Mcafee Foundstone Fsl Update

Home , Common Log File System, Microsoft Defender

2020-NOV-13 FSL version 7.6.181

MCAFEE FOUNDSTONE FSL UPDATE

To better protect your environment McAfee has created this FSL check update for the Foundstone Product Suite. The following is a detailed summary of the new and updated checks included with this release.

NEW CHECKS

27303 - (MSPT-Nov2020) Microsoft Windows Hyper-V Security Remote Code Execution (CVE-2020-17040)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2020-17040

Description A vulnerability in some versions of Microsoft Windows could lead to remote code execution.

Observation A vulnerability in some versions of Microsoft Windows could lead to remote code execution.

The flaw lies in the Hyper-V Security component. Successful exploitation by a remote attacker could result in the execution of arbitrary code. The exploit requires the attacker to have valid credentials to the vulnerable system.

27304 - (MSPT-Nov2020) Microsoft Windows Print Spooler Remote Code Execution (CVE-2020-17042)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2020-17042

Description A vulnerability in some versions of Microsoft Windows could lead to remote code execution.

Observation A vulnerability in some versions of Microsoft Windows could lead to remote code execution.

The flaw lies in the Print Spooler component. Successful exploitation by a remote attacker could result in the execution of arbitrary code. The exploit requires the attacker to have valid credentials to the vulnerable system.

27325 - (MSPT-Nov2020) Microsoft Windows GDI+ Remote Code Execution (CVE-2020-17068)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2020-17068

Description A vulnerability in some versions of Microsoft Windows could lead to remote code execution. Observation A vulnerability in some versions of Microsoft Windows could lead to remote code execution.

The flaw lies in the GDI+ component. Successful exploitation by a remote attacker could result in the execution of arbitrary code. The exploit requires the attacker to have valid credentials to the vulnerable system.

27348 - (MSPT-Nov2020) Microsoft Windows Scripting Engine Remote Code Execution (CVE-2020-17052)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2020-17052

Description A vulnerability in some versions of Microsoft Windows could lead to remote code execution.

Observation A vulnerability in some versions of Microsoft Windows could lead to remote code execution.

The flaw lies in the Scripting Engine component. Successful exploitation by a remote attacker could result in the execution of arbitrary code. The exploit requires the attacker to have valid credentials to the vulnerable system.

27349 - (MSPT-Nov2020) Microsoft Windows Internet Explorer Remote Code Execution (CVE-2020-17053)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2020-17053

Description A vulnerability in some versions of Microsoft Windows could lead to remote code execution.

Observation A vulnerability in some versions of Microsoft Windows could lead to remote code execution.

The flaw lies in the Internet Explorer component. Successful exploitation by a remote attacker could result in the execution of arbitrary code. The exploit requires the attacker to have valid credentials to the vulnerable system.

27350 - (MSPT-Nov2020) Microsoft Windows Chakra Scripting Remote Code Execution (CVE-2020-17054)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2020-17054

Description A vulnerability in some versions of Microsoft Windows could lead to remote code execution.

Observation A vulnerability in some versions of Microsoft Windows could lead to remote code execution.

The flaw lies in the Chakra Scripting component. Successful exploitation by a remote attacker could result in the execution of arbitrary code. The exploit requires the attacker to have valid credentials to the vulnerable system. 27351 - (MSPT-Nov2020) Microsoft Chakra Scripting Engine Remote Code Execution (CVE-2020-17048)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2020-17048

Description A vulnerability in some versions of Microsoft Chakra could lead to remote code execution.

Observation A vulnerability in some versions of Microsoft Chakra could lead to remote code execution.

27352 - (MSPT-Nov2020) Microsoft Browser Improperly Handles Objects in Memory Remote Code Execution (CVE-2020- 17058)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2020-17058

Description A vulnerability in some versions of Microsoft Browser could lead to remote code execution.

Observation A vulnerability in some versions of Microsoft Browser could lead to remote code execution.

The flaw lies in the improperly handles objects in memory. Successful exploitation by a remote attacker could result in the execution of arbitrary code. The exploit requires the attacker to have valid credentials to the vulnerable system.

27358 - (MSPT-Nov2020) Microsoft Windows Kerberos Security Feature Bypass Vulnerability (CVE-2020-17049)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2020-17049

Description A vulnerability in some versions of Microsoft Windows could lead to security bypass.

Observation A vulnerability in some versions of Microsoft Windows could lead to security bypass.

The flaw lies in the Kerberos Security component. Successful exploitation by an attacker could result in the security bypass. The exploit requires the attacker to have valid credentials to the vulnerable system.

