 2016 (32-bit edition) 4484273 (Security Update) Important Remote Code Execution 4484256
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Excel 2016 (64-bit edition) 4484273 (Security Update) Important Remote Code Execution 4484256
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Office 2010 Service Pack 2 (32-bit editions) 3203462 (Security Update)
4484126 (Security Update)
Important Remote Code Execution 3115120

4464566
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Office 2010 Service Pack 2 (64-bit editions) 3203462 (Security Update)
4484126 (Security Update)
Important Remote Code Execution 3115120

4464566
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Office 2013 RT Service Pack 1 4011104 (Security Update)
4484117 (Security Update)
Important Remote Code Execution 3115153

4475607
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Office 2013 Service Pack 1 (32-bit editions) 4011104 (Security Update)
4484117 (Security Update)
Important Remote Code Execution 3115153

4475607
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Office 2013 Service Pack 1 (64-bit editions) 4011104 (Security Update)
4484117 (Security Update)
Important Remote Code Execution 3115153

4475607
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Office 2016 (32-bit edition) 3128012 (Security Update)
4484214 (Security Update)
Important Remote Code Execution 3115135

4475583
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Office 2016 (64-bit edition) 3128012 (Security Update)
4484214 (Security Update)
Important Remote Code Execution 3115135

4475583
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Office 2019 for 32-bit editions Click to Run (Security Update) Important Remote Code Execution None Base: N/A
Temporal: N/A
Vector: N/A
No
Microsoft Office 2019 for 64-bit editions Click to Run (Security Update) Important Remote Code Execution None Base: N/A
Temporal: N/A
Vector: N/A
No
Microsoft Outlook 2010 Service Pack 2 (32-bit editions) 4484284 (Security Update) Important Remote Code Execution 4484163
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Outlook 2010 Service Pack 2 (64-bit editions) 4484284 (Security Update) Important Remote Code Execution 4484163
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Outlook 2013 RT Service Pack 1 4484281 (Security Update) Important Remote Code Execution 4484156
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Outlook 2013 Service Pack 1 (32-bit editions) 4484281 (Security Update) Important Remote Code Execution 4484156
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Outlook 2013 Service Pack 1 (64-bit editions) 4484281 (Security Update) Important Remote Code Execution 4484156
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Outlook 2016 (32-bit edition) 4484274 (Security Update) Important Remote Code Execution 4484250
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Outlook 2016 (64-bit edition) 4484274 (Security Update) Important Remote Code Execution 4484250
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft PowerPoint 2010 Service Pack 2 (32-bit editions) 4484235 (Security Update) Important Remote Code Execution 4461613
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft PowerPoint 2010 Service Pack 2 (64-bit editions) 4484235 (Security Update) Important Remote Code Execution 4461613
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft PowerPoint 2013 RT Service Pack 1 4484226 (Security Update) Important Remote Code Execution 4461590
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft PowerPoint 2013 Service Pack 1 (32-bit editions) 4484226 (Security Update) Important Remote Code Execution 4461590
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft PowerPoint 2013 Service Pack 1 (64-bit editions) 4484226 (Security Update) Important Remote Code Execution 4461590
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft PowerPoint 2016 (32-bit edition) 4484246 (Security Update) Important Remote Code Execution 4484166
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft PowerPoint 2016 (64-bit edition) 4484246 (Security Update) Important Remote Code Execution 4484166
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Project 2010 Service Pack 2 (32-bit editions) 4484132 (Security Update) Important Remote Code Execution 4461631
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Project 2010 Service Pack 2 (64-bit editions) 4484132 (Security Update) Important Remote Code Execution 4461631
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Project 2013 Service Pack 1 (32-bit editions) 4484125 (Security Update) Important Remote Code Execution 4464548
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Project 2013 Service Pack 1 (64-bit editions) 4484125 (Security Update) Important Remote Code Execution 4464548
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Project 2016 (32-bit edition) 4484269 (Security Update) Important Remote Code Execution 4475589
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Project 2016 (64-bit edition) 4484269 (Security Update) Important Remote Code Execution 4475589
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Publisher 2010 Service Pack 2 (32-bit editions) 4032216 (Security Update) Important Remote Code Execution 4011186
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Publisher 2010 Service Pack 2 (64-bit editions) 4032216 (Security Update) Important Remote Code Execution 4011186
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Publisher 2013 Service Pack 1 (32-bit editions) 3162033 (Security Update) Important Remote Code Execution 3085561
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Publisher 2013 Service Pack 1 (64-bit editions) 3162033 (Security Update) Important Remote Code Execution 3085561
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Publisher 2016 (32-bit edition) 4011097 (Security Update) Important Remote Code Execution 2920680
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Publisher 2016 (64-bit edition) 4011097 (Security Update) Important Remote Code Execution 2920680
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Visio 2010 Service Pack 2 (32-bit editions) 4462225 (Security Update) Important Remote Code Execution 3114872
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Visio 2010 Service Pack 2 (64-bit editions) 4462225 (Security Update) Important Remote Code Execution 3114872
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Visio 2013 Service Pack 1 (32-bit editions) 4464544 (Security Update) Important Remote Code Execution 3115020
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Visio 2013 Service Pack 1 (64-bit editions) 4464544 (Security Update) Important Remote Code Execution 3115020
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Visio 2016 (32-bit edition) 4484244 (Security Update) Important Remote Code Execution 3115041
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Visio 2016 (64-bit edition) 4484244 (Security Update) Important Remote Code Execution 3115041
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Word 2010 Service Pack 2 (32-bit editions) 4484295 (Security Update) Important Remote Code Execution 4484240
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Word 2010 Service Pack 2 (64-bit editions) 4484295 (Security Update) Important Remote Code Execution 4484240
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Word 2013 RT Service Pack 1 4484319 (Security Update) Important Remote Code Execution 4484231
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Word 2013 Service Pack 1 (32-bit editions) 4484319 (Security Update) Important Remote Code Execution 4484231
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Word 2013 Service Pack 1 (64-bit editions) 4484319 (Security Update) Important Remote Code Execution 4484231
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Word 2016 (32-bit edition) 4484300 (Security Update) Important Remote Code Execution 4484268
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Word 2016 (64-bit edition) 4484300 (Security Update) Important Remote Code Execution 4484268
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Office 365 ProPlus for 32-bit Systems Click to Run (Security Update) Important Remote Code Execution None Base: N/A
Temporal: N/A
Vector: N/A
No
Office 365 ProPlus for 64-bit Systems Click to Run (Security Update) Important Remote Code Execution None Base: N/A
Temporal: N/A
Vector: N/A
No

Acknowledgements

CVE ID Acknowledgements
CVE-2020-0760 Stan Hegt of Outflank


CVE-2020-0784 - DirectX Elevation of Privilege Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2020-0784
MITRE
NVD
CVE Title: DirectX Elevation of Privilege Vulnerability
Description:

An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system.

The update addresses the vulnerability by correcting how DirectX handles objects in memory.


FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2020-04-14T07:00:00Z    

Information published.


Important Elevation of Privilege

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
Exploitation More Likely Exploitation More Likely Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2020-0784
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
Windows 10 for 32-bit Systems 4550930 (Security Update) Important Elevation of Privilege 4540693
Base: 7.8
Temporal: 7.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 for x64-based Systems 4550930 (Security Update) Important Elevation of Privilege 4540693
Base: 7.8
Temporal: 7.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1607 for 32-bit Systems 4550929 (Security Update) Important Elevation of Privilege 4540670
Base: 7.8
Temporal: 7.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1607 for x64-based Systems 4550929 (Security Update) Important Elevation of Privilege 4540670
Base: 7.8
Temporal: 7.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1709 for 32-bit Systems 4550927 (Security Update) Important Elevation of Privilege 4540681
Base: 7.8
Temporal: 7.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1709 for ARM64-based Systems 4550927 (Security Update) Important Elevation of Privilege 4540681
Base: 7.8
Temporal: 7.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1709 for x64-based Systems 4550927 (Security Update) Important Elevation of Privilege 4540681
Base: 7.8
Temporal: 7.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1803 for 32-bit Systems 4550922 (Security Update) Important Elevation of Privilege 4540689
Base: 7.8
Temporal: 7.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1803 for ARM64-based Systems 4550922 (Security Update) Important Elevation of Privilege 4540689
Base: 7.8
Temporal: 7.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1803 for x64-based Systems 4550922 (Security Update) Important Elevation of Privilege 4540689
Base: 7.8
Temporal: 7.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1809 for 32-bit Systems 4549949 (Security Update) Important Elevation of Privilege 4538461
Base: 7.8
Temporal: 7.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1809 for ARM64-based Systems 4549949 (Security Update) Important Elevation of Privilege 4538461
Base: 7.8
Temporal: 7.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1809 for x64-based Systems 4549949 (Security Update) Important Elevation of Privilege 4538461
Base: 7.8
Temporal: 7.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1903 for 32-bit Systems 4549951 (Security Update) Important Elevation of Privilege 4540673 Base: 7.8
Temporal: 7.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1903 for ARM64-based Systems 4549951 (Security Update) Important Elevation of Privilege 4540673 Base: 7.8
Temporal: 7.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1903 for x64-based Systems 4549951 (Security Update) Important Elevation of Privilege 4540673 Base: 7.8
Temporal: 7.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1909 for 32-bit Systems 4549951 (Security Update) Important Elevation of Privilege 4540673 Base: 7.8
Temporal: 7.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1909 for ARM64-based Systems 4549951 (Security Update) Important Elevation of Privilege 4540673 Base: 7.8
Temporal: 7.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1909 for x64-based Systems 4549951 (Security Update) Important Elevation of Privilege 4540673 Base: 7.8
Temporal: 7.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2016 4550929 (Security Update) Important Elevation of Privilege 4540670
Base: 7.8
Temporal: 7.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2016 (Server Core installation) 4550929 (Security Update) Important Elevation of Privilege 4540670
Base: 7.8
Temporal: 7.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2019 4549949 (Security Update) Important Elevation of Privilege 4538461
Base: 7.8
Temporal: 7.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2019 (Server Core installation) 4549949 (Security Update) Important Elevation of Privilege 4538461
Base: 7.8
Temporal: 7.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server, version 1803 (Server Core Installation) 4550922 (Security Update) Important Elevation of Privilege 4540689
Base: 7.8
Temporal: 7.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server, version 1903 (Server Core installation) 4549951 (Security Update) Important Elevation of Privilege 4540673 Base: 7.8
Temporal: 7.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server, version 1909 (Server Core installation) 4549951 (Security Update) Important Elevation of Privilege 4540673 Base: 7.8
Temporal: 7.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2020-0784 Zhang WangJunJie and He YiShen of Hillstone Network Neuron Security Team


Victor Portal Gonzalez of Deloitte Spain


CVE-2020-0794 - Windows Denial of Service Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2020-0794
MITRE
NVD
CVE Title: Windows Denial of Service Vulnerability
Description:

A denial of service vulnerability exists when Windows improperly handles objects in memory. An attacker who successfully exploited the vulnerability could cause a target system to stop responding.

To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The vulnerability would not allow an attacker to execute code or to elevate user rights directly, but it could be used to cause a target system to stop responding.

The update addresses the vulnerability by correcting how Windows handles objects in memory.


FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2020-04-14T07:00:00Z    

Information published.


Important Denial of Service

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely Exploitation Less Likely Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2020-0794
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
Windows 10 Version 1709 for 32-bit Systems 4550927 (Security Update) Important Denial of Service 4540681
Base: 7.1
Temporal: 6.4
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1709 for ARM64-based Systems 4550927 (Security Update) Important Denial of Service 4540681
Base: 7.1
Temporal: 6.4
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1709 for x64-based Systems 4550927 (Security Update) Important Denial of Service 4540681
Base: 7.1
Temporal: 6.4
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1803 for 32-bit Systems 4550922 (Security Update) Important Denial of Service 4540689
Base: 7.1
Temporal: 6.4
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1803 for ARM64-based Systems 4550922 (Security Update) Important Denial of Service 4540689
Base: 7.1
Temporal: 6.4
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1803 for x64-based Systems 4550922 (Security Update) Important Denial of Service 4540689
Base: 7.1
Temporal: 6.4
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1809 for 32-bit Systems 4549949 (Security Update) Important Denial of Service 4538461
Base: 7.1
Temporal: 6.4
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1809 for ARM64-based Systems 4549949 (Security Update) Important Denial of Service 4538461
Base: 7.1
Temporal: 6.4
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1809 for x64-based Systems 4549949 (Security Update) Important Denial of Service 4538461
Base: 7.1
Temporal: 6.4
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1903 for 32-bit Systems 4549951 (Security Update) Important Denial of Service 4540673 Base: 7.1
Temporal: 6.4
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1903 for ARM64-based Systems 4549951 (Security Update) Important Denial of Service 4540673 Base: 7.1
Temporal: 6.4
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1903 for x64-based Systems 4549951 (Security Update) Important Denial of Service 4540673 Base: 7.1
Temporal: 6.4
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1909 for 32-bit Systems 4549951 (Security Update) Important Denial of Service 4540673 Base: 7.1
Temporal: 6.4
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1909 for ARM64-based Systems 4549951 (Security Update) Important Denial of Service 4540673 Base: 7.1
Temporal: 6.4
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1909 for x64-based Systems 4549951 (Security Update) Important Denial of Service 4540673 Base: 7.1
Temporal: 6.4
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2019 4549949 (Security Update) Important Denial of Service 4538461
Base: 7.1
Temporal: 6.4
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2019 (Server Core installation) 4549949 (Security Update) Important Denial of Service 4538461
Base: 7.1
Temporal: 6.4
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server, version 1803 (Server Core Installation) 4550922 (Security Update) Important Denial of Service 4540689
Base: 7.1
Temporal: 6.4
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server, version 1903 (Server Core installation) 4549951 (Security Update) Important Denial of Service 4540673 Base: 7.1
Temporal: 6.4
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server, version 1909 (Server Core installation) 4549951 (Security Update) Important Denial of Service 4540673 Base: 7.1
Temporal: 6.4
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:P/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2020-0794 Jeong Oh Kyea(@kkokkokye) of THEORI working with Trend Micro's Zero Day Initiative


Nadav Markus and Yaron Samuel of Palo Alto Networks


Nadav Markus and Yaron Samuel of Palo Alto Networks








Jarvis_1oop of Pinduoduo Security Research Lab


Jarvis_1oop of Pinduoduo Security Research Lab


Jarvis_1oop of Pinduoduo Security Research Lab


k0shl of Qihoo 360 Vulcan team


k0shl of Qihoo 360 Vulcan team


k0shl of Qihoo 360 Vulcan team


CVE-2020-0835 - Windows Defender Antimalware Platform Hard Link Elevation of Privilege Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2020-0835
MITRE
NVD
CVE Title: Windows Defender Antimalware Platform Hard Link Elevation of Privilege Vulnerability
Description:

An elevation of privilege vulnerability exists when Windows Defender antimalware platform improperly handles hard links. An attacker who successfully exploited this vulnerability could overwrite a targeted file leading to an elevated status.

To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system.

The security update addresses the vulnerability by correcting how Windows Defender antimalware platform handles hard links.


FAQ:
References Identification
Last version of the Windows Defender antimalware platform affected by this vulnerability Version 4.18.2001.111 and earlier antimalware platform
First version of the Windows Defender antimalware platform with this vulnerability addressed Version 4.18.2001.112

Why is no action required to install this update? In response to a constantly changing threat landscape, Microsoft frequently updates the Windows Defender antimalware platform in addition to signatures and the protection engine. In order to be effective in helping protect against new and prevalent threats, antimalware software must be kept up to date with these updates in a timely manner.

