Microsoft Security Update for January 2020 Fixes 49 Security Vulnerabilities

Overview

Microsoft released the January security update on Tuesday, fixing 49 security issues ranging from simple spoofing attacks to remote code execution, discovered in products like .NET Framework, Apps, ASP.NET, Common Log File System Driver, Microsoft Dynamics, Microsoft Graphics Component, Microsoft Office, Microsoft Scripting Engine, Microsoft Windows, Microsoft Windows Search Component, Windows Hyper-V, Windows Media, Windows RDP, Windows Subsystem for Linux, and Windows Update Stack.

Of the vulnerabilities fixed by Microsoft's this monthly update, a total of eight critical vulnerabilities exist in the .NET Framework, ASP.NET, Microsoft Scripting Engine, and Windows RDP. In addition, there are 41 important vulnerabilities.

Critical Vulnerabilities

The following are eight critical vulnerabilities covered in this update.

@NSFOUS 2020 http://www.nsfocus.com

Windows RDP

 CVE-2020-0609、CVE-2020-0610

These two remote code execution vulnerabilities in the Windows Remote Desktop Gateway (RD Gateway) could be exploited by unauthenticated attackers. If the two vulnerabilities are exploited successfully, arbitrary code may be executed on the target system, allowing the attacker to install the program, view, change or delete data, or create a new account with full user rights. To exploit this vulnerability, an attacker needs to send a specially crafted request to the RD gateway of the target system via RDP. This update addresses these issues by correcting the way the RD gateway handles connection requests. For more details about the vulnerabilities and download updates, please refer to Microsoft's official security advisories: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0609 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0610

 CVE-2020-0611 This is a remote code execution vulnerability in Windows Remote Desktop clients. An attacker who successfully exploited this vulnerability could execute arbitrary code on a user's computer connected to a malicious server. After that, an attacker could install a malicious program, view, change, or delete data, or create a new account with full user rights. To exploit this vulnerability, an attacker needs to take control of the server and then convinces a user to connect to the server. This vulnerability could be triggered if a user accesses a malicious server. Although attackers cannot force users to connect to malicious servers, they may entice users to connect through social engineering, DNS poisoning, or man-in-the-middle (MITM) technology. An attacker could also compromise a legitimate server, host malicious code on it, and wait for users to connect.

@NSFOUS 2020 http://www.nsfocus.com

Microsoft Scripting Engine

 CVE-2020-0640 This is a memory corruption vulnerability in the way Internet Explorer handles objects in memory. The vulnerability allows an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. If the current user logs in with administrative privileges, an attacker could take control of the affected system and may then install a malicious program, view, change or delete data, or create a new account with full user privileges. An attacker could build a specially crafted website and then convince users to visit the website. However, attackers cannot force users to view malicious contents, but entice users by email or instant messaging instead. Internet Explorer 9, 10, and 11 are affected. For more details about the vulnerabilities and download updates, please refer to Microsoft's official security advisories: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0640

ASP.NET and .NET Framework

 CVE-2020-0603, CVE-2020-0605, CVE-2020-0606, and CVE-2020-0646 The above vulnerabilities are remote code execution vulnerabilities in .NET and ASP.NET Core software. These vulnerabilities can be triggered if a user opens a maliciously crafted file while using an affected .NET or ASP.NET Core version. With a successful exploitation, an attacker could execute arbitrary code in the context of the current user. These errors exist in the way the software handles memory objects.

@NSFOUS 2020 http://www.nsfocus.com

For more details about the vulnerabilities and download updates, please refer to Microsoft's official security advisories: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0603 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0605 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0606 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0646

Important Vulnerabilities

In addition to critical vulnerabilities, this update also fixes 41 important vulnerabilities, three of which require more attention as follows.

CVE-2020-0601

This is a spoofing vulnerability in Windows CryptoAPI. As the Elliptic Curve Cryptography certificate was incorrectly verified by crypt32.dll, an attacker could use this error to spoof a code signing certificate and secretly sign a file, making the file appear to come from a trusted source. Attackers could also use this vulnerability to conduct man-in-the-middle attacks and decrypt confidential information. For more details about the vulnerabilities and download updates, please refer to Microsoft's official security advisories: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0601

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0616

This is a Microsoft Windows denial-of-service vulnerability. The vulnerability exists when Windows cannot properly handle hard links. An attacker who successfully exploits this vulnerability could cause the target system to stop responding. An attacker must log in to the victim's computer to exploit this vulnerability and then run a specially designed application that could allow the attacker to overwrite system files. For more details about the vulnerabilities and download updates, please refer to Microsoft's official security advisories: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0616

CVE-2020-0654

A security feature bypass vulnerability exists in Android's Microsoft OneDrive application. This could allow an attacker to bypass the password or fingerprint of the application. For more details about the vulnerabilities and download updates, please refer to Microsoft's official security advisories: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0654

Remediation

Bugs fixed in this update are shown in the following table: Product CVE ID CVE Title Severity Level

@NSFOUS 2020 http://www.nsfocus.com

.NET Framework Remote code .NET Framework CVE-2020-0605 Critical execution vulnerability

.NET Framework Remote code .NET Framework CVE-2020-0606 Critical execution vulnerability

.NET Framework Remote Code .NET Framework CVE-2020-0646 Critical Execution Injection Vulnerability

Microsoft OneDrive for Android Apps CVE-2020-0654 Security feature bypass Important vulnerability

ASP.NET Core Denial of service ASP.NET CVE-2020-0602 Important vulnerability

ASP.NET Core Remote code ASP.NET CVE-2020-0603 Critical execution vulnerability

Windows Common Log File Common Log File System Driver CVE-2020-0615 System Driver Information Important Disclosure Vulnerability

@NSFOUS 2020 http://www.nsfocus.com

Windows Common Log File Common Log File System Driver CVE-2020-0639 System Driver Information Important Disclosure Vulnerability

Windows Common Log File Common Log File System Driver CVE-2020-0634 System Driver Elevation of Important Privilege Vulnerability

Microsoft Dynamics 365 (On- Microsoft Dynamics CVE-2020-0656 Premise) Cross Site Scripting Important Vulnerability

Microsoft Graphics Components Microsoft Graphics Component CVE-2020-0607 Information Disclosure Important Vulnerability

Microsoft Graphics Component Microsoft Graphics Component CVE-2020-0622 Information Disclosure Important Vulnerability

Win32k Elevation of Privilege Microsoft Graphics Component CVE-2020-0642 Important Vulnerability

@NSFOUS 2020 http://www.nsfocus.com

Windows GDI+ Information Microsoft Graphics Component CVE-2020-0643 Important Disclosure Vulnerability

Microsoft Office CVE-2020-0647 Microsoft Office Online Fraud Important

Microsoft Excel Remote code Microsoft Office CVE-2020-0650 Important execution vulnerability

Microsoft Excel Remote code Microsoft Office CVE-2020-0651 Important execution vulnerability

Microsoft Office Memory Microsoft Office CVE-2020-0652 Important corruption

Microsoft Excel Remote code Microsoft Office CVE-2020-0653 Important execution vulnerability

Internet Explorer Memory Microsoft Scripting Engine CVE-2020-0640 Critical corruption

Microsoft Windows CVE-2020-0601 Windows CryptoAPI Fraud Important

@NSFOUS 2020 http://www.nsfocus.com

Win32k Information Disclosure Microsoft Windows CVE-2020-0608 Important Vulnerability

Microsoft Windows Denial of Microsoft Windows CVE-2020-0616 Important service vulnerability

Microsoft Cryptographic Microsoft Windows CVE-2020-0620 Services Elevation of Privilege Important Vulnerability

Windows Security feature Microsoft Windows CVE-2020-0621 Important bypass vulnerability

Win32k Elevation of Privilege Microsoft Windows CVE-2020-0624 Important Vulnerability

Windows Elevation of Privilege Microsoft Windows CVE-2020-0635 Important Vulnerability

Windows Elevation of Privilege Microsoft Windows CVE-2020-0644 Important Vulnerability

@NSFOUS 2020 http://www.nsfocus.com

Windows Search Indexer Microsoft Windows Search Component CVE-2020-0613 Elevation of Privilege Important Vulnerability

Windows Search Indexer Microsoft Windows Search Component CVE-2020-0614 Elevation of Privilege Important Vulnerability

Windows Search Indexer Microsoft Windows Search Component CVE-2020-0623 Elevation of Privilege Important Vulnerability

Windows Search Indexer Microsoft Windows Search Component CVE-2020-0625 Elevation of Privilege Important Vulnerability

Windows Search Indexer Microsoft Windows Search Component CVE-2020-0626 Elevation of Privilege Important Vulnerability

Windows Search Indexer Microsoft Windows Search Component CVE-2020-0627 Elevation of Privilege Important Vulnerability

@NSFOUS 2020 http://www.nsfocus.com

Windows Search Indexer Microsoft Windows Search Component CVE-2020-0628 Elevation of Privilege Important Vulnerability

Windows Search Indexer Microsoft Windows Search Component CVE-2020-0629 Elevation of Privilege Important Vulnerability

Windows Search Indexer Microsoft Windows Search Component CVE-2020-0630 Elevation of Privilege Important Vulnerability

Windows Search Indexer Microsoft Windows Search Component CVE-2020-0631 Elevation of Privilege Important Vulnerability

Windows Search Indexer Microsoft Windows Search Component CVE-2020-0632 Elevation of Privilege Important Vulnerability

Windows Search Indexer Microsoft Windows Search Component CVE-2020-0633 Elevation of Privilege Important Vulnerability

@NSFOUS 2020 http://www.nsfocus.com

Hyper-V Denial of service Windows Hyper-V CVE-2020-0617 Important vulnerability

Microsoft Windows Elevation of Windows Media CVE-2020-0641 Important Privilege Vulnerability

Windows Remote Desktop Windows RDP CVE-2020-0609 Gateway (RD Gateway) Remote Critical code execution vulnerability

Windows Remote Desktop Windows RDP CVE-2020-0610 Gateway (RD Gateway) Remote Critical code execution vulnerability

Remote Desktop Client Remote Windows RDP CVE-2020-0611 Critical code execution vulnerability

Windows Remote Desktop Windows RDP CVE-2020-0612 Gateway (RD Gateway) Denial of Important service vulnerability

@NSFOUS 2020 http://www.nsfocus.com

Remote Desktop Web Access Windows RDP CVE-2020-0637 Information Disclosure Important Vulnerability

Windows Subsystem for Linux Windows Subsystem for Linux CVE-2020-0636 Elevation of Privilege Important Vulnerability

Update Notification Manager Windows Update Stack CVE-2020-0638 Elevation of Privilege Important Vulnerability

Recommended Mitigation Measures

Microsoft has released security updates to fix these issues. Please download and install them as soon as possible.

@NSFOUS 2020 http://www.nsfocus.com

Appendix

CVE-2020-0601 - Windows CryptoAPI Spoofing Vulnerability

Maximum Vulnerability CVE ID Vulnerability Description Severity Impact Rating CVE Title: Windows CryptoAPI Spoofing Vulnerability Description: A spoofing vulnerability exists in the way Windows CryptoAPI (Crypt32.dll) validates Elliptic Curve Cryptography (ECC) certificates. CVE- An attacker could exploit the vulnerability by using a spoofed code-signing certificate to 2020- sign a malicious executable, making it appear the file was from a trusted, legitimate 0601 source. The user would have no way of knowing the file was malicious, because the Important Spoofing MITRE digital signature would appear to be from a trusted provider. NVD A successful exploit could also allow the attacker to conduct man-in-the-middle attacks and decrypt confidential information on user connections to the affected software. The security update addresses the vulnerability by ensuring that Windows CryptoAPI completely validates ECC certificates.

@NSFOUS 2020 http://www.nsfocus.com

Maximum Vulnerability CVE ID Vulnerability Description Severity Impact Rating

FAQ: Is there more information from Microsoft regarding CVE-2020-0601? Yes, please see the blog post release on 1/14/2020.

Mitigations: None Workarounds: None Revision: 1.0 01/14/2020 08:00:00 Information published. 1.1 01/14/2020 08:00:00 Added an FAQ. This is an information change only.

@NSFOUS 2020 http://www.nsfocus.com

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2020-0601 KB Restart Product Severity Impact Supersedence CVSS Score Set Article Required Windows 4534293 Base: 8.1 10 Version Security Temporal: 7.3 1803 for Important Spoofing 4530717 Unknown Update Vector: 32-bit CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C Systems Windows 4534293 Base: 8.1 10 Version Security Temporal: 7.3 1803 for Important Spoofing 4530717 Unknown Update Vector: x64-based CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C Systems Windows 4534293 Base: 8.1 Server, Security Temporal: 7.3 version Important Spoofing 4530717 Unknown Update Vector: 1803 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C (Server

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0601 Core Installation) Windows 10 Version 4534293 Base: 8.1 1803 for Security Temporal: 7.3 Important Spoofing 4530717 Unknown ARM64- Update Vector: based CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C Systems Windows 4534273 Base: 8.1 10 Version Security Temporal: 7.3 1809 for Important Spoofing 4530715 Unknown Update Vector: 32-bit CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C Systems Windows 4534273 Base: 8.1 10 Version Security Temporal: 7.3 1809 for Important Spoofing 4530715 Unknown Update Vector: x64-based CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C Systems Windows 4534273 Base: 8.1 10 Version Security Temporal: 7.3 Important Spoofing 4530715 Unknown 1809 for Update Vector: ARM64- CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0601 based Systems 4534273 Base: 8.1 Windows Security Temporal: 7.3 Important Spoofing 4530715 Unknown Server 2019 Update Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C Windows 4534273 Base: 8.1 Server 2019 Security Temporal: 7.3 (Server Important Spoofing 4530715 Unknown Update Vector: Core CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C installation) Windows 4534276 Base: 8.1 10 Version Security Temporal: 7.3 1709 for Important Spoofing 4530714 Unknown Update Vector: 32-bit CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C Systems Windows 4534276 Base: 8.1 10 Version Security Temporal: 7.3 1709 for Important Spoofing 4530714 Unknown Update Vector: x64-based CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C Systems Windows 4534276 Base: 8.1 Important Spoofing 4530714 Unknown 10 Version Security Temporal: 7.3

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0601 1709 for Update Vector: ARM64- CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C based Systems Windows 4528760 Base: 8.1 10 Version Security Temporal: 7.3 1903 for Important Spoofing 4530684 Yes Update Vector: 32-bit CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C Systems Windows 4528760 Base: 8.1 10 Version Security Temporal: 7.3 1903 for Important Spoofing 4530684 Yes Update Vector: x64-based CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C Systems Windows 10 Version 4528760 Base: 8.1 1903 for Security Temporal: 7.3 Important Spoofing 4530684 Yes ARM64- Update Vector: based CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C Systems Windows 4528760 Base: 8.1 Server, Important Spoofing 4530684 Yes Security Temporal: 7.3 version

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0601 1903 Update Vector: (Server CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C Core installation) 4534306 Base: 8.1 Windows Security Temporal: 7.3 10 for 32- Important Spoofing 4530681 Unknown Update Vector: bit Systems CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C Windows 4534306 Base: 8.1 10 for x64- Security Temporal: 7.3 Important Spoofing 4530681 Unknown based Update Vector: Systems CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C Windows 4534271 Base: 8.1 10 Version Security Temporal: 7.3 1607 for Important Spoofing 4530689 Unknown Update Vector: 32-bit CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C Systems Windows 4534271 Base: 8.1 10 Version Security Temporal: 7.3 1607 for Important Spoofing 4530689 Unknown Update Vector: x64-based CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C Systems

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0601 4534271 Base: 8.1 Windows Security Temporal: 7.3 Important Spoofing 4530689 Unknown Server 2016 Update Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C Windows 4534271 Base: 8.1 Server 2016 Security Temporal: 7.3 (Server Important Spoofing 4530689 Unknown Update Vector: Core CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C installation) Windows 4528760 Base: 8.1 10 Version Security Temporal: 7.3 1909 for Important Spoofing 4530684 Yes Update Vector: 32-bit CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C Systems Windows 4528760 Base: 8.1 10 Version Security Temporal: 7.3 1909 for Important Spoofing 4530684 Yes Update Vector: x64-based CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C Systems Windows 4528760 Base: 8.1 Server, Security Temporal: 7.3 Important Spoofing 4530684 Yes version Update Vector: 1909 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0601 (Server Core installation) Windows 10 Version 4528760 Base: 8.1 1909 for Security Temporal: 7.3 Important Spoofing 4530684 Yes ARM64- Update Vector: based CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C Systems

CVE-2020-0602 - ASP.NET Core Denial of Service Vulnerability

Maximum Vulnerability CVE ID Vulnerability Description Severity Impact Rating CVE Title: ASP.NET Core Denial of Service Vulnerability CVE- Description: 2020- A denial of service vulnerability exists when ASP.NET Core improperly handles web Denial of 0602 Important requests. An attacker who successfully exploited this vulnerability could cause a denial Service MITRE of service against an ASP.NET Core web application. The vulnerability can be exploited NVD remotely, without authentication.

@NSFOUS 2020 http://www.nsfocus.com

Maximum Vulnerability CVE ID Vulnerability Description Severity Impact Rating A remote unauthenticated attacker could exploit this vulnerability by issuing specially crafted requests to the ASP.NET Core application. The update addresses the vulnerability by correcting how the ASP.NET Core web application handles web requests.

FAQ: None Mitigations: None Workarounds: None Revision: 1.0 01/14/2020 08:00:00 Information published.

Affected Software

The following tables list the affected software details for the vulnerability.

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0602 Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required Base: N/A Release Notes Security Update ASP.NET Core 2.1 Important Denial of Service Temporal: N/A Maybe

Vector: N/A Base: N/A Release Notes Security Update ASP.NET Core 3.0 Important Denial of Service Temporal: N/A Maybe

Vector: N/A Base: N/A Rekease Notes Security Update ASP.NET Core 3.1 Important Denial of Service Temporal: N/A Maybe

Vector: N/A

CVE-2020-0603 - ASP.NET Core Remote Code Execution Vulnerability

Maximum Vulnerability CVE ID Vulnerability Description Severity Impact Rating CVE- CVE Title: ASP.NET Core Remote Code Execution Vulnerability 2020- Description: Remote Code 0603 Critical A remote code execution vulnerability exists in ASP.NET Core software when the Execution MITRE software fails to handle objects in memory. NVD

@NSFOUS 2020 http://www.nsfocus.com

Maximum Vulnerability CVE ID Vulnerability Description Severity Impact Rating An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of ASP.NET Core. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. The security update addresses the vulnerability by correcting how ASP.NET Core handles objects in memory.

FAQ: None Mitigations: None Workarounds: None

@NSFOUS 2020 http://www.nsfocus.com

Maximum Vulnerability CVE ID Vulnerability Description Severity Impact Rating Revision: 1.0 01/14/2020 08:00:00 Information published.

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2020-0603 CVSS Score Restart Product KB Article Severity Impact Supersedence Set Required Release Notes Security Base: N/A ASP.NET Core Remote Code Update Critical Temporal: N/A Maybe 2.1 Execution Vector: N/A Release Notes Security Base: N/A ASP.NET Core Remote Code Update Critical Temporal: N/A Maybe 3.0 Execution Vector: N/A

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0603 Release Notes Security Base: N/A ASP.NET Core Remote Code Update Critical Temporal: N/A Maybe 3.1 Execution Vector: N/A

CVE-2020-0605 - .NET Framework Remote Code Execution Vulnerability

Maximum Vulnerability CVE ID Vulnerability Description Severity Impact Rating CVE Title: .NET Framework Remote Code Execution Vulnerability Description: A remote code execution vulnerability exists in .NET software when the software fails to check the source markup of a file. CVE- An attacker who successfully exploited the vulnerability could run arbitrary code in the 2020- context of the current user. If the current user is logged on with administrative user Remote Code 0605 Critical rights, an attacker could take control of the affected system. An attacker could then Execution MITRE install programs; view, change, or delete data; or create new accounts with full user NVD rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of .NET Framework. In an email attack scenario, an attacker could

@NSFOUS 2020 http://www.nsfocus.com

Maximum Vulnerability CVE ID Vulnerability Description Severity Impact Rating exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. The security update addresses the vulnerability by correcting how .NET Framework checks the source markup of a file.

FAQ: None Mitigations: None Workarounds: None Revision: 1.0 01/14/2020 08:00:00 Information published.

Affected Software

The following tables list the affected software details for the vulnerability.

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0605 CVSS Restart Product KB Article Severity Impact Supersedence Score Set Required Release Base: N/A Notes Remote Temporal: .NET Core 3.0 Security Critical Code N/A Maybe Update Execution Vector: N/A Release Base: N/A Notes Remote Temporal: .NET Core 3.1 Security Critical Code N/A Maybe Update Execution Vector: N/A Base: N/A 4535104 Remote Temporal: Microsoft .NET Framework Monthly 4524743; Critical Code N/A Maybe 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 on Windows RT 8.1 Rollup 4533097 Execution Vector:

N/A 4535104 Base: N/A Microsoft .NET Framework Monthly Remote Temporal: 4524743; 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 on Windows 8.1 for Rollup Critical Code N/A Maybe 4533097 x64-based systems 4534978 Execution Vector: Security N/A

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0605 Only

4535105 Monthly Base: N/A Microsoft .NET Framework 3.0 Service Pack 2 on Rollup Remote Temporal: 4524744; Windows Server 2008 for Itanium-Based Systems 4534979 Critical Code N/A Maybe 4533098 Service Pack 2 Security Execution Vector: Only N/A

4535105 Monthly Base: N/A Microsoft .NET Framework 3.0 Service Pack 2 on Rollup Remote Temporal: 4524744; Windows Server 2008 for 32-bit Systems Service Pack 4534979 Critical Code N/A Maybe 4533098 2 Security Execution Vector: Only N/A

4535105 Monthly Base: N/A Microsoft .NET Framework 3.0 Service Pack 2 on Rollup Remote Temporal: 4524744; Windows Server 2008 for x64-based Systems Service 4534979 Critical Code N/A Maybe 4533098 Pack 2 Security Execution Vector: Only N/A

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0605 Base: N/A 4532938 Remote Temporal: Microsoft .NET Framework 3.5 AND 4.8 on Windows Security 4524744; Critical Code N/A Maybe 10 Version 1909 for 32-bit Systems Update 4533098 Execution Vector:

N/A Base: N/A 4532938 Remote Temporal: Microsoft .NET Framework 3.5 AND 4.8 on Windows Security 4524744; Critical Code N/A Maybe Server, version 1909 (Server Core installation) Update 4533098 Execution Vector:

N/A Base: N/A 4532938 Remote Temporal: Microsoft .NET Framework 3.5 AND 4.8 on Windows Security 4524744; Critical Code N/A Maybe 10 Version 1909 for x64-based Systems Update 4533098 Execution Vector:

N/A Base: N/A 4534293 Remote Temporal: Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Security Critical Code 4530717 N/A Unknown Server, version 1803 (Server Core Installation) Update Execution Vector:

N/A Remote Base: N/A Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 4534306 Critical Code 4530681 Temporal: Unknown 10 for 32-bit Systems Security Execution N/A

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0605 Update Vector: N/A 4535102 Monthly Base: N/A Microsoft .NET Framework Rollup Remote Temporal: 4524741; 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 on Windows 7 for 32- 4534976 Critical Code N/A Maybe 4533095 bit Systems Service Pack 1 Security Execution Vector: Only N/A

4535104 Monthly Base: N/A Microsoft .NET Framework Rollup Remote Temporal: 4524743; 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 on Windows 8.1 for 32- 4534978 Critical Code N/A Maybe 4533097 bit systems Security Execution Vector: Only N/A

4535102 Monthly Base: N/A Microsoft .NET Framework Rollup Remote Temporal: 4524741; 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 on Windows 7 for x64- 4534976 Critical Code N/A Maybe 4533095 based Systems Service Pack 1 Security Execution Vector: Only N/A

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0605 4535104 Monthly Base: N/A Microsoft .NET Framework Rollup Remote Temporal: 4524743; 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 on Windows Server 4534978 Critical Code N/A Maybe 4533097 2012 R2 Security Execution Vector: Only N/A

4535103 Monthly Base: N/A Microsoft .NET Framework Rollup Remote Temporal: 4524742; 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 on Windows Server 4534977 Critical Code N/A Maybe 4533096 2012 (Server Core installation) Security Execution Vector: Only N/A

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0605 Base: N/A 4532936 Remote Temporal: Microsoft .NET Framework 4.8 on Windows Server, Security 4524742; Critical Code N/A Maybe version 1803 (Server Core Installation) Update 4533096 Execution Vector:

N/A Base: N/A 4534271 Remote Temporal: Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Security Critical Code 4530689 N/A Unknown Windows 10 Version 1607 for 32-bit Systems Update Execution Vector:

N/A Base: N/A 4532936 Remote Temporal: Microsoft .NET Framework 4.8 on Windows 10 Security Critical Code 4530689 N/A Maybe Version 1803 for 32-bit Systems Update Execution Vector:

N/A 4535102 Monthly Base: N/A Microsoft .NET Framework Rollup Remote Temporal: 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 on Windows Server 4524741; 4534976 Critical Code N/A Maybe 2008 R2 for x64-based Systems Service Pack 1 (Server 4533095 Security Execution Vector: Core installation) Only N/A

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0605 Base: N/A 4532935 Remote Temporal: Microsoft .NET Framework 4.8 on Windows 10 Security 4524741; Critical Code N/A Maybe Version 1709 for 32-bit Systems Update 4533095 Execution Vector:

N/A 4535104 Monthly Base: N/A Microsoft .NET Framework Rollup Remote Temporal: 4524743; 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 on Windows Server 4534978 Critical Code N/A Maybe 4533097 2012 R2 (Server Core installation) Security Execution Vector: Only N/A

4535102 Monthly Base: N/A Microsoft .NET Framework Rollup Remote Temporal: 4524741; 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 on Windows Server 4534976 Critical Code N/A Maybe 4533095 2008 R2 for x64-based Systems Service Pack 1 Security Execution Vector: Only N/A

4532936 Remote Base: N/A Microsoft .NET Framework 4.8 on Windows 10 Security 4524741; Critical Code Temporal: Maybe Version 1803 for x64-based Systems Update 4533095 Execution N/A

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0605 Vector: N/A Base: N/A 4532935 Remote Temporal: Microsoft .NET Framework 4.8 on Windows 10 Security 4524741; Critical Code N/A Maybe Version 1709 for x64-based Systems Update 4533095 Execution Vector:

N/A 4535104 Monthly Base: N/A Rollup Remote Temporal: Microsoft .NET Framework 4.8 on Windows Server 4524743; 4534978 Critical Code N/A Maybe 2012 R2 (Server Core installation) 4533097 Security Execution Vector: Only N/A

Base: N/A 4532933 Remote Temporal: Microsoft .NET Framework 4.8 on Windows Server Security 4524743; Critical Code N/A Maybe 2016 (Server Core installation) Update 4533097 Execution Vector:

N/A 4535103 Remote Base: N/A Microsoft .NET Framework 4.8 on Windows Server Monthly 4524742; Critical Code Temporal: Maybe 2012 Rollup 4533096 Execution N/A 4534977

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0605 Security Vector: Only N/A

Base: N/A 4532933 Remote Temporal: Microsoft .NET Framework 4.8 on Windows 10 Security 4524742; Critical Code N/A Maybe Version 1607 for x64-based Systems Update 4533096 Execution Vector:

N/A 4535104 Monthly Base: N/A Rollup Remote Temporal: Microsoft .NET Framework 4.8 on Windows Server 4524743; 4534978 Critical Code N/A Maybe 2012 R2 4533097 Security Execution Vector: Only N/A

Base: N/A 4535101 Remote Temporal: Microsoft .NET Framework 3.5 AND 4.8 on Windows Security 4524743; Critical Code N/A Maybe Server 2019 Update 4533097 Execution Vector:

N/A 4535105 Remote Base: N/A Microsoft .NET Framework 4.6 on Windows Server 4524744; Monthly Critical Code Temporal: Maybe 2008 for 32-bit Systems Service Pack 2 4533098 Rollup Execution N/A

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0605 4534979 Vector: Security N/A Only

Base: N/A 4535101 Remote Temporal: Microsoft .NET Framework 3.5 AND 4.8 on Windows Security 4524744; Critical Code N/A Maybe 10 Version 1809 for 32-bit Systems Update 4533098 Execution Vector:

N/A 4535102 Monthly Base: N/A Rollup Remote Temporal: Microsoft .NET Framework 4.8 on Windows 7 for x64- 4524741; 4534976 Critical Code N/A Maybe based Systems Service Pack 1 4533095 Security Execution Vector: Only N/A

Base: N/A 4535101 Remote Temporal: Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Security 4524741; Critical Code N/A Maybe Server 2019 Update 4533095 Execution Vector:

N/A

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0605 4535102 Monthly Base: N/A Rollup Remote Temporal: Microsoft .NET Framework 4.8 on Windows Server 4524741; 4534976 Critical Code N/A Maybe 2008 R2 for x64-based Systems Service Pack 1 4533095 Security Execution Vector: Only N/A

Base: N/A 4532933 Remote Temporal: Microsoft .NET Framework 4.8 on Windows 10 Security 4524741; Critical Code N/A Maybe Version 1607 for 32-bit Systems Update 4533095 Execution Vector:

N/A Base: N/A 4535101 Remote Temporal: Microsoft .NET Framework 3.5 AND 4.8 on Windows Security 4524741; Critical Code N/A Maybe Server 2019 (Server Core installation) Update 4533095 Execution Vector:

N/A Base: N/A 4535101 Remote Temporal: Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Security 4524741; Critical Code N/A Maybe Server 2019 (Server Core installation) Update 4533095 Execution Vector:

N/A

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0605 Base: N/A 4532938 Remote Temporal: Microsoft .NET Framework 3.5 AND 4.8 on Windows Security 4524741; Critical Code N/A Maybe Server, version 1903 (Server Core installation) Update 4533095 Execution Vector:

N/A 4535102 Monthly Base: N/A Microsoft .NET Framework 4.8 on Windows Server Rollup Remote Temporal: 4524741; 2008 R2 for x64-based Systems Service Pack 1 (Server 4534976 Critical Code N/A Maybe 4533095 Core installation) Security Execution Vector: Only N/A

4535104 Monthly Base: N/A Rollup Remote Temporal: Microsoft .NET Framework 4.8 on Windows 8.1 for 4524743; 4534978 Critical Code N/A Maybe 32-bit systems 4533097 Security Execution Vector: Only N/A

4532933 Remote Base: N/A Microsoft .NET Framework 4.8 on Windows Server Security 4524743; Critical Code Temporal: Maybe 2016 Update 4533097 Execution N/A

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0605 Vector: N/A Base: N/A 4535104 Remote Temporal: Monthly 4524743; Microsoft .NET Framework 4.8 on Windows RT 8.1 Critical Code N/A Maybe Rollup 4533097 Execution Vector:

N/A Base: N/A 4535101 Remote Temporal: Microsoft .NET Framework 3.5 AND 4.8 on Windows Security 4524743; Critical Code N/A Maybe 10 Version 1809 for x64-based Systems Update 4533097 Execution Vector:

N/A 4535103 Monthly Base: N/A Rollup Remote Temporal: Microsoft .NET Framework 4.8 on Windows Server 4524742; 4534977 Critical Code N/A Maybe 2012 (Server Core installation) 4533096 Security Execution Vector: Only N/A

4532938 Remote Base: N/A Microsoft .NET Framework 3.5 AND 4.8 on Windows Security 4524742; Critical Code Temporal: Maybe 10 Version 1903 for 32-bit Systems Update 4533096 Execution N/A

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0605 Vector: N/A Base: N/A 4535101 Remote Temporal: Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Security 4524742; Critical Code N/A Maybe 10 Version 1809 for 32-bit Systems Update 4533096 Execution Vector:

N/A Base: N/A 4535101 Remote Temporal: Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Security 4524742; Critical Code N/A Maybe 10 Version 1809 for x64-based Systems Update 4533096 Execution Vector:

N/A Base: N/A 4532938 Remote Temporal: Microsoft .NET Framework 3.5 AND 4.8 on Windows Security 4524742; Critical Code N/A Maybe 10 Version 1903 for x64-based Systems Update 4533096 Execution Vector:

N/A 4535105 Base: N/A Monthly Remote Temporal: Microsoft .NET Framework 4.6 on Windows Server 4524744; Rollup Critical Code N/A Maybe 2008 for x64-based Systems Service Pack 2 4533098 4534979 Execution Vector: Security N/A

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0605 Only

4535102 Monthly Base: N/A Rollup Remote Temporal: Microsoft .NET Framework 4.8 on Windows 7 for 32- 4524741; 4534976 Critical Code N/A Maybe bit Systems Service Pack 1 4533095 Security Execution Vector: Only N/A

4535104 Monthly Base: N/A Rollup Remote Temporal: Microsoft .NET Framework 4.8 on Windows 8.1 for 4524743; 4534978 Critical Code N/A Maybe x64-based systems 4533097 Security Execution Vector: Only N/A

4535104 Monthly Base: N/A Rollup Remote Temporal: Microsoft .NET Framework 4.5.2 on Windows 8.1 for 4524743; 4534978 Critical Code N/A Maybe x64-based systems 4533097 Security Execution Vector: Only N/A

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0605 4535102 Monthly Base: N/A Microsoft .NET Framework 3.5.1 on Windows Server Rollup Remote Temporal: 4524741; 2008 R2 for x64-based Systems Service Pack 1 (Server 4534976 Critical Code N/A Maybe 4533095 Core installation) Security Execution Vector: Only N/A

Base: N/A 4535104 Remote Temporal: Monthly 4524743; Microsoft .NET Framework 4.5.2 on Windows RT 8.1 Critical Code N/A Maybe Rollup 4533097 Execution Vector:

N/A 4535104 Monthly Base: N/A Rollup Remote Temporal: Microsoft .NET Framework 3.5 on Windows 8.1 for 4524743; 4534978 Critical Code N/A Maybe x64-based systems 4533097 Security Execution Vector: Only N/A

4535104 Remote Base: N/A Microsoft .NET Framework 3.5 on Windows Server Monthly 4524743; Critical Code Temporal: Maybe 2012 R2 (Server Core installation) Rollup 4533097 Execution N/A 4534978

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0605 Security Vector: Only N/A

4535104 Monthly Base: N/A Rollup Remote Temporal: Microsoft .NET Framework 4.5.2 on Windows 8.1 for 4524743; 4534978 Critical Code N/A Maybe 32-bit systems 4533097 Security Execution Vector: Only N/A

4535103 Monthly Base: N/A Rollup Remote Temporal: Microsoft .NET Framework 3.5 on Windows Server 4524742; 4534977 Critical Code N/A Maybe 2012 4533096 Security Execution Vector: Only N/A

4535103 Base: N/A Monthly Remote Temporal: Microsoft .NET Framework 3.5 on Windows Server 4524742; Rollup Critical Code N/A Maybe 2012 (Server Core installation) 4533096 4534977 Execution Vector: Security N/A

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0605 Only

4535105 Monthly Base: N/A Rollup Remote Temporal: Microsoft .NET Framework 4.5.2 on Windows Server 4524744; 4534979 Critical Code N/A Maybe 2008 for 32-bit Systems Service Pack 2 4533098 Security Execution Vector: Only N/A

4535102 Monthly Base: N/A Rollup Remote Temporal: Microsoft .NET Framework 4.5.2 on Windows 7 for 4524741; 4534976 Critical Code N/A Maybe x64-based Systems Service Pack 1 4533095 Security Execution Vector: Only N/A

4535104 Monthly Base: N/A Rollup Remote Temporal: Microsoft .NET Framework 3.5 on Windows 8.1 for 4524743; 4534978 Critical Code N/A Maybe 32-bit systems 4533097 Security Execution Vector: Only N/A

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0605 4535102 Monthly Base: N/A Rollup Remote Temporal: Microsoft .NET Framework 4.5.2 on Windows 7 for 4524741; 4534976 Critical Code N/A Maybe 32-bit Systems Service Pack 1 4533095 Security Execution Vector: Only N/A

4535102 Monthly Base: N/A Rollup Remote Temporal: Microsoft .NET Framework 3.5.1 on Windows 7 for 4524741; 4534976 Critical Code N/A Maybe x64-based Systems Service Pack 1 4533095 Security Execution Vector: Only N/A

4535102 Monthly Base: N/A Microsoft .NET Framework 4.5.2 on Windows Server Rollup Remote Temporal: 4524741; 2008 R2 for x64-based Systems Service Pack 1 (Server 4534976 Critical Code N/A Maybe 4533095 Core installation) Security Execution Vector: Only N/A

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0605 4535102 Monthly Base: N/A Rollup Remote Temporal: Microsoft .NET Framework 4.5.2 on Windows Server 4524741; 4534976 Critical Code N/A Maybe 2008 R2 for x64-based Systems Service Pack 1 4533095 Security Execution Vector: Only N/A

4535102 Monthly Base: N/A Rollup Remote Temporal: Microsoft .NET Framework 3.5.1 on Windows 7 for 4524741; 4534976 Critical Code N/A Maybe 32-bit Systems Service Pack 1 4533095 Security Execution Vector: Only N/A

4535102 Monthly Base: N/A Rollup Remote Temporal: Microsoft .NET Framework 3.5.1 on Windows Server 4524741; 4534976 Critical Code N/A Maybe 2008 R2 for x64-based Systems Service Pack 1 4533095 Security Execution Vector: Only N/A

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0605 4535102 Monthly Base: N/A Rollup Remote Temporal: Microsoft .NET Framework 3.5.1 on Windows Server 4524741; 4534976 Critical Code N/A Maybe 2008 R2 for Itanium-Based Systems Service Pack 1 4533095 Security Execution Vector: Only N/A

4535103 Monthly Base: N/A Rollup Remote Temporal: Microsoft .NET Framework 4.5.2 on Windows Server 4524742; 4534977 Critical Code N/A Maybe 2012 (Server Core installation) 4533096 Security Execution Vector: Only N/A

4535104 Monthly Base: N/A Rollup Remote Temporal: Microsoft .NET Framework 4.5.2 on Windows Server 4524743; 4534978 Critical Code N/A Maybe 2012 R2 (Server Core installation) 4533097 Security Execution Vector: Only N/A

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0605 4535103 Monthly Base: N/A Rollup Remote Temporal: Microsoft .NET Framework 4.5.2 on Windows Server 4524742; 4534977 Critical Code N/A Maybe 2012 4533096 Security Execution Vector: Only N/A

4535104 Monthly Base: N/A Rollup Remote Temporal: Microsoft .NET Framework 3.5 on Windows Server 4524743; 4534978 Critical Code N/A Maybe 2012 R2 4533097 Security Execution Vector: Only N/A

4535105 Monthly Base: N/A Rollup Remote Temporal: Microsoft .NET Framework 4.5.2 on Windows Server 4524744; 4534979 Critical Code N/A Maybe 2008 for x64-based Systems Service Pack 2 4533098 Security Execution Vector: Only N/A

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0605 4535104 Monthly Base: N/A Rollup Remote Temporal: Microsoft .NET Framework 4.5.2 on Windows Server 4524743; 4534978 Critical Code N/A Maybe 2012 R2 4533097 Security Execution Vector: Only N/A

Base: N/A 4534293 Remote Temporal: Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Security Critical Code 4530717 N/A Unknown 10 Version 1803 for 32-bit Systems Update Execution Vector:

N/A Base: N/A 4534293 Remote Temporal: Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Security Critical Code 4530717 N/A Unknown 10 Version 1803 for x64-based Systems Update Execution Vector:

N/A Base: N/A 4534306 Remote Temporal: Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Security Critical Code 4530681 N/A Unknown 10 for x64-based Systems Update Execution Vector:

N/A

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0605 Base: N/A 4534271 Microsoft .NET Framework 3.5 AND Remote Temporal: Security 4.6.2/4.7/4.7.1/4.7.2 on Windows 10 Version 1607 for Critical Code 4530689 N/A Unknown Update 32-bit Systems Execution Vector:

N/A Base: N/A 4534276 Remote Temporal: Microsoft .NET Framework 3.5 AND 4.7.1/4.7.2 on Security Critical Code 4530714 N/A Unknown Windows 10 Version 1709 for 32-bit Systems Update Execution Vector:

N/A Base: N/A 4534271 Remote Temporal: Microsoft .NET Framework 3.5 AND Security Critical Code 4530689 N/A Unknown 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2016 Update Execution Vector:

N/A Base: N/A 4534271 Microsoft .NET Framework 3.5 AND Remote Temporal: Security 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2016 (Server Critical Code 4530689 N/A Unknown Update Core installation) Execution Vector:

N/A Microsoft .NET Framework 3.5 AND Remote Base: N/A 4534271 4.6.2/4.7/4.7.1/4.7.2 on Windows 10 Version 1607 for Critical Code 4530689 Temporal: Unknown Security x64-based Systems Execution N/A

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0605 Update Vector: N/A Base: N/A 4534276 Remote Temporal: Microsoft .NET Framework 3.5 AND 4.7.1/4.7.2 on Security Critical Code 4530714 N/A Unknown Windows 10 Version 1709 for x64-based Systems Update Execution Vector:

N/A

CVE-2020-0606 - .NET Framework Remote Code Execution Vulnerability

Maximum Vulnerability CVE ID Vulnerability Description Severity Impact Rating CVE Title: .NET Framework Remote Code Execution Vulnerability Description: CVE- A remote code execution vulnerability exists in .NET software when the software fails to 2020- check the source markup of a file. Remote Code 0606 Critical Execution MITRE An attacker who successfully exploited the vulnerability could run arbitrary code in the NVD context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user

@NSFOUS 2020 http://www.nsfocus.com

Maximum Vulnerability CVE ID Vulnerability Description Severity Impact Rating rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of .NET Framework. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. The security update addresses the vulnerability by correcting how .NET Framework checks the source markup of a file.

FAQ: None Mitigations: None Workarounds: None Revision: 1.0 01/14/2020 08:00:00 Information published.

@NSFOUS 2020 http://www.nsfocus.com

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2020-0606 CVSS Restart Product KB Article Severity Impact Supersedence Score Set Required Release Base: N/A Notes Remote Temporal: .NET Core 3.0 Security Critical Code N/A Maybe Update Execution Vector: N/A Release Base: N/A Notes Remote Temporal: .NET Core 3.1 Security Critical Code N/A Maybe Update Execution Vector: N/A 4535102 Base: N/A Microsoft .NET Framework Monthly Remote Temporal: 4524741; 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 on Windows 7 for 32- Rollup Critical Code N/A Maybe 4533095 bit Systems Service Pack 1 4534976 Execution Vector: Security N/A

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0606 Only

4535104 Monthly Base: N/A Microsoft .NET Framework Rollup Remote Temporal: 4524743; 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 on Windows 8.1 for 4534978 Critical Code N/A Maybe 4533097 x64-based systems Security Execution Vector: Only N/A

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0606 Base: N/A 4535104 Remote Temporal: Microsoft .NET Framework Monthly 4524743; Critical Code N/A Maybe 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 on Windows RT 8.1 Rollup 4533097 Execution Vector:

N/A 4535102 Monthly Base: N/A Microsoft .NET Framework Rollup Remote Temporal: 4524741; 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 on Windows Server 4534976 Critical Code N/A Maybe 4533095 2008 R2 for x64-based Systems Service Pack 1 Security Execution Vector: Only N/A

4535102 Monthly Base: N/A Microsoft .NET Framework Rollup Remote Temporal: 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 on Windows Server 4524741; 4534976 Critical Code N/A Maybe 2008 R2 for x64-based Systems Service Pack 1 (Server 4533095 Security Execution Vector: Core installation) Only N/A

4535103 Microsoft .NET Framework Remote Base: N/A Monthly 4524742; 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 on Windows Server Critical Code Temporal: Maybe Rollup 4533096 2012 Execution N/A 4534977

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0606 Security Vector: Only N/A

4535104 Monthly Base: N/A Microsoft .NET Framework Rollup Remote Temporal: 4524743; 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 on Windows Server 4534978 Critical Code N/A Maybe 4533097 2012 R2 Security Execution Vector: Only N/A

4535104 Base: N/A Microsoft .NET Framework Monthly Remote Temporal: 4524743; 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 on Windows Server Rollup Critical Code N/A Maybe 4533097 2012 R2 (Server Core installation) 4534978 Execution Vector: Security N/A

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0606 Only

Base: N/A 4532936 Remote Temporal: Microsoft .NET Framework 4.8 on Windows 10 Security 4524743; Critical Code N/A Maybe Version 1803 for 32-bit Systems Update 4533097 Execution Vector:

N/A Base: N/A 4532936 Remote Temporal: Microsoft .NET Framework 4.8 on Windows 10 Security 4524743; Critical Code N/A Maybe Version 1803 for x64-based Systems Update 4533097 Execution Vector:

N/A Base: N/A 4532936 Remote Temporal: Microsoft .NET Framework 4.8 on Windows Server, Security 4524743; Critical Code N/A Maybe version 1803 (Server Core Installation) Update 4533097 Execution Vector:

N/A Base: N/A 4532935 Remote Temporal: Microsoft .NET Framework 4.8 on Windows 10 Security 4524743; Critical Code N/A Maybe Version 1709 for 32-bit Systems Update 4533097 Execution Vector:

N/A

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0606 Base: N/A 4532935 Remote Temporal: Microsoft .NET Framework 4.8 on Windows 10 Security 4524743; Critical Code N/A Maybe Version 1709 for x64-based Systems Update 4533097 Execution Vector:

N/A Base: N/A 4532933 Remote Temporal: Microsoft .NET Framework 4.8 on Windows 10 Security 4524743; Critical Code N/A Maybe Version 1607 for 32-bit Systems Update 4533097 Execution Vector:

N/A Base: N/A 4532933 Remote Temporal: Microsoft .NET Framework 4.8 on Windows 10 Security 4524743; Critical Code N/A Maybe Version 1607 for x64-based Systems Update 4533097 Execution Vector:

N/A Base: N/A 4532933 Remote Temporal: Microsoft .NET Framework 4.8 on Windows Server Security 4524743; Critical Code N/A Maybe 2016 Update 4533097 Execution Vector:

N/A Remote Base: N/A Microsoft .NET Framework 4.8 on Windows Server 4532933 4524743; Critical Code Temporal: Maybe 2016 (Server Core installation) Security 4533097 Execution N/A

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0606 Update Vector: N/A 4535102 Monthly Base: N/A Rollup Remote Temporal: Microsoft .NET Framework 4.8 on Windows 7 for 32- 4524741; 4534976 Critical Code N/A Maybe bit Systems Service Pack 1 4533095 Security Execution Vector: Only N/A

4535102 Monthly Base: N/A Rollup Remote Temporal: Microsoft .NET Framework 4.8 on Windows 7 for x64- 4524741; 4534976 Critical Code N/A Maybe based Systems Service Pack 1 4533095 Security Execution Vector: Only N/A

4535104 Monthly Base: N/A Rollup Remote Temporal: Microsoft .NET Framework 4.8 on Windows 8.1 for 4524743; 4534978 Critical Code N/A Maybe 32-bit systems 4533097 Security Execution Vector: Only N/A

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0606 4535104 Monthly Base: N/A Rollup Remote Temporal: Microsoft .NET Framework 4.8 on Windows 8.1 for 4524743; 4534978 Critical Code N/A Maybe x64-based systems 4533097 Security Execution Vector: Only N/A

Base: N/A 4535104 Remote Temporal: Monthly 4524743; Microsoft .NET Framework 4.8 on Windows RT 8.1 Critical Code N/A Maybe Rollup 4533097 Execution Vector:

N/A 4535102 Monthly Base: N/A Rollup Remote Temporal: Microsoft .NET Framework 4.8 on Windows Server 4524741; 4534976 Critical Code N/A Maybe 2008 R2 for x64-based Systems Service Pack 1 4533095 Security Execution Vector: Only N/A

4535102 Microsoft .NET Framework 4.8 on Windows Server Remote Base: N/A Monthly 4524741; 2008 R2 for x64-based Systems Service Pack 1 (Server Critical Code Temporal: Maybe Rollup 4533095 Core installation) Execution N/A 4534976

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0606 Security Vector: Only N/A

4535103 Monthly Base: N/A Rollup Remote Temporal: Microsoft .NET Framework 4.8 on Windows Server 4524742; 4534977 Critical Code N/A Maybe 2012 4533096 Security Execution Vector: Only N/A

4535103 Monthly Base: N/A Rollup Remote Temporal: Microsoft .NET Framework 4.8 on Windows Server 4524742; 4534977 Critical Code N/A Maybe 2012 (Server Core installation) 4533096 Security Execution Vector: Only N/A

4535104 Base: N/A Monthly Remote Temporal: Microsoft .NET Framework 4.8 on Windows Server 4524743; Rollup Critical Code N/A Maybe 2012 R2 4533097 4534978 Execution Vector: Security N/A

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0606 Only

4535104 Monthly Base: N/A Rollup Remote Temporal: Microsoft .NET Framework 4.8 on Windows Server 4524743; 4534978 Critical Code N/A Maybe 2012 R2 (Server Core installation) 4533097 Security Execution Vector: Only N/A

Base: N/A 4535101 Remote Temporal: Microsoft .NET Framework 3.5 AND 4.8 on Windows Security 4524743; Critical Code N/A Maybe 10 Version 1809 for 32-bit Systems Update 4533097 Execution Vector:

N/A Base: N/A 4535101 Remote Temporal: Microsoft .NET Framework 3.5 AND 4.8 on Windows Security 4524743; Critical Code N/A Maybe 10 Version 1809 for x64-based Systems Update 4533097 Execution Vector:

N/A 4535101 Remote Base: N/A Microsoft .NET Framework 3.5 AND 4.8 on Windows Security 4524743; Critical Code Temporal: Maybe Server 2019 Update 4533097 Execution N/A

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0606 Vector: N/A Base: N/A 4535101 Remote Temporal: Microsoft .NET Framework 3.5 AND 4.8 on Windows Security 4524743; Critical Code N/A Maybe Server 2019 (Server Core installation) Update 4533097 Execution Vector:

N/A Base: N/A 4532938 Remote Temporal: Microsoft .NET Framework 3.5 AND 4.8 on Windows Security 4524743; Critical Code N/A Maybe 10 Version 1903 for 32-bit Systems Update 4533097 Execution Vector:

N/A Base: N/A 4532938 Remote Temporal: Microsoft .NET Framework 3.5 AND 4.8 on Windows Security 4524743; Critical Code N/A Maybe 10 Version 1903 for x64-based Systems Update 4533097 Execution Vector:

N/A Base: N/A 4532938 Remote Temporal: Microsoft .NET Framework 3.5 AND 4.8 on Windows Security 4524743; Critical Code N/A Maybe Server, version 1903 (Server Core installation) Update 4533097 Execution Vector:

N/A

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0606 Base: N/A 4535101 Remote Temporal: Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Security 4524743; Critical Code N/A Maybe 10 Version 1809 for 32-bit Systems Update 4533097 Execution Vector:

N/A Base: N/A 4535101 Remote Temporal: Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Security 4524743; Critical Code N/A Maybe 10 Version 1809 for x64-based Systems Update 4533097 Execution Vector:

N/A Base: N/A 4535101 Remote Temporal: Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Security 4524743; Critical Code N/A Maybe Server 2019 Update 4533097 Execution Vector:

N/A Base: N/A 4535101 Remote Temporal: Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Security 4524743; Critical Code N/A Maybe Server 2019 (Server Core installation) Update 4533097 Execution Vector:

N/A 4535105 Remote Base: N/A Microsoft .NET Framework 4.6 on Windows Server 4524743; Monthly Critical Code Temporal: Maybe 2008 for 32-bit Systems Service Pack 2 4533097 Rollup Execution N/A

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0606 4534979 Vector: Security N/A Only

4535105 Monthly Base: N/A Rollup Remote Temporal: Microsoft .NET Framework 4.6 on Windows Server 4524743; 4534979 Critical Code N/A Maybe 2008 for x64-based Systems Service Pack 2 4533097 Security Execution Vector: Only N/A

4535105 Monthly Base: N/A Microsoft .NET Framework 3.0 Service Pack 2 on Rollup Remote Temporal: 4524743; Windows Server 2008 for 32-bit Systems Service Pack 4534979 Critical Code N/A Maybe 4533097 2 Security Execution Vector: Only N/A

4535105 Base: N/A Microsoft .NET Framework 3.0 Service Pack 2 on Monthly Remote Temporal: 4524743; Windows Server 2008 for Itanium-Based Systems Rollup Critical Code N/A Maybe 4533097 Service Pack 2 4534979 Execution Vector: Security N/A

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0606 Only

4535105 Monthly Base: N/A Microsoft .NET Framework 3.0 Service Pack 2 on Rollup Remote Temporal: 4524743; Windows Server 2008 for x64-based Systems Service 4534979 Critical Code N/A Maybe 4533097 Pack 2 Security Execution Vector: Only N/A

Base: N/A 4534271 Remote Temporal: Microsoft .NET Framework 3.5 on Windows 10 Security Critical Code 4530689 N/A Unknown Version 1607 for 32-bit Systems Update Execution Vector:

N/A 4535104 Monthly Base: N/A Rollup Remote Temporal: Microsoft .NET Framework 3.5 on Windows 8.1 for 4524743; 4534978 Critical Code N/A Maybe 32-bit systems 4533097 Security Execution Vector: Only N/A

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0606 4535104 Monthly Base: N/A Rollup Remote Temporal: Microsoft .NET Framework 3.5 on Windows 8.1 for 4524743; 4534978 Critical Code N/A Maybe x64-based systems 4533097 Security Execution Vector: Only N/A

4535103 Monthly Base: N/A Rollup Remote Temporal: Microsoft .NET Framework 3.5 on Windows Server 4524742; 4534977 Critical Code N/A Maybe 2012 4533096 Security Execution Vector: Only N/A

4535103 Monthly Base: N/A Rollup Remote Temporal: Microsoft .NET Framework 3.5 on Windows Server 4524742; 4534977 Critical Code N/A Maybe 2012 (Server Core installation) 4533096 Security Execution Vector: Only N/A

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0606 4535104 Monthly Base: N/A Rollup Remote Temporal: Microsoft .NET Framework 3.5 on Windows Server 4524743; 4534978 Critical Code N/A Maybe 2012 R2 4533097 Security Execution Vector: Only N/A

4535104 Monthly Base: N/A Rollup Remote Temporal: Microsoft .NET Framework 3.5 on Windows Server 4524743; 4534978 Critical Code N/A Maybe 2012 R2 (Server Core installation) 4533097 Security Execution Vector: Only N/A

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0606 4535102 Monthly Base: N/A Rollup Remote Temporal: Microsoft .NET Framework 3.5.1 on Windows 7 for 4524741; 4534976 Critical Code N/A Maybe x64-based Systems Service Pack 1 4533095 Security Execution Vector: Only N/A

4535102 Monthly Base: N/A Rollup Remote Temporal: Microsoft .NET Framework 3.5.1 on Windows Server 4524741; 4534976 Critical Code N/A Maybe 2008 R2 for Itanium-Based Systems Service Pack 1 4533095 Security Execution Vector: Only N/A

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0606 4535102 Monthly Base: N/A Microsoft .NET Framework 3.5.1 on Windows Server Rollup Remote Temporal: 4524741; 2008 R2 for x64-based Systems Service Pack 1 (Server 4534976 Critical Code N/A Maybe 4533095 Core installation) Security Execution Vector: Only N/A

4535102 Monthly Base: N/A Rollup Remote Temporal: Microsoft .NET Framework 4.5.2 on Windows 7 for 4524741; 4534976 Critical Code N/A Maybe 32-bit Systems Service Pack 1 4533095 Security Execution Vector: Only N/A

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0606 4535104 Monthly Base: N/A Rollup Remote Temporal: Microsoft .NET Framework 4.5.2 on Windows 8.1 for 4524743; 4534978 Critical Code N/A Maybe 32-bit systems 4533097 Security Execution Vector: Only N/A

Base: N/A 4535104 Remote Temporal: Monthly 4524743; Microsoft .NET Framework 4.5.2 on Windows RT 8.1 Critical Code N/A Maybe Rollup 4533097 Execution Vector:

N/A 4535105 Remote Base: N/A Microsoft .NET Framework 4.5.2 on Windows Server Monthly 4524743; Critical Code Temporal: Maybe 2008 for 32-bit Systems Service Pack 2 Rollup 4533097 Execution N/A 4534979

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0606 Security Vector: Only N/A

4535105 Monthly Base: N/A Rollup Remote Temporal: Microsoft .NET Framework 4.5.2 on Windows Server 4524743; 4534979 Critical Code N/A Maybe 2008 for x64-based Systems Service Pack 2 4533097 Security Execution Vector: Only N/A

4535102 Monthly Base: N/A Rollup Remote Temporal: Microsoft .NET Framework 4.5.2 on Windows Server 4524741; 4534976 Critical Code N/A Maybe 2008 R2 for x64-based Systems Service Pack 1 4533095 Security Execution Vector: Only N/A

4535102 Base: N/A Microsoft .NET Framework 4.5.2 on Windows Server Monthly Remote Temporal: 4524741; 2008 R2 for x64-based Systems Service Pack 1 (Server Rollup Critical Code N/A Maybe 4533095 Core installation) 4534976 Execution Vector: Security N/A

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0606 Only

4535103 Monthly Base: N/A Rollup Remote Temporal: Microsoft .NET Framework 4.5.2 on Windows Server 4524742; 4534977 Critical Code N/A Maybe 2012 4533096 Security Execution Vector: Only N/A

4535104 Monthly Base: N/A Rollup Remote Temporal: Microsoft .NET Framework 4.5.2 on Windows Server 4524743; 4534978 Critical Code N/A Maybe 2012 R2 4533097 Security Execution Vector: Only N/A

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0606 4535104 Monthly Base: N/A Rollup Remote Temporal: Microsoft .NET Framework 4.5.2 on Windows Server 4524743; 4534978 Critical Code N/A Maybe 2012 R2 (Server Core installation) 4533097 Security Execution Vector: Only N/A

Base: N/A 4532938 Remote Temporal: Microsoft .NET Framework 3.5 AND 4.8 on Windows Security 4524743; Critical Code N/A Maybe 10 Version 1909 for 32-bit Systems Update 4533097 Execution Vector:

N/A Base: N/A 4532938 Remote Temporal: Microsoft .NET Framework 3.5 AND 4.8 on Windows Security 4524743; Critical Code N/A Maybe 10 Version 1909 for x64-based Systems Update 4533097 Execution Vector:

N/A Base: N/A 4532938 Remote Temporal: Microsoft .NET Framework 3.5 AND 4.8 on Windows Security 4524743; Critical Code N/A Maybe Server, version 1909 (Server Core installation) Update 4533097 Execution Vector:

N/A

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0606 Base: N/A 4534306 Remote Temporal: Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Security Critical Code 4530681 N/A Unknown 10 for x64-based Systems Update Execution Vector:

N/A Base: N/A 4534271 Microsoft .NET Framework 3.5 AND Remote Temporal: Security 4.6.2/4.7/4.7.1/4.7.2 on Windows 10 Version 1607 for Critical Code 4530689 N/A Unknown Update 32-bit Systems Execution Vector:

N/A Remote Base: N/A Microsoft .NET Framework 3.5 AND 4.7.1/4.7.2 on 4534276 Critical Code 4530714 Temporal: Unknown Windows 10 Version 1709 for x64-based Systems Security Execution N/A

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0606 Update Vector: N/A Base: N/A 4534271 Remote Temporal: Microsoft .NET Framework 3.5 AND Security Critical Code 4530689 N/A Unknown 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2016 Update Execution Vector:

N/A Base: N/A 4534276 Remote Temporal: Microsoft .NET Framework 3.5 AND 4.7.1/4.7.2 on Security Critical Code 4530714 N/A Unknown Windows 10 Version 1709 for 32-bit Systems Update Execution Vector:

N/A Base: N/A 4534306 Remote Temporal: Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Security Critical Code 4530681 N/A Unknown 10 for 32-bit Systems Update Execution Vector:

N/A

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0606 Base: N/A 4534293 Remote Temporal: Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Security Critical Code 4530717 N/A Unknown 10 Version 1803 for 32-bit Systems Update Execution Vector:

N/A Base: N/A 4534293 Remote Temporal: Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Security Critical Code 4530717 N/A Unknown 10 Version 1803 for x64-based Systems Update Execution Vector:

N/A

CVE-2020-0607 - Microsoft Graphics Components Information Disclosure Vulnerability

Maximum Vulnerability CVE ID Vulnerability Description Severity Impact Rating CVE- CVE Title: Microsoft Graphics Components Information Disclosure Vulnerability Information 2020- Important Description: Disclosure 0607

@NSFOUS 2020 http://www.nsfocus.com

Maximum Vulnerability CVE ID Vulnerability Description Severity Impact Rating MITRE An information disclosure vulnerability exists in the way that Microsoft Graphics NVD Components handle objects in memory. An attacker who successfully exploited the vulnerability could obtain information that could be useful for further exploitation. To exploit the vulnerability, a user would have to open a specially crafted file. The security update addresses the vulnerability by correcting how Microsoft Graphics Components handle objects in memory.

Mitigations: None Workarounds: None Revision: 1.0 01/14/2020 08:00:00 Information published.

@NSFOUS 2020 http://www.nsfocus.com

Maximum Vulnerability CVE ID Vulnerability Description Severity Impact Rating

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2020-0607 KB Restart Product Severity Impact Supersedence CVSS Score Set Article Required Windows Base: 5.5 4534293 10 Version Temporal: 5 Security Information 1803 for Important 4530717 Vector: Unknown Update Disclosure 32-bit CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:

Systems C Windows Base: 5.5 4534293 10 Version Temporal: 5 Security Information 1803 for Important 4530717 Vector: Unknown Update Disclosure x64-based CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:

Systems C

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0607 Windows Server, Base: 5.5 version 4534293 Temporal: 5 1803 Security Information Important 4530717 Vector: Unknown (Server Update Disclosure CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC: Core C Installation ) Windows Base: 5.5 10 Version 4534293 Temporal: 5 1803 for Security Information Important 4530717 Vector: Unknown ARM64- Update Disclosure CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC: based C Systems Windows Base: 5.5 4534273 10 Version Temporal: 5 Security Information 1809 for Important 4530715 Vector: Unknown Update Disclosure 32-bit CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:

Systems C 4534273 Windows Base: 5.5 Security Information 10 Version Important 4530715 Temporal: 5 Unknown Update Disclosure 1809 for Vector:

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0607 x64-based CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC: Systems C Windows Base: 5.5 10 Version 4534273 Temporal: 5 1809 for Security Information Important 4530715 Vector: Unknown ARM64- Update Disclosure CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC: based C Systems Base: 5.5 4534273 Windows Temporal: 5 Security Information Server Important 4530715 Vector: Unknown Update Disclosure 2019 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:

C Windows Base: 5.5 Server 4534273 Temporal: 5 2019 Security Information Important 4530715 Vector: Unknown (Server Update Disclosure CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC: Core C installation) 4534276 Windows Base: 5.5 Security Information 10 Version Important 4530714 Temporal: 5 Unknown Update Disclosure 1709 for Vector:

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0607 32-bit CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC: Systems C Windows Base: 5.5 4534276 10 Version Temporal: 5 Security Information 1709 for Important 4530714 Vector: Unknown Update Disclosure x64-based CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:

Systems C Windows Base: 5.5 10 Version 4534276 Temporal: 5 1709 for Security Information Important 4530714 Vector: Unknown ARM64- Update Disclosure CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC: based C Systems Windows Base: 5.5 4528760 10 Version Temporal: 5 Security Information 1903 for Important 4530684 Vector: Yes Update Disclosure 32-bit CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:

Systems C Windows Base: 5.5 4528760 10 Version Temporal: 5 Security Information 1903 for Important 4530684 Vector: Yes Update Disclosure x64-based CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:

Systems C

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0607 Windows Base: 5.5 10 Version 4528760 Temporal: 5 1903 for Security Information Important 4530684 Vector: Yes ARM64- Update Disclosure CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC: based C Systems Windows Server, Base: 5.5 4528760 version Temporal: 5 Security Information 1903 Important 4530684 Vector: Yes Update Disclosure (Server CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:

Core C installation) Base: 5.5 4534306 Windows Temporal: 5 Security Information 10 for 32- Important 4530681 Vector: Unknown Update Disclosure bit Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:

C Base: 5.5 Windows 4534306 Temporal: 5 10 for x64- Security Information Important 4530681 Vector: Unknown based Update Disclosure CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC: Systems C

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0607 Windows Base: 5.5 4534271 10 Version Temporal: 5 Security Information 1607 for Important 4530689 Vector: Unknown Update Disclosure 32-bit CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:

Systems C Windows Base: 5.5 4534271 10 Version Temporal: 5 Security Information 1607 for Important 4530689 Vector: Unknown Update Disclosure x64-based CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:

Systems C Base: 5.5 4534271 Windows Temporal: 5 Security Information Server Important 4530689 Vector: Unknown Update Disclosure 2016 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:

C Windows Base: 5.5 Server 4534271 Temporal: 5 2016 Security Information Important 4530689 Vector: Unknown (Server Update Disclosure CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC: Core C installation) Windows 7 4534310 Information Base: 5.5 Important 4530734 Yes for 32-bit Monthly Disclosure Temporal: 5

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0607 Systems Rollup Vector: Service 4534314 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC: Pack 1 Security C Only

4534310 Windows 7 Monthly Base: 5.5 for x64- Rollup Temporal: 5 based Information 4534314 Important 4530734 Vector: Yes Systems Disclosure Security CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC: Service Only C Pack 1

4534297 Monthly Base: 5.5 Windows Rollup Temporal: 5 Information 8.1 for 32- 4534309 Important 4530702 Vector: Unknown Disclosure bit systems Security CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC: Only C

Windows 4534297 Base: 5.5 8.1 for x64- Monthly Information Important 4530702 Temporal: 5 Unknown based Rollup Disclosure Vector: systems 4534309

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0607 Security CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC: Only C

Windows 4534310 Server Monthly Base: 5.5 2008 R2 for Rollup Temporal: 5 Itanium- Information 4534314 Important 4530734 Vector: Yes Based Disclosure Security CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC: Systems Only C Service

Pack 1 Windows 4534310 Server Monthly Base: 5.5 2008 R2 for Rollup Temporal: 5 Information x64-based 4534314 Important 4530734 Vector: Yes Disclosure Systems Security CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC: Service Only C Pack 1 Windows 4534310 Base: 5.5 Server Monthly Temporal: 5 Information 2008 R2 for Rollup Important 4530734 Vector: Yes Disclosure x64-based 4534314 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC: Systems Security C

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0607 Service Only Pack 1 (Server Core installation) 4534283 Monthly Base: 5.5 Windows Rollup Temporal: 5 Information Server 4534288 Important 4530691 Vector: Unknown Disclosure 2012 Security CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC: Only C

4534283 Windows Monthly Base: 5.5 Server Rollup Temporal: 5 2012 Information 4534288 Important 4530691 Vector: Unknown (Server Disclosure Security CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC: Core Only C installation)

4534297 Windows Base: 5.5 Monthly Information Server Important 4530702 Temporal: 5 Unknown Rollup Disclosure 2012 R2 Vector: 4534309

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0607 Security CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC: Only C

4534297 Windows Monthly Base: 5.5 Server Rollup Temporal: 5 2012 R2 Information 4534309 Important 4530702 Vector: Unknown (Server Disclosure Security CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC: Core Only C installation)

Windows Base: 5.5 4528760 10 Version Temporal: 5 Security Information 1909 for Important 4530684 Vector: Yes Update Disclosure 32-bit CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:

Systems C Windows Base: 5.5 4528760 10 Version Temporal: 5 Security Information 1909 for Important 4530684 Vector: Yes Update Disclosure x64-based CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:

Systems C Windows Base: 5.5 4528760 Information 10 Version Important 4530684 Temporal: 5 Yes Security Disclosure 1909 for Vector:

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0607 ARM64- Update CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC: based C Systems Windows Server, Base: 5.5 4528760 version Temporal: 5 Security Information 1909 Important 4530684 Vector: Yes Update Disclosure (Server CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:

Core C installation)

CVE-2020-0608 - Win32k Information Disclosure Vulnerability

Maximum Vulnerability CVE ID Vulnerability Description Severity Impact Rating CVE- CVE Title: Win32k Information Disclosure Vulnerability 2020- Description: Information 0608 An information disclosure vulnerability exists when the win32k component improperly Important Disclosure MITRE provides kernel information. An attacker who successfully exploited the vulnerability NVD could obtain information to further compromise the userâ€™s system.

@NSFOUS 2020 http://www.nsfocus.com

Maximum Vulnerability CVE ID Vulnerability Description Severity Impact Rating To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The security update addresses the vulnerability by correcting how win32k handles objects in memory.

FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized memory and kernel memory - unintentional read access to memory contents in kernel space from a user mode process.

Mitigations: None Workarounds: None Revision: 1.0 01/14/2020 08:00:00 Information published.

@NSFOUS 2020 http://www.nsfocus.com

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2020-0608 KB Restart Product Severity Impact Supersedence CVSS Score Set Article Required Windows Base: 5.5 4534293 10 Version Temporal: 5 Security Information 1803 for Important 4530717 Vector: Unknown Update Disclosure 32-bit CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:

Systems C Windows Base: 5.5 Server, 4534293 Temporal: 5 version Security Information Important 4530717 Vector: Unknown 1803 Update Disclosure CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC: (Server C Core

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0608 Installation ) Windows Base: 5.5 10 Version 4534293 Temporal: 5 1803 for Security Information Important 4530717 Vector: Unknown ARM64- Update Disclosure CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC: based C Systems Windows Base: 5.5 4534273 10 Version Temporal: 5 Security Information 1809 for Important 4530715 Vector: Unknown Update Disclosure 32-bit CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:

Systems C Windows Base: 5.5 4534273 10 Version Temporal: 5 Security Information 1809 for Important 4530715 Vector: Unknown Update Disclosure x64-based CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:

Systems C Base: 5.5 Windows 4534273 Temporal: 5 10 Version Security Information Important 4530715 Vector: Unknown 1809 for Update Disclosure CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC: ARM64- C

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0608 based Systems Base: 5.5 4534273 Windows Temporal: 5 Security Information Server Important 4530715 Vector: Unknown Update Disclosure 2019 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:

C Windows Base: 5.5 Server 4534273 Temporal: 5 2019 Security Information Important 4530715 Vector: Unknown (Server Update Disclosure CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC: Core C installation) Windows Base: 5.5 4534276 10 Version Temporal: 5 Security Information 1709 for Important 4530714 Vector: Unknown Update Disclosure 32-bit CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:

Systems C Windows Base: 5.5 4534276 10 Version Temporal: 5 Security Information 1709 for Important 4530714 Vector: Unknown Update Disclosure x64-based CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:

Systems C

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0608 Windows Base: 5.5 10 Version 4534276 Temporal: 5 1709 for Security Information Important 4530714 Vector: Unknown ARM64- Update Disclosure CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC: based C Systems Windows Base: 5.5 4528760 10 Version Temporal: 5 Security Information 1903 for Important 4530684 Vector: Yes Update Disclosure 32-bit CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0608 Windows Server, Base: 5.5 4528760 version Temporal: 5 Security Information 1903 Important 4530684 Vector: Yes Update Disclosure (Server CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:

C Base: 5.5 Windows 4534306 Temporal: 5 10 for x64- Security Information Important 4530681 Vector: Unknown based Update Disclosure CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC: Systems C Windows Base: 5.5 4534271 10 Version Temporal: 5 Security Information 1607 for Important 4530689 Vector: Unknown Update Disclosure 32-bit CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:

Systems C

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0608 Windows Base: 5.5 4534271 10 Version Temporal: 5 Security Information 1607 for Important 4530689 Vector: Unknown Update Disclosure x64-based CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:

Systems C Base: 5.5 4534271 Windows Temporal: 5 Security Information Server Important 4530689 Vector: Unknown Update Disclosure 2016 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:

C Windows Base: 5.5 Server 4534271 Temporal: 5 2016 Security Information Important 4530689 Vector: Unknown (Server Update Disclosure CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC: Core C installation) 4534310 Windows 7 Monthly Base: 5.5 for 32-bit Rollup Temporal: 5 Information Systems 4534314 Important 4530734 Vector: Yes Disclosure Service Security CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC: Pack 1 Only C

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0608 4534310 Windows 7 Monthly Base: 5.5 for x64- Rollup Temporal: 5 based Information 4534314 Important 4530734 Vector: Yes Systems Disclosure Security CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC: Service Only C Pack 1

4534297 Monthly Base: 5.5 Windows Rollup Temporal: 5 8.1 for x64- Information 4534309 Important 4530702 Vector: Unknown based Disclosure Security CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC: systems Only C

Windows 4534297 Information Base: 5.5 Important 4530702 Unknown RT 8.1 Monthly Disclosure Temporal: 5

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0608 Rollup Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC: C Windows 4534303 Server Monthly Base: 5.5 2008 for Rollup Temporal: 5 Information 32-bit 4534312 Important 4530695 Vector: Yes Disclosure Systems Security CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC: Service Only C Pack 2 Windows Server 4534303 2008 for Monthly Base: 5.5 32-bit Rollup Temporal: 5 Systems Information 4534312 Important 4530695 Vector: Yes Service Disclosure Security CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC: Pack 2 Only C (Server

Core installation) Windows 4534303 Base: 5.5 Information Server Monthly Important 4530695 Temporal: 5 Yes Disclosure 2008 for Rollup Vector:

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0608 Itanium- 4534312 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC: Based Security C Systems Only Service Pack 2 Windows 4534303 Server Monthly Base: 5.5 2008 for Rollup Temporal: 5 Information x64-based 4534312 Important 4530695 Vector: Yes Disclosure Systems Security CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC: Service Only C Pack 2 Windows Server 4534303 2008 for Monthly Base: 5.5 x64-based Rollup Temporal: 5 Systems Information 4534312 Important 4530695 Vector: Yes Service Disclosure Security CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC: Pack 2 Only C (Server

Core installation)

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0608 Windows 4534310 Server Monthly Base: 5.5 2008 R2 for Rollup Temporal: 5 Itanium- Information 4534314 Important 4530734 Vector: Yes Based Disclosure Security CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC: Systems Only C Service

Pack 1 Windows 4534310 Server Monthly Base: 5.5 2008 R2 for Rollup Temporal: 5 Information x64-based 4534314 Important 4530734 Vector: Yes Disclosure Systems Security CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC: Service Only C Pack 1 Windows 4534310 Server Monthly Base: 5.5 2008 R2 for Rollup Temporal: 5 x64-based Information 4534314 Important 4530734 Vector: Yes Systems Disclosure Security CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC: Service Only C Pack 1

(Server

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0608 Core installation) 4534283 Monthly Base: 5.5 Windows Rollup Temporal: 5 Information Server 4534288 Important 4530691 Vector: Unknown Disclosure 2012 Security CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC: Only C

4534297 Monthly Base: 5.5 Windows Rollup Temporal: 5 Information Server 4534309 Important 4530702 Vector: Unknown Disclosure 2012 R2 Security CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC: Only C

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0608 4534297 Windows Monthly Base: 5.5 Server Rollup Temporal: 5 2012 R2 Information 4534309 Important 4530702 Vector: Unknown (Server Disclosure Security CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC: Core Only C installation)

Windows Base: 5.5 4528760 10 Version Temporal: 5 Security Information 1909 for Important 4530684 Vector: Yes Update Disclosure 32-bit CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0608 Windows Server, Base: 5.5 4528760 version Temporal: 5 Security Information 1909 Important 4530684 Vector: Yes Update Disclosure (Server CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:

Core C installation)

CVE-2020-0609 - Windows Remote Desktop Gateway (RD Gateway) Remote Code Execution Vulnerability

Maximum Vulnerability CVE ID Vulnerability Description Severity Impact Rating CVE Title: Windows Remote Desktop Gateway (RD Gateway) Remote Code Execution CVE- Vulnerability 2020- Description: Remote Code 0609 Critical A remote code execution vulnerability exists in Windows Remote Desktop Gateway (RD Execution MITRE Gateway) when an unauthenticated attacker connects to the target system using RDP NVD and sends specially crafted requests. This vulnerability is pre-authentication and

@NSFOUS 2020 http://www.nsfocus.com

Maximum Vulnerability CVE ID Vulnerability Description Severity Impact Rating requires no user interaction. An attacker who successfully exploited this vulnerability could execute arbitrary code on the target system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would need to send a specially crafted request to the target systems RD Gateway via RDP. The update addresses the vulnerability by correcting how RD Gateway handles connection requests.