27359 - (MSPT-Nov2020) Microsoft Windows Network File System Remote Code Execution (CVE-2020-17051)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2020-17051

Description A vulnerability in some versions of Microsoft Windows could lead to remote code execution.

Observation A vulnerability in some versions of Microsoft Windows could lead to remote code execution.

The flaw lies in the Network File System component. Successful exploitation by an attacker could result in the execution of arbitrary code. The exploit requires the attacker to have valid credentials to the vulnerable system.

27360 - (MSPT-Nov2020) Microsoft Windows Network File System Remote Code Execution (CVE-2020-17056)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2020-17056

Description A vulnerability in some versions of Microsoft Windows could lead to remote code execution.

Observation A vulnerability in some versions of Microsoft Windows could lead to remote code execution.

27370 - (MSPT-Nov2020) Microsoft SharePoint Spoofing (CVE-2020-17015)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2020-17015

Description A vulnerability in some versions of Microsoft SharePoint could lead to spoofing.

Observation A vulnerability in some versions of Microsoft SharePoint could lead to spoofing.

The flaw lies in the improperly handles objects in memory. Successful exploitation by a remote attacker could result in spoofing. The exploit requires the attacker to have valid credentials to the vulnerable system.

27375 - (MSPT-Nov2020) Microsoft Excel Remote Code Execution (CVE-2020-17019)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2020-17019

Description A vulnerability in some versions of Microsoft Excel could lead to remote code execution.

Observation A vulnerability in some versions of Microsoft Excel could lead to remote code execution.

The flaw lies in the improperly handles objects in memory. Successful exploitation by an attacker could result in the execution of arbitrary code. The exploit requires the user to open a vulnerable website, email or document.

27377 - (MSPT-Nov2020) Microsoft Access Connectivity Remote Code Execution (CVE-2020-17062)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2020-17062

Description A vulnerability in some versions of Microsoft Access could lead to remote code execution.

Observation A vulnerability in some versions of Microsoft Access could lead to remote code execution.

The flaw lies in the Connectivity component. Successful exploitation by an attacker could result in the execution of arbitrary code.

27378 - (MSPT-Nov2020) Microsoft Excel Remote Code Execution (CVE-2020-17064)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2020-17064

Description A vulnerability in some versions of Microsoft Excel could lead to remote code execution.

Observation A vulnerability in some versions of Microsoft Excel could lead to remote code execution.

The flaw lies in the improperly handles objects in memory. Successful exploitation by an attacker could result in the execution of arbitrary code.

27379 - (MSPT-Nov2020) Microsoft Excel Remote Code Execution (CVE-2020-17065)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2020-17065

Description A vulnerability in some versions of Microsoft Excel could lead to remote code execution.

Observation A vulnerability in some versions of Microsoft Excel could lead to remote code execution.

The flaw lies in the improperly handles objects in memory. Successful exploitation by an attacker could result in the execution of arbitrary code.

27380 - (MSPT-Nov2020) Microsoft Excel Remote Code Execution (CVE-2020-17066)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2020-17066

Description A vulnerability in some versions of Microsoft Excel could lead to remote code execution.

Observation A vulnerability in some versions of Microsoft Excel could lead to remote code execution.

The flaw lies in the improperly handles objects in memory. Successful exploitation by an attacker could result in the execution of arbitrary code.

27381 - (MSPT-Nov2020) Microsoft Excel Security Feature Bypass Vulnerability (CVE-2020-17067)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2020-17067

Description A vulnerability in some versions of Microsoft Excel could lead to security feature bypass.

Observation A vulnerability in some versions of Microsoft Excel could lead tosecurity feature bypass.

The flaw lies in the improperly handles objects in memory. Successful exploitation by an attacker could result in thesecurity feature bypass.

27384 - (MSPT-Nov2020) Microsoft Windows Exchange Server Remote Code Execution (CVE-2020-17084)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2020-17084

Description A vulnerability in some versions of Microsoft Windows could lead to remote code execution.

Observation A vulnerability in some versions of Microsoft Windows could lead to remote code execution.

The flaw lies in the Exchange Server component. Successful exploitation by a remote attacker could result in the execution of arbitrary code. The exploit requires the attacker to have valid credentials to the vulnerable system.

27385 - (MSPT-Nov2020) Microsoft Windows Exchange Server Remote Code Execution (CVE-2020-17083)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2020-17083

Description A vulnerability in some versions of Microsoft Windows could lead to remote code execution.