For enterprise deployments as well as end users, the default configuration in Microsoft antimalware software helps ensure that malware definitions and the Windows Defender antimalware platform are kept up to date automatically. Product documentation also recommends that products are configured for automatic updating.

Best practices recommend that customers regularly verify whether software distribution, such as the automatic deployment of Windows Defender antimalware platform updates and malware definitions, is working as expected in their environment.

How often is the Windows Defender antimalware platform updated? Microsoft typically releases an update for the Windows Defender antimalware platform once a month or as needed to protect against new threats. Microsoft also typically updates the malware definitions three times daily and can increase the frequency when needed.

Depending on which Microsoft antimalware software is used and how it is configured, the software may search for platform, engine and definition updates every day when connected to the Internet, up to multiple times daily. Customers can also choose to manually check for updates at any time.

What is the Windows Defender antimalware platform? The Windows Defender antimalware platform, is the platform leveraged by Microsoft security products – offering platform integration for the antimalware engine and signatures. It provides functionality like real time and scheduled/on-demand scanning, updating and reporting.

Does this update contain any additional security-related changes to functionality? Yes. In addition to the changes that are listed for this vulnerability, this update includes defense-in-depth updates to help improve security-related features.

Where can I find more information about Microsoft antimalware technology? For more information, visit the Microsoft Malware Protection Center website.

Suggested Actions

Verify that the update is installed

Customers should verify that the latest version of the Windows Defender antimalware platform and definition updates are being actively downloaded and installed for their Microsoft antimalware products.

For more information on how to verify the version number for the Windows Defender antimalware platform that your software is currently using, see the section, "Verifying Update Installation", in Microsoft Knowledge Base Article 2510781.

For affected software, verify that the Windows Defender antimalware platform version is 4.18.2001.112 or later.

If necessary, install the update

Administrators of enterprise antimalware deployments should ensure that their update management software is configured to automatically approve and distribute engine updates and new malware definitions. Enterprise administrators should also verify that the latest version of the Windows Defender antimalware platform and definition updates are being actively downloaded, approved and deployed in their environment.

For end-users, the affected software provides built-in mechanisms for the automatic detection and deployment of this update. For these customers, the update will be applied within 48 hours of its availability. The exact time frame depends on the software used, Internet connection, and infrastructure configuration.

End users that do not wish to wait can manually update their antimalware software.

For more information on how to manually update the Windows Defender antimalware platform and malware definitions, refer to Microsoft Knowledge Base Article 2510781.


Mitigations:
None
Workarounds:
None
Revision:
1.0    2020-04-14T07:00:00Z    

Information published.


Important Elevation of Privilege

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely N/A Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2020-0835
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
Windows Defender antimalware platform Important Elevation of Privilege None Base: N/A
Temporal: N/A
Vector: N/A
Unknown

Acknowledgements

CVE ID Acknowledgements
CVE-2020-0835 WongTing


Zhiniang Peng of Qihoo 360 Core security and Fangming Gu


CVE-2020-0895 - Windows VBScript Engine Remote Code Execution Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2020-0895
MITRE
NVD
CVE Title: Windows VBScript Engine Remote Code Execution Vulnerability
Description:

A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website. An attacker could also embed an ActiveX control marked "safe for initialization" in an application or Microsoft Office document that hosts the IE rendering engine. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability.

The security update addresses the vulnerability by modifying how the scripting engine handles objects in memory.


FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2020-04-14T07:00:00Z    

Information published.


Low Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely Exploitation Less Likely Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2020-0895
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
Internet Explorer 11 on Windows 10 for 32-bit Systems 4550930 (Security Update) Important Remote Code Execution 4540693
Base: 7.5
Temporal: 6.7
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 10 for x64-based Systems 4550930 (Security Update) Important Remote Code Execution 4540693
Base: 7.5
Temporal: 6.7
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 10 Version 1607 for 32-bit Systems 4550929 (Security Update) Important Remote Code Execution 4540670
Base: 7.5
Temporal: 6.7
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 10 Version 1607 for x64-based Systems 4550929 (Security Update) Important Remote Code Execution 4540670
Base: 7.5
Temporal: 6.7
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 10 Version 1709 for 32-bit Systems 4550927 (Security Update) Important Remote Code Execution 4540681
Base: 7.5
Temporal: 6.7
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 10 Version 1709 for ARM64-based Systems 4550927 (Security Update) Important Remote Code Execution 4540681
Base: 7.5
Temporal: 6.7
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 10 Version 1709 for x64-based Systems 4550927 (Security Update) Important Remote Code Execution 4540681
Base: 7.5
Temporal: 6.7
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 10 Version 1803 for 32-bit Systems 4550922 (Security Update) Important Remote Code Execution 4540689
Base: 7.5
Temporal: 6.7
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 10 Version 1803 for ARM64-based Systems 4550922 (Security Update) Important Remote Code Execution 4540689
Base: 7.5
Temporal: 6.7
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 10 Version 1803 for x64-based Systems 4550922 (Security Update) Important Remote Code Execution 4540689
Base: 7.5
Temporal: 6.7
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 10 Version 1809 for 32-bit Systems 4549949 (Security Update) Important Remote Code Execution 4538461
Base: 7.5
Temporal: 6.7
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 10 Version 1809 for ARM64-based Systems 4549949 (Security Update) Important Remote Code Execution 4538461
Base: 7.5
Temporal: 6.7
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 10 Version 1809 for x64-based Systems 4549949 (Security Update) Important Remote Code Execution 4538461
Base: 7.5
Temporal: 6.7
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 10 Version 1903 for 32-bit Systems 4549951 (Security Update) Important Remote Code Execution 4540673 Base: 7.5
Temporal: 6.7
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 10 Version 1903 for ARM64-based Systems 4549951 (Security Update) Important Remote Code Execution 4540673 Base: 7.5
Temporal: 6.7
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 10 Version 1903 for x64-based Systems 4549951 (Security Update) Important Remote Code Execution 4540673 Base: 7.5
Temporal: 6.7
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 10 Version 1909 for 32-bit Systems 4549951 (Security Update) Important Remote Code Execution 4540673 Base: 7.5
Temporal: 6.7
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 10 Version 1909 for ARM64-based Systems 4549951 (Security Update) Important Remote Code Execution 4540673 Base: 7.5
Temporal: 6.7
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 10 Version 1909 for x64-based Systems 4549951 (Security Update) Important Remote Code Execution 4540673 Base: 7.5
Temporal: 6.7
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 7 for 32-bit Systems Service Pack 1 4550905 (IE Cumulative)
4550964 (Monthly Rollup)
Important Remote Code Execution 4540671

4540688
Base: 7.5
Temporal: 6.7
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 7 for x64-based Systems Service Pack 1 4550905 (IE Cumulative)
4550964 (Monthly Rollup)
Important Remote Code Execution 4540671

4540688
Base: 7.5
Temporal: 6.7
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 8.1 for 32-bit systems 4550905 (IE Cumulative)
4550961 (Monthly Rollup)
Important Remote Code Execution 4540671

4541509
Base: 7.5
Temporal: 6.7
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 8.1 for x64-based systems 4550905 (IE Cumulative)
4550961 (Monthly Rollup)
Important Remote Code Execution 4540671

4541509
Base: 7.5
Temporal: 6.7
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows RT 8.1 4550961 (Monthly Rollup) Important Remote Code Execution 4541509
Base: 7.5
Temporal: 6.7
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 4550905 (IE Cumulative)
4550964 (Monthly Rollup)
Low Remote Code Execution 4540671

4540688
Base: 6.4
Temporal: 5.8
Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows Server 2012 4550905 (IE Cumulative)
4550917 (Monthly Rollup)
Low Remote Code Execution 4540671

4541510
Base: 6.4
Temporal: 5.8
Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows Server 2012 R2 4550905 (IE Cumulative)
4550961 (Monthly Rollup)
Low Remote Code Execution 4540671

4541509
Base: 6.4
Temporal: 5.8
Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows Server 2016 4550929 (Security Update) Low Remote Code Execution 4540670
Base: 6.4
Temporal: 5.8
Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows Server 2019 4549949 (Security Update) Low Remote Code Execution 4538461
Base: 6.4
Temporal: 5.8
Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 9 on Windows Server 2008 for 32-bit Systems Service Pack 2 4550951 (Monthly Rollup)
4550905 (IE Cumulative)
Low Remote Code Execution 4541506

4540671
Base: 6.4
Temporal: 5.8
Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 9 on Windows Server 2008 for x64-based Systems Service Pack 2 4550951 (Monthly Rollup)
4550905 (IE Cumulative)
Low Remote Code Execution 4541506

4540671
Base: 6.4
Temporal: 5.8
Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2020-0895 Yuki Chen of Qihoo 360 Vulcan Team


CVE-2020-0899 - Microsoft Visual Studio Elevation of Privilege Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2020-0899
MITRE
NVD
CVE Title: Microsoft Visual Studio Elevation of Privilege Vulnerability
Description:

An elevation of privilege vulnerability exists when Microsoft Visual Studio updater service improperly handles file permissions. An attacker who successfully exploited this vulnerability could overwrite arbitrary file content in the security context of the local system.

To exploit this vulnerability, an attacker would first have to log on to the system, and can control the files written by the updater.

The update addresses the vulnerability by correcting how the Visual Studio updater handles permissions.


FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2020-04-14T07:00:00Z    

Information published.


Important Elevation of Privilege

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely Exploitation Less Likely Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2020-0899
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
Microsoft Visual Studio 2017 version 15.9 (includes 15.1 - 15.8) Release Notes (Security Update) Important Elevation of Privilege None Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Visual Studio 2019 version 16.0 Release Notes (Security Update) Important Elevation of Privilege None Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3) Release Notes (Security Update) Important Elevation of Privilege None Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Visual Studio 2019 version 16.5 Release Notes (Security Update) Important Elevation of Privilege None Base: N/A
Temporal: N/A
Vector: N/A
Maybe

Acknowledgements

CVE ID Acknowledgements
CVE-2020-0899 Gábor Selján (@GaborSeljan)


Zhiniang Peng (@edwardzpeng) of Qihoo 360 Core security & Xuefeng Li




Tobias Neitzel of usd AG


CVE-2020-0906 - Microsoft Excel Remote Code Execution Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2020-0906
MITRE
NVD
CVE Title: Microsoft Excel Remote Code Execution Vulnerability
Description:

A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Excel. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability. An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.

The security update addresses the vulnerability by correcting how Microsoft Excel handles objects in memory.


FAQ:

Is the Preview Pane an attack vector for this vulnerability?

No, the Preview Pane is not an attack vector.


Mitigations:
None
Workarounds:
None
Revision:
1.0    2020-04-14T07:00:00Z    

Information published.


Important Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely Exploitation Less Likely Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2020-0906
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
Microsoft Excel 2010 Service Pack 2 (32-bit editions) 4484285 (Security Update) Important Remote Code Execution 4484267
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Excel 2010 Service Pack 2 (64-bit editions) 4484285 (Security Update) Important Remote Code Execution 4484267
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Excel 2013 RT Service Pack 1 4484283 (Security Update) Important Remote Code Execution 4484265
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Excel 2013 Service Pack 1 (32-bit editions) 4484283 (Security Update) Important Remote Code Execution 4484265
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Excel 2013 Service Pack 1 (64-bit editions) 4484283 (Security Update) Important Remote Code Execution 4484265
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Excel 2016 (32-bit edition) 4484273 (Security Update) Important Remote Code Execution 4484256
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Excel 2016 (64-bit edition) 4484273 (Security Update) Important Remote Code Execution 4484256
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Office 2010 Service Pack 2 (32-bit editions) 4484266 (Security Update) Important Remote Code Execution 4484236 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Office 2010 Service Pack 2 (64-bit editions) 4484266 (Security Update) Important Remote Code Execution 4484236 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Office 2013 RT Service Pack 1 4484260 (Security Update) Important Remote Code Execution 4484227 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Office 2013 Service Pack 1 (32-bit editions) 4484260 (Security Update) Important Remote Code Execution 4484227 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Office 2013 Service Pack 1 (64-bit editions) 4484260 (Security Update) Important Remote Code Execution 4484227 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Office 2016 (32-bit edition) 4484258 (Security Update) Important Remote Code Execution 4484221 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Office 2016 (64-bit edition) 4484258 (Security Update) Important Remote Code Execution 4484221 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Office 2019 for 32-bit editions Click to Run (Security Update) Important Remote Code Execution None Base: N/A
Temporal: N/A
Vector: N/A
No
Microsoft Office 2019 for 64-bit editions Click to Run (Security Update) Important Remote Code Execution None Base: N/A
Temporal: N/A
Vector: N/A
No
Office 365 ProPlus for 32-bit Systems Click to Run (Security Update) Important Remote Code Execution None Base: N/A
Temporal: N/A
Vector: N/A
No
Office 365 ProPlus for 64-bit Systems Click to Run (Security Update) Important Remote Code Execution None Base: N/A
Temporal: N/A
Vector: N/A
No

Acknowledgements

CVE ID Acknowledgements
CVE-2020-0906 Zhihua Yao and Dexter Li working with Trend Micro's Zero Day Initiative


CVE-2020-0907 - Microsoft Graphics Components Remote Code Execution Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2020-0907
MITRE
NVD
CVE Title: Microsoft Graphics Components Remote Code Execution Vulnerability
Description:

A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code on a target system.

To exploit the vulnerability, a user would have to open a specially crafted file.

The security update addresses the vulnerability by correcting how Microsoft Graphics Components handle objects in memory.


FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2020-04-14T07:00:00Z    

Information published.