FAQ: None Mitigations: None Workarounds: None Revision: 1.0 01/14/2020 08:00:00 Information published.

@NSFOUS 2020 http://www.nsfocus.com

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2020-0609 KB Restart Product Severity Impact Supersedence CVSS Score Set Article Required 4534273 Base: 9.8 Windows Remote Security Temporal: 8.8 Server Critical Code 4530715 Unknown Update Vector: 2019 Execution CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 4534271 Base: 9.8 Windows Remote Security Temporal: 8.8 Server Critical Code 4530689 Unknown Update Vector: 2016 Execution CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 4534283 Monthly Base: 9.8 Windows Rollup Remote Temporal: 8.8 Server 4534288 Critical Code 4530691 Unknown Vector: 2012 Security Execution CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Only

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0609 4534297 Monthly Base: 9.8 Windows Rollup Remote Temporal: 8.8 Server 4534309 Critical Code 4530702 Unknown Vector: 2012 R2 Security Execution CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Only

CVE-2020-0610 - Windows Remote Desktop Gateway (RD Gateway) Remote Code Execution Vulnerability

Maximum Vulnerability CVE ID Vulnerability Description Severity Impact Rating CVE Title: Windows Remote Desktop Gateway (RD Gateway) Remote Code Execution CVE- Vulnerability 2020- Description: Remote Code 0610 Critical A remote code execution vulnerability exists in Windows Remote Desktop Gateway (RD Execution MITRE Gateway) when an unauthenticated attacker connects to the target system using RDP NVD and sends specially crafted requests. This vulnerability is pre-authentication and

@NSFOUS 2020 http://www.nsfocus.com

FAQ: None Mitigations: None Workarounds: None Revision: 1.0 01/14/2020 08:00:00 Information published.

@NSFOUS 2020 http://www.nsfocus.com

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2020-0610 KB Restart Product Severity Impact Supersedence CVSS Score Set Article Required 4534273 Base: 9.8 Windows Remote Security Temporal: 8.8 Server Critical Code 4530715 Unknown Update Vector: 2019 Execution CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 4534271 Base: 9.8 Windows Remote Security Temporal: 8.8 Server Critical Code 4530689 Unknown Update Vector: 2016 Execution CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 4534283 Monthly Base: 9.8 Windows Rollup Remote Temporal: 8.8 Server 4534288 Critical Code 4530691 Unknown Vector: 2012 Security Execution CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Only

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0610 4534297 Monthly Base: 9.8 Windows Rollup Remote Temporal: 8.8 Server 4534309 Critical Code 4530702 Unknown Vector: 2012 R2 Security Execution CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Only

CVE-2020-0611 - Remote Desktop Client Remote Code Execution Vulnerability

Maximum Vulnerability CVE ID Vulnerability Description Severity Impact Rating CVE- CVE Title: Remote Desktop Client Remote Code Execution Vulnerability 2020- Description: Remote Code 0611 A remote code execution vulnerability exists in the Windows Remote Desktop Client Critical Execution MITRE when a user connects to a malicious server. An attacker who successfully exploited this NVD vulnerability could execute arbitrary code on the computer of the connecting client. An

@NSFOUS 2020 http://www.nsfocus.com

Maximum Vulnerability CVE ID Vulnerability Description Severity Impact Rating attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would need to have control of a server and then convince a user to connect to it. An attacker would have no way of forcing a user to connect to the malicious server, they would need to trick the user into connecting via social engineering, DNS poisoning or using a Man in the Middle (MITM) technique. An attacker could also compromise a legitimate server, host malicious code on it, and wait for the user to connect. The update addresses the vulnerability by correcting how the Windows Remote Desktop Client handles connection requests.

FAQ: None Mitigations: None Workarounds: None Revision: 1.0 01/14/2020 08:00:00 Information published.

@NSFOUS 2020 http://www.nsfocus.com

Maximum Vulnerability CVE ID Vulnerability Description Severity Impact Rating

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2020-0611 KB Restart Product Severity Impact Supersedence CVSS Score Set Article Required Windows 4534293 Base: 7.5 10 Version Remote Security Temporal: 6.7 1803 for Critical Code 4530717 Unknown Update Vector: 32-bit Execution CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems Windows 4534293 Base: 7.5 10 Version Remote Security Temporal: 6.7 1803 for Critical Code 4530717 Unknown Update Vector: x64-based Execution CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0611 Windows Server, 4534293 Base: 7.5 version Remote Security Temporal: 6.7 1803 Critical Code 4530717 Unknown Update Vector: (Server Execution CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Core Installation) Windows 10 Version 4534293 Base: 7.5 Remote 1803 for Security Temporal: 6.7 Critical Code 4530717 Unknown ARM64- Update Vector: Execution based CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems Windows 4534273 Base: 7.5 10 Version Remote Security Temporal: 6.7 1809 for Critical Code 4530715 Unknown Update Vector: 32-bit Execution CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems Windows 4534273 Base: 7.5 10 Version Remote Security Temporal: 6.7 1809 for Critical Code 4530715 Unknown Update Vector: x64-based Execution CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0611 Windows 10 Version 4534273 Base: 7.5 Remote 1809 for Security Temporal: 6.7 Critical Code 4530715 Unknown ARM64- Update Vector: Execution based CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems 4534273 Base: 7.5 Remote Windows Security Temporal: 6.7 Critical Code 4530715 Unknown Server 2019 Update Vector: Execution CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 4534273 Base: 7.5 Server 2019 Remote Security Temporal: 6.7 (Server Critical Code 4530715 Unknown Update Vector: Core Execution CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C installation) Windows 4534276 Base: 7.5 10 Version Remote Security Temporal: 6.7 1709 for Critical Code 4530714 Unknown Update Vector: 32-bit Execution CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems Windows Remote 4534276 Base: 7.5 10 Version Critical Code 4530714 Unknown Security Temporal: 6.7 1709 for Execution

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0611 x64-based Update Vector: Systems CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 Version 4534276 Base: 7.5 Remote 1709 for Security Temporal: 6.7 Critical Code 4530714 Unknown ARM64- Update Vector: Execution based CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems Windows 4528760 Base: 7.5 10 Version Remote Security Temporal: 6.7 1903 for Critical Code 4530684 Yes Update Vector: 32-bit Execution CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems Windows 4528760 Base: 7.5 10 Version Remote Security Temporal: 6.7 1903 for Critical Code 4530684 Yes Update Vector: x64-based Execution CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems Windows 4528760 Base: 7.5 Remote 10 Version Security Temporal: 6.7 Critical Code 4530684 Yes 1903 for Update Vector: Execution ARM64- CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0611 based Systems Windows Server, 4528760 Base: 7.5 version Remote Security Temporal: 6.7 1903 Critical Code 4530684 Yes Update Vector: (Server Execution CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Core installation) 4534306 Base: 7.5 Windows Remote Security Temporal: 6.7 10 for 32- Critical Code 4530681 Unknown Update Vector: bit Systems Execution CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 4534306 Base: 7.5 Remote 10 for x64- Security Temporal: 6.7 Critical Code 4530681 Unknown based Update Vector: Execution Systems CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 4534271 Base: 7.5 10 Version Remote Security Temporal: 6.7 1607 for Critical Code 4530689 Unknown Update Vector: 32-bit Execution CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0611 Windows 4534271 Base: 7.5 10 Version Remote Security Temporal: 6.7 1607 for Critical Code 4530689 Unknown Update Vector: x64-based Execution CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems 4534271 Base: 7.5 Remote Windows Security Temporal: 6.7 Critical Code 4530689 Unknown Server 2016 Update Vector: Execution CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 4534271 Base: 7.5 Server 2016 Remote Security Temporal: 6.7 (Server Critical Code 4530689 Unknown Update Vector: Core Execution CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C installation) 4534310 Windows 7 Monthly Base: 7.5 for 32-bit Rollup Remote Temporal: 6.7 Systems 4534314 Critical Code 4530734 Yes Vector: Service Security Execution CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Pack 1 Only

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0611 4534310 Windows 7 Monthly for x64- Base: 7.5 Rollup Remote based Temporal: 6.7 4534314 Critical Code 4530734 Yes Systems Vector: Security Execution Service CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Only Pack 1

4534297 Monthly Base: 7.5 Windows Rollup Remote Temporal: 6.7 8.1 for 32- 4534309 Critical Code 4530702 Unknown Vector: bit systems Security Execution CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Only

4534297 Monthly Windows Base: 7.5 Rollup Remote 8.1 for x64- Temporal: 6.7 4534309 Critical Code 4530702 Unknown based Vector: Security Execution systems CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Only

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0611 4534297 Base: 7.5 Remote Windows Monthly Temporal: 6.7 Critical Code 4530702 Unknown RT 8.1 Rollup Vector: Execution CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 4534310 Server 2008 Monthly R2 for Base: 7.5 Rollup Remote Itanium- Temporal: 6.7 4534314 Critical Code 4530734 Yes Based Vector: Security Execution Systems CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Only Service

Pack 1 Windows 4534310 Server 2008 Monthly Base: 7.5 R2 for x64- Rollup Remote Temporal: 6.7 based 4534314 Critical Code 4530734 Yes Vector: Systems Security Execution CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Service Only Pack 1 Windows 4534310 Base: 7.5 Remote Server 2008 Monthly Temporal: 6.7 Critical Code 4530734 Yes R2 for x64- Rollup Vector: Execution based 4534314 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0611 Systems Security Service Only Pack 1 (Server Core installation) 4534283 Monthly Base: 7.5 Rollup Remote Windows Temporal: 6.7 4534288 Critical Code 4530691 Unknown Server 2012 Vector: Security Execution CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Only

4534283 Windows Monthly Base: 7.5 Server 2012 Rollup Remote Temporal: 6.7 (Server 4534288 Critical Code 4530691 Unknown Vector: Core Security Execution CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C installation) Only

Windows 4534297 Remote Base: 7.5 Server 2012 Monthly Critical Code 4530702 Unknown Temporal: 6.7 R2 Rollup Execution

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0611 4534309 Vector: Security CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Only

4534297 Windows Monthly Base: 7.5 Server 2012 Rollup Remote Temporal: 6.7 R2 (Server 4534309 Critical Code 4530702 Unknown Vector: Core Security Execution CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C installation) Only

Windows 4528760 Base: 7.5 10 Version Remote Security Temporal: 6.7 1909 for Critical Code 4530684 Yes Update Vector: 32-bit Execution CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems Windows 4528760 Base: 7.5 10 Version Remote Security Temporal: 6.7 1909 for Critical Code 4530684 Yes Update Vector: x64-based Execution CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0611 Windows 10 Version 4528760 Base: 7.5 Remote 1909 for Security Temporal: 6.7 Critical Code 4530684 Yes ARM64- Update Vector: Execution based CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems Windows Server, 4528760 Base: 7.5 version Remote Security Temporal: 6.7 1909 Critical Code 4530684 Yes Update Vector: (Server Execution CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Core installation)

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0612 - Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability

Maximum Vulnerability CVE ID Vulnerability Description Severity Impact Rating CVE Title: Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability Description: A denial of service vulnerability exists in Windows Remote Desktop Gateway (RD Gateway) when an attacker connects to the target system using RDP and sends specially CVE- crafted requests. An attacker who successfully exploited this vulnerability could cause 2020- the RD Gateway service on the target system to stop responding. Denial of 0612 Important To exploit this vulnerability, an attacker would need to run a specially crafted application Service MITRE against a server which provides RD Gateway services. NVD The update addresses the vulnerability by correcting how RD Gateway handles connection requests.

FAQ: None

@NSFOUS 2020 http://www.nsfocus.com

Maximum Vulnerability CVE ID Vulnerability Description Severity Impact Rating Mitigations: None Workarounds: None Revision: 1.0 01/14/2020 08:00:00 Information published.

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2020-0612 KB Restart Product Severity Impact Supersedence CVSS Score Set Article Required Windows Denial 4534273 Base: 7.5 Server Important of 4530715 Unknown Security Temporal: 6.7 2019 Service

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0612 Update Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 4534271 Base: 7.5 Windows Denial Security Temporal: 6.7 Server Important of 4530689 Unknown Update Vector: 2016 Service CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C

CVE-2020-0613 - Windows Search Indexer Elevation of Privilege Vulnerability

Maximum Vulnerability CVE ID Vulnerability Description Severity Rating Impact CVE Title: Windows Search Indexer Elevation of Privilege Vulnerability Description: CVE- An elevation of privilege vulnerability exists in the way that the Windows Search 2020- Indexer handles objects in memory. An attacker who successfully exploited the Elevation of 0613 Important vulnerability could execute code with elevated permissions. Privilege MITRE NVD To exploit the vulnerability, a locally authenticated attacker could run a specially crafted application.

@NSFOUS 2020 http://www.nsfocus.com

Maximum Vulnerability CVE ID Vulnerability Description Severity Rating Impact The security update addresses the vulnerability by ensuring the Windows Search Indexer properly handles objects in memory.

FAQ: None Mitigations: None Workarounds: None Revision: 1.0 01/14/2020 08:00:00 Information published.

Affected Software

The following tables list the affected software details for the vulnerability.

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0613 KB Restart Product Severity Impact Supersedence CVSS Score Set Article Required Windows 10 4534293 Base: 7.8 Elevation Version Security Temporal: 7 Important of 4530717 Unknown 1803 for 32- Update Vector: Privilege bit Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4534293 Base: 7.8 Version Elevation Security Temporal: 7 1803 for Important of 4530717 Unknown Update Vector: x64-based Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems Windows Server, 4534293 Base: 7.8 Elevation version Security Temporal: 7 Important of 4530717 Unknown 1803 Update Vector: Privilege (Server Core CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Installation) Windows 10 Version 4534293 Base: 7.8 Elevation 1803 for Security Temporal: 7 Important of 4530717 Unknown ARM64- Update Vector: Privilege based CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0613 Windows 10 4534273 Base: 7.8 Elevation Version Security Temporal: 7 Important of 4530715 Unknown 1809 for 32- Update Vector: Privilege bit Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4534273 Base: 7.8 Version Elevation Security Temporal: 7 1809 for Important of 4530715 Unknown Update Vector: x64-based Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems Windows 10 Version 4534273 Base: 7.8 Elevation 1809 for Security Temporal: 7 Important of 4530715 Unknown ARM64- Update Vector: Privilege based CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems 4534273 Base: 7.8 Elevation Windows Security Temporal: 7 Important of 4530715 Unknown Server 2019 Update Vector: Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 4534273 Base: 7.8 Elevation Server 2019 Security Temporal: 7 Important of 4530715 Unknown (Server Core Update Vector: Privilege installation) CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0613 Windows 10 4534276 Base: 7.8 Elevation Version Security Temporal: 7 Important of 4530714 Unknown 1709 for 32- Update Vector: Privilege bit Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4534276 Base: 7.8 Version Elevation Security Temporal: 7 1709 for Important of 4530714 Unknown Update Vector: x64-based Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems Windows 10 Version 4534276 Base: 7.8 Elevation 1709 for Security Temporal: 7 Important of 4530714 Unknown ARM64- Update Vector: Privilege based CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems Windows 10 4528760 Base: 7.8 Elevation Version Security Temporal: 7 Important of 4530684 Yes 1903 for 32- Update Vector: Privilege bit Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 4528760 Base: 7.8 Windows 10 Elevation Security Temporal: 7 Version Important of 4530684 Yes Update Vector: 1903 for Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0613 x64-based Systems Windows 10 Version 4528760 Base: 7.8 Elevation 1903 for Security Temporal: 7 Important of 4530684 Yes ARM64- Update Vector: Privilege based CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems Windows Server, 4528760 Base: 7.8 Elevation version Security Temporal: 7 Important of 4530684 Yes 1903 Update Vector: Privilege (Server Core CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C installation) 4534306 Base: 7.8 Windows 10 Elevation Security Temporal: 7 for 32-bit Important of 4530681 Unknown Update Vector: Systems Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4534306 Base: 7.8 Elevation for x64- Security Temporal: 7 Important of 4530681 Unknown based Update Vector: Privilege Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0613 Windows 10 4534271 Base: 7.8 Elevation Version Security Temporal: 7 Important of 4530689 Unknown 1607 for 32- Update Vector: Privilege bit Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4534271 Base: 7.8 Version Elevation Security Temporal: 7 1607 for Important of 4530689 Unknown Update Vector: x64-based Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems 4534271 Base: 7.8 Elevation Windows Security Temporal: 7 Important of 4530689 Unknown Server 2016 Update Vector: Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 4534271 Base: 7.8 Elevation Server 2016 Security Temporal: 7 Important of 4530689 Unknown (Server Core Update Vector: Privilege installation) CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 4534297 Base: 7.8 Windows Monthly Elevation Temporal: 7 8.1 for 32- Rollup Important of 4530702 Unknown Vector: bit systems 4534309 Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Security

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0613 Only

4534297 Monthly Windows Base: 7.8 Rollup Elevation 8.1 for x64- Temporal: 7 4534309 Important of 4530702 Unknown based Vector: Security Privilege systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Only

4534297 Base: 7.8 Elevation Windows RT Monthly Temporal: 7 Important of 4530702 Unknown 8.1 Rollup Vector: Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 4534297 Monthly Base: 7.8 Windows Rollup Elevation Temporal: 7 Server 2012 4534309 Important of 4530702 Unknown Vector: R2 Security Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Only

Windows 4534297 Elevation Base: 7.8 Server 2012 Monthly Important of 4530702 Unknown Temporal: 7 R2 (Server Rollup Privilege

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0613 Core 4534309 Vector: installation) Security CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Only

Windows 10 4528760 Base: 7.8 Elevation Version Security Temporal: 7 Important of 4530684 Yes 1909 for 32- Update Vector: Privilege bit Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4528760 Base: 7.8 Version Elevation Security Temporal: 7 1909 for Important of 4530684 Yes Update Vector: x64-based Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems Windows 10 Version 4528760 Base: 7.8 Elevation 1909 for Security Temporal: 7 Important of 4530684 Yes ARM64- Update Vector: Privilege based CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems Windows 4528760 Base: 7.8 Elevation Server, Security Temporal: 7 Important of 4530684 Yes version Update Vector: Privilege 1909 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0613 (Server Core installation)

CVE-2020-0614 - Windows Search Indexer Elevation of Privilege Vulnerability

Maximum Vulnerability CVE ID Vulnerability Description Severity Rating Impact CVE Title: Windows Search Indexer Elevation of Privilege Vulnerability Description: An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory. An attacker who successfully exploited the CVE- vulnerability could execute code with elevated permissions. 2020- Elevation of 0614 To exploit the vulnerability, a locally authenticated attacker could run a specially Important Privilege MITRE crafted application. NVD The security update addresses the vulnerability by ensuring the Windows Search Indexer properly handles objects in memory.

FAQ:

@NSFOUS 2020 http://www.nsfocus.com

Maximum Vulnerability CVE ID Vulnerability Description Severity Rating Impact None Mitigations: None Workarounds: None Revision: 1.0 01/14/2020 08:00:00 Information published.

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2020-0614 KB Restart Product Severity Impact Supersedence CVSS Score Set Article Required Elevation Windows 10 4534293 Base: 7.8 Important of 4530717 Unknown Version Security Temporal: 7 Privilege

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0614 1803 for 32- Update Vector: bit Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4534293 Base: 7.8 Version Elevation Security Temporal: 7 1803 for Important of 4530717 Unknown Update Vector: x64-based Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems Windows Server, 4534293 Base: 7.8 Elevation version Security Temporal: 7 Important of 4530717 Unknown 1803 Update Vector: Privilege (Server Core CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Installation) Windows 10 Version 4534293 Base: 7.8 Elevation 1803 for Security Temporal: 7 Important of 4530717 Unknown ARM64- Update Vector: Privilege based CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems Windows 10 4534273 Base: 7.8 Elevation Version Security Temporal: 7 Important of 4530715 Unknown 1809 for 32- Update Vector: Privilege bit Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0614 Windows 10 4534273 Base: 7.8 Version Elevation Security Temporal: 7 1809 for Important of 4530715 Unknown Update Vector: x64-based Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems Windows 10 Version 4534273 Base: 7.8 Elevation 1809 for Security Temporal: 7 Important of 4530715 Unknown ARM64- Update Vector: Privilege based CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems 4534273 Base: 7.8 Elevation Windows Security Temporal: 7 Important of 4530715 Unknown Server 2019 Update Vector: Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 4534273 Base: 7.8 Elevation Server 2019 Security Temporal: 7 Important of 4530715 Unknown (Server Core Update Vector: Privilege installation) CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4534276 Base: 7.8 Elevation Version Security Temporal: 7 Important of 4530714 Unknown 1709 for 32- Update Vector: Privilege bit Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0614 Windows 10 4534276 Base: 7.8 Version Elevation Security Temporal: 7 1709 for Important of 4530714 Unknown Update Vector: x64-based Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems Windows 10 Version 4534276 Base: 7.8 Elevation 1709 for Security Temporal: 7 Important of 4530714 Unknown ARM64- Update Vector: Privilege based CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems Windows 10 4528760 Base: 7.8 Elevation Version Security Temporal: 7 Important of 4530684 Yes 1903 for 32- Update Vector: Privilege bit Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4528760 Base: 7.8 Version Elevation Security Temporal: 7 1903 for Important of 4530684 Yes Update Vector: x64-based Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems Windows 10 Elevation 4528760 Base: 7.8 Version Important of 4530684 Yes Security Temporal: 7 1903 for Privilege

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0614 ARM64- Update Vector: based CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems Windows Server, 4528760 Base: 7.8 Elevation version Security Temporal: 7 Important of 4530684 Yes 1903 Update Vector: Privilege (Server Core CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C installation) 4534306 Base: 7.8 Windows 10 Elevation Security Temporal: 7 for 32-bit Important of 4530681 Unknown Update Vector: Systems Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4534306 Base: 7.8 Elevation for x64- Security Temporal: 7 Important of 4530681 Unknown based Update Vector: Privilege Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4534271 Base: 7.8 Elevation Version Security Temporal: 7 Important of 4530689 Unknown 1607 for 32- Update Vector: Privilege bit Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0614 Windows 10 4534271 Base: 7.8 Version Elevation Security Temporal: 7 1607 for Important of 4530689 Unknown Update Vector: x64-based Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems 4534271 Base: 7.8 Elevation Windows Security Temporal: 7 Important of 4530689 Unknown Server 2016 Update Vector: Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 4534271 Base: 7.8 Elevation Server 2016 Security Temporal: 7 Important of 4530689 Unknown (Server Core Update Vector: Privilege installation) CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 4534297 Monthly Base: 7.8 Windows Rollup Elevation Temporal: 7 8.1 for 32- 4534309 Important of 4530702 Unknown Vector: bit systems Security Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Only

4534297 Elevation Windows Base: 7.8 Monthly Important of 4530702 Unknown 8.1 for x64- Temporal: 7 Rollup Privilege

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0614 based 4534309 Vector: systems Security CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Only

4534297 Windows Monthly Base: 7.8 Server 2012 Rollup Elevation Temporal: 7 R2 (Server 4534309 Important of 4530702 Unknown Vector: Core Security Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C installation) Only

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0614 Windows 10 4528760 Base: 7.8 Elevation Version Security Temporal: 7 Important of 4530684 Yes 1909 for 32- Update Vector: Privilege bit Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4528760 Base: 7.8 Version Elevation Security Temporal: 7 1909 for Important of 4530684 Yes Update Vector: x64-based Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems Windows 10 Version 4528760 Base: 7.8 Elevation 1909 for Security Temporal: 7 Important of 4530684 Yes ARM64- Update Vector: Privilege based CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems Windows Server, 4528760 Base: 7.8 Elevation version Security Temporal: 7 Important of 4530684 Yes 1909 Update Vector: Privilege (Server Core CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C installation)

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0615 - Windows Common Log File System Driver Information Disclosure Vulnerability

Maximum Vulnerability CVE ID Vulnerability Description Severity Impact Rating CVE Title: Windows Common Log File System Driver Information Disclosure Vulnerability Description: An information disclosure vulnerability exists in the Windows Common Log File System (CLFS) driver when it fails to properly handle objects in memory. An attacker who CVE- successfully exploited this vulnerability could potentially read data that was not 2020- intended to be disclosed. Note that this vulnerability would not allow an attacker to Information 0615 Important execute code or to elevate their user rights directly, but it could be used to obtain Disclosure MITRE information that could be used to try to further compromise the affected system. NVD To exploit the vulnerability, an attacker would first have to log on to the system, and then run a specially crafted application to take control over the affected system. The security update addresses the vulnerability by correcting how CLFS handles objects in memory.