Observation A vulnerability in some versions of Microsoft Windows could lead to remote code execution.

27388 - (MSPT-Nov2020) Microsoft Dynamics 365 (on-premises) Improperly Handles Objects in Memory Remote Code Execution (CVE-2020-17021)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2020-17021

Description A vulnerability in some versions of Microsoft Dynamics 365 (on-premises) could lead to remote code execution.

Observation A vulnerability in some versions of Microsoft Dynamics 365 (on-premises) could lead to remote code execution.

27389 - (MSPT-Nov2020) Microsoft Dynamics 365 (on-premises) Improperly Handles Objects in Memory Remote Code Execution (CVE-2020-17018)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2020-17018

Description A vulnerability in some versions of Microsoft Dynamics 365 (on-premises) could lead to remote code execution.

Observation A vulnerability in some versions of Microsoft Dynamics 365 (on-premises) could lead to remote code execution.

27390 - (MSPT-Nov2020) Microsoft Defender Endpoint Security Remote Code Execution (CVE-2020-17090)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2020-17091 Description A vulnerability in some versions of Microsoft Defender could lead to remote code execution.

Observation A vulnerability in some versions of Microsoft Defender could lead to remote code execution. The flaw lies in the Endpoint Security component. Successful exploitation by a remote attacker could result in the execution of arbitrary code.The exploit requires the attacker to have valid credentials to the vulnerable system.

27391 - (MSPT-Nov2020) Microsoft Visual Studio Improperly Handles Objects in Memory Remote Code Execution (CVE- 2020-17100)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2020-17101

Description A vulnerability in some versions of Microsoft Visual Studio could lead to remote code execution.

Observation A vulnerability in some versions of Microsoft Visual Studio could lead to remote code execution. The flaw lies in the Improperly Handles Objects in Memory component. Successful exploitation by a remote attacker could result in the execution of arbitrary code.The exploit requires the attacker to have valid credentials to the vulnerable system.

27357 - (MSPT-Nov2020) Microsoft Windows Network File System Denial of Service Vulnerability (CVE-2020-17047)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2020-17047

Description A vulnerability in some versions of Microsoft Windows could lead to denial of service.

Observation A vulnerability in some versions of Microsoft Windows could lead to denial of service.

The flaw lies in the NFS component. Successful exploitation by an attacker could result in the denial of service. The exploit requires the attacker to have valid credentials to the vulnerable system.

27369 - (MSPT-Nov2020) Microsoft SharePoint Information Disclosure Vulnerability (CVE-2020-16979)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2020-16979

Description A vulnerability in some versions of Microsoft SharePoint could lead to information disclosure.

Observation A vulnerability in some versions of Microsoft SharePoint could lead to information disclosure.

The flaw lies in the improperly handles objects in memory. Successful exploitation by a remote attacker could result in the disclosure of sensitive information. The exploit requires the attacker to have valid credentials to the vulnerable system.

27371 - (MSPT-Nov2020) Microsoft SharePoint Spoofing (CVE-2020-17016)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2020-17016

Description A vulnerability in some versions of Microsoft SharePoint could lead to spoofing.

Observation A vulnerability in some versions of Microsoft SharePoint could lead to spoofing.

27372 - (MSPT-Nov2020) Microsoft SharePoint Information Disclosure (CVE-2020-17017)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2020-17017

Description A vulnerability in some versions of Microsoft SharePoint could lead to information disclosure.

Observation A vulnerability in some versions of Microsoft SharePoint could lead to information disclosure.

27374 - (MSPT-Nov2020) Microsoft SharePoint Remote Code Execution (CVE-2020-17061)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2020-17061

Description A vulnerability in some versions of Microsoft SharePoint could lead to remote code execution.

Observation A vulnerability in some versions of Microsoft SharePoint could lead to remote code execution.

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2020-17001

Description A vulnerability in some versions of Microsoft Windows could lead to privilege escalation.

Observation A vulnerability in some versions of Microsoft Windows could lead to privilege escalation.

The flaw lies in the Print Spooler component. Successful exploitation could allow a local user to gain elevated privileges. The exploit requires the attacker to have valid credentials to the vulnerable system.

27306 - (MSPT-Nov2020) Microsoft SharePoint Print Spooler Privilege Escalation (CVE-2020-17014)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2020-17014

Description A vulnerability in some versions of Microsoft SharePoint could lead to privilege escalation.

Observation A vulnerability in some versions of Microsoft SharePoint could lead to privilege escalation.