Critical Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely Exploitation Less Likely Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2020-0907
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
Windows 10 for 32-bit Systems 4550930 (Security Update) Critical Remote Code Execution 4540693
Base: 7.8
Temporal: 7.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 for x64-based Systems 4550930 (Security Update) Critical Remote Code Execution 4540693
Base: 7.8
Temporal: 7.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1607 for 32-bit Systems 4550929 (Security Update) Critical Remote Code Execution 4540670
Base: 7.8
Temporal: 7.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1607 for x64-based Systems 4550929 (Security Update) Critical Remote Code Execution 4540670
Base: 7.8
Temporal: 7.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1709 for 32-bit Systems 4550927 (Security Update) Critical Remote Code Execution 4540681
Base: 7.8
Temporal: 7.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1709 for ARM64-based Systems 4550927 (Security Update) Critical Remote Code Execution 4540681
Base: 7.8
Temporal: 7.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1709 for x64-based Systems 4550927 (Security Update) Critical Remote Code Execution 4540681
Base: 7.8
Temporal: 7.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1803 for 32-bit Systems 4550922 (Security Update) Critical Remote Code Execution 4540689
Base: 7.8
Temporal: 7.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1803 for ARM64-based Systems 4550922 (Security Update) Critical Remote Code Execution 4540689
Base: 7.8
Temporal: 7.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1803 for x64-based Systems 4550922 (Security Update) Critical Remote Code Execution 4540689
Base: 7.8
Temporal: 7.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1809 for 32-bit Systems 4549949 (Security Update) Critical Remote Code Execution 4538461
Base: 7.8
Temporal: 7.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1809 for ARM64-based Systems 4549949 (Security Update) Critical Remote Code Execution 4538461
Base: 7.8
Temporal: 7.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1809 for x64-based Systems 4549949 (Security Update) Critical Remote Code Execution 4538461
Base: 7.8
Temporal: 7.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1903 for 32-bit Systems 4549951 (Security Update) Critical Remote Code Execution 4540673 Base: 7.8
Temporal: 7.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1903 for ARM64-based Systems 4549951 (Security Update) Critical Remote Code Execution 4540673 Base: 7.8
Temporal: 7.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1903 for x64-based Systems 4549951 (Security Update) Critical Remote Code Execution 4540673 Base: 7.8
Temporal: 7.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1909 for 32-bit Systems 4549951 (Security Update) Critical Remote Code Execution 4540673 Base: 7.8
Temporal: 7.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1909 for ARM64-based Systems 4549951 (Security Update) Critical Remote Code Execution 4540673 Base: 7.8
Temporal: 7.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1909 for x64-based Systems 4549951 (Security Update) Critical Remote Code Execution 4540673 Base: 7.8
Temporal: 7.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 7 for 32-bit Systems Service Pack 1 4550964 (Monthly Rollup)
4550965 (Security Only)
Critical Remote Code Execution 4540688
Base: 7.8
Temporal: 7.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 7 for x64-based Systems Service Pack 1 4550964 (Monthly Rollup)
4550965 (Security Only)
Critical Remote Code Execution 4540688
Base: 7.8
Temporal: 7.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 8.1 for 32-bit systems 4550961 (Monthly Rollup)
4550970 (Security Only)
Critical Remote Code Execution 4541509
Base: 7.8
Temporal: 7.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 8.1 for x64-based systems 4550961 (Monthly Rollup)
4550970 (Security Only)
Critical Remote Code Execution 4541509
Base: 7.8
Temporal: 7.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows RT 8.1 4550961 (Monthly Rollup) Critical Remote Code Execution 4541509
Base: 7.8
Temporal: 7.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 4550951 (Monthly Rollup)
4550957 (Security Only)
Critical Remote Code Execution 4541506
Base: 7.8
Temporal: 7.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 4550951 (Monthly Rollup)
4550957 (Security Only)
Critical Remote Code Execution 4541506
Base: 7.8
Temporal: 7.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 for Itanium-Based Systems Service Pack 2 4550951 (Monthly Rollup)
4550957 (Security Only)
Critical Remote Code Execution 4541506
Base: 7.8
Temporal: 7.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 4550951 (Monthly Rollup)
4550957 (Security Only)
Critical Remote Code Execution 4541506
Base: 7.8
Temporal: 7.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 4550951 (Monthly Rollup)
4550957 (Security Only)
Critical Remote Code Execution 4541506
Base: 7.8
Temporal: 7.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 4550964 (Monthly Rollup)
4550965 (Security Only)
Critical Remote Code Execution 4540688
Base: 7.8
Temporal: 7.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 4550964 (Monthly Rollup)
4550965 (Security Only)
Critical Remote Code Execution 4540688
Base: 7.8
Temporal: 7.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 4550964 (Monthly Rollup)
4550965 (Security Only)
Critical Remote Code Execution 4540688
Base: 7.8
Temporal: 7.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2012 4550917 (Monthly Rollup)
4550971 (Security Only)
Critical Remote Code Execution 4541510
Base: 7.8
Temporal: 7.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2012 (Server Core installation) 4550917 (Monthly Rollup)
4550971 (Security Only)
Critical Remote Code Execution 4541510
Base: 7.8
Temporal: 7.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2012 R2 4550961 (Monthly Rollup)
4550970 (Security Only)
Critical Remote Code Execution 4541509
Base: 7.8
Temporal: 7.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2012 R2 (Server Core installation) 4550961 (Monthly Rollup)
4550970 (Security Only)
Critical Remote Code Execution 4541509
Base: 7.8
Temporal: 7.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2016 4550929 (Security Update) Critical Remote Code Execution 4540670
Base: 7.8
Temporal: 7.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2016 (Server Core installation) 4550929 (Security Update) Critical Remote Code Execution 4540670
Base: 7.8
Temporal: 7.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2019 4549949 (Security Update) Critical Remote Code Execution 4538461
Base: 7.8
Temporal: 7.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2019 (Server Core installation) 4549949 (Security Update) Critical Remote Code Execution 4538461
Base: 7.8
Temporal: 7.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server, version 1803 (Server Core Installation) 4550922 (Security Update) Critical Remote Code Execution 4540689
Base: 7.8
Temporal: 7.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server, version 1903 (Server Core installation) 4549951 (Security Update) Critical Remote Code Execution 4540673 Base: 7.8
Temporal: 7.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server, version 1909 (Server Core installation) 4549951 (Security Update) Critical Remote Code Execution 4540673 Base: 7.8
Temporal: 7.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2020-0907 Wenguang Jiao of Qihoo 360 CoreSecurity


CVE-2020-0910 - Windows Hyper-V Remote Code Execution Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2020-0910
MITRE
NVD
CVE Title: Windows Hyper-V Remote Code Execution Vulnerability
Description:

A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker could run a specially crafted application on a guest operating system that could cause the Hyper-V host operating system to execute arbitrary code.

An attacker who successfully exploited the vulnerability could execute arbitrary code on the host operating system.

The security update addresses the vulnerability by correcting how Hyper-V validates guest operating system user input.


FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2020-04-14T07:00:00Z    

Information published.


Critical Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely Exploitation Less Likely Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2020-0910
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
Windows 10 Version 1809 for x64-based Systems 4549949 (Security Update) Critical Remote Code Execution 4538461
Base: 8.4
Temporal: 7.6
Vector: CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1903 for x64-based Systems 4549951 (Security Update) Critical Remote Code Execution 4540673 Base: 8.4
Temporal: 7.6
Vector: CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1909 for x64-based Systems 4549951 (Security Update) Critical Remote Code Execution 4540673 Base: 8.4
Temporal: 7.6
Vector: CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2019 4549949 (Security Update) Critical Remote Code Execution 4538461
Base: 8.4
Temporal: 7.6
Vector: CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2019 (Server Core installation) 4549949 (Security Update) Critical Remote Code Execution 4538461
Base: 8.4
Temporal: 7.6
Vector: CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server, version 1903 (Server Core installation) 4549951 (Security Update) Critical Remote Code Execution 4540673 Base: 8.4
Temporal: 7.6
Vector: CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server, version 1909 (Server Core installation) 4549951 (Security Update) Critical Remote Code Execution 4540673 Base: 8.4
Temporal: 7.6
Vector: CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2020-0910 Microsoft Virtualization Security Team


CVE-2020-0913 - Windows Kernel Elevation of Privilege Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2020-0913
MITRE
NVD
CVE Title: Windows Kernel Elevation of Privilege Vulnerability
Description:

An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application to take control of an affected system.

The update addresses the vulnerability by correcting how the Windows kernel handles objects in memory.


FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2020-04-14T07:00:00Z    

Information published.


Important Elevation of Privilege

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely Exploitation Less Likely Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2020-0913
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
Windows 10 Version 1803 for 32-bit Systems 4550922 (Security Update) Important Elevation of Privilege 4540689
Base: 7.8
Temporal: 7.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1803 for ARM64-based Systems 4550922 (Security Update) Important Elevation of Privilege 4540689
Base: 7.8
Temporal: 7.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1803 for x64-based Systems 4550922 (Security Update) Important Elevation of Privilege 4540689
Base: 7.8
Temporal: 7.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1809 for 32-bit Systems 4549949 (Security Update) Important Elevation of Privilege 4538461
Base: 7.8
Temporal: 7.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1809 for ARM64-based Systems 4549949 (Security Update) Important Elevation of Privilege 4538461
Base: 7.8
Temporal: 7.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1809 for x64-based Systems 4549949 (Security Update) Important Elevation of Privilege 4538461
Base: 7.8
Temporal: 7.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1903 for 32-bit Systems 4549951 (Security Update) Important Elevation of Privilege 4540673 Base: 7.8
Temporal: 7.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1903 for ARM64-based Systems 4549951 (Security Update) Important Elevation of Privilege 4540673 Base: 7.8
Temporal: 7.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1903 for x64-based Systems 4549951 (Security Update) Important Elevation of Privilege 4540673 Base: 7.8
Temporal: 7.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1909 for 32-bit Systems 4549951 (Security Update) Important Elevation of Privilege 4540673 Base: 7.8
Temporal: 7.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1909 for ARM64-based Systems 4549951 (Security Update) Important Elevation of Privilege 4540673 Base: 7.8
Temporal: 7.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1909 for x64-based Systems 4549951 (Security Update) Important Elevation of Privilege 4540673 Base: 7.8
Temporal: 7.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2019 4549949 (Security Update) Important Elevation of Privilege 4538461
Base: 7.8
Temporal: 7.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2019 (Server Core installation) 4549949 (Security Update) Important Elevation of Privilege 4538461
Base: 7.8
Temporal: 7.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server, version 1803 (Server Core Installation) 4550922 (Security Update) Important Elevation of Privilege 4540689
Base: 7.8
Temporal: 7.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server, version 1903 (Server Core installation) 4549951 (Security Update) Important Elevation of Privilege 4540673 Base: 7.8
Temporal: 7.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server, version 1909 (Server Core installation) 4549951 (Security Update) Important Elevation of Privilege 4540673 Base: 7.8
Temporal: 7.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2020-0913 Shefang Zhong of Qihoo 360 Vulcan Team


CVE-2020-0917 - Windows Hyper-V Elevation of Privilege Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2020-0917
MITRE
NVD
CVE Title: Windows Hyper-V Elevation of Privilege Vulnerability
Description:

An elevation of privilege vulnerability exists when Windows Hyper-V on a host server fails to properly handle objects in memory. An attacker who successfully exploited these vulnerabilities could gain elevated privileges on a target operating system.

This vulnerability by itself does not allow arbitrary code to be run. However, this vulnerability could be used in conjunction with one or more vulnerabilities (e.g. a remote code execution vulnerability and another elevation of privilege) that could take advantage of the elevated privileges when running.

The update addresses the vulnerabilities by correcting how Windows Hyper-V handles objects in memory.


FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2020-04-14T07:00:00Z    

Information published.


Important Elevation of Privilege

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely Exploitation Less Likely Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2020-0917
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
Windows 10 Version 1809 for x64-based Systems 4549949 (Security Update) Important Elevation of Privilege 4538461
Base: 8.4
Temporal: 7.6
Vector: CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1903 for x64-based Systems 4549951 (Security Update) Important Elevation of Privilege 4540673 Base: 8.4
Temporal: 7.6
Vector: CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1909 for x64-based Systems 4549951 (Security Update) Important Elevation of Privilege 4540673 Base: 8.4
Temporal: 7.6
Vector: CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2019 4549949 (Security Update) Important Elevation of Privilege 4538461
Base: 8.4
Temporal: 7.6
Vector: CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2019 (Server Core installation) 4549949 (Security Update) Important Elevation of Privilege 4538461
Base: 8.4
Temporal: 7.6
Vector: CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server, version 1903 (Server Core installation) 4549951 (Security Update) Important Elevation of Privilege 4540673 Base: 8.4
Temporal: 7.6
Vector: CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server, version 1909 (Server Core installation) 4549951 (Security Update) Important Elevation of Privilege 4540673 Base: 8.4
Temporal: 7.6
Vector: CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2020-0917 Daniel King (@long123king), MSRC Microsoft


CVE-2020-0918 - Windows Hyper-V Elevation of Privilege Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2020-0918
MITRE
NVD
CVE Title: Windows Hyper-V Elevation of Privilege Vulnerability
Description:

An elevation of privilege vulnerability exists when Windows Hyper-V on a host server fails to properly handle objects in memory. An attacker who successfully exploited these vulnerabilities could gain elevated privileges on a target operating system.

This vulnerability by itself does not allow arbitrary code to be run. However, this vulnerability could be used in conjunction with one or more vulnerabilities (e.g. a remote code execution vulnerability and another elevation of privilege) that could take advantage of the elevated privileges when running.

The update addresses the vulnerabilities by correcting how Windows Hyper-V handles objects in memory.


FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2020-04-14T07:00:00Z    

Information published.


Important Elevation of Privilege

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely Exploitation Less Likely Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2020-0918
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
Windows 10 Version 1809 for x64-based Systems 4549949 (Security Update) Important Elevation of Privilege 4538461
Base: 8.4
Temporal: 7.6
Vector: CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1903 for x64-based Systems 4549951 (Security Update) Important Elevation of Privilege 4540673 Base: 8.4
Temporal: 7.6
Vector: CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1909 for x64-based Systems 4549951 (Security Update) Important Elevation of Privilege 4540673 Base: 8.4
Temporal: 7.6
Vector: CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2019 4549949 (Security Update) Important Elevation of Privilege 4538461
Base: 8.4
Temporal: 7.6
Vector: CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2019 (Server Core installation) 4549949 (Security Update) Important Elevation of Privilege 4538461
Base: 8.4
Temporal: 7.6
Vector: CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server, version 1903 (Server Core installation) 4549951 (Security Update) Important Elevation of Privilege 4540673 Base: 8.4
Temporal: 7.6
Vector: CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server, version 1909 (Server Core installation) 4549951 (Security Update) Important Elevation of Privilege 4540673 Base: 8.4
Temporal: 7.6
Vector: CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2020-0918 Saar Amar, Microsoft Security Response Center


CVE-2020-0920 - Microsoft SharePoint Remote Code Execution Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2020-0920
MITRE
NVD
CVE Title: Microsoft SharePoint Remote Code Execution Vulnerability
Description:

A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application pool and the SharePoint server farm account.

Exploitation of this vulnerability requires that a user uploads a specially crafted SharePoint application package to an affected version of SharePoint.

The security update addresses the vulnerability by correcting how SharePoint checks the source markup of application packages.


FAQ:

Is the Preview Pane an attack vector for this vulnerability?

No, the Preview Pane is not an attack vector.


Mitigations:
None
Workarounds:
None
Revision:
1.0    2020-04-14T07:00:00Z    

Information published.


Important Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely Exploitation Less Likely Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2020-0920
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
Microsoft SharePoint Enterprise Server 2016 4484299 (Security Update) Important Remote Code Execution 4484272 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft SharePoint Foundation 2010 Service Pack 2 4484298 (Security Update) Important Remote Code Execution 4484197 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft SharePoint Foundation 2013 Service Pack 1 4484321 (Security Update) Important Remote Code Execution 4484282 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft SharePoint Server 2019 4484292 (Security Update) Important Remote Code Execution 4484271 Base: N/A
Temporal: N/A
Vector: N/A
Maybe

Acknowledgements

CVE ID Acknowledgements
CVE-2020-0920 Ivan Vagunin,


CVE-2020-0923 - Microsoft Office SharePoint XSS Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2020-0923
MITRE
NVD
CVE Title: Microsoft Office SharePoint XSS Vulnerability
Description:

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.

The attacker who successfully exploited the vulnerability could then perform cross-site scripting attacks on affected systems and run script in the security context of the current user. The attacks could allow the attacker to read content that the attacker is not authorized to read, use the victim's identity to take actions on the SharePoint site on behalf of the user, such as change permissions and delete content, and inject malicious content in the browser of the user.

The security update addresses the vulnerability by helping to ensure that SharePoint Server properly sanitizes web requests.


FAQ:

Is the Preview Pane an attack vector for this vulnerability?

No, the Preview Pane is not an attack vector.


Mitigations:
None
Workarounds:
None
Revision:
1.0    2020-04-14T07:00:00Z    

Information published.


Important Spoofing

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely Exploitation Less Likely Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2020-0923
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
Microsoft SharePoint Enterprise Server 2013 Service Pack 1 4484308 (Security Update) Important Spoofing 4484150 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft SharePoint Enterprise Server 2016 4484299 (Security Update)
4484301 (Security Update)
Important Spoofing 4484272
4484275
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft SharePoint Foundation 2013 Service Pack 1 4484321 (Security Update)
4484322 (Security Update)
Important Spoofing 4484282
4484124
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft SharePoint Server 2019 4484292 (Security Update)
4484291 (Security Update)
Important Spoofing 4484271
4484277
Base: N/A
Temporal: N/A
Vector: N/A
Maybe

Acknowledgements

CVE ID Acknowledgements
CVE-2020-0923 Huynh Phuoc Hung, @hph0var


CVE-2020-0924 - Microsoft Office SharePoint XSS Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2020-0924
MITRE
NVD
CVE Title: Microsoft Office SharePoint XSS Vulnerability
Description:

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.