@NSFOUS 2020 http://www.nsfocus.com

Maximum Vulnerability CVE ID Vulnerability Description Severity Impact Rating

FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is the contents of Kernel memory. An attacker could read the contents of Kernel memory from a user mode process.

Mitigations: None Workarounds: None Revision: 1.0 01/14/2020 08:00:00 Information published.

Affected Software

The following tables list the affected software details for the vulnerability.

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0615 KB Restart Product Severity Impact Supersedence CVSS Score Set Article Required Windows Base: 5.5 4534293 10 Version Temporal: 5 Security Information 1803 for Important 4530717 Vector: Unknown Update Disclosure 32-bit CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:

Systems C Windows Server, Base: 5.5 version 4534293 Temporal: 5 1803 Security Information Important 4530717 Vector: Unknown (Server Update Disclosure CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC: Core C Installation ) Windows Base: 5.5 4534293 Information 10 Version Important 4530717 Temporal: 5 Unknown Security Disclosure 1803 for Vector:

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0615 ARM64- Update CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC: based C Systems Windows Base: 5.5 4534273 10 Version Temporal: 5 Security Information 1809 for Important 4530715 Vector: Unknown Update Disclosure 32-bit CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:

Systems C Windows Base: 5.5 10 Version 4534273 Temporal: 5 1809 for Security Information Important 4530715 Vector: Unknown ARM64- Update Disclosure CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC: based C Systems 4534273 Windows Base: 5.5 Security Information Server Important 4530715 Temporal: 5 Unknown Update Disclosure 2019 Vector:

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0615 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC: C Windows Base: 5.5 Server 4534273 Temporal: 5 2019 Security Information Important 4530715 Vector: Unknown (Server Update Disclosure CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC: Core C installation) Windows Base: 5.5 4534276 10 Version Temporal: 5 Security Information 1709 for Important 4530714 Vector: Unknown Update Disclosure 32-bit CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:

Systems C Base: 5.5 Windows 4534276 Temporal: 5 10 Version Security Information Important 4530714 Vector: Unknown 1709 for Update Disclosure CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC: ARM64- C

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0615 based Systems Windows Base: 5.5 4528760 10 Version Temporal: 5 Security Information 1903 for Important 4530684 Vector: Yes Update Disclosure 32-bit CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:

Systems C Windows Base: 5.5 10 Version 4528760 Temporal: 5 1903 for Security Information Important 4530684 Vector: Yes ARM64- Update Disclosure CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC: based C Systems Windows Base: 5.5 4528760 Server, Temporal: 5 Security Information version Important 4530684 Vector: Yes Update Disclosure 1903 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:

(Server C

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0615 Core installation) Base: 5.5 4534306 Windows Temporal: 5 Security Information 10 for 32- Important 4530681 Vector: Unknown Update Disclosure bit Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:

Systems C

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0615 Base: 5.5 4534271 Windows Temporal: 5 Security Information Server Important 4530689 Vector: Unknown Update Disclosure 2016 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:

C Windows Base: 5.5 Server 4534271 Temporal: 5 2016 Security Information Important 4530689 Vector: Unknown (Server Update Disclosure CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC: Core C installation) 4534310 Windows 7 Monthly Base: 5.5 for 32-bit Rollup Temporal: 5 Information Systems 4534314 Important 4530734 Vector: Yes Disclosure Service Security CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC: Pack 1 Only C

4534310 Base: 5.5 Windows 7 Monthly Temporal: 5 for x64- Information Rollup Important 4530734 Vector: Yes based Disclosure 4534314 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC: Systems Security C

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0615 Service Only Pack 1 4534297 Monthly Base: 5.5 Windows Rollup Temporal: 5 Information 8.1 for 32- 4534309 Important 4530702 Vector: Unknown Disclosure bit systems Security CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC: Only C

Base: 5.5 4534297 Temporal: 5 Windows Monthly Information Important 4530702 Vector: Unknown RT 8.1 Rollup Disclosure CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:

C Windows 4534303 Information Base: 5.5 Important 4530695 Yes Server Monthly Disclosure Temporal: 5

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0615 2008 for Rollup Vector: 32-bit 4534312 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC: Systems Security C Service Only Pack 2 Windows Server 4534303 2008 for Monthly Base: 5.5 32-bit Rollup Temporal: 5 Systems Information 4534312 Important 4530695 Vector: Yes Service Disclosure Security CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC: Pack 2 Only C (Server

Core installation) Windows 4534303 Server Monthly Base: 5.5 2008 for Rollup Temporal: 5 Itanium- Information 4534312 Important 4530695 Vector: Yes Based Disclosure Security CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC: Systems Only C Service

Pack 2

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0615 Windows 4534303 Server Monthly Base: 5.5 2008 for Rollup Temporal: 5 Information x64-based 4534312 Important 4530695 Vector: Yes Disclosure Systems Security CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC: Service Only C Pack 2 Windows Server 4534303 2008 for Monthly Base: 5.5 x64-based Rollup Temporal: 5 Systems Information 4534312 Important 4530695 Vector: Yes Service Disclosure Security CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC: Pack 2 Only C (Server

Core installation) Windows 4534310 Base: 5.5 Server Monthly Temporal: 5 2008 R2 for Information Rollup Important 4530734 Vector: Yes Itanium- Disclosure 4534314 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC: Based Security C Systems

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0615 Service Only Pack 1 Windows 4534310 Server Monthly Base: 5.5 2008 R2 for Rollup Temporal: 5 Information x64-based 4534314 Important 4530734 Vector: Yes Disclosure Systems Security CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC: Service Only C Pack 1 Windows Server 4534310 2008 R2 for Monthly Base: 5.5 x64-based Rollup Temporal: 5 Systems Information 4534314 Important 4530734 Vector: Yes Service Disclosure Security CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC: Pack 1 Only C (Server

Core installation) 4534283 Windows Base: 5.5 Monthly Information Server Important 4530691 Temporal: 5 Unknown Rollup Disclosure 2012 Vector: 4534288

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0615 Security CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC: Only C

Windows 4534297 Base: 5.5 Server Monthly Temporal: 5 2012 R2 Information Rollup Important 4530702 Vector: Unknown (Server Disclosure 4534309 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC: Core Security C installation)

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0615 Only

Windows Base: 5.5 4528760 10 Version Temporal: 5 Security Information 1909 for Important 4530684 Vector: Yes Update Disclosure 32-bit CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:

Systems C Windows Base: 5.5 10 Version 4528760 Temporal: 5 1909 for Security Information Important 4530684 Vector: Yes ARM64- Update Disclosure CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC: based C Systems Windows Base: 5.5 4528760 Server, Temporal: 5 Security Information version Important 4530684 Vector: Yes Update Disclosure 1909 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:

(Server C

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0615 Core installation)

CVE-2020-0616 - Microsoft Windows Denial of Service Vulnerability

Maximum Vulnerability CVE ID Vulnerability Description Severity Rating Impact CVE Title: Microsoft Windows Denial of Service Vulnerability Description: A denial of service vulnerability exists when Windows improperly handles hard links. An attacker who successfully exploited the vulnerability could cause a target system to stop responding. CVE- 2020- To exploit this vulnerability, an attacker would have to log on to an affected system 0616 and run a specially crafted application. The vulnerability would allow an attacker to Important Denial of Service MITRE overwrite system files. NVD The update addresses the vulnerability by correcting ACLs to system files.

FAQ: None Mitigations:

@NSFOUS 2020 http://www.nsfocus.com

Maximum Vulnerability CVE ID Vulnerability Description Severity Rating Impact None Workarounds: None Revision: 1.0 01/14/2020 08:00:00 Information published.

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2020-0616 KB Restart Product Severity Impact Supersedence CVSS Score Set Article Required Windows 10 4534273 Base: 5.5 Denial Version 1809 Security Temporal: 5 Important of 4530715 Unknown for 32-bit Update Vector: Service Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0616 Windows 10 4534273 Base: 5.5 Version 1809 Denial Security Temporal: 5 for x64- Important of 4530715 Unknown Update Vector: based Service CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C Systems Windows 10 4534273 Base: 5.5 Version 1809 Denial Security Temporal: 5 for ARM64- Important of 4530715 Unknown Update Vector: based Service CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C Systems 4534273 Base: 5.5 Denial Windows Security Temporal: 5 Important of 4530715 Unknown Server 2019 Update Vector: Service CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C Windows 4534273 Base: 5.5 Denial Server 2019 Security Temporal: 5 Important of 4530715 Unknown (Server Core Update Vector: Service installation) CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C Windows 10 4528760 Base: 5.5 Denial Version 1903 Security Temporal: 5 Important of 4530684 Yes for 32-bit Update Vector: Service Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0616 Windows 10 4528760 Base: 5.5 Version 1903 Denial Security Temporal: 5 for x64- Important of 4530684 Yes Update Vector: based Service CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C Systems Windows 10 4528760 Base: 5.5 Version 1903 Denial Security Temporal: 5 for ARM64- Important of 4530684 Yes Update Vector: based Service CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C Systems Windows 4528760 Base: 5.5 Server, Denial Security Temporal: 5 version 1903 Important of 4530684 Yes Update Vector: (Server Core Service CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C installation) Windows 10 4528760 Base: 5.5 Denial Version 1909 Security Temporal: 5 Important of 4530684 Yes for 32-bit Update Vector: Service Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 4528760 Base: 5.5 Windows 10 Denial Security Temporal: 5 Version 1909 Important of 4530684 Yes Update Vector: for x64- Service CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0616 based Systems Windows 10 4528760 Base: 5.5 Version 1909 Denial Security Temporal: 5 for ARM64- Important of 4530684 Yes Update Vector: based Service CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C Systems Windows 4528760 Base: 5.5 Server, Denial Security Temporal: 5 version 1909 Important of 4530684 Yes Update Vector: (Server Core Service CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C installation)

CVE-2020-0617 - Hyper-V Denial of Service Vulnerability

Maximum Vulnerability CVE ID Vulnerability Description Severity Impact Rating CVE- CVE Title: Hyper-V Denial of Service Vulnerability Denial of 2020- Important Description: Service 0617

@NSFOUS 2020 http://www.nsfocus.com

Maximum Vulnerability CVE ID Vulnerability Description Severity Impact Rating MITRE A denial of service vulnerability exists when Microsoft Hyper-V Virtual PCI on a host NVD server fails to properly validate input from a privileged user on a guest operating system. To exploit the vulnerability, an attacker who already has a privileged account on a guest operating system, running as a virtual machine, could run a specially crafted application that causes a host machine to crash. To exploit the vulnerability, an attacker who already has a privileged account on a guest operating system, running as a virtual machine, could run a specially crafted application. The security update addresses the vulnerability by properly validating input.

FAQ: None Mitigations: None Workarounds: None Revision: 1.0 01/14/2020 08:00:00 Information published.

@NSFOUS 2020 http://www.nsfocus.com

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2020-0617 KB Restart Product Severity Impact Supersedence CVSS Score Set Article Required Windows 10 4534293 Base: 5.3 Version Denial Security Temporal: 4.8 1803 for Important of 4530717 Unknown Update Vector: x64-based Service CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H/E:P/RL:O/RC:C Systems Windows 4534293 Base: 5.3 Server, Denial Security Temporal: 4.8 version 1803 Important of 4530717 Unknown Update Vector: (Server Core Service CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H/E:P/RL:O/RC:C Installation) Windows 10 4534273 Base: 5.3 Version Denial Security Temporal: 4.8 1809 for Important of 4530715 Unknown Update Vector: x64-based Service CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H/E:P/RL:O/RC:C Systems

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0617 4534273 Base: 5.3 Denial Windows Security Temporal: 4.8 Important of 4530715 Unknown Server 2019 Update Vector: Service CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H/E:P/RL:O/RC:C Windows 4534273 Base: 5.3 Denial Server 2019 Security Temporal: 4.8 Important of 4530715 Unknown (Server Core Update Vector: Service installation) CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H/E:P/RL:O/RC:C Windows 10 4534276 Base: 5.3 Version Denial Security Temporal: 4.8 1709 for Important of 4530714 Unknown Update Vector: x64-based Service CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H/E:P/RL:O/RC:C Systems Windows 10 4534306 Base: 5.3 Denial for x64- Security Temporal: 4.8 Important of 4530681 Unknown based Update Vector: Service Systems CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H/E:P/RL:O/RC:C Windows 10 4534271 Base: 5.3 Version Denial Security Temporal: 4.8 1607 for Important of 4530689 Unknown Update Vector: x64-based Service CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H/E:P/RL:O/RC:C Systems

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0617 4534271 Base: 5.3 Denial Windows Security Temporal: 4.8 Important of 4530689 Unknown Server 2016 Update Vector: Service CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H/E:P/RL:O/RC:C Windows 4534271 Base: 5.3 Denial Server 2016 Security Temporal: 4.8 Important of 4530689 Unknown (Server Core Update Vector: Service installation) CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H/E:P/RL:O/RC:C

CVE-2020-0620 - Microsoft Cryptographic Services Elevation of Privilege Vulnerability

Maximum Vulnerability CVE ID Vulnerability Description Severity Rating Impact CVE- CVE Title: Microsoft Cryptographic Services Elevation of Privilege Vulnerability 2020- Description: Elevation of 0620 An elevation of privilege vulnerability exists when Microsoft Cryptographic Services Important Privilege MITRE improperly handles files. An attacker could exploit the vulnerability to overwrite or NVD modify a protected file leading to a privilege escalation.

@NSFOUS 2020 http://www.nsfocus.com

Maximum Vulnerability CVE ID Vulnerability Description Severity Rating Impact To exploit the vulnerability, an attacker would first require execution on the victim system. The security update addresses the vulnerability by addressing how Microsoft Cryptographic Services handles files.

FAQ: None Mitigations: None Workarounds: None Revision: 1.0 01/14/2020 08:00:00 Information published.

Affected Software

The following tables list the affected software details for the vulnerability.

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0620 KB Restart Product Severity Impact Supersedence CVSS Score Set Article Required Windows 10 4534293 Base: 7.8 Elevation Version Security Temporal: 7 Important of 4530717 Unknown 1803 for 32- Update Vector: Privilege bit Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4534293 Base: 7.8 Version Elevation Security Temporal: 7 1803 for Important of 4530717 Unknown Update Vector: x64-based Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems Windows Server, 4534293 Base: 7.8 Elevation version Security Temporal: 7 Important of 4530717 Unknown 1803 (Server Update Vector: Privilege Core CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Installation) Windows 10 Version 4534293 Base: 7.8 Elevation 1803 for Security Temporal: 7 Important of 4530717 Unknown ARM64- Update Vector: Privilege based CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0620 Windows 10 4534273 Base: 7.8 Elevation Version Security Temporal: 7 Important of 4530715 Unknown 1809 for 32- Update Vector: Privilege bit Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4534273 Base: 7.8 Version Elevation Security Temporal: 7 1809 for Important of 4530715 Unknown Update Vector: x64-based Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems Windows 10 Version 4534273 Base: 7.8 Elevation 1809 for Security Temporal: 7 Important of 4530715 Unknown ARM64- Update Vector: Privilege based CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems 4534273 Base: 7.8 Elevation Windows Security Temporal: 7 Important of 4530715 Unknown Server 2019 Update Vector: Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 4534273 Base: 7.8 Elevation Server 2019 Security Temporal: 7 Important of 4530715 Unknown (Server Core Update Vector: Privilege installation) CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0620 Windows 10 4534276 Base: 7.8 Elevation Version Security Temporal: 7 Important of 4530714 Unknown 1709 for 32- Update Vector: Privilege bit Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4534276 Base: 7.8 Version Elevation Security Temporal: 7 1709 for Important of 4530714 Unknown Update Vector: x64-based Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems Windows 10 Version 4534276 Base: 7.8 Elevation 1709 for Security Temporal: 7 Important of 4530714 Unknown ARM64- Update Vector: Privilege based CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems Windows 10 4528760 Base: 7.8 Elevation Version Security Temporal: 7 Important of 4530684 Yes 1903 for 32- Update Vector: Privilege bit Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 4528760 Base: 7.8 Windows 10 Elevation Security Temporal: 7 Version Important of 4530684 Yes Update Vector: 1903 for Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0620 x64-based Systems Windows 10 Version 4528760 Base: 7.8 Elevation 1903 for Security Temporal: 7 Important of 4530684 Yes ARM64- Update Vector: Privilege based CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems Windows Server, 4528760 Base: 7.8 Elevation version Security Temporal: 7 Important of 4530684 Yes 1903 (Server Update Vector: Privilege Core CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C installation) 4534306 Base: 7.8 Windows 10 Elevation Security Temporal: 7 for 32-bit Important of 4530681 Unknown Update Vector: Systems Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4534306 Base: 7.8 Elevation for x64- Security Temporal: 7 Important of 4530681 Unknown based Update Vector: Privilege Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0620 Windows 10 4534271 Base: 7.8 Elevation Version Security Temporal: 7 Important of 4530689 Unknown 1607 for 32- Update Vector: Privilege bit Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4534271 Base: 7.8 Version Elevation Security Temporal: 7 1607 for Important of 4530689 Unknown Update Vector: x64-based Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems 4534271 Base: 7.8 Elevation Windows Security Temporal: 7 Important of 4530689 Unknown Server 2016 Update Vector: Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 4534271 Base: 7.8 Elevation Server 2016 Security Temporal: 7 Important of 4530689 Unknown (Server Core Update Vector: Privilege installation) CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 7 4534310 Base: 7.8 for 32-bit Monthly Elevation Temporal: 7 Systems Rollup Important of 4530734 Yes Vector: Service Pack 4534314 Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 1 Security

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0620 Only

4534310 Windows 7 Monthly for x64- Base: 7.8 Rollup Elevation based Temporal: 7 4534314 Important of 4530734 Yes Systems Vector: Security Privilege Service Pack CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Only 1

4534297 Monthly Base: 7.8 Windows Rollup Elevation Temporal: 7 8.1 for 32- 4534309 Important of 4530702 Unknown Vector: bit systems Security Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Only

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0620 4534297 Base: 7.8 Elevation Windows RT Monthly Temporal: 7 Important of 4530702 Unknown 8.1 Rollup Vector: Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 4534303 Windows Monthly Server 2008 Base: 7.8 Rollup Elevation for 32-bit Temporal: 7 4534312 Important of 4530695 Yes Systems Vector: Security Privilege Service Pack CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Only 2

Windows 4534303 Server 2008 Monthly for 32-bit Base: 7.8 Rollup Elevation Systems Temporal: 7 4534312 Important of 4530695 Yes Service Pack Vector: Security Privilege 2 (Server CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Only Core installation) Windows 4534303 Base: 7.8 Elevation Server 2008 Monthly Temporal: 7 Important of 4530695 Yes for Itanium- Rollup Vector: Privilege Based 4534312 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0620 Systems Security Service Pack Only 2 Windows 4534303 Server 2008 Monthly Base: 7.8 for x64- Rollup Elevation Temporal: 7 based 4534312 Important of 4530695 Yes Vector: Systems Security Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Service Pack Only 2 Windows Server 2008 4534303 for x64- Monthly Base: 7.8 based Rollup Elevation Temporal: 7 Systems 4534312 Important of 4530695 Yes Vector: Service Pack Security Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 2 (Server Only Core installation) Windows 4534310 Base: 7.8 Elevation Server 2008 Monthly Temporal: 7 Important of 4530734 Yes R2 for Rollup Vector: Privilege Itanium- 4534314 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0620 Based Security Systems Only Service Pack 1 Windows 4534310 Server 2008 Monthly Base: 7.8 R2 for x64- Rollup Elevation Temporal: 7 based 4534314 Important of 4530734 Yes Vector: Systems Security Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Service Pack Only 1 Windows Server 2008 4534310 R2 for x64- Monthly Base: 7.8 based Rollup Elevation Temporal: 7 Systems 4534314 Important of 4530734 Yes Vector: Service Pack Security Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 1 (Server Only Core installation) 4534283 Elevation Windows Base: 7.8 Monthly Important of 4530691 Unknown Server 2012 Temporal: 7 Rollup Privilege

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0620 4534288 Vector: Security CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Only

4534283 Monthly Windows Base: 7.8 Rollup Elevation Server 2012 Temporal: 7 4534288 Important of 4530691 Unknown (Server Core Vector: Security Privilege installation) CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Only

4534297 Monthly Base: 7.8 Windows Rollup Elevation Temporal: 7 Server 2012 4534309 Important of 4530702 Unknown Vector: R2 Security Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Only

Windows 4534297 Base: 7.8 Server 2012 Monthly Elevation Temporal: 7 R2 (Server Rollup Important of 4530702 Unknown Vector: Core 4534309 Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C installation) Security

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0620 Only

Windows 10 4528760 Base: 7.8 Elevation Version Security Temporal: 7 Important of 4530684 Yes 1909 for 32- Update Vector: Privilege bit Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4528760 Base: 7.8 Version Elevation Security Temporal: 7 1909 for Important of 4530684 Yes Update Vector: x64-based Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems Windows 10 Version 4528760 Base: 7.8 Elevation 1909 for Security Temporal: 7 Important of 4530684 Yes ARM64- Update Vector: Privilege based CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems Windows Server, 4528760 Base: 7.8 Elevation version Security Temporal: 7 Important of 4530684 Yes 1909 (Server Update Vector: Privilege Core CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C installation)

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0621 - Windows Security Feature Bypass Vulnerability

Maximum Vulnerability CVE ID Vulnerability Description Severity Impact Rating CVE Title: Windows Security Feature Bypass Vulnerability Description: A security feature bypass vulnerability exists in Windows 10 when third party filters are called during a password update. Successful exploitation of the vulnerability could allow a user to make use of a blocked password for their account. To exploit the vulnerability, an attacker would need have access and the current CVE- password for the target user. 2020- The update addresses how password filters are called during a password update. Security Feature 0621 Important Bypass MITRE NVD FAQ: None Mitigations: None Workarounds: None Revision: 1.0 01/14/2020 08:00:00

@NSFOUS 2020 http://www.nsfocus.com

Maximum Vulnerability CVE ID Vulnerability Description Severity Impact Rating Information published.