27307 - (MSPT-Nov2020) Microsoft Windows Print Configuration Privilege Escalation (CVE-2020-17041)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2020-17041

Description A vulnerability in some versions of Microsoft Windows could lead to privilege escalation.

Observation A vulnerability in some versions of Microsoft Windows could lead to privilege escalation.

The flaw lies in the Print Configuration component. Successful exploitation could allow a local user to gain elevated privileges. The exploit requires the attacker to have valid credentials to the vulnerable system.

27308 - (MSPT-Nov2020) Microsoft Windows MSCTF Server Information Disclosure (CVE-2020-17030)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2020-17030

Description A vulnerability in some versions of Microsoft Windows could lead to information disclosure.

Observation A vulnerability in some versions of Microsoft Windows could lead to information disclosure.

The flaw lies in the MSCTF Server component. Successful exploitation by a remote attacker could result in the disclosure of sensitive information. The exploit requires the attacker to have valid credentials to the vulnerable system.

27309 - (MSPT-Nov2020) Microsoft Windows Improperly Handles Objects in Memory Spoofing (CVE-2020-1599)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2020-1599

Description A vulnerability in some versions of Microsoft Windows could lead to spoofing.

Observation A vulnerability in some versions of Microsoft Windows could lead to spoofing.

27311 - (MSPT-Nov2020) Microsoft Windows Bind Filter Driver Privilege Escalation (CVE-2020-17012)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2020-17012

Description A vulnerability in some versions of Microsoft Windows could lead to privilege escalation.

Observation A vulnerability in some versions of Microsoft Windows could lead to privilege escalation.

The flaw lies in the Bind Filter Driver component. Successful exploitation could allow a local user to gain elevated privileges. The exploit requires the user to open a vulnerable website, email or document.

27312 - (MSPT-Nov2020) Microsoft Windows Client Side Rendering Print Provider Privilege Escalation (CVE-2020-17024)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2020-17024

Description A vulnerability in some versions of Microsoft Windows could lead to privilege escalation. Observation A vulnerability in some versions of Microsoft Windows could lead to privilege escalation.

The flaw lies in the Client Side Rendering Print Provider component. Successful exploitation could allow a local user to gain elevated privileges. The exploit requires the attacker to have valid credentials to the vulnerable system.

27313 - (MSPT-Nov2020) Microsoft Windows Portcls.sys Privilege Escalation (CVE-2020-17011)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2020-17011

Description A vulnerability in some versions of Microsoft Windows could lead to privilege escalation.

Observation A vulnerability in some versions of Microsoft Windows could lead to privilege escalation.

The flaw lies in the Portcls.sys component. Successful exploitation could allow a local user to gain elevated privileges. The exploit requires the attacker to have valid credentials to the vulnerable system.

27314 - (MSPT-Nov2020) Microsoft Windows Function Discovery SSDP Provider Information Disclosure (CVE-2020-17036)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2020-17036

Description A vulnerability in some versions of Microsoft Windows could lead to information disclosure.

Observation A vulnerability in some versions of Microsoft Windows could lead to information disclosure.

The flaw lies in the Function Discovery SSDP Provider component. Successful exploitation by a remote attacker could result in the disclosure of sensitive information. The exploit requires the attacker to have valid credentials to the vulnerable system.

27320 - (MSPT-Nov2020) Microsoft Windows Update Stack Privilege Escalation (CVE-2020-17077)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2020-17077

Description A vulnerability in some versions of Microsoft Windows could lead to privilege escalation.

Observation A vulnerability in some versions of Microsoft Windows could lead to privilege escalation.

The flaw lies in the Update Stack component. Successful exploitation could allow a local user to gain elevated privileges. The exploit requires the attacker to have valid credentials to the vulnerable system. 27321 - (MSPT-Nov2020) Microsoft Windows Update Medic Service Privilege Escalation (CVE-2020-17070)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2020-17070

Description A vulnerability in some versions of Microsoft Windows could lead to privilege escalation.

Observation A vulnerability in some versions of Microsoft Windows could lead to privilege escalation.

The flaw lies in the Update Medic Service component. Successful exploitation could allow a local user to gain elevated privileges. The exploit requires the attacker to have valid credentials to the vulnerable system.

27322 - (MSPT-Nov2020) Microsoft Windows Delivery Optimization Information Disclosure (CVE-2020-17071)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2020-17071

Description A vulnerability in some versions of Microsoft Windows could lead to information disclosure.

Observation A vulnerability in some versions of Microsoft Windows could lead to information disclosure.