The attacker who successfully exploited the vulnerability could then perform cross-site scripting attacks on affected systems and run script in the security context of the current user. The attacks could allow the attacker to read content that the attacker is not authorized to read, use the victim's identity to take actions on the SharePoint site on behalf of the user, such as change permissions and delete content, and inject malicious content in the browser of the user.

The security update addresses the vulnerability by helping to ensure that SharePoint Server properly sanitizes web requests.


FAQ:

Is the Preview Pane an attack vector for this vulnerability?

No, the Preview Pane is not an attack vector.


Mitigations:
None
Workarounds:
None
Revision:
1.0    2020-04-14T07:00:00Z    

Information published.


Important Spoofing

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely Exploitation Less Likely Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2020-0924
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
Microsoft SharePoint Enterprise Server 2016 4484299 (Security Update) Important Spoofing 4484272 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft SharePoint Foundation 2013 Service Pack 1 4484321 (Security Update) Important Spoofing 4484282 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft SharePoint Server 2019 4484292 (Security Update) Important Spoofing 4484271 Base: N/A
Temporal: N/A
Vector: N/A
Maybe

Acknowledgements

CVE ID Acknowledgements
CVE-2020-0924 Huynh Phuoc Hung, @hph0var


CVE-2020-0925 - Microsoft Office SharePoint XSS Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2020-0925
MITRE
NVD
CVE Title: Microsoft Office SharePoint XSS Vulnerability
Description:

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.

The attacker who successfully exploited the vulnerability could then perform cross-site scripting attacks on affected systems and run script in the security context of the current user. The attacks could allow the attacker to read content that the attacker is not authorized to read, use the victim's identity to take actions on the SharePoint site on behalf of the user, such as change permissions and delete content, and inject malicious content in the browser of the user.

The security update addresses the vulnerability by helping to ensure that SharePoint Server properly sanitizes web requests.


FAQ:

Is the Preview Pane an attack vector for this vulnerability?

No, the Preview Pane is not an attack vector.


Mitigations:
None
Workarounds:
None
Revision:
1.0    2020-04-14T07:00:00Z    

Information published.


Important Spoofing

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely Exploitation Less Likely Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2020-0925
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
Microsoft SharePoint Enterprise Server 2016 4484299 (Security Update) Important Spoofing 4484272 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft SharePoint Foundation 2010 Service Pack 2 4484298 (Security Update) Important Spoofing 4484197 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft SharePoint Foundation 2013 Service Pack 1 4484321 (Security Update) Important Spoofing 4484282 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft SharePoint Server 2019 4484292 (Security Update) Important Spoofing 4484271 Base: N/A
Temporal: N/A
Vector: N/A
Maybe

Acknowledgements

CVE ID Acknowledgements
CVE-2020-0925 None

CVE-2020-0926 - Microsoft Office SharePoint XSS Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2020-0926
MITRE
NVD
CVE Title: Microsoft Office SharePoint XSS Vulnerability
Description:

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.

The attacker who successfully exploited the vulnerability could then perform cross-site scripting attacks on affected systems and run script in the security context of the current user. The attacks could allow the attacker to read content that the attacker is not authorized to read, use the victim's identity to take actions on the SharePoint site on behalf of the user, such as change permissions and delete content, and inject malicious content in the browser of the user.

The security update addresses the vulnerability by helping to ensure that SharePoint Server properly sanitizes web requests.


FAQ:

Is the Preview Pane an attack vector for this vulnerability?

No, the Preview Pane is not an attack vector.


Mitigations:
None
Workarounds:
None
Revision:
1.0    2020-04-14T07:00:00Z    

Information published.


Important Spoofing

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely Exploitation Less Likely Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2020-0926
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
Microsoft SharePoint Enterprise Server 2013 Service Pack 1 4484308 (Security Update) Important Spoofing 4484150 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft SharePoint Enterprise Server 2016 4484299 (Security Update) Important Spoofing 4484272 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft SharePoint Server 2019 4484292 (Security Update) Important Spoofing 4484271 Base: N/A
Temporal: N/A
Vector: N/A
Maybe

Acknowledgements

CVE ID Acknowledgements
CVE-2020-0926 Huynh Phuoc Hung, @hph0var


CVE-2020-0927 - Microsoft Office SharePoint XSS Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2020-0927
MITRE
NVD
CVE Title: Microsoft Office SharePoint XSS Vulnerability
Description:

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.

The attacker who successfully exploited the vulnerability could then perform cross-site scripting attacks on affected systems and run script in the security context of the current user. The attacks could allow the attacker to read content that the attacker is not authorized to read, use the victim's identity to take actions on the SharePoint site on behalf of the user, such as change permissions and delete content, and inject malicious content in the browser of the user.

The security update addresses the vulnerability by helping to ensure that SharePoint Server properly sanitizes web requests.


FAQ:

Is the Preview Pane an attack vector for this vulnerability?

No, the Preview Pane is not an attack vector.


Mitigations:
None
Workarounds:
None
Revision:
1.0    2020-04-14T07:00:00Z    

Information published.


Critical Spoofing

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely Exploitation Less Likely Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2020-0927
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
Microsoft SharePoint Enterprise Server 2016 4484299 (Security Update) Critical Spoofing 4484272 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft SharePoint Server 2019 4484292 (Security Update) Critical Spoofing 4484271 Base: N/A
Temporal: N/A
Vector: N/A
Maybe

Acknowledgements

CVE ID Acknowledgements
CVE-2020-0927 Huynh Phuoc Hung, @hph0var


CVE-2020-0929 - Microsoft SharePoint Remote Code Execution Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2020-0929
MITRE
NVD
CVE Title: Microsoft SharePoint Remote Code Execution Vulnerability
Description:

A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application pool and the SharePoint server farm account.

Exploitation of this vulnerability requires that a user uploads a specially crafted SharePoint application package to an affected version of SharePoint.

The security update addresses the vulnerability by correcting how SharePoint checks the source markup of application packages.


FAQ:

Is the Preview Pane an attack vector for this vulnerability?

No, the Preview Pane is not an attack vector.


Mitigations:
None
Workarounds:
None
Revision:
1.0    2020-04-14T07:00:00Z    

Information published.


Critical Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely Exploitation Less Likely Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2020-0929
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
Microsoft SharePoint Enterprise Server 2016 4484299 (Security Update) Critical Remote Code Execution 4484272 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft SharePoint Foundation 2010 Service Pack 2 4484298 (Security Update) Critical Remote Code Execution 4484197 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft SharePoint Foundation 2013 Service Pack 1 4484321 (Security Update) Critical Remote Code Execution 4484282 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft SharePoint Server 2019 4484292 (Security Update) Critical Remote Code Execution 4484271 Base: N/A
Temporal: N/A
Vector: N/A
Maybe

Acknowledgements

CVE ID Acknowledgements
CVE-2020-0929 None

CVE-2020-0930 - Microsoft Office SharePoint XSS Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2020-0930
MITRE
NVD
CVE Title: Microsoft Office SharePoint XSS Vulnerability
Description:

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.

The attacker who successfully exploited the vulnerability could then perform cross-site scripting attacks on affected systems and run script in the security context of the current user. The attacks could allow the attacker to read content that the attacker is not authorized to read, use the victim's identity to take actions on the SharePoint site on behalf of the user, such as change permissions and delete content, and inject malicious content in the browser of the user.

The security update addresses the vulnerability by helping to ensure that SharePoint Server properly sanitizes web requests.


FAQ:

Is the Preview Pane an attack vector for this vulnerability?

No, the Preview Pane is not an attack vector.


Mitigations:
None
Workarounds:
None
Revision:
1.0    2020-04-14T07:00:00Z    

Information published.


Important Spoofing

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely Exploitation Less Likely Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2020-0930
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
Microsoft SharePoint Enterprise Server 2013 Service Pack 1 4484308 (Security Update) Important Spoofing 4484150 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft SharePoint Enterprise Server 2016 4484299 (Security Update) Important Spoofing 4484272 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft SharePoint Server 2019 4484292 (Security Update) Important Spoofing 4484271 Base: N/A
Temporal: N/A
Vector: N/A
Maybe

Acknowledgements

CVE ID Acknowledgements
CVE-2020-0930 Huynh Phuoc Hung, @hph0var


CVE-2020-0931 - Microsoft SharePoint Remote Code Execution Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2020-0931
MITRE
NVD
CVE Title: Microsoft SharePoint Remote Code Execution Vulnerability
Description:

A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application pool and the SharePoint server farm account.

Exploitation of this vulnerability requires that a user uploads a specially crafted SharePoint application package to an affected version of SharePoint.

The security update addresses the vulnerability by correcting how SharePoint checks the source markup of application packages.


FAQ:

Is the Preview Pane an attack vector for this vulnerability?

No, the Preview Pane is not an attack vector.


Mitigations:
None
Workarounds:
None
Revision:
1.0    2020-04-14T07:00:00Z    

Information published.


Critical Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely Exploitation Less Likely Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2020-0931
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
Microsoft Business Productivity Servers 2010 Service Pack 2 2553306 (Security Update) Critical Remote Code Execution None Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft SharePoint Enterprise Server 2013 Service Pack 1 4484308 (Security Update)
4011584 (Security Update)
Critical Remote Code Execution 4484150
3162069
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft SharePoint Enterprise Server 2016 4484299 (Security Update)
4484301 (Security Update)
Critical Remote Code Execution 4484272
4484275
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft SharePoint Foundation 2013 Service Pack 1 4484321 (Security Update)
4484322 (Security Update)
Critical Remote Code Execution 4484282
4484124
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft SharePoint Server 2019 4484292 (Security Update)
4484291 (Security Update)
Critical Remote Code Execution 4484271
4484277
Base: N/A
Temporal: N/A
Vector: N/A
Maybe

Acknowledgements

CVE ID Acknowledgements
CVE-2020-0931 working with Trend Micro's Zero Day Initiative


CVE-2020-0932 - Microsoft SharePoint Remote Code Execution Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2020-0932
MITRE
NVD
CVE Title: Microsoft SharePoint Remote Code Execution Vulnerability
Description:

A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application pool and the SharePoint server farm account.

Exploitation of this vulnerability requires that a user uploads a specially crafted SharePoint application package to an affected version of SharePoint.

The security update addresses the vulnerability by correcting how SharePoint checks the source markup of application packages.


FAQ:

Is the Preview Pane an attack vector for this vulnerability?

No, the Preview Pane is not an attack vector.


Mitigations:
None
Workarounds:
None
Revision:
1.0    2020-04-14T07:00:00Z    

Information published.


Critical Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely Exploitation Less Likely Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2020-0932
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
Microsoft SharePoint Enterprise Server 2016 4484299 (Security Update) Critical Remote Code Execution 4484272 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft SharePoint Foundation 2013 Service Pack 1 4484321 (Security Update) Critical Remote Code Execution 4484282 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft SharePoint Server 2019 4484292 (Security Update) Critical Remote Code Execution 4484271 Base: N/A
Temporal: N/A
Vector: N/A
Maybe

Acknowledgements

CVE ID Acknowledgements
CVE-2020-0932 working with Trend Micro's Zero Day Initiative


CVE-2020-0933 - Microsoft Office SharePoint XSS Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2020-0933
MITRE
NVD
CVE Title: Microsoft Office SharePoint XSS Vulnerability
Description:

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.

The attacker who successfully exploited the vulnerability could then perform cross-site scripting attacks on affected systems and run script in the security context of the current user. The attacks could allow the attacker to read content that the attacker is not authorized to read, use the victim's identity to take actions on the SharePoint site on behalf of the user, such as change permissions and delete content, and inject malicious content in the browser of the user.

The security update addresses the vulnerability by helping to ensure that SharePoint Server properly sanitizes web requests.


FAQ:

Is the Preview Pane an attack vector for this vulnerability?

No, the Preview Pane is not an attack vector.


Mitigations:
None
Workarounds:
None
Revision:
1.0    2020-04-14T07:00:00Z    

Information published.


Important Spoofing

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely Exploitation Less Likely Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2020-0933
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
Microsoft SharePoint Enterprise Server 2016 4484299 (Security Update) Important Spoofing 4484272 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft SharePoint Foundation 2013 Service Pack 1 4484321 (Security Update) Important Spoofing 4484282 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft SharePoint Server 2019 4484292 (Security Update) Important Spoofing 4484271 Base: N/A
Temporal: N/A
Vector: N/A
Maybe

Acknowledgements

CVE ID Acknowledgements
CVE-2020-0933 Lee Thao from Viettel Cyber Security


CVE-2020-0935 - OneDrive for Windows Elevation of Privilege Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2020-0935
MITRE
NVD
CVE Title: OneDrive for Windows Elevation of Privilege Vulnerability
Description:

An elevation of privilege vulnerability exists when the OneDrive for Windows Desktop application improperly handles symbolic links. An attacker who successfully exploited this vulnerability could overwrite a targeted file leading to an elevated status.

To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system.

The update addresses this vulnerability by correcting how OneDrive handles symbolic links.


FAQ:

Do I need to take any action to protect myself from this vulnerability?

Most customers have been protected from this vulnerability because OneDrive has its own updater that periodically checks and updates the OneDrive binary. If your network is air-gapped, you can update the binary from the link in the Security Updates table.


Mitigations:
None
Workarounds:
None
Revision:
1.0    2020-04-14T07:00:00Z    

Information published.


Important Elevation of Privilege

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely N/A Not Applicable Yes No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2020-0935
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
OneDrive for Windows Release Notes (Security Update) Important Elevation of Privilege None Base: N/A
Temporal: N/A
Vector: N/A
Maybe

Acknowledgements

CVE ID Acknowledgements
CVE-2020-0935 Zhiniang Peng (@edwardzpeng) of Qihoo 360 Core security and Fangming Gu (@afang5472).


CVE-2020-0944 - Connected User Experiences and Telemetry Service Elevation of Privilege Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2020-0944
MITRE
NVD
CVE Title: Connected User Experiences and Telemetry Service Elevation of Privilege Vulnerability
Description:

An elevation of privilege vulnerability exists when Connected User Experiences and Telemetry Service improperly handles file operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context.

An attacker could exploit this vulnerability by running a specially crafted application on the victim system.

The security update addresses the vulnerability by correcting how the Connected User Experiences and Telemetry Service handles file operations.


FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2020-04-14T07:00:00Z    

Information published.