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2020-0621 KB Restart Product Severity Impact Supersedence CVSS Score Set Article Required Windows 10 4534293 Base: 4.4 Security Version Security Temporal: 4 Important Feature 4530717 Unknown 1803 for 32- Update Vector: Bypass bit Systems CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C Windows 10 4534293 Base: 4.4 Version Security Security Temporal: 4 1803 for Important Feature 4530717 Unknown Update Vector: x64-based Bypass CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C Systems

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0621 Windows Server, 4534293 Base: 4.4 Security version Security Temporal: 4 Important Feature 4530717 Unknown 1803 (Server Update Vector: Bypass Core CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C Installation) Windows 10 Version 4534293 Base: 4.4 Security 1803 for Security Temporal: 4 Important Feature 4530717 Unknown ARM64- Update Vector: Bypass based CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C Systems Windows 10 4534273 Base: 4.4 Security Version Security Temporal: 4 Important Feature 4530715 Unknown 1809 for 32- Update Vector: Bypass bit Systems CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C Windows 10 4534273 Base: 4.4 Version Security Security Temporal: 4 1809 for Important Feature 4530715 Unknown Update Vector: x64-based Bypass CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C Systems

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0621 Windows 10 Version 4534273 Base: 4.4 Security 1809 for Security Temporal: 4 Important Feature 4530715 Unknown ARM64- Update Vector: Bypass based CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C Systems 4534273 Base: 4.4 Security Windows Security Temporal: 4 Important Feature 4530715 Unknown Server 2019 Update Vector: Bypass CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C Windows 4534273 Base: 4.4 Security Server 2019 Security Temporal: 4 Important Feature 4530715 Unknown (Server Core Update Vector: Bypass installation) CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C Windows 10 4534276 Base: 4.4 Security Version Security Temporal: 4 Important Feature 4530714 Unknown 1709 for 32- Update Vector: Bypass bit Systems CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C Windows 10 4534276 Base: 4.4 Version Security Security Temporal: 4 1709 for Important Feature 4530714 Unknown Update Vector: x64-based Bypass CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C Systems

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0621 Windows 10 Version 4534276 Base: 4.4 Security 1709 for Security Temporal: 4 Important Feature 4530714 Unknown ARM64- Update Vector: Bypass based CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C Systems

CVE-2020-0622 - Microsoft Graphics Component Information Disclosure Vulnerability

Maximum Vulnerability CVE ID Vulnerability Description Severity Impact Rating CVE Title: Microsoft Graphics Component Information Disclosure Vulnerability CVE- Description: 2020- An information disclosure vulnerability exists when the Microsoft Windows Graphics Information 0622 Important Component improperly handles objects in memory. An attacker who successfully Disclosure MITRE exploited the vulnerability could obtain information to further compromise the NVD userâ€™s system.

@NSFOUS 2020 http://www.nsfocus.com

Maximum Vulnerability CVE ID Vulnerability Description Severity Impact Rating To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The update addresses the vulnerability by correcting the way in which the Windows Graphics Component handles objects in memory.

Mitigations: None Workarounds: None Revision: 1.0 01/14/2020 08:00:00 Information published.

@NSFOUS 2020 http://www.nsfocus.com

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2020-0622 KB Restart Product Severity Impact Supersedence CVSS Score Set Article Required Windows Base: 5.5 4534293 10 Version Temporal: 5 Security Information 1803 for Important 4530717 Vector: Unknown Update Disclosure 32-bit CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0622 Installation ) Windows Base: 5.5 10 Version 4534293 Temporal: 5 1803 for Security Information Important 4530717 Vector: Unknown ARM64- Update Disclosure CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC: based C Systems Windows Base: 5.5 4534276 10 Version Temporal: 5 Security Information 1709 for Important 4530714 Vector: Unknown Update Disclosure 32-bit CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0622 based Systems Base: 5.5 4534306 Windows Temporal: 5 Security Information 10 for 32- Important 4530681 Vector: Unknown Update Disclosure bit Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:

Systems C

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0622 Base: 5.5 4534271 Windows Temporal: 5 Security Information Server Important 4530689 Vector: Unknown Update Disclosure 2016 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:

CVE-2020-0623 - Windows Search Indexer Elevation of Privilege Vulnerability

Maximum Vulnerability CVE ID Vulnerability Description Severity Rating Impact CVE- CVE Title: Windows Search Indexer Elevation of Privilege Vulnerability Elevation of 2020- Important Description: Privilege 0623

@NSFOUS 2020 http://www.nsfocus.com

Maximum Vulnerability CVE ID Vulnerability Description Severity Rating Impact MITRE An elevation of privilege vulnerability exists in the way that the Windows Search NVD Indexer handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. To exploit the vulnerability, a locally authenticated attacker could run a specially crafted application. The security update addresses the vulnerability by ensuring the Windows Search Indexer properly handles objects in memory.

FAQ: None Mitigations: None Workarounds: None Revision: 1.0 01/14/2020 08:00:00 Information published.

@NSFOUS 2020 http://www.nsfocus.com

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2020-0623 KB Restart Product Severity Impact Supersedence CVSS Score Set Article Required Windows 10 4534293 Base: 7.8 Elevation Version Security Temporal: 7 Important of 4530717 Unknown 1803 for 32- Update Vector: Privilege bit Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4534293 Base: 7.8 Version Elevation Security Temporal: 7 1803 for Important of 4530717 Unknown Update Vector: x64-based Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems Windows Server, 4534293 Base: 7.8 Elevation version Security Temporal: 7 Important of 4530717 Unknown 1803 Update Vector: Privilege (Server Core CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Installation)

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0623 Windows 10 Version 4534293 Base: 7.8 Elevation 1803 for Security Temporal: 7 Important of 4530717 Unknown ARM64- Update Vector: Privilege based CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems Windows 10 4534273 Base: 7.8 Elevation Version Security Temporal: 7 Important of 4530715 Unknown 1809 for 32- Update Vector: Privilege bit Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4534273 Base: 7.8 Version Elevation Security Temporal: 7 1809 for Important of 4530715 Unknown Update Vector: x64-based Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems Windows 10 Version 4534273 Base: 7.8 Elevation 1809 for Security Temporal: 7 Important of 4530715 Unknown ARM64- Update Vector: Privilege based CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0623 4534273 Base: 7.8 Elevation Windows Security Temporal: 7 Important of 4530715 Unknown Server 2019 Update Vector: Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 4534273 Base: 7.8 Elevation Server 2019 Security Temporal: 7 Important of 4530715 Unknown (Server Core Update Vector: Privilege installation) CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4534276 Base: 7.8 Elevation Version Security Temporal: 7 Important of 4530714 Unknown 1709 for 32- Update Vector: Privilege bit Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4534276 Base: 7.8 Version Elevation Security Temporal: 7 1709 for Important of 4530714 Unknown Update Vector: x64-based Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems Windows 10 Version 4534276 Base: 7.8 Elevation 1709 for Security Temporal: 7 Important of 4530714 Unknown ARM64- Update Vector: Privilege based CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0623 Windows 10 4528760 Base: 7.8 Elevation Version Security Temporal: 7 Important of 4530684 Yes 1903 for 32- Update Vector: Privilege bit Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4528760 Base: 7.8 Version Elevation Security Temporal: 7 1903 for Important of 4530684 Yes Update Vector: x64-based Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems Windows 10 Version 4528760 Base: 7.8 Elevation 1903 for Security Temporal: 7 Important of 4530684 Yes ARM64- Update Vector: Privilege based CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems Windows Server, 4528760 Base: 7.8 Elevation version Security Temporal: 7 Important of 4530684 Yes 1903 Update Vector: Privilege (Server Core CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C installation)

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0623 4534306 Base: 7.8 Windows 10 Elevation Security Temporal: 7 for 32-bit Important of 4530681 Unknown Update Vector: Systems Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4534306 Base: 7.8 Elevation for x64- Security Temporal: 7 Important of 4530681 Unknown based Update Vector: Privilege Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4534271 Base: 7.8 Elevation Version Security Temporal: 7 Important of 4530689 Unknown 1607 for 32- Update Vector: Privilege bit Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4534271 Base: 7.8 Version Elevation Security Temporal: 7 1607 for Important of 4530689 Unknown Update Vector: x64-based Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems 4534271 Base: 7.8 Elevation Windows Security Temporal: 7 Important of 4530689 Unknown Server 2016 Update Vector: Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0623 Windows 4534271 Base: 7.8 Elevation Server 2016 Security Temporal: 7 Important of 4530689 Unknown (Server Core Update Vector: Privilege installation) CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 4534297 Monthly Base: 7.8 Windows Rollup Elevation Temporal: 7 8.1 for 32- 4534309 Important of 4530702 Unknown Vector: bit systems Security Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Only

4534297 Base: 7.8 Elevation Windows RT Monthly Temporal: 7 Important of 4530702 Unknown 8.1 Rollup Vector: Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0623 4534297 Monthly Base: 7.8 Windows Rollup Elevation Temporal: 7 Server 2012 4534309 Important of 4530702 Unknown Vector: R2 Security Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Only

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0623 Windows 10 Version 4528760 Base: 7.8 Elevation 1909 for Security Temporal: 7 Important of 4530684 Yes ARM64- Update Vector: Privilege based CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems Windows Server, 4528760 Base: 7.8 Elevation version Security Temporal: 7 Important of 4530684 Yes 1909 Update Vector: Privilege (Server Core CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C installation)

CVE-2020-0624 - Win32k Elevation of Privilege Vulnerability

Maximum Vulnerability CVE ID Vulnerability Description Severity Impact Rating CVE- CVE Title: Win32k Elevation of Privilege Vulnerability Elevation of 2020- Important Description: Privilege 0624

@NSFOUS 2020 http://www.nsfocus.com

Maximum Vulnerability CVE ID Vulnerability Description Severity Impact Rating MITRE An elevation of privilege vulnerability exists in Windows when the Win32k component NVD fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system. The update addresses this vulnerability by correcting how Win32k handles objects in memory.

FAQ: None Mitigations: None Workarounds: None Revision: 1.0 01/14/2020 08:00:00 Information published.

@NSFOUS 2020 http://www.nsfocus.com

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2020-0624 KB Restart Product Severity Impact Supersedence CVSS Score Set Article Required Windows 10 4528760 Base: 7.8 Elevation Version Security Temporal: 7 Important of 4530684 Yes 1903 for 32- Update Vector: Privilege bit Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4528760 Base: 7.8 Version Elevation Security Temporal: 7 1903 for Important of 4530684 Yes Update Vector: x64-based Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems Windows 10 Version 4528760 Base: 7.8 Elevation 1903 for Security Temporal: 7 Important of 4530684 Yes ARM64- Update Vector: Privilege based CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0624 Windows Server, 4528760 Base: 7.8 Elevation version Security Temporal: 7 Important of 4530684 Yes 1903 Update Vector: Privilege (Server Core CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C installation) Windows 10 4528760 Base: 7.8 Elevation Version Security Temporal: 7 Important of 4530684 Yes 1909 for 32- Update Vector: Privilege bit Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4528760 Base: 7.8 Version Elevation Security Temporal: 7 1909 for Important of 4530684 Yes Update Vector: x64-based Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems Windows 10 Version 4528760 Base: 7.8 Elevation 1909 for Security Temporal: 7 Important of 4530684 Yes ARM64- Update Vector: Privilege based CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0624 Windows Server, 4528760 Base: 7.8 Elevation version Security Temporal: 7 Important of 4530684 Yes 1909 Update Vector: Privilege (Server Core CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C installation)

CVE-2020-0625 - Windows Search Indexer Elevation of Privilege Vulnerability

Maximum Vulnerability CVE ID Vulnerability Description Severity Rating Impact CVE Title: Windows Search Indexer Elevation of Privilege Vulnerability Description: CVE- An elevation of privilege vulnerability exists in the way that the Windows Search 2020- Indexer handles objects in memory. An attacker who successfully exploited the Elevation of 0625 Important vulnerability could execute code with elevated permissions. Privilege MITRE NVD To exploit the vulnerability, a locally authenticated attacker could run a specially crafted application.

@NSFOUS 2020 http://www.nsfocus.com

FAQ: None Mitigations: None Workarounds: None Revision: 1.0 01/14/2020 08:00:00 Information published.

Affected Software

The following tables list the affected software details for the vulnerability.

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0625 KB Restart Product Severity Impact Supersedence CVSS Score Set Article Required Windows 10 4534293 Base: 7.8 Elevation Version Security Temporal: 7 Important of 4530717 Unknown 1803 for 32- Update Vector: Privilege bit Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4534293 Base: 7.8 Version Elevation Security Temporal: 7 1803 for Important of 4530717 Unknown Update Vector: x64-based Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems Windows Server, 4534293 Base: 7.8 Elevation version Security Temporal: 7 Important of 4530717 Unknown 1803 (Server Update Vector: Privilege Core CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Installation) Windows 10 Version 4534293 Base: 7.8 Elevation 1803 for Security Temporal: 7 Important of 4530717 Unknown ARM64- Update Vector: Privilege based CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0625 Windows 10 4534273 Base: 7.8 Elevation Version Security Temporal: 7 Important of 4530715 Unknown 1809 for 32- Update Vector: Privilege bit Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4534273 Base: 7.8 Version Elevation Security Temporal: 7 1809 for Important of 4530715 Unknown Update Vector: x64-based Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems Windows 10 Version 4534273 Base: 7.8 Elevation 1809 for Security Temporal: 7 Important of 4530715 Unknown ARM64- Update Vector: Privilege based CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems 4534273 Base: 7.8 Elevation Windows Security Temporal: 7 Important of 4530715 Unknown Server 2019 Update Vector: Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 4534273 Base: 7.8 Elevation Server 2019 Security Temporal: 7 Important of 4530715 Unknown (Server Core Update Vector: Privilege installation) CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0625 Windows 10 4534276 Base: 7.8 Elevation Version Security Temporal: 7 Important of 4530714 Unknown 1709 for 32- Update Vector: Privilege bit Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4534276 Base: 7.8 Version Elevation Security Temporal: 7 1709 for Important of 4530714 Unknown Update Vector: x64-based Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems Windows 10 Version 4534276 Base: 7.8 Elevation 1709 for Security Temporal: 7 Important of 4530714 Unknown ARM64- Update Vector: Privilege based CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems Windows 10 4528760 Base: 7.8 Elevation Version Security Temporal: 7 Important of 4530684 Yes 1903 for 32- Update Vector: Privilege bit Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 4528760 Base: 7.8 Windows 10 Elevation Security Temporal: 7 Version Important of 4530684 Yes Update Vector: 1903 for Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0625 x64-based Systems Windows 10 Version 4528760 Base: 7.8 Elevation 1903 for Security Temporal: 7 Important of 4530684 Yes ARM64- Update Vector: Privilege based CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems Windows Server, 4528760 Base: 7.8 Elevation version Security Temporal: 7 Important of 4530684 Yes 1903 (Server Update Vector: Privilege Core CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C installation) 4534306 Base: 7.8 Windows 10 Elevation Security Temporal: 7 for 32-bit Important of 4530681 Unknown Update Vector: Systems Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4534306 Base: 7.8 Elevation for x64- Security Temporal: 7 Important of 4530681 Unknown based Update Vector: Privilege Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0625 Windows 10 4534271 Base: 7.8 Elevation Version Security Temporal: 7 Important of 4530689 Unknown 1607 for 32- Update Vector: Privilege bit Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4534271 Base: 7.8 Version Elevation Security Temporal: 7 1607 for Important of 4530689 Unknown Update Vector: x64-based Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems 4534271 Base: 7.8 Elevation Windows Security Temporal: 7 Important of 4530689 Unknown Server 2016 Update Vector: Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 4534271 Base: 7.8 Elevation Server 2016 Security Temporal: 7 Important of 4530689 Unknown (Server Core Update Vector: Privilege installation) CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 7 4534310 Base: 7.8 for 32-bit Monthly Elevation Temporal: 7 Systems Rollup Important of 4530734 Yes Vector: Service Pack 4534314 Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 1 Security

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0625 Only

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0625 4534297 Base: 7.8 Elevation Windows RT Monthly Temporal: 7 Important of 4530702 Unknown 8.1 Rollup Vector: Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 4534303 Windows Monthly Server 2008 Base: 7.8 Rollup Elevation for 32-bit Temporal: 7 4534312 Important of 4530695 Yes Systems Vector: Security Privilege Service Pack CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Only 2

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0625 Systems Security Service Pack Only 2 Windows 4534303 Server 2008 Monthly Base: 7.8 for x64- Rollup Elevation Temporal: 7 based 4534312 Important of 4530695 Yes Vector: Systems Security Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Service Pack Only 2 Windows Server 2008 4534303 for x64- Monthly Base: 7.8 based Rollup Elevation Temporal: 7 Systems 4534312 Important of 4530695 Yes Vector: Service Pack Security Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 2 (Server Only Core installation) Windows 4534310 Base: 7.8 Elevation Server 2008 Monthly Temporal: 7 Important of 4530734 Yes R2 for Rollup Vector: Privilege Itanium- 4534314 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0625 Based Security Systems Only Service Pack 1 Windows 4534310 Server 2008 Monthly Base: 7.8 R2 for x64- Rollup Elevation Temporal: 7 based 4534314 Important of 4530734 Yes Vector: Systems Security Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Service Pack Only 1 Windows Server 2008 4534310 R2 for x64- Monthly Base: 7.8 based Rollup Elevation Temporal: 7 Systems 4534314 Important of 4530734 Yes Vector: Service Pack Security Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 1 (Server Only Core installation) 4534283 Elevation Windows Base: 7.8 Monthly Important of 4530691 Unknown Server 2012 Temporal: 7 Rollup Privilege

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0625 4534288 Vector: Security CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Only

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0625 Only

Windows 10 4528760 Base: 7.8 Elevation Version Security Temporal: 7 Important of 4530684 Yes 1909 for 32- Update Vector: Privilege bit Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4528760 Base: 7.8 Version Elevation Security Temporal: 7 1909 for Important of 4530684 Yes Update Vector: x64-based Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems Windows 10 Version 4528760 Base: 7.8 Elevation 1909 for Security Temporal: 7 Important of 4530684 Yes ARM64- Update Vector: Privilege based CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems Windows Server, 4528760 Base: 7.8 Elevation version Security Temporal: 7 Important of 4530684 Yes 1909 (Server Update Vector: Privilege Core CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C installation)

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0626 - Windows Search Indexer Elevation of Privilege Vulnerability

CVE- To exploit the vulnerability, a locally authenticated attacker could run a specially 2020- crafted application. Elevation of 0626 Important The security update addresses the vulnerability by ensuring the Windows Search Privilege MITRE Indexer properly handles objects in memory. NVD

FAQ: None Mitigations: None Workarounds:

@NSFOUS 2020 http://www.nsfocus.com

Maximum Vulnerability CVE ID Vulnerability Description Severity Rating Impact None Revision: 1.0 01/14/2020 08:00:00 Information published.

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2020-0626 KB Restart Product Severity Impact Supersedence CVSS Score Set Article Required Windows 10 4534293 Base: 7.8 Elevation Version Security Temporal: 7 Important of 4530717 Unknown 1803 for 32- Update Vector: Privilege bit Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 Elevation 4534293 Base: 7.8 Version Important of 4530717 Unknown Security Temporal: 7 1803 for Privilege

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0626 x64-based Update Vector: Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows Server, 4534293 Base: 7.8 Elevation version Security Temporal: 7 Important of 4530717 Unknown 1803 (Server Update Vector: Privilege Core CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Installation) Windows 10 Version 4534293 Base: 7.8 Elevation 1803 for Security Temporal: 7 Important of 4530717 Unknown ARM64- Update Vector: Privilege based CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems Windows 10 4534273 Base: 7.8 Elevation Version Security Temporal: 7 Important of 4530715 Unknown 1809 for 32- Update Vector: Privilege bit Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4534273 Base: 7.8 Version Elevation Security Temporal: 7 1809 for Important of 4530715 Unknown Update Vector: x64-based Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0626 Windows 10 Version 4534273 Base: 7.8 Elevation 1809 for Security Temporal: 7 Important of 4530715 Unknown ARM64- Update Vector: Privilege based CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems 4534273 Base: 7.8 Elevation Windows Security Temporal: 7 Important of 4530715 Unknown Server 2019 Update Vector: Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 4534273 Base: 7.8 Elevation Server 2019 Security Temporal: 7 Important of 4530715 Unknown (Server Core Update Vector: Privilege installation) CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4534276 Base: 7.8 Elevation Version Security Temporal: 7 Important of 4530714 Unknown 1709 for 32- Update Vector: Privilege bit Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4534276 Base: 7.8 Version Elevation Security Temporal: 7 1709 for Important of 4530714 Unknown Update Vector: x64-based Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0626 Windows 10 Version 4534276 Base: 7.8 Elevation 1709 for Security Temporal: 7 Important of 4530714 Unknown ARM64- Update Vector: Privilege based CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems Windows 10 4528760 Base: 7.8 Elevation Version Security Temporal: 7 Important of 4530684 Yes 1903 for 32- Update Vector: Privilege bit Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4528760 Base: 7.8 Version Elevation Security Temporal: 7 1903 for Important of 4530684 Yes Update Vector: x64-based Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems Windows 10 Version 4528760 Base: 7.8 Elevation 1903 for Security Temporal: 7 Important of 4530684 Yes ARM64- Update Vector: Privilege based CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0626 Windows Server, 4528760 Base: 7.8 Elevation version Security Temporal: 7 Important of 4530684 Yes 1903 (Server Update Vector: Privilege Core CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C installation) 4534306 Base: 7.8 Windows 10 Elevation Security Temporal: 7 for 32-bit Important of 4530681 Unknown Update Vector: Systems Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4534306 Base: 7.8 Elevation for x64- Security Temporal: 7 Important of 4530681 Unknown based Update Vector: Privilege Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4534271 Base: 7.8 Elevation Version Security Temporal: 7 Important of 4530689 Unknown 1607 for 32- Update Vector: Privilege bit Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4534271 Base: 7.8 Version Elevation Security Temporal: 7 1607 for Important of 4530689 Unknown Update Vector: x64-based Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0626 4534271 Base: 7.8 Elevation Windows Security Temporal: 7 Important of 4530689 Unknown Server 2016 Update Vector: Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 4534271 Base: 7.8 Elevation Server 2016 Security Temporal: 7 Important of 4530689 Unknown (Server Core Update Vector: Privilege installation) CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 4534310 Windows 7 Monthly Base: 7.8 for 32-bit Rollup Elevation Temporal: 7 Systems 4534314 Important of 4530734 Yes Vector: Service Pack Security Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 1 Only

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0626 4534297 Monthly Base: 7.8 Windows Rollup Elevation Temporal: 7 8.1 for 32- 4534309 Important of 4530702 Unknown Vector: bit systems Security Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Only

4534297 Base: 7.8 Elevation Windows RT Monthly Temporal: 7 Important of 4530702 Unknown 8.1 Rollup Vector: Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 4534303 Windows Base: 7.8 Monthly Elevation Server 2008 Temporal: 7 Rollup Important of 4530695 Yes for 32-bit Vector: 4534312 Privilege Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Security

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0626 Service Pack Only 2 Windows 4534303 Server 2008 Monthly for 32-bit Base: 7.8 Rollup Elevation Systems Temporal: 7 4534312 Important of 4530695 Yes Service Pack Vector: Security Privilege 2 (Server CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Only Core installation) Windows 4534303 Server 2008 Monthly Base: 7.8 for Itanium- Rollup Elevation Temporal: 7 Based 4534312 Important of 4530695 Yes Vector: Systems Security Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Service Pack Only 2 Windows 4534303 Base: 7.8 Server 2008 Monthly Elevation Temporal: 7 for x64- Rollup Important of 4530695 Yes Vector: based 4534312 Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems Security

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0626 Service Pack Only 2 Windows Server 2008 4534303 for x64- Monthly Base: 7.8 based Rollup Elevation Temporal: 7 Systems 4534312 Important of 4530695 Yes Vector: Service Pack Security Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 2 (Server Only Core installation) Windows 4534310 Server 2008 Monthly R2 for Base: 7.8 Rollup Elevation Itanium- Temporal: 7 4534314 Important of 4530734 Yes Based Vector: Security Privilege Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Only Service Pack

1 Windows 4534310 Base: 7.8 Elevation Server 2008 Monthly Temporal: 7 Important of 4530734 Yes R2 for x64- Rollup Vector: Privilege based 4534314 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0626 Systems Security Service Pack Only 1 Windows Server 2008 4534310 R2 for x64- Monthly Base: 7.8 based Rollup Elevation Temporal: 7 Systems 4534314 Important of 4530734 Yes Vector: Service Pack Security Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 1 (Server Only Core installation) 4534283 Monthly Base: 7.8 Rollup Elevation Windows Temporal: 7 4534288 Important of 4530691 Unknown Server 2012 Vector: Security Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Only

Windows 4534283 Base: 7.8 Elevation Server 2012 Monthly Temporal: 7 Important of 4530691 Unknown (Server Core Rollup Vector: Privilege installation) 4534288 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0626 Security Only

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0626 Windows 10 4528760 Base: 7.8 Version Elevation Security Temporal: 7 1909 for Important of 4530684 Yes Update Vector: x64-based Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems Windows 10 Version 4528760 Base: 7.8 Elevation 1909 for Security Temporal: 7 Important of 4530684 Yes ARM64- Update Vector: Privilege based CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems Windows Server, 4528760 Base: 7.8 Elevation version Security Temporal: 7 Important of 4530684 Yes 1909 (Server Update Vector: Privilege Core CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C installation)

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0627 - Windows Search Indexer Elevation of Privilege Vulnerability

CVE- To exploit the vulnerability, a locally authenticated attacker could run a specially 2020- crafted application. Elevation of 0627 Important The security update addresses the vulnerability by ensuring the Windows Search Privilege MITRE Indexer properly handles objects in memory. NVD

FAQ: None Mitigations: None Workarounds:

@NSFOUS 2020 http://www.nsfocus.com

Maximum Vulnerability CVE ID Vulnerability Description Severity Rating Impact None Revision: 1.0 01/14/2020 08:00:00 Information published.