The flaw lies in the Delivery Optimization component. Successful exploitation by a remote attacker could result in the disclosure of sensitive information. The exploit requires the attacker to have valid credentials to the vulnerable system.

27323 - (MSPT-Nov2020) Microsoft Windows Graphics Information Disclosure (CVE-2020-17004)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2020-17004

Description A vulnerability in some versions of Microsoft Windows could lead to information disclosure.

Observation A vulnerability in some versions of Microsoft Windows could lead to information disclosure.

The flaw lies in the Graphics component. Successful exploitation by a remote attacker could result in the disclosure of sensitive information. The exploit requires the attacker to have valid credentials to the vulnerable system.

27324 - (MSPT-Nov2020) Microsoft Windows Win32k Privilege Escalation (CVE-2020-17038)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2020-17038

Description A vulnerability in some versions of Microsoft Windows could lead to privilege escalation.

Observation A vulnerability in some versions of Microsoft Windows could lead to privilege escalation.

The flaw lies in the Win32k component. Successful exploitation could allow a local user to gain elevated privileges. The exploit requires the attacker to have valid credentials to the vulnerable system.

27326 - (MSPT-Nov2020) Microsoft Windows Canonical Display Driver Information Disclosure (CVE-2020-17029)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2020-17029

Description A vulnerability in some versions of Microsoft Windows could lead to information disclosure.

Observation A vulnerability in some versions of Microsoft Windows could lead to information disclosure.

The flaw lies in the Canonical Display Driver component. Successful exploitation by a remote attacker could result in the disclosure of sensitive information. The exploit requires the attacker to have valid credentials to the vulnerable system.

27327 - (MSPT-Nov2020) Microsoft DirectX Improperly Handles Objects in Memory Privilege Escalation (CVE-2020-16998)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2020-16998

Description A vulnerability in some versions of Microsoft DirectX could lead to privilege escalation.

Observation A vulnerability in some versions of Microsoft DirectX could lead to privilege escalation.

The flaw lies in the improperly handles objects in memory. Successful exploitation could allow a local user to gain elevated privileges. The exploit requires the attacker to have valid credentials to the vulnerable system.

27328 - (MSPT-Nov2020) Microsoft Windows Win32k Privilege Escalation (CVE-2020-17057)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2020-17057

27329 - (MSPT-Nov2020) Microsoft Windows Win32k Privilege Escalation (CVE-2020-17010)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2020-17010

Description A vulnerability in some versions of Microsoft Windows could lead to privilege escalation.

Observation A vulnerability in some versions of Microsoft Windows could lead to privilege escalation.

27330 - (MSPT-Nov2020) Microsoft Windows win32k Information Disclosure (CVE-2020-17013)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2020-17013

Description A vulnerability in some versions of Microsoft Windows could lead to information disclosure.

Observation A vulnerability in some versions of Microsoft Windows could lead to information disclosure.

The flaw lies in the win32k component. Successful exploitation by a remote attacker could result in the disclosure of sensitive information. The exploit requires the attacker to have valid credentials to the vulnerable system.

27331 - (MSPT-Nov2020) Microsoft Windows Remote Access Privilege Escalation (CVE-2020-17033)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2020-17033

Description A vulnerability in some versions of Microsoft Windows could lead to privilege escalation.

Observation A vulnerability in some versions of Microsoft Windows could lead to privilege escalation.

The flaw lies in the Remote Access component. Successful exploitation could allow a local user to gain elevated privileges. The exploit requires the attacker to have valid credentials to the vulnerable system.

27332 - (MSPT-Nov2020) Microsoft Windows Remote Access Privilege Escalation (CVE-2020-17034)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2020-17034

Description A vulnerability in some versions of Microsoft Windows could lead to privilege escalation.

Observation A vulnerability in some versions of Microsoft Windows could lead to privilege escalation.

27333 - (MSPT-Nov2020) Microsoft Windows Remote Access Privilege Escalation (CVE-2020-17043)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2020-17043

Description A vulnerability in some versions of Microsoft Windows could lead to privilege escalation.

Observation A vulnerability in some versions of Microsoft Windows could lead to privilege escalation.

27334 - (MSPT-Nov2020) Microsoft Windows Remote Access Privilege Escalation (CVE-2020-17044)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2020-17044

Description A vulnerability in some versions of Microsoft Windows could lead to privilege escalation.

Observation A vulnerability in some versions of Microsoft Windows could lead to privilege escalation.

27335 - (MSPT-Nov2020) Microsoft Windows Remote Access Privilege Escalation (CVE-2020-17032)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2020-17032

Description A vulnerability in some versions of Microsoft Windows could lead to privilege escalation.