Important Elevation of Privilege

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely Exploitation Less Likely Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2020-0944
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
Windows 10 Version 1709 for 32-bit Systems 4550927 (Security Update) Important Elevation of Privilege 4540681
Base: 7.8
Temporal: 7.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1709 for ARM64-based Systems 4550927 (Security Update) Important Elevation of Privilege 4540681
Base: 7.8
Temporal: 7.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1709 for x64-based Systems 4550927 (Security Update) Important Elevation of Privilege 4540681
Base: 7.8
Temporal: 7.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1803 for 32-bit Systems 4550922 (Security Update) Important Elevation of Privilege 4540689
Base: 7.8
Temporal: 7.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1803 for ARM64-based Systems 4550922 (Security Update) Important Elevation of Privilege 4540689
Base: 7.8
Temporal: 7.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1803 for x64-based Systems 4550922 (Security Update) Important Elevation of Privilege 4540689
Base: 7.8
Temporal: 7.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1809 for 32-bit Systems 4549949 (Security Update) Important Elevation of Privilege 4538461
Base: 7.8
Temporal: 7.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1809 for ARM64-based Systems 4549949 (Security Update) Important Elevation of Privilege 4538461
Base: 7.8
Temporal: 7.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1809 for x64-based Systems 4549949 (Security Update) Important Elevation of Privilege 4538461
Base: 7.8
Temporal: 7.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1903 for 32-bit Systems 4549951 (Security Update) Important Elevation of Privilege 4540673 Base: 7.8
Temporal: 7.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1903 for ARM64-based Systems 4549951 (Security Update) Important Elevation of Privilege 4540673 Base: 7.8
Temporal: 7.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1903 for x64-based Systems 4549951 (Security Update) Important Elevation of Privilege 4540673 Base: 7.8
Temporal: 7.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1909 for 32-bit Systems 4549951 (Security Update) Important Elevation of Privilege 4540673 Base: 7.8
Temporal: 7.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1909 for ARM64-based Systems 4549951 (Security Update) Important Elevation of Privilege 4540673 Base: 7.8
Temporal: 7.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1909 for x64-based Systems 4549951 (Security Update) Important Elevation of Privilege 4540673 Base: 7.8
Temporal: 7.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2019 4549949 (Security Update) Important Elevation of Privilege 4538461
Base: 7.8
Temporal: 7.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2019 (Server Core installation) 4549949 (Security Update) Important Elevation of Privilege 4538461
Base: 7.8
Temporal: 7.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server, version 1803 (Server Core Installation) 4550922 (Security Update) Important Elevation of Privilege 4540689
Base: 7.8
Temporal: 7.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server, version 1903 (Server Core installation) 4549951 (Security Update) Important Elevation of Privilege 4540673 Base: 7.8
Temporal: 7.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server, version 1909 (Server Core installation) 4549951 (Security Update) Important Elevation of Privilege 4540673 Base: 7.8
Temporal: 7.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2020-0944 Jonas Lykkegård


Zhiniang Peng (@edwardzpeng) of Qihoo 360 Core Security and Jiadong Lu


CVE-2020-0945 - Media Foundation Information Disclosure Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2020-0945
MITRE
NVD
CVE Title: Media Foundation Information Disclosure Vulnerability
Description:

An information disclosure vulnerability exists when Media Foundation improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system.

To exploit this vulnerability, an attacker would have to log onto an affected system and open a specially crafted file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file that is designed to exploit the vulnerability. However, an attacker would have no way to force the user to visit the website. Instead, an attacker would have to convince the user to click a link, typically by way of an enticement in an email or Instant Messenger message, and then convince the user to open the specially crafted file.

The update addresses the vulnerability by correcting how Media Foundation handles objects in memory.


FAQ:

What type of information could be disclosed by this vulnerability?

The type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized memory.


Mitigations:
None
Workarounds:
None
Revision:
1.0    2020-04-14T07:00:00Z    

Information published.


Important Information Disclosure

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely Exploitation Less Likely Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2020-0945
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
Windows 10 for 32-bit Systems 4550930 (Security Update) Important Information Disclosure 4540693
Base: 5.5
Temporal: 5.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 for x64-based Systems 4550930 (Security Update) Important Information Disclosure 4540693
Base: 5.5
Temporal: 5.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1607 for 32-bit Systems 4550929 (Security Update) Important Information Disclosure 4540670
Base: 5.5
Temporal: 5.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1607 for x64-based Systems 4550929 (Security Update) Important Information Disclosure 4540670
Base: 5.5
Temporal: 5.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1709 for 32-bit Systems 4550927 (Security Update) Important Information Disclosure 4540681
Base: 5.5
Temporal: 5.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1709 for ARM64-based Systems 4550927 (Security Update) Important Information Disclosure 4540681
Base: 5.5
Temporal: 5.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1709 for x64-based Systems 4550927 (Security Update) Important Information Disclosure 4540681
Base: 5.5
Temporal: 5.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1803 for 32-bit Systems 4550922 (Security Update) Important Information Disclosure 4540689
Base: 5.5
Temporal: 5.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1803 for ARM64-based Systems 4550922 (Security Update) Important Information Disclosure 4540689
Base: 5.5
Temporal: 5.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1803 for x64-based Systems 4550922 (Security Update) Important Information Disclosure 4540689
Base: 5.5
Temporal: 5.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1809 for 32-bit Systems 4549949 (Security Update) Important Information Disclosure 4538461
Base: 5.5
Temporal: 5.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1809 for ARM64-based Systems 4549949 (Security Update) Important Information Disclosure 4538461
Base: 5.5
Temporal: 5.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1809 for x64-based Systems 4549949 (Security Update) Important Information Disclosure 4538461
Base: 5.5
Temporal: 5.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1903 for 32-bit Systems 4549951 (Security Update) Important Information Disclosure 4540673 Base: 5.5
Temporal: 5.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1903 for ARM64-based Systems 4549951 (Security Update) Important Information Disclosure 4540673 Base: 5.5
Temporal: 5.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1903 for x64-based Systems 4549951 (Security Update) Important Information Disclosure 4540673 Base: 5.5
Temporal: 5.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1909 for 32-bit Systems 4549951 (Security Update) Important Information Disclosure 4540673 Base: 5.5
Temporal: 5.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1909 for ARM64-based Systems 4549951 (Security Update) Important Information Disclosure 4540673 Base: 5.5
Temporal: 5.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1909 for x64-based Systems 4549951 (Security Update) Important Information Disclosure 4540673 Base: 5.5
Temporal: 5.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 8.1 for 32-bit systems 4550961 (Monthly Rollup)
4550970 (Security Only)
Important Information Disclosure 4541509
Base: 5.5
Temporal: 5.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 8.1 for x64-based systems 4550961 (Monthly Rollup)
4550970 (Security Only)
Important Information Disclosure 4541509
Base: 5.5
Temporal: 5.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows RT 8.1 4550961 (Monthly Rollup) Important Information Disclosure 4541509
Base: 5.5
Temporal: 5.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2012 R2 4550961 (Monthly Rollup)
4550970 (Security Only)
Important Information Disclosure 4541509
Base: 5.5
Temporal: 5.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2012 R2 (Server Core installation) 4550961 (Monthly Rollup)
4550970 (Security Only)
Important Information Disclosure 4541509
Base: 5.5
Temporal: 5.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2016 4550929 (Security Update) Important Information Disclosure 4540670
Base: 5.5
Temporal: 5.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2016 (Server Core installation) 4550929 (Security Update) Important Information Disclosure 4540670
Base: 5.5
Temporal: 5.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2019 4549949 (Security Update) Important Information Disclosure 4538461
Base: 5.5
Temporal: 5.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2019 (Server Core installation) 4549949 (Security Update) Important Information Disclosure 4538461
Base: 5.5
Temporal: 5.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server, version 1803 (Server Core Installation) 4550922 (Security Update) Important Information Disclosure 4540689
Base: 5.5
Temporal: 5.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server, version 1903 (Server Core installation) 4549951 (Security Update) Important Information Disclosure 4540673 Base: 5.5
Temporal: 5.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server, version 1909 (Server Core installation) 4549951 (Security Update) Important Information Disclosure 4540673 Base: 5.5
Temporal: 5.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2020-0945 Ke Liu of Tencent Security Xuanwu Lab


CVE-2020-0946 - Media Foundation Information Disclosure Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2020-0946
MITRE
NVD
CVE Title: Media Foundation Information Disclosure Vulnerability
Description:

An information disclosure vulnerability exists when Media Foundation improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system.

To exploit this vulnerability, an attacker would have to log onto an affected system and open a specially crafted file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file that is designed to exploit the vulnerability. However, an attacker would have no way to force the user to visit the website. Instead, an attacker would have to convince the user to click a link, typically by way of an enticement in an email or Instant Messenger message, and then convince the user to open the specially crafted file.

The update addresses the vulnerability by correcting how Media Foundation handles objects in memory.


FAQ:

What type of information could be disclosed by this vulnerability?

The type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized memory.


Mitigations:
None
Workarounds:
None
Revision:
1.0    2020-04-14T07:00:00Z    

Information published.


Important Information Disclosure

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely Exploitation Less Likely Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2020-0946
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
Windows 10 for 32-bit Systems 4550930 (Security Update) Important Information Disclosure 4540693
Base: 5.5
Temporal: 5.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 for x64-based Systems 4550930 (Security Update) Important Information Disclosure 4540693
Base: 5.5
Temporal: 5.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1607 for 32-bit Systems 4550929 (Security Update) Important Information Disclosure 4540670
Base: 5.5
Temporal: 5.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1607 for x64-based Systems 4550929 (Security Update) Important Information Disclosure 4540670
Base: 5.5
Temporal: 5.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1709 for 32-bit Systems 4550927 (Security Update) Important Information Disclosure 4540681
Base: 5.5
Temporal: 5.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1709 for ARM64-based Systems 4550927 (Security Update) Important Information Disclosure 4540681
Base: 5.5
Temporal: 5.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1709 for x64-based Systems 4550927 (Security Update) Important Information Disclosure 4540681
Base: 5.5
Temporal: 5.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1803 for 32-bit Systems 4550922 (Security Update) Important Information Disclosure 4540689
Base: 5.5
Temporal: 5.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1803 for ARM64-based Systems 4550922 (Security Update) Important Information Disclosure 4540689
Base: 5.5
Temporal: 5.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1803 for x64-based Systems 4550922 (Security Update) Important Information Disclosure 4540689
Base: 5.5
Temporal: 5.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1809 for 32-bit Systems 4549949 (Security Update) Important Information Disclosure 4538461
Base: 5.5
Temporal: 5.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1809 for ARM64-based Systems 4549949 (Security Update) Important Information Disclosure 4538461
Base: 5.5
Temporal: 5.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1809 for x64-based Systems 4549949 (Security Update) Important Information Disclosure 4538461
Base: 5.5
Temporal: 5.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1903 for 32-bit Systems 4549951 (Security Update) Important Information Disclosure 4540673 Base: 5.5
Temporal: 5.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1903 for ARM64-based Systems 4549951 (Security Update) Important Information Disclosure 4540673 Base: 5.5
Temporal: 5.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1903 for x64-based Systems 4549951 (Security Update) Important Information Disclosure 4540673 Base: 5.5
Temporal: 5.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1909 for 32-bit Systems 4549951 (Security Update) Important Information Disclosure 4540673 Base: 5.5
Temporal: 5.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1909 for ARM64-based Systems 4549951 (Security Update) Important Information Disclosure 4540673 Base: 5.5
Temporal: 5.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1909 for x64-based Systems 4549951 (Security Update) Important Information Disclosure 4540673 Base: 5.5
Temporal: 5.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 7 for 32-bit Systems Service Pack 1 4550964 (Monthly Rollup)
4550965 (Security Only)
Important Information Disclosure 4540688
Base: 5.5
Temporal: 5.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 7 for x64-based Systems Service Pack 1 4550964 (Monthly Rollup)
4550965 (Security Only)
Important Information Disclosure 4540688
Base: 5.5
Temporal: 5.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 8.1 for 32-bit systems 4550961 (Monthly Rollup)
4550970 (Security Only)
Important Information Disclosure 4541509
Base: 5.5
Temporal: 5.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 8.1 for x64-based systems 4550961 (Monthly Rollup)
4550970 (Security Only)
Important Information Disclosure 4541509
Base: 5.5
Temporal: 5.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 4550951 (Monthly Rollup)
4550957 (Security Only)
Important Information Disclosure 4541506
Base: 5.5
Temporal: 5.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 4550951 (Monthly Rollup)
4550957 (Security Only)
Important Information Disclosure 4541506
Base: 5.5
Temporal: 5.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 for Itanium-Based Systems Service Pack 2 4550951 (Monthly Rollup)
4550957 (Security Only)
Important Information Disclosure 4541506
Base: 5.5
Temporal: 5.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 4550951 (Monthly Rollup)
4550957 (Security Only)
Important Information Disclosure 4541506
Base: 5.5
Temporal: 5.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 4550951 (Monthly Rollup)
4550957 (Security Only)
Important Information Disclosure 4541506
Base: 5.5
Temporal: 5.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 4550964 (Monthly Rollup)
4550965 (Security Only)
Important Information Disclosure 4540688
Base: 5.5
Temporal: 5.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 4550964 (Monthly Rollup)
4550965 (Security Only)
Important Information Disclosure 4540688
Base: 5.5
Temporal: 5.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 4550964 (Monthly Rollup)
4550965 (Security Only)
Important Information Disclosure 4540688
Base: 5.5
Temporal: 5.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2012 4550917 (Monthly Rollup)
4550971 (Security Only)
Important Information Disclosure 4541510
Base: 5.5
Temporal: 5.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2012 (Server Core installation) 4550917 (Monthly Rollup)
4550971 (Security Only)
Important Information Disclosure 4541510
Base: 5.5
Temporal: 5.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2012 R2 4550961 (Monthly Rollup)
4550970 (Security Only)
Important Information Disclosure 4541509
Base: 5.5
Temporal: 5.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2012 R2 (Server Core installation) 4550961 (Monthly Rollup)
4550970 (Security Only)
Important Information Disclosure 4541509
Base: 5.5
Temporal: 5.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2016 4550929 (Security Update) Important Information Disclosure 4540670
Base: 5.5
Temporal: 5.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2016 (Server Core installation) 4550929 (Security Update) Important Information Disclosure 4540670
Base: 5.5
Temporal: 5.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2019 4549949 (Security Update) Important Information Disclosure 4538461
Base: 5.5
Temporal: 5.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2019 (Server Core installation) 4549949 (Security Update) Important Information Disclosure 4538461
Base: 5.5
Temporal: 5.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server, version 1803 (Server Core Installation) 4550922 (Security Update) Important Information Disclosure 4540689
Base: 5.5
Temporal: 5.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server, version 1903 (Server Core installation) 4549951 (Security Update) Important Information Disclosure 4540673 Base: 5.5
Temporal: 5.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server, version 1909 (Server Core installation) 4549951 (Security Update) Important Information Disclosure 4540673 Base: 5.5
Temporal: 5.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2020-0946 @expend20


Ke Liu of Tencent Security Xuanwu Lab


yangkang3 (@dnpushme) of Qihoo 360 core security


CVE-2020-0947 - Media Foundation Information Disclosure Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2020-0947
MITRE
NVD
CVE Title: Media Foundation Information Disclosure Vulnerability
Description:

An information disclosure vulnerability exists when Media Foundation improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system.

To exploit this vulnerability, an attacker would have to log onto an affected system and open a specially crafted file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file that is designed to exploit the vulnerability. However, an attacker would have no way to force the user to visit the website. Instead, an attacker would have to convince the user to click a link, typically by way of an enticement in an email or Instant Messenger message, and then convince the user to open the specially crafted file.

The update addresses the vulnerability by correcting how Media Foundation handles objects in memory.


FAQ:

What type of information could be disclosed by this vulnerability?

The type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized memory.


Mitigations:
None
Workarounds:
None
Revision:
1.0    2020-04-14T07:00:00Z    

Information published.