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2020-0627 KB Restart Product Severity Impact Supersedence CVSS Score Set Article Required Windows 10 4534293 Base: 7.8 Elevation Version Security Temporal: 7 Important of 4530717 Unknown 1803 for 32- Update Vector: Privilege bit Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 Elevation 4534293 Base: 7.8 Version Important of 4530717 Unknown Security Temporal: 7 1803 for Privilege

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0627 x64-based Update Vector: Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows Server, 4534293 Base: 7.8 Elevation version Security Temporal: 7 Important of 4530717 Unknown 1803 (Server Update Vector: Privilege Core CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Installation) Windows 10 Version 4534293 Base: 7.8 Elevation 1803 for Security Temporal: 7 Important of 4530717 Unknown ARM64- Update Vector: Privilege based CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems Windows 10 4534273 Base: 7.8 Elevation Version Security Temporal: 7 Important of 4530715 Unknown 1809 for 32- Update Vector: Privilege bit Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4534273 Base: 7.8 Version Elevation Security Temporal: 7 1809 for Important of 4530715 Unknown Update Vector: x64-based Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0627 Windows 10 Version 4534273 Base: 7.8 Elevation 1809 for Security Temporal: 7 Important of 4530715 Unknown ARM64- Update Vector: Privilege based CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems 4534273 Base: 7.8 Elevation Windows Security Temporal: 7 Important of 4530715 Unknown Server 2019 Update Vector: Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 4534273 Base: 7.8 Elevation Server 2019 Security Temporal: 7 Important of 4530715 Unknown (Server Core Update Vector: Privilege installation) CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4534276 Base: 7.8 Elevation Version Security Temporal: 7 Important of 4530714 Unknown 1709 for 32- Update Vector: Privilege bit Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4534276 Base: 7.8 Version Elevation Security Temporal: 7 1709 for Important of 4530714 Unknown Update Vector: x64-based Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0627 Windows 10 Version 4534276 Base: 7.8 Elevation 1709 for Security Temporal: 7 Important of 4530714 Unknown ARM64- Update Vector: Privilege based CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems Windows 10 4528760 Base: 7.8 Elevation Version Security Temporal: 7 Important of 4530684 Yes 1903 for 32- Update Vector: Privilege bit Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4528760 Base: 7.8 Version Elevation Security Temporal: 7 1903 for Important of 4530684 Yes Update Vector: x64-based Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems Windows 10 Version 4528760 Base: 7.8 Elevation 1903 for Security Temporal: 7 Important of 4530684 Yes ARM64- Update Vector: Privilege based CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0627 Windows Server, 4528760 Base: 7.8 Elevation version Security Temporal: 7 Important of 4530684 Yes 1903 (Server Update Vector: Privilege Core CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C installation) 4534306 Base: 7.8 Windows 10 Elevation Security Temporal: 7 for 32-bit Important of 4530681 Unknown Update Vector: Systems Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4534306 Base: 7.8 Elevation for x64- Security Temporal: 7 Important of 4530681 Unknown based Update Vector: Privilege Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4534271 Base: 7.8 Elevation Version Security Temporal: 7 Important of 4530689 Unknown 1607 for 32- Update Vector: Privilege bit Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4534271 Base: 7.8 Version Elevation Security Temporal: 7 1607 for Important of 4530689 Unknown Update Vector: x64-based Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0627 4534271 Base: 7.8 Elevation Windows Security Temporal: 7 Important of 4530689 Unknown Server 2016 Update Vector: Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 4534271 Base: 7.8 Elevation Server 2016 Security Temporal: 7 Important of 4530689 Unknown (Server Core Update Vector: Privilege installation) CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 4534310 Windows 7 Monthly Base: 7.8 for 32-bit Rollup Elevation Temporal: 7 Systems 4534314 Important of 4530734 Yes Vector: Service Pack Security Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 1 Only

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0627 4534297 Monthly Base: 7.8 Windows Rollup Elevation Temporal: 7 8.1 for 32- 4534309 Important of 4530702 Unknown Vector: bit systems Security Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Only

4534297 Base: 7.8 Elevation Windows RT Monthly Temporal: 7 Important of 4530702 Unknown 8.1 Rollup Vector: Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 4534303 Windows Base: 7.8 Monthly Elevation Server 2008 Temporal: 7 Rollup Important of 4530695 Yes for 32-bit Vector: 4534312 Privilege Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Security

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0627 Service Pack Only 2 Windows 4534303 Server 2008 Monthly for 32-bit Base: 7.8 Rollup Elevation Systems Temporal: 7 4534312 Important of 4530695 Yes Service Pack Vector: Security Privilege 2 (Server CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Only Core installation) Windows 4534303 Server 2008 Monthly Base: 7.8 for Itanium- Rollup Elevation Temporal: 7 Based 4534312 Important of 4530695 Yes Vector: Systems Security Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Service Pack Only 2 Windows 4534303 Base: 7.8 Server 2008 Monthly Elevation Temporal: 7 for x64- Rollup Important of 4530695 Yes Vector: based 4534312 Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems Security

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0627 Service Pack Only 2 Windows Server 2008 4534303 for x64- Monthly Base: 7.8 based Rollup Elevation Temporal: 7 Systems 4534312 Important of 4530695 Yes Vector: Service Pack Security Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 2 (Server Only Core installation) Windows 4534310 Server 2008 Monthly R2 for Base: 7.8 Rollup Elevation Itanium- Temporal: 7 4534314 Important of 4530734 Yes Based Vector: Security Privilege Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Only Service Pack

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0627 Systems Security Service Pack Only 1 Windows Server 2008 4534310 R2 for x64- Monthly Base: 7.8 based Rollup Elevation Temporal: 7 Systems 4534314 Important of 4530734 Yes Vector: Service Pack Security Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 1 (Server Only Core installation) 4534283 Monthly Base: 7.8 Rollup Elevation Windows Temporal: 7 4534288 Important of 4530691 Unknown Server 2012 Vector: Security Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Only

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0627 Security Only

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0627 Windows 10 4528760 Base: 7.8 Version Elevation Security Temporal: 7 1909 for Important of 4530684 Yes Update Vector: x64-based Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems Windows 10 Version 4528760 Base: 7.8 Elevation 1909 for Security Temporal: 7 Important of 4530684 Yes ARM64- Update Vector: Privilege based CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems Windows Server, 4528760 Base: 7.8 Elevation version Security Temporal: 7 Important of 4530684 Yes 1909 (Server Update Vector: Privilege Core CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C installation)

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0628 - Windows Search Indexer Elevation of Privilege Vulnerability

CVE- To exploit the vulnerability, a locally authenticated attacker could run a specially 2020- crafted application. Elevation of 0628 Important The security update addresses the vulnerability by ensuring the Windows Search Privilege MITRE Indexer properly handles objects in memory. NVD

FAQ: None Mitigations: None Workarounds:

@NSFOUS 2020 http://www.nsfocus.com

Maximum Vulnerability CVE ID Vulnerability Description Severity Rating Impact None Revision: 1.0 01/14/2020 08:00:00 Information published.

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2020-0628 KB Restart Product Severity Impact Supersedence CVSS Score Set Article Required Windows 10 4534293 Base: 7.8 Elevation Version Security Temporal: 7 Important of 4530717 Unknown 1803 for 32- Update Vector: Privilege bit Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 Elevation 4534293 Base: 7.8 Version Important of 4530717 Unknown Security Temporal: 7 1803 for Privilege

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0628 x64-based Update Vector: Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows Server, 4534293 Base: 7.8 Elevation version Security Temporal: 7 Important of 4530717 Unknown 1803 (Server Update Vector: Privilege Core CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Installation) Windows 10 Version 4534293 Base: 7.8 Elevation 1803 for Security Temporal: 7 Important of 4530717 Unknown ARM64- Update Vector: Privilege based CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems Windows 10 4534273 Base: 7.8 Elevation Version Security Temporal: 7 Important of 4530715 Unknown 1809 for 32- Update Vector: Privilege bit Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4534273 Base: 7.8 Version Elevation Security Temporal: 7 1809 for Important of 4530715 Unknown Update Vector: x64-based Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0628 Windows 10 Version 4534273 Base: 7.8 Elevation 1809 for Security Temporal: 7 Important of 4530715 Unknown ARM64- Update Vector: Privilege based CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems 4534273 Base: 7.8 Elevation Windows Security Temporal: 7 Important of 4530715 Unknown Server 2019 Update Vector: Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 4534273 Base: 7.8 Elevation Server 2019 Security Temporal: 7 Important of 4530715 Unknown (Server Core Update Vector: Privilege installation) CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4534276 Base: 7.8 Elevation Version Security Temporal: 7 Important of 4530714 Unknown 1709 for 32- Update Vector: Privilege bit Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4534276 Base: 7.8 Version Elevation Security Temporal: 7 1709 for Important of 4530714 Unknown Update Vector: x64-based Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0628 Windows 10 Version 4534276 Base: 7.8 Elevation 1709 for Security Temporal: 7 Important of 4530714 Unknown ARM64- Update Vector: Privilege based CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems Windows 10 4528760 Base: 7.8 Elevation Version Security Temporal: 7 Important of 4530684 Yes 1903 for 32- Update Vector: Privilege bit Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4528760 Base: 7.8 Version Elevation Security Temporal: 7 1903 for Important of 4530684 Yes Update Vector: x64-based Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems Windows 10 Version 4528760 Base: 7.8 Elevation 1903 for Security Temporal: 7 Important of 4530684 Yes ARM64- Update Vector: Privilege based CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0628 Windows Server, 4528760 Base: 7.8 Elevation version Security Temporal: 7 Important of 4530684 Yes 1903 (Server Update Vector: Privilege Core CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C installation) 4534306 Base: 7.8 Windows 10 Elevation Security Temporal: 7 for 32-bit Important of 4530681 Unknown Update Vector: Systems Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4534306 Base: 7.8 Elevation for x64- Security Temporal: 7 Important of 4530681 Unknown based Update Vector: Privilege Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4534271 Base: 7.8 Elevation Version Security Temporal: 7 Important of 4530689 Unknown 1607 for 32- Update Vector: Privilege bit Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4534271 Base: 7.8 Version Elevation Security Temporal: 7 1607 for Important of 4530689 Unknown Update Vector: x64-based Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0628 4534271 Base: 7.8 Elevation Windows Security Temporal: 7 Important of 4530689 Unknown Server 2016 Update Vector: Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 4534271 Base: 7.8 Elevation Server 2016 Security Temporal: 7 Important of 4530689 Unknown (Server Core Update Vector: Privilege installation) CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 4534310 Windows 7 Monthly Base: 7.8 for 32-bit Rollup Elevation Temporal: 7 Systems 4534314 Important of 4530734 Yes Vector: Service Pack Security Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 1 Only

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0628 4534297 Monthly Base: 7.8 Windows Rollup Elevation Temporal: 7 8.1 for 32- 4534309 Important of 4530702 Unknown Vector: bit systems Security Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Only

4534297 Base: 7.8 Elevation Windows RT Monthly Temporal: 7 Important of 4530702 Unknown 8.1 Rollup Vector: Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 4534303 Windows Base: 7.8 Monthly Elevation Server 2008 Temporal: 7 Rollup Important of 4530695 Yes for 32-bit Vector: 4534312 Privilege Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Security

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0628 Service Pack Only 2 Windows 4534303 Server 2008 Monthly for 32-bit Base: 7.8 Rollup Elevation Systems Temporal: 7 4534312 Important of 4530695 Yes Service Pack Vector: Security Privilege 2 (Server CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Only Core installation) Windows 4534303 Server 2008 Monthly Base: 7.8 for Itanium- Rollup Elevation Temporal: 7 Based 4534312 Important of 4530695 Yes Vector: Systems Security Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Service Pack Only 2 Windows 4534303 Base: 7.8 Server 2008 Monthly Elevation Temporal: 7 for x64- Rollup Important of 4530695 Yes Vector: based 4534312 Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems Security

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0628 Service Pack Only 2 Windows Server 2008 4534303 for x64- Monthly Base: 7.8 based Rollup Elevation Temporal: 7 Systems 4534312 Important of 4530695 Yes Vector: Service Pack Security Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 2 (Server Only Core installation) Windows 4534310 Server 2008 Monthly R2 for Base: 7.8 Rollup Elevation Itanium- Temporal: 7 4534314 Important of 4530734 Yes Based Vector: Security Privilege Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Only Service Pack

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0628 Systems Security Service Pack Only 1 Windows Server 2008 4534310 R2 for x64- Monthly Base: 7.8 based Rollup Elevation Temporal: 7 Systems 4534314 Important of 4530734 Yes Vector: Service Pack Security Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 1 (Server Only Core installation) 4534283 Monthly Base: 7.8 Rollup Elevation Windows Temporal: 7 4534288 Important of 4530691 Unknown Server 2012 Vector: Security Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Only

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0628 Security Only

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0628 Windows 10 4528760 Base: 7.8 Version Elevation Security Temporal: 7 1909 for Important of 4530684 Yes Update Vector: x64-based Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems Windows 10 Version 4528760 Base: 7.8 Elevation 1909 for Security Temporal: 7 Important of 4530684 Yes ARM64- Update Vector: Privilege based CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems Windows Server, 4528760 Base: 7.8 Elevation version Security Temporal: 7 Important of 4530684 Yes 1909 (Server Update Vector: Privilege Core CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C installation)

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0629 - Windows Search Indexer Elevation of Privilege Vulnerability

CVE- To exploit the vulnerability, a locally authenticated attacker could run a specially 2020- crafted application. Elevation of 0629 Important The security update addresses the vulnerability by ensuring the Windows Search Privilege MITRE Indexer properly handles objects in memory. NVD

FAQ: None Mitigations: None Workarounds:

@NSFOUS 2020 http://www.nsfocus.com

Maximum Vulnerability CVE ID Vulnerability Description Severity Rating Impact None Revision: 1.0 01/14/2020 08:00:00 Information published.

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2020-0629 KB Restart Product Severity Impact Supersedence CVSS Score Set Article Required Windows 10 4534293 Base: 7.8 Elevation Version Security Temporal: 7 Important of 4530717 Unknown 1803 for 32- Update Vector: Privilege bit Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 Elevation 4534293 Base: 7.8 Version Important of 4530717 Unknown Security Temporal: 7 1803 for Privilege

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0629 x64-based Update Vector: Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows Server, 4534293 Base: 7.8 Elevation version Security Temporal: 7 Important of 4530717 Unknown 1803 (Server Update Vector: Privilege Core CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Installation) Windows 10 Version 4534293 Base: 7.8 Elevation 1803 for Security Temporal: 7 Important of 4530717 Unknown ARM64- Update Vector: Privilege based CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems Windows 10 4534273 Base: 7.8 Elevation Version Security Temporal: 7 Important of 4530715 Unknown 1809 for 32- Update Vector: Privilege bit Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4534273 Base: 7.8 Version Elevation Security Temporal: 7 1809 for Important of 4530715 Unknown Update Vector: x64-based Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0629 Windows 10 Version 4534273 Base: 7.8 Elevation 1809 for Security Temporal: 7 Important of 4530715 Unknown ARM64- Update Vector: Privilege based CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems 4534273 Base: 7.8 Elevation Windows Security Temporal: 7 Important of 4530715 Unknown Server 2019 Update Vector: Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 4534273 Base: 7.8 Elevation Server 2019 Security Temporal: 7 Important of 4530715 Unknown (Server Core Update Vector: Privilege installation) CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4534276 Base: 7.8 Elevation Version Security Temporal: 7 Important of 4530714 Unknown 1709 for 32- Update Vector: Privilege bit Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4534276 Base: 7.8 Version Elevation Security Temporal: 7 1709 for Important of 4530714 Unknown Update Vector: x64-based Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0629 Windows 10 Version 4534276 Base: 7.8 Elevation 1709 for Security Temporal: 7 Important of 4530714 Unknown ARM64- Update Vector: Privilege based CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems Windows 10 4528760 Base: 7.8 Elevation Version Security Temporal: 7 Important of 4530684 Yes 1903 for 32- Update Vector: Privilege bit Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4528760 Base: 7.8 Version Elevation Security Temporal: 7 1903 for Important of 4530684 Yes Update Vector: x64-based Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems Windows 10 Version 4528760 Base: 7.8 Elevation 1903 for Security Temporal: 7 Important of 4530684 Yes ARM64- Update Vector: Privilege based CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0629 Windows Server, 4528760 Base: 7.8 Elevation version Security Temporal: 7 Important of 4530684 Yes 1903 (Server Update Vector: Privilege Core CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C installation) 4534306 Base: 7.8 Windows 10 Elevation Security Temporal: 7 for 32-bit Important of 4530681 Unknown Update Vector: Systems Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4534306 Base: 7.8 Elevation for x64- Security Temporal: 7 Important of 4530681 Unknown based Update Vector: Privilege Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4534271 Base: 7.8 Elevation Version Security Temporal: 7 Important of 4530689 Unknown 1607 for 32- Update Vector: Privilege bit Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4534271 Base: 7.8 Version Elevation Security Temporal: 7 1607 for Important of 4530689 Unknown Update Vector: x64-based Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0629 4534271 Base: 7.8 Elevation Windows Security Temporal: 7 Important of 4530689 Unknown Server 2016 Update Vector: Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 4534271 Base: 7.8 Elevation Server 2016 Security Temporal: 7 Important of 4530689 Unknown (Server Core Update Vector: Privilege installation) CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 4534310 Windows 7 Monthly Base: 7.8 for 32-bit Rollup Elevation Temporal: 7 Systems 4534314 Important of 4530734 Yes Vector: Service Pack Security Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 1 Only

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0629 4534297 Monthly Base: 7.8 Windows Rollup Elevation Temporal: 7 8.1 for 32- 4534309 Important of 4530702 Unknown Vector: bit systems Security Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Only

4534297 Base: 7.8 Elevation Windows RT Monthly Temporal: 7 Important of 4530702 Unknown 8.1 Rollup Vector: Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 4534303 Windows Base: 7.8 Monthly Elevation Server 2008 Temporal: 7 Rollup Important of 4530695 Yes for 32-bit Vector: 4534312 Privilege Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Security

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0629 Service Pack Only 2 Windows 4534303 Server 2008 Monthly for 32-bit Base: 7.8 Rollup Elevation Systems Temporal: 7 4534312 Important of 4530695 Yes Service Pack Vector: Security Privilege 2 (Server CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Only Core installation) Windows 4534303 Server 2008 Monthly Base: 7.8 for Itanium- Rollup Elevation Temporal: 7 Based 4534312 Important of 4530695 Yes Vector: Systems Security Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Service Pack Only 2 Windows 4534303 Base: 7.8 Server 2008 Monthly Elevation Temporal: 7 for x64- Rollup Important of 4530695 Yes Vector: based 4534312 Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems Security

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0629 Service Pack Only 2 Windows Server 2008 4534303 for x64- Monthly Base: 7.8 based Rollup Elevation Temporal: 7 Systems 4534312 Important of 4530695 Yes Vector: Service Pack Security Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 2 (Server Only Core installation) Windows 4534310 Server 2008 Monthly R2 for Base: 7.8 Rollup Elevation Itanium- Temporal: 7 4534314 Important of 4530734 Yes Based Vector: Security Privilege Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Only Service Pack

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0629 Systems Security Service Pack Only 1 Windows Server 2008 4534310 R2 for x64- Monthly Base: 7.8 based Rollup Elevation Temporal: 7 Systems 4534314 Important of 4530734 Yes Vector: Service Pack Security Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 1 (Server Only Core installation) 4534283 Monthly Base: 7.8 Rollup Elevation Windows Temporal: 7 4534288 Important of 4530691 Unknown Server 2012 Vector: Security Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Only

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0629 Security Only

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0629 Windows 10 4528760 Base: 7.8 Version Elevation Security Temporal: 7 1909 for Important of 4530684 Yes Update Vector: x64-based Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems Windows 10 Version 4528760 Base: 7.8 Elevation 1909 for Security Temporal: 7 Important of 4530684 Yes ARM64- Update Vector: Privilege based CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems Windows Server, 4528760 Base: 7.8 Elevation version Security Temporal: 7 Important of 4530684 Yes 1909 (Server Update Vector: Privilege Core CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C installation)

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0630 - Windows Search Indexer Elevation of Privilege Vulnerability

CVE- To exploit the vulnerability, a locally authenticated attacker could run a specially 2020- crafted application. Elevation of 0630 Important The security update addresses the vulnerability by ensuring the Windows Search Privilege MITRE Indexer properly handles objects in memory. NVD

FAQ: None Mitigations: None Workarounds:

@NSFOUS 2020 http://www.nsfocus.com

Maximum Vulnerability CVE ID Vulnerability Description Severity Rating Impact None Revision: 1.0 01/14/2020 08:00:00 Information published.