Observation A vulnerability in some versions of Microsoft Windows could lead to privilege escalation.

27336 - (MSPT-Nov2020) Microsoft Windows Remote Access Privilege Escalation (CVE-2020-17055)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2020-17055

Description A vulnerability in some versions of Microsoft Windows could lead to privilege escalation.

Observation A vulnerability in some versions of Microsoft Windows could lead to privilege escalation.

27337 - (MSPT-Nov2020) Microsoft Windows Remote Access Privilege Escalation (CVE-2020-17031)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2020-17031

Description A vulnerability in some versions of Microsoft Windows could lead to privilege escalation.

Observation A vulnerability in some versions of Microsoft Windows could lead to privilege escalation.

27338 - (MSPT-Nov2020) Microsoft Windows Remote Access Privilege Escalation (CVE-2020-17028)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2020-17028

Description A vulnerability in some versions of Microsoft Windows could lead to privilege escalation.

Observation A vulnerability in some versions of Microsoft Windows could lead to privilege escalation.

27339 - (MSPT-Nov2020) Microsoft Windows Remote Access Privilege Escalation (CVE-2020-17025)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2020-17025

Description A vulnerability in some versions of Microsoft Windows could lead to privilege escalation.

Observation A vulnerability in some versions of Microsoft Windows could lead to privilege escalation.

27340 - (MSPT-Nov2020) Microsoft Windows Remote Access Privilege Escalation (CVE-2020-17027)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2020-17027

Description A vulnerability in some versions of Microsoft Windows could lead to privilege escalation.

Observation A vulnerability in some versions of Microsoft Windows could lead to privilege escalation.

27341 - (MSPT-Nov2020) Microsoft Windows Remote Access Privilege Escalation (CVE-2020-17026)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2020-17026

Description A vulnerability in some versions of Microsoft Windows could lead to privilege escalation.

Observation A vulnerability in some versions of Microsoft Windows could lead to privilege escalation. The flaw lies in the Remote Access component. Successful exploitation could allow a local user to gain elevated privileges. The exploit requires the attacker to have valid credentials to the vulnerable system.

27342 - (MSPT-Nov2020) Microsoft Remote Desktop Protocol Client Information Disclosure (CVE-2020-17000)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2020-17000

Description A vulnerability in some versions of Microsoft Remote Desktop could lead to information disclosure.

Observation A vulnerability in some versions of Microsoft Remote Desktop could lead to information disclosure.

The flaw lies in the Protocol Client component. Successful exploitation by a remote attacker could result in the disclosure of sensitive information. The exploit requires the attacker to have valid credentials to the vulnerable system.

27343 - (MSPT-Nov2020) Microsoft Remote Desktop Protocol Server Information Disclosure (CVE-2020-16997)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2020-16997

Description A vulnerability in some versions of Microsoft Remote Desktop could lead to information disclosure.

Observation A vulnerability in some versions of Microsoft Remote Desktop could lead to information disclosure.

The flaw lies in the Protocol Server component. Successful exploitation by a remote attacker could result in the disclosure of sensitive information. The exploit requires the attacker to have valid credentials to the vulnerable system.

27344 - (MSPT-Nov2020) Microsoft Kernel Local Privilege Escalation (CVE-2020-17087)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2020-17087

Description A vulnerability in some versions of Microsoft Kernel could lead to privilege escalation.

Observation A vulnerability in some versions of Microsoft Kernel could lead to privilege escalation.

The flaw lies in the Local component. Successful exploitation could allow a local user to gain elevated privileges. The exploit requires the attacker to have valid credentials to the vulnerable system.

27345 - (MSPT-Nov2020) Microsoft Windows Kernel Privilege Escalation (CVE-2020-17035) Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2020-17035

Description A vulnerability in some versions of Microsoft Windows could lead to privilege escalation.

Observation A vulnerability in some versions of Microsoft Windows could lead to privilege escalation.

The flaw lies in the Kernel component. Successful exploitation could allow a local user to gain elevated privileges. The exploit requires the attacker to have valid credentials to the vulnerable system.

27354 - (MSPT-Nov2020) Microsoft Windows Error Reporting Privilege Escalation (CVE-2020-17007)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2020-17007

Description A vulnerability in some versions of Microsoft Windows could lead to privilege escalation.

Observation A vulnerability in some versions of Microsoft Windows could lead to privilege escalation.