Important Information Disclosure

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely Exploitation Less Likely Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2020-0947
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
Windows 10 Version 1903 for 32-bit Systems 4549951 (Security Update) Important Information Disclosure 4540673 Base: 5.5
Temporal: 5.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1903 for ARM64-based Systems 4549951 (Security Update) Important Information Disclosure 4540673 Base: 5.5
Temporal: 5.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1903 for x64-based Systems 4549951 (Security Update) Important Information Disclosure 4540673 Base: 5.5
Temporal: 5.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1909 for 32-bit Systems 4549951 (Security Update) Important Information Disclosure 4540673 Base: 5.5
Temporal: 5.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1909 for ARM64-based Systems 4549951 (Security Update) Important Information Disclosure 4540673 Base: 5.5
Temporal: 5.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1909 for x64-based Systems 4549951 (Security Update) Important Information Disclosure 4540673 Base: 5.5
Temporal: 5.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server, version 1903 (Server Core installation) 4549951 (Security Update) Important Information Disclosure 4540673 Base: 5.5
Temporal: 5.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server, version 1909 (Server Core installation) 4549951 (Security Update) Important Information Disclosure 4540673 Base: 5.5
Temporal: 5.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2020-0947 Ke Liu of Tencent Security Xuanwu Lab


CVE-2020-0948 - Media Foundation Memory Corruption Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2020-0948
MITRE
NVD
CVE Title: Media Foundation Memory Corruption Vulnerability
Description:

A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory. An attacker who successfully exploited the vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights.

There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit a malicious webpage.

The security update addresses the vulnerability by correcting how Windows Media Foundation handles objects in memory.


FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2020-04-14T07:00:00Z    

Information published.


Critical Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely Exploitation Less Likely Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2020-0948
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
Windows 10 for 32-bit Systems 4550930 (Security Update) Critical Remote Code Execution 4540693
Base: 7.8
Temporal: 7.0
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 for x64-based Systems 4550930 (Security Update) Critical Remote Code Execution 4540693
Base: 7.8
Temporal: 7.0
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1607 for 32-bit Systems 4550929 (Security Update) Critical Remote Code Execution 4540670
Base: 7.8
Temporal: 7.0
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1607 for x64-based Systems 4550929 (Security Update) Critical Remote Code Execution 4540670
Base: 7.8
Temporal: 7.0
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1709 for 32-bit Systems 4550927 (Security Update) Critical Remote Code Execution 4540681
Base: 7.8
Temporal: 7.0
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1709 for ARM64-based Systems 4550927 (Security Update) Critical Remote Code Execution 4540681
Base: 7.8
Temporal: 7.0
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1709 for x64-based Systems 4550927 (Security Update) Critical Remote Code Execution 4540681
Base: 7.8
Temporal: 7.0
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1803 for 32-bit Systems 4550922 (Security Update) Critical Remote Code Execution 4540689
Base: 7.8
Temporal: 7.0
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1803 for ARM64-based Systems 4550922 (Security Update) Critical Remote Code Execution 4540689
Base: 7.8
Temporal: 7.0
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1803 for x64-based Systems 4550922 (Security Update) Critical Remote Code Execution 4540689
Base: 7.8
Temporal: 7.0
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1809 for 32-bit Systems 4549949 (Security Update) Critical Remote Code Execution 4538461
Base: 7.8
Temporal: 7.0
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1809 for ARM64-based Systems 4549949 (Security Update) Critical Remote Code Execution 4538461
Base: 7.8
Temporal: 7.0
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1809 for x64-based Systems 4549949 (Security Update) Critical Remote Code Execution 4538461
Base: 7.8
Temporal: 7.0
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1903 for 32-bit Systems 4549951 (Security Update) Critical Remote Code Execution 4540673 Base: 7.8
Temporal: 7.0
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1903 for ARM64-based Systems 4549951 (Security Update) Critical Remote Code Execution 4540673 Base: 7.8
Temporal: 7.0
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1903 for x64-based Systems 4549951 (Security Update) Critical Remote Code Execution 4540673 Base: 7.8
Temporal: 7.0
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1909 for 32-bit Systems 4549951 (Security Update) Critical Remote Code Execution 4540673 Base: 7.8
Temporal: 7.0
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1909 for ARM64-based Systems 4549951 (Security Update) Critical Remote Code Execution 4540673 Base: 7.8
Temporal: 7.0
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1909 for x64-based Systems 4549951 (Security Update) Critical Remote Code Execution 4540673 Base: 7.8
Temporal: 7.0
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2016 4550929 (Security Update) Critical Remote Code Execution 4540670
Base: 7.8
Temporal: 7.0
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2016 (Server Core installation) 4550929 (Security Update) Critical Remote Code Execution 4540670
Base: 7.8
Temporal: 7.0
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2019 4549949 (Security Update) Critical Remote Code Execution 4538461
Base: 7.8
Temporal: 7.0
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2019 (Server Core installation) 4549949 (Security Update) Critical Remote Code Execution 4538461
Base: 7.8
Temporal: 7.0
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server, version 1803 (Server Core Installation) 4550922 (Security Update) Critical Remote Code Execution 4540689
Base: 7.8
Temporal: 7.0
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server, version 1903 (Server Core installation) 4549951 (Security Update) Critical Remote Code Execution 4540673 Base: 7.8
Temporal: 7.0
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server, version 1909 (Server Core installation) 4549951 (Security Update) Critical Remote Code Execution 4540673 Base: 7.8
Temporal: 7.0
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2020-0948 Ke Liu of Tencent Security Xuanwu Lab


CVE-2020-0949 - Media Foundation Memory Corruption Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2020-0949
MITRE
NVD
CVE Title: Media Foundation Memory Corruption Vulnerability
Description:

A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory. An attacker who successfully exploited the vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights.

There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit a malicious webpage.

The security update addresses the vulnerability by correcting how Windows Media Foundation handles objects in memory.


FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2020-04-14T07:00:00Z    

Information published.


Critical Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely Exploitation Less Likely Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2020-0949
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
Windows 10 for 32-bit Systems 4550930 (Security Update) Critical Remote Code Execution 4540693
Base: 7.8
Temporal: 7.0
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 for x64-based Systems 4550930 (Security Update) Critical Remote Code Execution 4540693
Base: 7.8
Temporal: 7.0
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1607 for 32-bit Systems 4550929 (Security Update) Critical Remote Code Execution 4540670
Base: 7.8
Temporal: 7.0
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1607 for x64-based Systems 4550929 (Security Update) Critical Remote Code Execution 4540670
Base: 7.8
Temporal: 7.0
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1709 for 32-bit Systems 4550927 (Security Update) Critical Remote Code Execution 4540681
Base: 7.8
Temporal: 7.0
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1709 for ARM64-based Systems 4550927 (Security Update) Critical Remote Code Execution 4540681
Base: 7.8
Temporal: 7.0
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1709 for x64-based Systems 4550927 (Security Update) Critical Remote Code Execution 4540681
Base: 7.8
Temporal: 7.0
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1803 for 32-bit Systems 4550922 (Security Update) Critical Remote Code Execution 4540689
Base: 7.8
Temporal: 7.0
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1803 for ARM64-based Systems 4550922 (Security Update) Critical Remote Code Execution 4540689
Base: 7.8
Temporal: 7.0
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1803 for x64-based Systems 4550922 (Security Update) Critical Remote Code Execution 4540689
Base: 7.8
Temporal: 7.0
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1809 for 32-bit Systems 4549949 (Security Update) Critical Remote Code Execution 4538461
Base: 7.8
Temporal: 7.0
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1809 for ARM64-based Systems 4549949 (Security Update) Critical Remote Code Execution 4538461
Base: 7.8
Temporal: 7.0
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1809 for x64-based Systems 4549949 (Security Update) Critical Remote Code Execution 4538461
Base: 7.8
Temporal: 7.0
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1903 for 32-bit Systems 4549951 (Security Update) Critical Remote Code Execution 4540673 Base: 7.8
Temporal: 7.0
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1903 for ARM64-based Systems 4549951 (Security Update) Critical Remote Code Execution 4540673 Base: 7.8
Temporal: 7.0
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1903 for x64-based Systems 4549951 (Security Update) Critical Remote Code Execution 4540673 Base: 7.8
Temporal: 7.0
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1909 for 32-bit Systems 4549951 (Security Update) Critical Remote Code Execution 4540673 Base: 7.8
Temporal: 7.0
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1909 for ARM64-based Systems 4549951 (Security Update) Critical Remote Code Execution 4540673 Base: 7.8
Temporal: 7.0
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1909 for x64-based Systems 4549951 (Security Update) Critical Remote Code Execution 4540673 Base: 7.8
Temporal: 7.0
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2016 4550929 (Security Update) Critical Remote Code Execution 4540670
Base: 7.8
Temporal: 7.0
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2016 (Server Core installation) 4550929 (Security Update) Critical Remote Code Execution 4540670
Base: 7.8
Temporal: 7.0
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2019 4549949 (Security Update) Critical Remote Code Execution 4538461
Base: 7.8
Temporal: 7.0
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2019 (Server Core installation) 4549949 (Security Update) Critical Remote Code Execution 4538461
Base: 7.8
Temporal: 7.0
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server, version 1803 (Server Core Installation) 4550922 (Security Update) Critical Remote Code Execution 4540689
Base: 7.8
Temporal: 7.0
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server, version 1903 (Server Core installation) 4549951 (Security Update) Critical Remote Code Execution 4540673 Base: 7.8
Temporal: 7.0
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server, version 1909 (Server Core installation) 4549951 (Security Update) Critical Remote Code Execution 4540673 Base: 7.8
Temporal: 7.0
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2020-0949 Ke Liu of Tencent Security Xuanwu Lab


CVE-2020-0950 - Media Foundation Memory Corruption Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2020-0950
MITRE
NVD
CVE Title: Media Foundation Memory Corruption Vulnerability
Description:

A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory. An attacker who successfully exploited the vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights.

There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit a malicious webpage.

The security update addresses the vulnerability by correcting how Windows Media Foundation handles objects in memory.


FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2020-04-14T07:00:00Z    

Information published.


Critical Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely Exploitation Less Likely Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2020-0950
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
Windows 10 for 32-bit Systems 4550930 (Security Update) Critical Remote Code Execution 4540693
Base: 7.8
Temporal: 7.0
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 for x64-based Systems 4550930 (Security Update) Critical Remote Code Execution 4540693
Base: 7.8
Temporal: 7.0
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1607 for 32-bit Systems 4550929 (Security Update) Critical Remote Code Execution 4540670
Base: 7.8
Temporal: 7.0
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1607 for x64-based Systems 4550929 (Security Update) Critical Remote Code Execution 4540670
Base: 7.8
Temporal: 7.0
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1709 for 32-bit Systems 4550927 (Security Update) Critical Remote Code Execution 4540681
Base: 7.8
Temporal: 7.0
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1709 for ARM64-based Systems 4550927 (Security Update) Critical Remote Code Execution 4540681
Base: 7.8
Temporal: 7.0
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1709 for x64-based Systems 4550927 (Security Update) Critical Remote Code Execution 4540681
Base: 7.8
Temporal: 7.0
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1803 for 32-bit Systems 4550922 (Security Update) Critical Remote Code Execution 4540689
Base: 7.8
Temporal: 7.0
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1803 for ARM64-based Systems 4550922 (Security Update) Critical Remote Code Execution 4540689
Base: 7.8
Temporal: 7.0
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1803 for x64-based Systems 4550922 (Security Update) Critical Remote Code Execution 4540689
Base: 7.8
Temporal: 7.0
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1809 for 32-bit Systems 4549949 (Security Update) Critical Remote Code Execution 4538461
Base: 7.8
Temporal: 7.0
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1809 for ARM64-based Systems 4549949 (Security Update) Critical Remote Code Execution 4538461
Base: 7.8
Temporal: 7.0
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1809 for x64-based Systems 4549949 (Security Update) Critical Remote Code Execution 4538461
Base: 7.8
Temporal: 7.0
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1903 for 32-bit Systems 4549951 (Security Update) Critical Remote Code Execution 4540673 Base: 7.8
Temporal: 7.0
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1903 for ARM64-based Systems 4549951 (Security Update) Critical Remote Code Execution 4540673 Base: 7.8
Temporal: 7.0
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1903 for x64-based Systems 4549951 (Security Update) Critical Remote Code Execution 4540673 Base: 7.8
Temporal: 7.0
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1909 for 32-bit Systems 4549951 (Security Update) Critical Remote Code Execution 4540673 Base: 7.8
Temporal: 7.0
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1909 for ARM64-based Systems 4549951 (Security Update) Critical Remote Code Execution 4540673 Base: 7.8
Temporal: 7.0
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1909 for x64-based Systems 4549951 (Security Update) Critical Remote Code Execution 4540673 Base: 7.8
Temporal: 7.0
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2016 4550929 (Security Update) Critical Remote Code Execution 4540670
Base: 7.8
Temporal: 7.0
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2016 (Server Core installation) 4550929 (Security Update) Critical Remote Code Execution 4540670
Base: 7.8
Temporal: 7.0
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2019 4549949 (Security Update) Critical Remote Code Execution 4538461
Base: 7.8
Temporal: 7.0
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2019 (Server Core installation) 4549949 (Security Update) Critical Remote Code Execution 4538461
Base: 7.8
Temporal: 7.0
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server, version 1803 (Server Core Installation) 4550922 (Security Update) Critical Remote Code Execution 4540689
Base: 7.8
Temporal: 7.0
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server, version 1903 (Server Core installation) 4549951 (Security Update) Critical Remote Code Execution 4540673 Base: 7.8
Temporal: 7.0
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server, version 1909 (Server Core installation) 4549951 (Security Update) Critical Remote Code Execution 4540673 Base: 7.8
Temporal: 7.0
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2020-0950 Ke Liu of Tencent Security Xuanwu Lab


CVE-2020-0954 - Microsoft Office SharePoint XSS Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2020-0954
MITRE
NVD
CVE Title: Microsoft Office SharePoint XSS Vulnerability
Description:

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.

The attacker who successfully exploited the vulnerability could then perform cross-site scripting attacks on affected systems and run script in the security context of the current user. The attacks could allow the attacker to read content that the attacker is not authorized to read, use the victim's identity to take actions on the SharePoint site on behalf of the user, such as change permissions and delete content, and inject malicious content in the browser of the user.

The security update addresses the vulnerability by helping to ensure that SharePoint Server properly sanitizes web requests.


FAQ:

Is the Preview Pane an attack vector for this vulnerability?

No, the Preview Pane is not an attack vector.


Mitigations:
None
Workarounds:
None
Revision:
1.0    2020-04-14T07:00:00Z    

Information published.


Moderate Spoofing

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely Exploitation Less Likely Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2020-0954
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
Microsoft Project Server 2013 Service Pack 1 (64-bit edition) 4462153 (Security Update) Important Spoofing 4022130 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft SharePoint Enterprise Server 2016 4484299 (Security Update) Moderate Spoofing 4484272 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft SharePoint Server 2019 4484292 (Security Update) Moderate Spoofing 4484271 Base: N/A
Temporal: N/A
Vector: N/A
Maybe

Acknowledgements

CVE ID Acknowledgements
CVE-2020-0954 Huynh Phuoc Hung, @hph0var


CVE-2020-0955 - Windows Kernel Information Disclosure in CPU Memory Access

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2020-0955
MITRE
NVD
CVE Title: Windows Kernel Information Disclosure in CPU Memory Access
Description:

An information disclosure vulnerability exists when certain central processing units (CPU) speculatively access memory. An attacker who successfully exploited the vulnerability could read privileged data across trust boundaries.

To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The vulnerability would not allow an attacker to elevate user rights directly, but it could be used to obtain information that could be used to try to compromise the affected system further.


FAQ:

What type of information could be disclosed by this vulnerability?

The type of information that could be disclosed if an attacker successfully exploited this vulnerability is the contents of Kernel memory. An attacker could read the contents of Kernel memory from a user mode process.


Where can I find information regarding other speculative side-channel execution vulnerabilities?

For information on Microsoft guidance for the Spectre Variant 1 speculative execution side channel vulnerability, see ADV180002 | Guidance to mitigate speculative execution side-channel vulnerabilities.


Mitigations:
None
Workarounds:
None
Revision:
1.0    2020-04-14T07:00:00Z    

Information published.


Important Information Disclosure

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely Exploitation Less Likely Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2020-0955
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
Windows 10 for 32-bit Systems 4550930 (Security Update) Important Information Disclosure 4540693
Base: 5.5
Temporal: 5.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 for x64-based Systems 4550930 (Security Update) Important Information Disclosure 4540693
Base: 5.5
Temporal: 5.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1607 for 32-bit Systems 4550929 (Security Update) Important Information Disclosure 4540670
Base: 5.5
Temporal: 5.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1607 for x64-based Systems 4550929 (Security Update) Important Information Disclosure 4540670
Base: 5.5
Temporal: 5.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1709 for 32-bit Systems 4550927 (Security Update) Important Information Disclosure 4540681
Base: 5.5
Temporal: 5.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1709 for ARM64-based Systems 4550927 (Security Update) Important Information Disclosure 4540681
Base: 5.5
Temporal: 5.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1709 for x64-based Systems 4550927 (Security Update) Important Information Disclosure 4540681
Base: 5.5
Temporal: 5.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1803 for 32-bit Systems 4550922 (Security Update) Important Information Disclosure 4540689
Base: 5.5
Temporal: 5.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1803 for ARM64-based Systems 4550922 (Security Update) Important Information Disclosure 4540689
Base: 5.5
Temporal: 5.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1803 for x64-based Systems 4550922 (Security Update) Important Information Disclosure 4540689
Base: 5.5
Temporal: 5.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1809 for 32-bit Systems 4549949 (Security Update) Important Information Disclosure 4538461
Base: 5.5
Temporal: 5.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1809 for ARM64-based Systems 4549949 (Security Update) Important Information Disclosure 4538461
Base: 5.5
Temporal: 5.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1809 for x64-based Systems 4549949 (Security Update) Important Information Disclosure 4538461
Base: 5.5
Temporal: 5.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1903 for 32-bit Systems 4549951 (Security Update) Important Information Disclosure 4540673 Base: 5.5
Temporal: 5.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1903 for ARM64-based Systems 4549951 (Security Update) Important Information Disclosure 4540673 Base: 5.5
Temporal: 5.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1903 for x64-based Systems 4549951 (Security Update) Important Information Disclosure 4540673 Base: 5.5
Temporal: 5.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1909 for 32-bit Systems 4549951 (Security Update) Important Information Disclosure 4540673 Base: 5.5
Temporal: 5.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1909 for ARM64-based Systems 4549951 (Security Update) Important Information Disclosure 4540673 Base: 5.5
Temporal: 5.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1909 for x64-based Systems 4549951 (Security Update) Important Information Disclosure 4540673 Base: 5.5
Temporal: 5.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 7 for 32-bit Systems Service Pack 1 4550964 (Monthly Rollup)
4550965 (Security Only)
Important Information Disclosure 4540688
Base: 5.5
Temporal: 5.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 7 for x64-based Systems Service Pack 1 4550964 (Monthly Rollup)
4550965 (Security Only)
Important Information Disclosure 4540688
Base: 5.5
Temporal: 5.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 8.1 for 32-bit systems 4550961 (Monthly Rollup)
4550970 (Security Only)
Important Information Disclosure 4541509
Base: 5.5
Temporal: 5.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 8.1 for x64-based systems 4550961 (Monthly Rollup)
4550970 (Security Only)
Important Information Disclosure 4541509
Base: 5.5
Temporal: 5.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows RT 8.1 4550961 (Monthly Rollup) Important Information Disclosure 4541509
Base: 5.5
Temporal: 5.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 4550951 (Monthly Rollup)
4550957 (Security Only)
Important Information Disclosure 4541506
Base: 5.5
Temporal: 5.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 4550951 (Monthly Rollup)
4550957 (Security Only)
Important Information Disclosure 4541506
Base: 5.5
Temporal: 5.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 for Itanium-Based Systems Service Pack 2 4550951 (Monthly Rollup)
4550957 (Security Only)
Important Information Disclosure 4541506
Base: 5.5
Temporal: 5.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 4550951 (Monthly Rollup)
4550957 (Security Only)
Important Information Disclosure 4541506
Base: 5.5
Temporal: 5.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 4550951 (Monthly Rollup)
4550957 (Security Only)
Important Information Disclosure 4541506
Base: 5.5
Temporal: 5.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 4550964 (Monthly Rollup)
4550965 (Security Only)
Important Information Disclosure 4540688
Base: 5.5
Temporal: 5.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 4550964 (Monthly Rollup)
4550965 (Security Only)
Important Information Disclosure 4540688
Base: 5.5
Temporal: 5.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 4550964 (Monthly Rollup)
4550965 (Security Only)
Important Information Disclosure 4540688
Base: 5.5
Temporal: 5.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2012 4550917 (Monthly Rollup)
4550971 (Security Only)
Important Information Disclosure 4541510
Base: 5.5
Temporal: 5.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2012 (Server Core installation) 4550917 (Monthly Rollup)
4550971 (Security Only)
Important Information Disclosure 4541510
Base: 5.5
Temporal: 5.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2012 R2 4550961 (Monthly Rollup)
4550970 (Security Only)
Important Information Disclosure 4541509
Base: 5.5
Temporal: 5.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2012 R2 (Server Core installation) 4550961 (Monthly Rollup)
4550970 (Security Only)
Important Information Disclosure 4541509
Base: 5.5
Temporal: 5.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2016 4550929 (Security Update) Important Information Disclosure 4540670
Base: 5.5
Temporal: 5.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2016 (Server Core installation) 4550929 (Security Update) Important Information Disclosure 4540670
Base: 5.5
Temporal: 5.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2019 4549949 (Security Update) Important Information Disclosure 4538461
Base: 5.5
Temporal: 5.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2019 (Server Core installation) 4549949 (Security Update) Important Information Disclosure 4538461
Base: 5.5
Temporal: 5.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server, version 1803 (Server Core Installation) 4550922 (Security Update) Important Information Disclosure 4540689
Base: 5.5
Temporal: 5.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server, version 1903 (Server Core installation) 4549951 (Security Update) Important Information Disclosure 4540673 Base: 5.5
Temporal: 5.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server, version 1909 (Server Core installation) 4549951 (Security Update) Important Information Disclosure 4540673 Base: 5.5
Temporal: 5.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2020-0955 None

CVE-2020-0971 - Microsoft SharePoint Remote Code Execution Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2020-0971
MITRE
NVD
CVE Title: Microsoft SharePoint Remote Code Execution Vulnerability
Description:

A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application pool and the SharePoint server farm account.

Exploitation of this vulnerability requires that a user uploads a specially crafted SharePoint application package to an affected version of SharePoint.

The security update addresses the vulnerability by correcting how SharePoint checks the source markup of application packages.


FAQ:

Is the Preview Pane an attack vector for this vulnerability?

No, the Preview Pane is not an attack vector.


Mitigations:
None
Workarounds:
None
Revision:
1.0    2020-04-14T07:00:00Z    

Information published.


Important Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely Exploitation Less Likely Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2020-0971
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
Microsoft SharePoint Enterprise Server 2016 4484299 (Security Update) Important Remote Code Execution 4484272 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft SharePoint Foundation 2010 Service Pack 2 4484298 (Security Update) Important Remote Code Execution 4484197 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft SharePoint Foundation 2013 Service Pack 1 4484321 (Security Update) Important Remote Code Execution 4484282 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft SharePoint Server 2019 4484292 (Security Update) Important Remote Code Execution 4484271 Base: N/A
Temporal: N/A
Vector: N/A
Maybe

Acknowledgements

CVE ID Acknowledgements
CVE-2020-0971 Oleksandr Mirosh (@olekmirosh) and Alvaro Munoz (@pwntester) from Micro Focus Fortify


CVE-2020-0972 - Microsoft SharePoint Spoofing Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2020-0972
MITRE
NVD
CVE Title: Microsoft SharePoint Spoofing Vulnerability
Description:

A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.

The attacker who successfully exploited the vulnerability could then perform cross-site scripting attacks on affected systems and run script in the security context of the current user. These attacks could allow the attacker to read content that the attacker is not authorized to read, use the victim's identity to take actions on the SharePoint site on behalf of the user, such as change permissions and delete content, and inject malicious content in the browser of the user.

The security update addresses the vulnerability by helping to ensure that SharePoint Server properly sanitizes web requests.


FAQ:

Is the Preview Pane an attack vector for this vulnerability?

No, the Preview Pane is not an attack vector.


Mitigations:
None
Workarounds:
None
Revision:
1.0    2020-04-14T07:00:00Z    

Information published.


Important Spoofing

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely Exploitation Less Likely Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2020-0972
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
Microsoft SharePoint Enterprise Server 2016 4484299 (Security Update) Important Spoofing 4484272 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft SharePoint Foundation 2010 Service Pack 2 4484298 (Security Update) Important Spoofing 4484197 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft SharePoint Foundation 2013 Service Pack 1 4484321 (Security Update) Important Spoofing 4484282 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft SharePoint Server 2019 4484292 (Security Update) Important Spoofing 4484271 Base: N/A
Temporal: N/A
Vector: N/A
Maybe

Acknowledgements

CVE ID Acknowledgements
CVE-2020-0972 Huynh Phuoc Hung, @hph0var


CVE-2020-0973 - Microsoft Office SharePoint XSS Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2020-0973
MITRE
NVD
CVE Title: Microsoft Office SharePoint XSS Vulnerability
Description:

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.

The attacker who successfully exploited the vulnerability could then perform cross-site scripting attacks on affected systems and run script in the security context of the current user. The attacks could allow the attacker to read content that the attacker is not authorized to read, use the victim's identity to take actions on the SharePoint site on behalf of the user, such as change permissions and delete content, and inject malicious content in the browser of the user.

The security update addresses the vulnerability by helping to ensure that SharePoint Server properly sanitizes web requests.


FAQ:

Is the Preview Pane an attack vector for this vulnerability?

No, the Preview Pane is not an attack vector.


Mitigations:
None
Workarounds:
None
Revision:
1.0    2020-04-14T07:00:00Z    

Information published.


Important Spoofing

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely Exploitation Less Likely Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2020-0973
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
Microsoft SharePoint Enterprise Server 2013 Service Pack 1 4484308 (Security Update) Important Spoofing 4484150 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft SharePoint Enterprise Server 2016 4484299 (Security Update) Important Spoofing 4484272 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft SharePoint Server 2010 Service Pack 2 4484297 (Security Update) Important Spoofing 4484242 Base: N/A
Temporal: N/A
Vector: N/A
Unknown
Microsoft SharePoint Server 2019 4484292 (Security Update) Important Spoofing 4484271 Base: N/A
Temporal: N/A
Vector: N/A
Maybe

Acknowledgements

CVE ID Acknowledgements
CVE-2020-0973 Huynh Phuoc Hung, @hph0var


CVE-2020-0974 - Microsoft SharePoint Remote Code Execution Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2020-0974
MITRE
NVD
CVE Title: Microsoft SharePoint Remote Code Execution Vulnerability
Description:

A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application pool and the SharePoint server farm account.

Exploitation of this vulnerability requires that a user uploads a specially crafted SharePoint application package to an affected version of SharePoint.

The security update addresses the vulnerability by correcting how SharePoint checks the source markup of application packages.


FAQ:

Is the Preview Pane an attack vector for this vulnerability?

No, the Preview Pane is not an attack vector.


Mitigations:
None
Workarounds:
None
Revision:
1.0    2020-04-14T07:00:00Z    

Information published.


Critical Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely Exploitation Less Likely Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2020-0974
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
Microsoft SharePoint Enterprise Server 2016 4484299 (Security Update) Critical Remote Code Execution 4484272 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft SharePoint Server 2019 4484292 (Security Update) Critical Remote Code Execution 4484271 Base: N/A
Temporal: N/A
Vector: N/A
Maybe

Acknowledgements

CVE ID Acknowledgements
CVE-2020-0974 Oleksandr Mirosh (@olekmirosh) and Alvaro Munoz (@pwntester) from Micro Focus Fortify


CVE-2020-0975 - Microsoft SharePoint Spoofing Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2020-0975
MITRE
NVD
CVE Title: Microsoft SharePoint Spoofing Vulnerability
Description:

A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.

The attacker who successfully exploited the vulnerability could then perform cross-site scripting attacks on affected systems and run script in the security context of the current user. These attacks could allow the attacker to read content that the attacker is not authorized to read, use the victim's identity to take actions on the SharePoint site on behalf of the user, such as change permissions and delete content, and inject malicious content in the browser of the user.

The security update addresses the vulnerability by helping to ensure that SharePoint Server properly sanitizes web requests.


FAQ:

Is the Preview Pane an attack vector for this vulnerability?

No, the Preview Pane is not an attack vector.


Mitigations:
None
Workarounds:
None
Revision:
1.0    2020-04-14T07:00:00Z    

Information published.


Important Spoofing

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely Exploitation Less Likely Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2020-0975
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
Microsoft SharePoint Enterprise Server 2016 4484299 (Security Update) Important Spoofing 4484272 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft SharePoint Foundation 2010 Service Pack 2 4484298 (Security Update) Important Spoofing 4484197 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft SharePoint Foundation 2013 Service Pack 1 4484321 (Security Update) Important Spoofing 4484282 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft SharePoint Server 2019 4484292 (Security Update) Important Spoofing 4484271 Base: N/A
Temporal: N/A
Vector: N/A
Maybe

Acknowledgements

CVE ID Acknowledgements
CVE-2020-0975 Huynh Phuoc Hung, @hph0var


CVE-2020-0976 - Microsoft SharePoint Spoofing Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2020-0976
MITRE
NVD
CVE Title: Microsoft SharePoint Spoofing Vulnerability
Description:

A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.

The attacker who successfully exploited the vulnerability could then perform cross-site scripting attacks on affected systems and run script in the security context of the current user. These attacks could allow the attacker to read content that the attacker is not authorized to read, use the victim's identity to take actions on the SharePoint site on behalf of the user, such as change permissions and delete content, and inject malicious content in the browser of the user.

The security update addresses the vulnerability by helping to ensure that SharePoint Server properly sanitizes web requests.


FAQ:

Is the Preview Pane an attack vector for this vulnerability?

No, the Preview Pane is not an attack vector.


Mitigations:
None
Workarounds:
None
Revision:
1.0    2020-04-14T07:00:00Z    

Information published.


Important Spoofing

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
N/A Exploitation Less Likely Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2020-0976
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
Microsoft SharePoint Enterprise Server 2016 4484299 (Security Update) Important Spoofing 4484272 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft SharePoint Foundation 2013 Service Pack 1 4011581 (Security Update) Important Spoofing 3203385 Base: N/A
Temporal: N/A
Vector: N/A
Maybe

Acknowledgements

CVE ID Acknowledgements
CVE-2020-0976 Huynh Phuoc Hung, @hph0var


CVE-2020-0977 - Microsoft SharePoint Spoofing Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2020-0977
MITRE
NVD
CVE Title: Microsoft SharePoint Spoofing Vulnerability
Description:

A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.

The attacker who successfully exploited the vulnerability could then perform cross-site scripting attacks on affected systems and run script in the security context of the current user. These attacks could allow the attacker to read content that the attacker is not authorized to read, use the victim's identity to take actions on the SharePoint site on behalf of the user, such as change permissions and delete content, and inject malicious content in the browser of the user.

The security update addresses the vulnerability by helping to ensure that SharePoint Server properly sanitizes web requests.