The flaw lies in the Error Reporting component. Successful exploitation could allow a local user to gain elevated privileges. The exploit requires the attacker to have valid credentials to the vulnerable system.

27355 - (MSPT-Nov2020) Microsoft Windows KernelStream Information Disclosure (CVE-2020-17045)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2020-17045

Description A vulnerability in some versions of Microsoft Windows could lead to information disclosure.

Observation A vulnerability in some versions of Microsoft Windows could lead to information disclosure.

The flaw lies in the KernelStream component. Successful exploitation by an attacker could result in the disclosure of sensitive information. The exploit requires the attacker to have valid credentials to the vulnerable system.

27356 - (MSPT-Nov2020) Microsoft Windows Error Reporting Denial of Service Vulnerability (CVE-2020-17046)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2020-17046 Description A vulnerability in some versions of Microsoft Windows could lead to denial of service.

Observation A vulnerability in some versions of Microsoft Windows could lead to denial of service.

The flaw lies in the Error Reporting Manager component. Successful exploitation by a remote attacker could result in the denial of service. The exploit requires the attacker to have valid credentials to the vulnerable system.

27361 - (MSPT-Nov2020) Microsoft Windows WalletService Information Disclosure (CVE-2020-16999)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2020-16999

Description A vulnerability in some versions of Microsoft Windows could lead to information disclosure.

Observation A vulnerability in some versions of Microsoft Windows could lead to information disclosure.

The flaw lies in the WalletService component. Successful exploitation by a remote attacker could result in the disclosure of sensitive information. The exploit requires the attacker to have valid credentials to the vulnerable system.

27362 - (MSPT-Nov2020) Microsoft Windows WalletService Privilege Escalation (CVE-2020-17037)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2020-17037

Description A vulnerability in some versions of Microsoft Windows could lead to privilege escalation.

Observation A vulnerability in some versions of Microsoft Windows could lead to privilege escalation.

The flaw lies in the WalletService component. Successful exploitation could allow a local user to gain elevated privileges. The exploit requires the attacker to have valid credentials to the vulnerable system.

27363 - (MSPT-Nov2020) Microsoft Windows NDIS Information Disclosure (CVE-2020-17069)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2020-17069

Description A vulnerability in some versions of Microsoft Windows could lead to information disclosure.

Observation A vulnerability in some versions of Microsoft Windows could lead to information disclosure.

The flaw lies in the NDIS component. Successful exploitation by an attacker could result in the disclosure of sensitive information. The exploit requires the attacker to have valid credentials to the vulnerable system.

27364 - (MSPT-Nov2020) Microsoft Windows Update Orchestrator Service Elevation of Privilege Vulnerability (CVE-2020- 17073)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2020-17073

Description A vulnerability in some versions of Microsoft Windows could lead to Elevation of Privilege.

Observation A vulnerability in some versions of Microsoft Windows could lead to Elevation of Privilege.

The flaw lies in the Update Orchestrator Service component. Successful exploitation by an attacker could result in Elevation of Privilege. The exploit requires the attacker to have valid credentials to the vulnerable system.

27365 - (MSPT-Nov2020) Microsoft Windows Update Orchestrator Service Privilege Escalation (CVE-2020-17074)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2020-17074

Description A vulnerability in some versions of Microsoft Windows could lead to privilege escalation.

Observation A vulnerability in some versions of Microsoft Windows could lead to privilege escalation.

The flaw lies in the Update Orchestrator Service component. Successful exploitation could allow a local user to gain elevated privileges. The exploit requires the attacker to have valid credentials to the vulnerable system.

27366 - (MSPT-Nov2020) Microsoft Windows USO Core Worker Privilege Escalation (CVE-2020-17075)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2020-17075

Description A vulnerability in some versions of Microsoft Windows could lead to privilege escalation.

Observation A vulnerability in some versions of Microsoft Windows could lead to privilege escalation.

The flaw lies in the USO Core Worker component. Successful exploitation could allow a local user to gain elevated privileges. The exploit requires the attacker to have valid credentials to the vulnerable system. 27367 - (MSPT-Nov2020) Microsoft Windows Update Orchestrator Service Privilege Escalation (CVE-2020-17076)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2020-17076

Description A vulnerability in some versions of Microsoft Windows could lead to privilege escalation.

Observation A vulnerability in some versions of Microsoft Windows could lead to privilege escalation.

27368 - (MSPT-Nov2020) Microsoft Common Log File System Driver Privilege Escalation (CVE-2020-17088)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2020-17088

Description A vulnerability in some versions of Microsoft Common Log could lead to privilege escalation.