FAQ:

Is the Preview Pane an attack vector for this vulnerability?

No, the Preview Pane is not an attack vector.


Mitigations:
None
Workarounds:
None
Revision:
1.0    2020-04-14T07:00:00Z    

Information published.


Important Spoofing

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely Exploitation Less Likely Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2020-0977
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
Microsoft SharePoint Enterprise Server 2013 Service Pack 1 4484308 (Security Update) Important Spoofing 4484150 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft SharePoint Enterprise Server 2016 4484299 (Security Update) Important Spoofing 4484272 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft SharePoint Server 2019 4484292 (Security Update) Important Spoofing 4484271 Base: N/A
Temporal: N/A
Vector: N/A
Maybe

Acknowledgements

CVE ID Acknowledgements
CVE-2020-0977 Huynh Phuoc Hung, @hph0var


CVE-2020-0978 - Microsoft Office SharePoint XSS Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2020-0978
MITRE
NVD
CVE Title: Microsoft Office SharePoint XSS Vulnerability
Description:

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.

The attacker who successfully exploited the vulnerability could then perform cross-site scripting attacks on affected systems and run script in the security context of the current user. The attacks could allow the attacker to read content that the attacker is not authorized to read, use the victim's identity to take actions on the SharePoint site on behalf of the user, such as change permissions and delete content, and inject malicious content in the browser of the user.

The security update addresses the vulnerability by helping to ensure that SharePoint Server properly sanitizes web requests.


FAQ:

Is the Preview Pane an attack vector for this vulnerability?

No, the Preview Pane is not an attack vector.


Mitigations:
None
Workarounds:
None
Revision:
1.0    2020-04-14T07:00:00Z    

Information published.


Important Spoofing

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely Exploitation Less Likely Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2020-0978
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
Microsoft SharePoint Enterprise Server 2016 4484299 (Security Update) Important Spoofing 4484272 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft SharePoint Foundation 2013 Service Pack 1 4011581 (Security Update) Important Spoofing 3203385 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft SharePoint Server 2019 4484292 (Security Update) Important Spoofing 4484271 Base: N/A
Temporal: N/A
Vector: N/A
Maybe

Acknowledgements

CVE ID Acknowledgements
CVE-2020-0978 Huynh Phuoc Hung, @hph0var


CVE-2020-0979 - Microsoft Excel Remote Code Execution Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2020-0979
MITRE
NVD
CVE Title: Microsoft Excel Remote Code Execution Vulnerability
Description:

A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Excel. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability. An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.

The security update addresses the vulnerability by correcting how Microsoft Excel handles objects in memory.


FAQ:

Is the Preview Pane an attack vector for this vulnerability?

No, the Preview Pane is not an attack vector.


Mitigations:
None
Workarounds:
None
Revision:
1.0    2020-04-14T07:00:00Z    

Information published.


Important Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
N/A Exploitation Less Likely Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2020-0979
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
Office 365 ProPlus for 32-bit Systems Click to Run (Security Update) Important Remote Code Execution None Base: N/A
Temporal: N/A
Vector: N/A
No
Office 365 ProPlus for 64-bit Systems Click to Run (Security Update) Important Remote Code Execution None Base: N/A
Temporal: N/A
Vector: N/A
No

Acknowledgements

CVE ID Acknowledgements
CVE-2020-0979 Jaanus Kääp of Clarified Security


CVE-2020-0980 - Microsoft Word Remote Code Execution Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2020-0980
MITRE
NVD
CVE Title: Microsoft Word Remote Code Execution Vulnerability
Description:

A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user. For example, the file could then take actions on behalf of the logged-on user with the same permissions as the current user.

To exploit the vulnerability, a user must open a specially crafted file with an affected version of Microsoft Word software. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file that is designed to exploit the vulnerability. However, an attacker would have no way to force the user to visit the website. Instead, an attacker would have to convince the user to click a link, typically by way of an enticement in an email or Instant Messenger message, and then convince the user to open the specially crafted file.

The security update addresses the vulnerability by correcting how Microsoft Word handles files in memory.


FAQ:

Is the Preview Pane an attack vector for this vulnerability?

No, the Preview Pane is not an attack vector.


I have Microsoft Word 2010 installed. Why am I not being offered the 4484294 update?

The 4484294 update only applies to systems running specific configurations of Microsoft Office 2010. Some configurations will not be offered the update.


Mitigations:
None
Workarounds:
None
Revision:
1.0    2020-04-14T07:00:00Z    

Information published.


Important Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely Exploitation Less Likely Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2020-0980
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
Microsoft Office 2010 Service Pack 2 (32-bit editions) 4484294 (Security Update) Important Remote Code Execution 4484237 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Office 2010 Service Pack 2 (64-bit editions) 4484294 (Security Update) Important Remote Code Execution 4484237 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Office 2016 for Mac Release Notes (Security Update) Important Remote Code Execution None Base: N/A
Temporal: N/A
Vector: N/A
No
Microsoft Office 2019 for 32-bit editions Click to Run (Security Update) Important Remote Code Execution None Base: N/A
Temporal: N/A
Vector: N/A
No
Microsoft Office 2019 for 64-bit editions Click to Run (Security Update) Important Remote Code Execution None Base: N/A
Temporal: N/A
Vector: N/A
No
Microsoft Office 2019 for Mac Release Notes (Security Update) Important Remote Code Execution None Base: N/A
Temporal: N/A
Vector: N/A
No
Microsoft Office Online Server 4484290 (Security Update) Important Remote Code Execution 4484270 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Office Web Apps 2010 Service Pack 2 4484296 (Security Update) Important Remote Code Execution 4475602 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Office Web Apps 2013 Service Pack 1 4475609 (Security Update) Important Remote Code Execution 4462216 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft SharePoint Enterprise Server 2013 Service Pack 1 4484307 (Security Update) Important Remote Code Execution 4475606 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft SharePoint Enterprise Server 2016 4484299 (Security Update) Important Remote Code Execution 4484272 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft SharePoint Server 2010 Service Pack 2 4484293 (Security Update) Important Remote Code Execution 4475597 Base: N/A
Temporal: N/A
Vector: N/A
Unknown
Microsoft SharePoint Server 2019 4484292 (Security Update)
4484291 (Security Update)
Important Remote Code Execution 4484271
4484277
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Word 2010 Service Pack 2 (32-bit editions) 4484295 (Security Update) Important Remote Code Execution 4484240
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Word 2010 Service Pack 2 (64-bit editions) 4484295 (Security Update) Important Remote Code Execution 4484240
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Word 2013 RT Service Pack 1 4484319 (Security Update) Important Remote Code Execution 4484231
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Word 2013 Service Pack 1 (32-bit editions) 4484319 (Security Update) Important Remote Code Execution 4484231
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Word 2013 Service Pack 1 (64-bit editions) 4484319 (Security Update) Important Remote Code Execution 4484231
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Word 2016 (32-bit edition) 4484300 (Security Update) Important Remote Code Execution 4484268
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Word 2016 (64-bit edition) 4484300 (Security Update) Important Remote Code Execution 4484268
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Office 365 ProPlus for 32-bit Systems Click to Run (Security Update) Important Remote Code Execution None Base: N/A
Temporal: N/A
Vector: N/A
No
Office 365 ProPlus for 64-bit Systems Click to Run (Security Update) Important Remote Code Execution None Base: N/A
Temporal: N/A
Vector: N/A
No

Acknowledgements

CVE ID Acknowledgements
CVE-2020-0980 nafiez


Jaanus Kääp of Clarified Security


CVE-2020-0985 - Windows Update Stack Elevation of Privilege Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2020-0985
MITRE
NVD
CVE Title: Windows Update Stack Elevation of Privilege Vulnerability
Description:

An elevation of privilege vulnerability exists when the Windows Update Stack fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application to take control of an affected system.

The update addresses the vulnerability by correcting how the Windows Update Stack handles objects in memory.


FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2020-04-14T07:00:00Z    

Information published.


Important Elevation of Privilege

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely Exploitation Less Likely Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2020-0985
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
Windows 10 for 32-bit Systems 4550930 (Security Update) Important Elevation of Privilege 4540693
Base: 7.8
Temporal: 7.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 for x64-based Systems 4550930 (Security Update) Important Elevation of Privilege 4540693
Base: 7.8
Temporal: 7.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1607 for 32-bit Systems 4550929 (Security Update) Important Elevation of Privilege 4540670
Base: 7.8
Temporal: 7.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1607 for x64-based Systems 4550929 (Security Update) Important Elevation of Privilege 4540670
Base: 7.8
Temporal: 7.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1709 for 32-bit Systems 4550927 (Security Update) Important Elevation of Privilege 4540681
Base: 7.8
Temporal: 7.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1709 for ARM64-based Systems 4550927 (Security Update) Important Elevation of Privilege 4540681
Base: 7.8
Temporal: 7.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1709 for x64-based Systems 4550927 (Security Update) Important Elevation of Privilege 4540681
Base: 7.8
Temporal: 7.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1803 for 32-bit Systems 4550922 (Security Update) Important Elevation of Privilege 4540689
Base: 7.8
Temporal: 7.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1803 for ARM64-based Systems 4550922 (Security Update) Important Elevation of Privilege 4540689
Base: 7.8
Temporal: 7.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1803 for x64-based Systems 4550922 (Security Update) Important Elevation of Privilege 4540689
Base: 7.8
Temporal: 7.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1809 for 32-bit Systems 4549949 (Security Update) Important Elevation of Privilege 4538461
Base: 7.8
Temporal: 7.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1809 for ARM64-based Systems 4549949 (Security Update) Important Elevation of Privilege 4538461
Base: 7.8
Temporal: 7.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1809 for x64-based Systems 4549949 (Security Update) Important Elevation of Privilege 4538461
Base: 7.8
Temporal: 7.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1903 for 32-bit Systems 4549951 (Security Update) Important Elevation of Privilege 4540673 Base: 7.8
Temporal: 7.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1903 for ARM64-based Systems 4549951 (Security Update) Important Elevation of Privilege 4540673 Base: 7.8
Temporal: 7.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1903 for x64-based Systems 4549951 (Security Update) Important Elevation of Privilege 4540673 Base: 7.8
Temporal: 7.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1909 for 32-bit Systems 4549951 (Security Update) Important Elevation of Privilege 4540673 Base: 7.8
Temporal: 7.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1909 for ARM64-based Systems 4549951 (Security Update) Important Elevation of Privilege 4540673 Base: 7.8
Temporal: 7.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1909 for x64-based Systems 4549951 (Security Update) Important Elevation of Privilege 4540673 Base: 7.8
Temporal: 7.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2016 4550929 (Security Update) Important Elevation of Privilege 4540670
Base: 7.8
Temporal: 7.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2016 (Server Core installation) 4550929 (Security Update) Important Elevation of Privilege 4540670
Base: 7.8
Temporal: 7.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2019 4549949 (Security Update) Important Elevation of Privilege 4538461
Base: 7.8
Temporal: 7.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2019 (Server Core installation) 4549949 (Security Update) Important Elevation of Privilege 4538461
Base: 7.8
Temporal: 7.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server, version 1803 (Server Core Installation) 4550922 (Security Update) Important Elevation of Privilege 4540689
Base: 7.8
Temporal: 7.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server, version 1903 (Server Core installation) 4549951 (Security Update) Important Elevation of Privilege 4540673 Base: 7.8
Temporal: 7.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server, version 1909 (Server Core installation) 4549951 (Security Update) Important Elevation of Privilege 4540673 Base: 7.8
Temporal: 7.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2020-0985 Zhiniang Peng (@edwardzpeng) of Qihoo 360 Core security & Xuefeng Li


Jarvis_1oop of Pinduoduo Security Research Lab


Jarvis_1oop of Pinduoduo Security Research Lab


CVE-2020-0987 - Microsoft Graphics Component Information Disclosure Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2020-0987
MITRE
NVD
CVE Title: Microsoft Graphics Component Information Disclosure Vulnerability
Description:

An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system.

To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application.

The update addresses the vulnerability by correcting the way in which the Windows Graphics Component handles objects in memory.


FAQ:

What type of information could be disclosed by this vulnerability?

The type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized memory.


Mitigations:
None
Workarounds:
None
Revision:
1.0    2020-04-14T07:00:00Z    

Information published.


Important Information Disclosure

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely Exploitation Less Likely Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2020-0987
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
Windows 10 for 32-bit Systems 4550930 (Security Update) Important Information Disclosure 4540693
Base: 5.5
Temporal: 5.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 for x64-based Systems 4550930 (Security Update) Important Information Disclosure 4540693
Base: 5.5
Temporal: 5.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1607 for 32-bit Systems 4550929 (Security Update) Important Information Disclosure 4540670
Base: 5.5
Temporal: 5.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1607 for x64-based Systems 4550929 (Security Update) Important Information Disclosure 4540670
Base: 5.5
Temporal: 5.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1709 for 32-bit Systems 4550927 (Security Update) Important Information Disclosure 4540681
Base: 5.5
Temporal: 5.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1709 for ARM64-based Systems 4550927 (Security Update) Important Information Disclosure 4540681
Base: 5.5
Temporal: 5.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1709 for x64-based Systems 4550927 (Security Update) Important Information Disclosure 4540681
Base: 5.5
Temporal: 5.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1803 for 32-bit Systems 4550922 (Security Update) Important Information Disclosure 4540689
Base: 5.5
Temporal: 5.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1803 for ARM64-based Systems 4550922 (Security Update) Important Information Disclosure 4540689
Base: 5.5
Temporal: 5.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1803 for x64-based Systems 4550922 (Security Update) Important Information Disclosure 4540689
Base: 5.5
Temporal: 5.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1809 for 32-bit Systems 4549949 (Security Update) Important Information Disclosure 4538461
Base: 5.5
Temporal: 5.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1809 for ARM64-based Systems 4549949 (Security Update) Important Information Disclosure 4538461
Base: 5.5
Temporal: 5.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1809 for x64-based Systems 4549949 (Security Update) Important Information Disclosure 4538461
Base: 5.5
Temporal: 5.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1903 for 32-bit Systems 4549951 (Security Update) Important Information Disclosure 4540673 Base: 5.5
Temporal: 5.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1903 for ARM64-based Systems 4549951 (Security Update) Important Information Disclosure 4540673 Base: 5.5
Temporal: 5.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1903 for x64-based Systems 4549951 (Security Update) Important Information Disclosure 4540673 Base: 5.5
Temporal: 5.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1909 for 32-bit Systems 4549951 (Security Update) Important Information Disclosure 4540673 Base: 5.5
Temporal: 5.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1909 for ARM64-based Systems 4549951 (Security Update) Important Information Disclosure 4540673 Base: 5.5
Temporal: 5.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1909 for x64-based Systems 4549951 (Security Update) Important Information Disclosure 4540673 Base: 5.5
Temporal: 5.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 7 for 32-bit Systems Service Pack 1 4550964 (Monthly Rollup)
4550965 (Security Only)
Important Information Disclosure 4540688
Base: 5.5
Temporal: 5.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 7 for x64-based Systems Service Pack 1 4550964 (Monthly Rollup)
4550965 (Security Only)
Important Information Disclosure 4540688
Base: 5.5
Temporal: 5.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 8.1 for 32-bit systems 4550961 (Monthly Rollup)
4550970 (Security Only)
Important Information Disclosure 4541509
Base: 5.5
Temporal: 5.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 8.1 for x64-based systems 4550961 (Monthly Rollup)
4550970 (Security Only)
Important Information Disclosure 4541509
Base: 5.5
Temporal: 5.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows RT 8.1 4550961 (Monthly Rollup) Important Information Disclosure 4541509
Base: 5.5
Temporal: 5.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2