Observation A vulnerability in some versions of Microsoft Common Log could lead to privilege escalation.

The flaw lies in the File System Driver component. Successful exploitation could allow a local user to gain elevated privileges. The exploit requires the attacker to have valid credentials to the vulnerable system.

27373 - (MSPT-Nov2020) Microsoft SharePoint Spoofing (CVE-2020-17060)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2020-17060

Description A vulnerability in some versions of Microsoft SharePoint could lead to spoofing.

Observation A vulnerability in some versions of Microsoft SharePoint could lead to spoofing.

27376 - (MSPT-Nov2020) Microsoft Word Security Feature Bypass Vulnerability (CVE-2020-17020)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2020-17020

Description A vulnerability in some versions of Microsoft Word could lead to security feature bypass.

Observation A vulnerability in some versions of Microsoft Word could lead to security feature bypass.

The flaw lies in the improperly handles image links. Successful exploitation by an attacker could result in the security feature bypass.

27382 - (MSPT-Nov2020) Microsoft Windows Camera Codec Information Disclosure Vulnerability (CVE-2020-17113)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2020-17113

Description A vulnerability in some versions of Microsoft Windows could lead to information disclosure.

Observation A vulnerability in some versions of Microsoft Windows could lead to information disclosure.

The flaw lies in the camera codec component. Successful exploitation by an attacker could result in the disclosure of sensitive information. The exploit requires the attacker to have valid credentials to the vulnerable system.

27383 - (MSPT-Nov2020) Microsoft Windows Exchange Server Privilege Escalation (CVE-2020-17085)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2020-17085

Description A vulnerability in some versions of Microsoft Windows could lead to privilege escalation.

Observation A vulnerability in some versions of Microsoft Windows could lead to privilege escalation.

The flaw lies in the Exchange Server component. Successful exploitation could allow a local user to gain elevated privileges. The exploit requires the attacker to have valid credentials to the vulnerable system.

27386 - (MSPT-Nov2020) Microsoft Windows Dynamics 365 Spoofing (CVE-2020-17005)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2020-17005

Description A vulnerability in some versions of Microsoft Windows could lead to spoofing. Observation A vulnerability in some versions of Microsoft Windows could lead to spoofing.

The flaw lies in the Dynamics 365 component. Successful exploitation by a remote attacker could result in spoofing. The exploit requires the attacker to have valid credentials to the vulnerable system.

27387 - (MSPT-Nov2020) Microsoft Windows Dynamics 366 Spoofing (CVE-2020-17006)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2020-17006

Description A vulnerability in some versions of Microsoft Windows could lead to spoofing.

Observation A vulnerability in some versions of Microsoft Windows could lead to spoofing.

The flaw lies in the Dynamics 366 component. Successful exploitation by a remote attacker could result in spoofing. The exploit requires the attacker to have valid credentials to the vulnerable system.

ENHANCED CHECKS

The following checks have been updated. Enhancements may include optimizations, changes that reflect new information on a vulnerability and anything else that improves upon an existing FSL check. 70014 - netbios-helpers.fasl3.inc

Category: General Vulnerability Assessment -> NonIntrusive -> Invalid Category Risk Level: Informational CVE: CVE-MAP-NOMATCH

Update Details FASLScript is updated

HOW TO UPDATE

FS1000 APPLIANCE customers should follow the instructions for Enterprise/Professional customers, below. In addition, we strongly urge all appliance customers to authorize and install any Windows Update critical patches. The appliance will auto-download any critical updates but will wait for your explicit authorization before installing.

FOUNDSTONE ENTERPRISE and PROFESSIONAL customers may obtain these new scripts using the FSUpdate Utility by selecting "FoundScan Update" on the help menu. Make sure that you have a valid FSUpdate username and password. The new vulnerability scripts will be automatically included in your scans if you have selected that option by right-clicking the selected vulnerability category and checking the "Run New Checks" checkbox.

MANAGED SERVICE CUSTOMERS already have the newest update applied to their environment. The new vulnerability scripts will be automatically included when your scans are next scheduled, provided the Run New Scripts option has been turned on.

MCAFEE TECHNICAL SUPPORT

ServicePortal: https://mysupport.mcafee.com Multi-National Phone Support available here: http://www.mcafee.com/us/about/contact/index.html Non-US customers - Select your country from the list of Worldwide Offices.

This email may contain confidential and privileged material for the sole use of the intended recipient. Any review or distribution by others is strictly prohibited. If you are not the intended recipient please contact the sender and delete all copies.