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2020-0630 KB Restart Product Severity Impact Supersedence CVSS Score Set Article Required Windows 10 4534293 Base: 7.8 Elevation Version Security Temporal: 7 Important of 4530717 Unknown 1803 for 32- Update Vector: Privilege bit Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 Elevation 4534293 Base: 7.8 Version Important of 4530717 Unknown Security Temporal: 7 1803 for Privilege

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0630 x64-based Update Vector: Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows Server, 4534293 Base: 7.8 Elevation version Security Temporal: 7 Important of 4530717 Unknown 1803 (Server Update Vector: Privilege Core CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Installation) Windows 10 Version 4534293 Base: 7.8 Elevation 1803 for Security Temporal: 7 Important of 4530717 Unknown ARM64- Update Vector: Privilege based CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems Windows 10 4534273 Base: 7.8 Elevation Version Security Temporal: 7 Important of 4530715 Unknown 1809 for 32- Update Vector: Privilege bit Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4534273 Base: 7.8 Version Elevation Security Temporal: 7 1809 for Important of 4530715 Unknown Update Vector: x64-based Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0630 Windows 10 Version 4534273 Base: 7.8 Elevation 1809 for Security Temporal: 7 Important of 4530715 Unknown ARM64- Update Vector: Privilege based CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems 4534273 Base: 7.8 Elevation Windows Security Temporal: 7 Important of 4530715 Unknown Server 2019 Update Vector: Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 4534273 Base: 7.8 Elevation Server 2019 Security Temporal: 7 Important of 4530715 Unknown (Server Core Update Vector: Privilege installation) CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4534276 Base: 7.8 Version Elevation Security Temporal: 7 1709 for Important of 4530714 Unknown Update Vector: x64-based Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems Windows 10 4534276 Base: 7.8 Elevation Version Security Temporal: 7 Important of 4530714 Unknown 1709 for Update Vector: Privilege ARM64- CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0630 based Systems Windows 10 4528760 Base: 7.8 Elevation Version Security Temporal: 7 Important of 4530684 Yes 1903 for 32- Update Vector: Privilege bit Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4528760 Base: 7.8 Version Elevation Security Temporal: 7 1903 for Important of 4530684 Yes Update Vector: x64-based Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems Windows 10 Version 4528760 Base: 7.8 Elevation 1903 for Security Temporal: 7 Important of 4530684 Yes ARM64- Update Vector: Privilege based CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems Windows Server, 4528760 Base: 7.8 Elevation version Security Temporal: 7 Important of 4530684 Yes 1903 (Server Update Vector: Privilege Core CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C installation)

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0630 4534306 Base: 7.8 Windows 10 Elevation Security Temporal: 7 for 32-bit Important of 4530681 Unknown Update Vector: Systems Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4534306 Base: 7.8 Elevation for x64- Security Temporal: 7 Important of 4530681 Unknown based Update Vector: Privilege Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4534271 Base: 7.8 Elevation Version Security Temporal: 7 Important of 4530689 Unknown 1607 for 32- Update Vector: Privilege bit Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4534271 Base: 7.8 Version Elevation Security Temporal: 7 1607 for Important of 4530689 Unknown Update Vector: x64-based Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems 4534271 Base: 7.8 Elevation Windows Security Temporal: 7 Important of 4530689 Unknown Server 2016 Update Vector: Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0630 Windows 4534271 Base: 7.8 Elevation Server 2016 Security Temporal: 7 Important of 4530689 Unknown (Server Core Update Vector: Privilege installation) CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 4534310 Windows 7 Monthly Base: 7.8 for 32-bit Rollup Elevation Temporal: 7 Systems 4534314 Important of 4530734 Yes Vector: Service Pack Security Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 1 Only

4534297 Base: 7.8 Windows Monthly Elevation Temporal: 7 8.1 for 32- Rollup Important of 4530702 Unknown Vector: bit systems 4534309 Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Security

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0630 Only

4534297 Base: 7.8 Elevation Windows RT Monthly Temporal: 7 Important of 4530702 Unknown 8.1 Rollup Vector: Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 4534303 Windows Monthly Server 2008 Base: 7.8 Rollup Elevation for 32-bit Temporal: 7 4534312 Important of 4530695 Yes Systems Vector: Security Privilege Service Pack CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Only 2

Windows 4534303 Elevation Base: 7.8 Server 2008 Monthly Important of 4530695 Yes Temporal: 7 for 32-bit Rollup Privilege

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0630 Systems 4534312 Vector: Service Pack Security CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 2 (Server Only Core installation) Windows 4534303 Server 2008 Monthly Base: 7.8 for Itanium- Rollup Elevation Temporal: 7 Based 4534312 Important of 4530695 Yes Vector: Systems Security Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Service Pack Only 2 Windows 4534303 Server 2008 Monthly Base: 7.8 for x64- Rollup Elevation Temporal: 7 based 4534312 Important of 4530695 Yes Vector: Systems Security Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Service Pack Only 2 Windows 4534303 Base: 7.8 Elevation Server 2008 Monthly Temporal: 7 Important of 4530695 Yes for x64- Rollup Vector: Privilege based 4534312 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0630 Systems Security Service Pack Only 2 (Server Core installation) Windows 4534310 Server 2008 Monthly R2 for Base: 7.8 Rollup Elevation Itanium- Temporal: 7 4534314 Important of 4530734 Yes Based Vector: Security Privilege Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Only Service Pack

1 Windows 4534310 Server 2008 Monthly Base: 7.8 R2 for x64- Rollup Elevation Temporal: 7 based 4534314 Important of 4530734 Yes Vector: Systems Security Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Service Pack Only 1 Windows 4534310 Elevation Base: 7.8 Server 2008 Monthly Important of 4530734 Yes Temporal: 7 R2 for x64- Rollup Privilege

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0630 based 4534314 Vector: Systems Security CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Service Pack Only 1 (Server Core installation) 4534283 Monthly Base: 7.8 Rollup Elevation Windows Temporal: 7 4534288 Important of 4530691 Unknown Server 2012 Vector: Security Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Only

Windows 4534297 Elevation Base: 7.8 Server 2012 Monthly Important of 4530702 Unknown Temporal: 7 R2 Rollup Privilege

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0630 4534309 Vector: Security CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Only

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0630 ARM64- Update Vector: based CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems Windows Server, 4528760 Base: 7.8 Elevation version Security Temporal: 7 Important of 4530684 Yes 1909 (Server Update Vector: Privilege Core CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C installation)

CVE-2020-0631 - Windows Search Indexer Elevation of Privilege Vulnerability

Maximum Vulnerability CVE ID Vulnerability Description Severity Rating Impact CVE- 2020- CVE Title: Windows Search Indexer Elevation of Privilege Vulnerability Elevation of 0631 Important Description: Privilege MITRE NVD

@NSFOUS 2020 http://www.nsfocus.com

Maximum Vulnerability CVE ID Vulnerability Description Severity Rating Impact An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. To exploit the vulnerability, a locally authenticated attacker could run a specially crafted application. The security update addresses the vulnerability by ensuring the Windows Search Indexer properly handles objects in memory.

FAQ: None Mitigations: None Workarounds: None Revision: 1.0 01/14/2020 08:00:00 Information published.

@NSFOUS 2020 http://www.nsfocus.com

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2020-0631 KB Restart Product Severity Impact Supersedence CVSS Score Set Article Required Windows 10 4534293 Base: 7.8 Elevation Version Security Temporal: 7 Important of 4530717 Unknown 1803 for 32- Update Vector: Privilege bit Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4534293 Base: 7.8 Version Elevation Security Temporal: 7 1803 for Important of 4530717 Unknown Update Vector: x64-based Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems Windows Server, 4534293 Base: 7.8 Elevation version Security Temporal: 7 Important of 4530717 Unknown 1803 (Server Update Vector: Privilege Core CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Installation)

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0631 Windows 10 Version 4534293 Base: 7.8 Elevation 1803 for Security Temporal: 7 Important of 4530717 Unknown ARM64- Update Vector: Privilege based CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems Windows 10 4534273 Base: 7.8 Elevation Version Security Temporal: 7 Important of 4530715 Unknown 1809 for 32- Update Vector: Privilege bit Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4534273 Base: 7.8 Version Elevation Security Temporal: 7 1809 for Important of 4530715 Unknown Update Vector: x64-based Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems Windows 10 Version 4534273 Base: 7.8 Elevation 1809 for Security Temporal: 7 Important of 4530715 Unknown ARM64- Update Vector: Privilege based CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0631 4534273 Base: 7.8 Elevation Windows Security Temporal: 7 Important of 4530715 Unknown Server 2019 Update Vector: Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 4534273 Base: 7.8 Elevation Server 2019 Security Temporal: 7 Important of 4530715 Unknown (Server Core Update Vector: Privilege installation) CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4534276 Base: 7.8 Elevation Version Security Temporal: 7 Important of 4530714 Unknown 1709 for 32- Update Vector: Privilege bit Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4534276 Base: 7.8 Version Elevation Security Temporal: 7 1709 for Important of 4530714 Unknown Update Vector: x64-based Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems Windows 10 Version 4534276 Base: 7.8 Elevation 1709 for Security Temporal: 7 Important of 4530714 Unknown ARM64- Update Vector: Privilege based CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0631 Windows 10 4528760 Base: 7.8 Elevation Version Security Temporal: 7 Important of 4530684 Yes 1903 for 32- Update Vector: Privilege bit Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4528760 Base: 7.8 Version Elevation Security Temporal: 7 1903 for Important of 4530684 Yes Update Vector: x64-based Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems Windows 10 Version 4528760 Base: 7.8 Elevation 1903 for Security Temporal: 7 Important of 4530684 Yes ARM64- Update Vector: Privilege based CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems Windows Server, 4528760 Base: 7.8 Elevation version Security Temporal: 7 Important of 4530684 Yes 1903 (Server Update Vector: Privilege Core CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C installation)

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0631 4534306 Base: 7.8 Windows 10 Elevation Security Temporal: 7 for 32-bit Important of 4530681 Unknown Update Vector: Systems Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4534306 Base: 7.8 Elevation for x64- Security Temporal: 7 Important of 4530681 Unknown based Update Vector: Privilege Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4534271 Base: 7.8 Elevation Version Security Temporal: 7 Important of 4530689 Unknown 1607 for 32- Update Vector: Privilege bit Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4534271 Base: 7.8 Version Elevation Security Temporal: 7 1607 for Important of 4530689 Unknown Update Vector: x64-based Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems 4534271 Base: 7.8 Elevation Windows Security Temporal: 7 Important of 4530689 Unknown Server 2016 Update Vector: Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0631 Windows 4534271 Base: 7.8 Elevation Server 2016 Security Temporal: 7 Important of 4530689 Unknown (Server Core Update Vector: Privilege installation) CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 4534310 Windows 7 Monthly Base: 7.8 for 32-bit Rollup Elevation Temporal: 7 Systems 4534314 Important of 4530734 Yes Vector: Service Pack Security Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 1 Only

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0631 Only

4534297 Base: 7.8 Elevation Windows RT Monthly Temporal: 7 Important of 4530702 Unknown 8.1 Rollup Vector: Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 4534303 Windows Monthly Server 2008 Base: 7.8 Rollup Elevation for 32-bit Temporal: 7 4534312 Important of 4530695 Yes Systems Vector: Security Privilege Service Pack CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Only 2

Windows 4534303 Elevation Base: 7.8 Server 2008 Monthly Important of 4530695 Yes Temporal: 7 for 32-bit Rollup Privilege

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0631 Systems 4534312 Vector: Service Pack Security CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 2 (Server Only Core installation) Windows 4534303 Server 2008 Monthly Base: 7.8 for Itanium- Rollup Elevation Temporal: 7 Based 4534312 Important of 4530695 Yes Vector: Systems Security Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Service Pack Only 2 Windows 4534303 Server 2008 Monthly Base: 7.8 for x64- Rollup Elevation Temporal: 7 based 4534312 Important of 4530695 Yes Vector: Systems Security Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Service Pack Only 2 Windows 4534303 Base: 7.8 Elevation Server 2008 Monthly Temporal: 7 Important of 4530695 Yes for x64- Rollup Vector: Privilege based 4534312 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0631 Systems Security Service Pack Only 2 (Server Core installation) Windows 4534310 Server 2008 Monthly R2 for Base: 7.8 Rollup Elevation Itanium- Temporal: 7 4534314 Important of 4530734 Yes Based Vector: Security Privilege Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Only Service Pack

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0631 based 4534314 Vector: Systems Security CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Service Pack Only 1 (Server Core installation) 4534283 Monthly Base: 7.8 Rollup Elevation Windows Temporal: 7 4534288 Important of 4530691 Unknown Server 2012 Vector: Security Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Only

Windows 4534297 Elevation Base: 7.8 Server 2012 Monthly Important of 4530702 Unknown Temporal: 7 R2 Rollup Privilege

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0631 4534309 Vector: Security CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Only

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0631 ARM64- Update Vector: based CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems Windows Server, 4528760 Base: 7.8 Elevation version Security Temporal: 7 Important of 4530684 Yes 1909 (Server Update Vector: Privilege Core CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C installation)

CVE-2020-0632 - Windows Search Indexer Elevation of Privilege Vulnerability

@NSFOUS 2020 http://www.nsfocus.com

FAQ: None Mitigations: None Workarounds: None Revision: 1.0 01/14/2020 08:00:00 Information published.

@NSFOUS 2020 http://www.nsfocus.com

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2020-0632 KB Restart Product Severity Impact Supersedence CVSS Score Set Article Required Windows 10 4534293 Base: 7.8 Elevation Version Security Temporal: 7 Important of 4530717 Unknown 1803 for 32- Update Vector: Privilege bit Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4534293 Base: 7.8 Version Elevation Security Temporal: 7 1803 for Important of 4530717 Unknown Update Vector: x64-based Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems Windows Server, 4534293 Base: 7.8 Elevation version Security Temporal: 7 Important of 4530717 Unknown 1803 (Server Update Vector: Privilege Core CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Installation)

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0632 Windows 10 Version 4534293 Base: 7.8 Elevation 1803 for Security Temporal: 7 Important of 4530717 Unknown ARM64- Update Vector: Privilege based CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems Windows 10 4534273 Base: 7.8 Elevation Version Security Temporal: 7 Important of 4530715 Unknown 1809 for 32- Update Vector: Privilege bit Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4534273 Base: 7.8 Version Elevation Security Temporal: 7 1809 for Important of 4530715 Unknown Update Vector: x64-based Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems Windows 10 Version 4534273 Base: 7.8 Elevation 1809 for Security Temporal: 7 Important of 4530715 Unknown ARM64- Update Vector: Privilege based CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0632 4534273 Base: 7.8 Elevation Windows Security Temporal: 7 Important of 4530715 Unknown Server 2019 Update Vector: Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 4534273 Base: 7.8 Elevation Server 2019 Security Temporal: 7 Important of 4530715 Unknown (Server Core Update Vector: Privilege installation) CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4534276 Base: 7.8 Elevation Version Security Temporal: 7 Important of 4530714 Unknown 1709 for 32- Update Vector: Privilege bit Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4534276 Base: 7.8 Version Elevation Security Temporal: 7 1709 for Important of 4530714 Unknown Update Vector: x64-based Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems Windows 10 Version 4534276 Base: 7.8 Elevation 1709 for Security Temporal: 7 Important of 4530714 Unknown ARM64- Update Vector: Privilege based CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0632 Windows 10 4528760 Base: 7.8 Elevation Version Security Temporal: 7 Important of 4530684 Yes 1903 for 32- Update Vector: Privilege bit Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4528760 Base: 7.8 Version Elevation Security Temporal: 7 1903 for Important of 4530684 Yes Update Vector: x64-based Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems Windows 10 Version 4528760 Base: 7.8 Elevation 1903 for Security Temporal: 7 Important of 4530684 Yes ARM64- Update Vector: Privilege based CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems Windows Server, 4528760 Base: 7.8 Elevation version Security Temporal: 7 Important of 4530684 Yes 1903 (Server Update Vector: Privilege Core CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C installation)

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0632 4534306 Base: 7.8 Windows 10 Elevation Security Temporal: 7 for 32-bit Important of 4530681 Unknown Update Vector: Systems Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4534306 Base: 7.8 Elevation for x64- Security Temporal: 7 Important of 4530681 Unknown based Update Vector: Privilege Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4534271 Base: 7.8 Elevation Version Security Temporal: 7 Important of 4530689 Unknown 1607 for 32- Update Vector: Privilege bit Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4534271 Base: 7.8 Version Elevation Security Temporal: 7 1607 for Important of 4530689 Unknown Update Vector: x64-based Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems 4534271 Base: 7.8 Elevation Windows Security Temporal: 7 Important of 4530689 Unknown Server 2016 Update Vector: Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0632 Windows 4534271 Base: 7.8 Elevation Server 2016 Security Temporal: 7 Important of 4530689 Unknown (Server Core Update Vector: Privilege installation) CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 4534310 Windows 7 Monthly Base: 7.8 for 32-bit Rollup Elevation Temporal: 7 Systems 4534314 Important of 4530734 Yes Vector: Service Pack Security Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 1 Only

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0632 Only

4534297 Base: 7.8 Elevation Windows RT Monthly Temporal: 7 Important of 4530702 Unknown 8.1 Rollup Vector: Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 4534303 Windows Monthly Server 2008 Base: 7.8 Rollup Elevation for 32-bit Temporal: 7 4534312 Important of 4530695 Yes Systems Vector: Security Privilege Service Pack CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Only 2

Windows 4534303 Elevation Base: 7.8 Server 2008 Monthly Important of 4530695 Yes Temporal: 7 for 32-bit Rollup Privilege

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0632 Systems 4534312 Vector: Service Pack Security CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 2 (Server Only Core installation) Windows 4534303 Server 2008 Monthly Base: 7.8 for Itanium- Rollup Elevation Temporal: 7 Based 4534312 Important of 4530695 Yes Vector: Systems Security Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Service Pack Only 2 Windows 4534303 Server 2008 Monthly Base: 7.8 for x64- Rollup Elevation Temporal: 7 based 4534312 Important of 4530695 Yes Vector: Systems Security Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Service Pack Only 2 Windows 4534303 Base: 7.8 Elevation Server 2008 Monthly Temporal: 7 Important of 4530695 Yes for x64- Rollup Vector: Privilege based 4534312 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0632 Systems Security Service Pack Only 2 (Server Core installation) Windows 4534310 Server 2008 Monthly R2 for Base: 7.8 Rollup Elevation Itanium- Temporal: 7 4534314 Important of 4530734 Yes Based Vector: Security Privilege Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Only Service Pack

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0632 based 4534314 Vector: Systems Security CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Service Pack Only 1 (Server Core installation) 4534283 Monthly Base: 7.8 Rollup Elevation Windows Temporal: 7 4534288 Important of 4530691 Unknown Server 2012 Vector: Security Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Only

Windows 4534297 Elevation Base: 7.8 Server 2012 Monthly Important of 4530702 Unknown Temporal: 7 R2 Rollup Privilege

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0632 4534309 Vector: Security CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Only

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0632 ARM64- Update Vector: based CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems Windows Server, 4528760 Base: 7.8 Elevation version Security Temporal: 7 Important of 4530684 Yes 1909 (Server Update Vector: Privilege Core CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C installation)

CVE-2020-0633 - Windows Search Indexer Elevation of Privilege Vulnerability

@NSFOUS 2020 http://www.nsfocus.com

FAQ: None Mitigations: None Workarounds: None Revision: 1.0 01/14/2020 08:00:00 Information published.

@NSFOUS 2020 http://www.nsfocus.com

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2020-0633 KB Restart Product Severity Impact Supersedence CVSS Score Set Article Required Windows 10 4534293 Base: 7.8 Elevation Version Security Temporal: 7 Important of 4530717 Unknown 1803 for 32- Update Vector: Privilege bit Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4534293 Base: 7.8 Version Elevation Security Temporal: 7 1803 for Important of 4530717 Unknown Update Vector: x64-based Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems Windows Server, 4534293 Base: 7.8 Elevation version Security Temporal: 7 Important of 4530717 Unknown 1803 Update Vector: Privilege (Server Core CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Installation)

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0633 Windows 10 Version 4534293 Base: 7.8 Elevation 1803 for Security Temporal: 7 Important of 4530717 Unknown ARM64- Update Vector: Privilege based CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems Windows 10 4534273 Base: 7.8 Elevation Version Security Temporal: 7 Important of 4530715 Unknown 1809 for 32- Update Vector: Privilege bit Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4534273 Base: 7.8 Version Elevation Security Temporal: 7 1809 for Important of 4530715 Unknown Update Vector: x64-based Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems Windows 10 Version 4534273 Base: 7.8 Elevation 1809 for Security Temporal: 7 Important of 4530715 Unknown ARM64- Update Vector: Privilege based CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0633 4534273 Base: 7.8 Elevation Windows Security Temporal: 7 Important of 4530715 Unknown Server 2019 Update Vector: Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 4534273 Base: 7.8 Elevation Server 2019 Security Temporal: 7 Important of 4530715 Unknown (Server Core Update Vector: Privilege installation) CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4534276 Base: 7.8 Elevation Version Security Temporal: 7 Important of 4530714 Unknown 1709 for 32- Update Vector: Privilege bit Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4534276 Base: 7.8 Version Elevation Security Temporal: 7 1709 for Important of 4530714 Unknown Update Vector: x64-based Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems Windows 10 Version 4534276 Base: 7.8 Elevation 1709 for Security Temporal: 7 Important of 4530714 Unknown ARM64- Update Vector: Privilege based CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0633 Windows 10 4528760 Base: 7.8 Elevation Version Security Temporal: 7 Important of 4530684 Yes 1903 for 32- Update Vector: Privilege bit Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4528760 Base: 7.8 Version Elevation Security Temporal: 7 1903 for Important of 4530684 Yes Update Vector: x64-based Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems Windows 10 Version 4528760 Base: 7.8 Elevation 1903 for Security Temporal: 7 Important of 4530684 Yes ARM64- Update Vector: Privilege based CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems Windows Server, 4528760 Base: 7.8 Elevation version Security Temporal: 7 Important of 4530684 Yes 1903 Update Vector: Privilege (Server Core CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C installation)

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0633 Windows 10 4534271 Base: 7.8 Elevation Version Security Temporal: 7 Important of 4530689 Unknown 1607 for 32- Update Vector: Privilege bit Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4534271 Base: 7.8 Version Elevation Security Temporal: 7 1607 for Important of 4530689 Unknown Update Vector: x64-based Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems 4534271 Base: 7.8 Elevation Windows Security Temporal: 7 Important of 4530689 Unknown Server 2016 Update Vector: Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 4534271 Base: 7.8 Elevation Server 2016 Security Temporal: 7 Important of 4530689 Unknown (Server Core Update Vector: Privilege installation) CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4528760 Base: 7.8 Elevation Version Security Temporal: 7 Important of 4530684 Yes 1909 for 32- Update Vector: Privilege bit Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0633 Windows 10 4528760 Base: 7.8 Version Elevation Security Temporal: 7 1909 for Important of 4530684 Yes Update Vector: x64-based Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems Windows 10 Version 4528760 Base: 7.8 Elevation 1909 for Security Temporal: 7 Important of 4530684 Yes ARM64- Update Vector: Privilege based CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems Windows Server, 4528760 Base: 7.8 Elevation version Security Temporal: 7 Important of 4530684 Yes 1909 Update Vector: Privilege (Server Core CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C installation)

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0634 - Windows Common Log File System Driver Elevation of Privilege Vulnerability

Maximum Vulnerability CVE ID Vulnerability Description Severity Impact Rating CVE Title: Windows Common Log File System Driver Elevation of Privilege Vulnerability Description: An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory. An attacker who CVE- successfully exploited this vulnerability could run processes in an elevated context. 2020- To exploit the vulnerability, an attacker would first have to log on to the system, and Elevation of 0634 Important then run a specially crafted application to take control over the affected system. Privilege MITRE NVD The security update addresses the vulnerability by correcting how CLFS handles objects in memory.

FAQ: None Mitigations:

@NSFOUS 2020 http://www.nsfocus.com

Maximum Vulnerability CVE ID Vulnerability Description Severity Impact Rating None Workarounds: None Revision: 1.0 01/14/2020 08:00:00 Information published.

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2020-0634 KB Restart Product Severity Impact Supersedence CVSS Score Set Article Required Windows 10 4534293 Base: 7.8 Elevation Version Security Temporal: 7 Important of 4530717 Unknown 1803 for 32- Update Vector: Privilege bit Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0634 Windows 10 4534293 Base: 7.8 Version Elevation Security Temporal: 7 1803 for Important of 4530717 Unknown Update Vector: x64-based Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems Windows Server, 4534293 Base: 7.8 Elevation version Security Temporal: 7 Important of 4530717 Unknown 1803 (Server Update Vector: Privilege Core CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Installation) Windows 10 Version 4534293 Base: 7.8 Elevation 1803 for Security Temporal: 7 Important of 4530717 Unknown ARM64- Update Vector: Privilege based CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems Windows 10 4534273 Base: 7.8 Elevation Version Security Temporal: 7 Important of 4530715 Unknown 1809 for 32- Update Vector: Privilege bit Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0634 Windows 10 4534273 Base: 7.8 Version Elevation Security Temporal: 7 1809 for Important of 4530715 Unknown Update Vector: x64-based Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems Windows 10 Version 4534273 Base: 7.8 Elevation 1809 for Security Temporal: 7 Important of 4530715 Unknown ARM64- Update Vector: Privilege based CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems 4534273 Base: 7.8 Elevation Windows Security Temporal: 7 Important of 4530715 Unknown Server 2019 Update Vector: Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 4534273 Base: 7.8 Elevation Server 2019 Security Temporal: 7 Important of 4530715 Unknown (Server Core Update Vector: Privilege installation) CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4534276 Base: 7.8 Elevation Version Security Temporal: 7 Important of 4530714 Unknown 1709 for 32- Update Vector: Privilege bit Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0634 Windows 10 4534276 Base: 7.8 Version Elevation Security Temporal: 7 1709 for Important of 4530714 Unknown Update Vector: x64-based Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems Windows 10 Version 4534276 Base: 7.8 Elevation 1709 for Security Temporal: 7 Important of 4530714 Unknown ARM64- Update Vector: Privilege based CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems Windows 10 4528760 Base: 7.8 Elevation Version Security Temporal: 7 Important of 4530684 Yes 1903 for 32- Update Vector: Privilege bit Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4528760 Base: 7.8 Version Elevation Security Temporal: 7 1903 for Important of 4530684 Yes Update Vector: x64-based Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems Windows 10 Elevation 4528760 Base: 7.8 Version Important of 4530684 Yes Security Temporal: 7 1903 for Privilege

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0634 ARM64- Update Vector: based CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems Windows Server, 4528760 Base: 7.8 Elevation version Security Temporal: 7 Important of 4530684 Yes 1903 (Server Update Vector: Privilege Core CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C installation) 4534306 Base: 7.8 Windows 10 Elevation Security Temporal: 7 for 32-bit Important of 4530681 Unknown Update Vector: Systems Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4534306 Base: 7.8 Elevation for x64- Security Temporal: 7 Important of 4530681 Unknown based Update Vector: Privilege Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4534271 Base: 7.8 Elevation Version Security Temporal: 7 Important of 4530689 Unknown 1607 for 32- Update Vector: Privilege bit Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0634 Windows 10 4534271 Base: 7.8 Version Elevation Security Temporal: 7 1607 for Important of 4530689 Unknown Update Vector: x64-based Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems 4534271 Base: 7.8 Elevation Windows Security Temporal: 7 Important of 4530689 Unknown Server 2016 Update Vector: Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 4534271 Base: 7.8 Elevation Server 2016 Security Temporal: 7 Important of 4530689 Unknown (Server Core Update Vector: Privilege installation) CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 4534310 Windows 7 Monthly Base: 7.8 for 32-bit Rollup Elevation Temporal: 7 Systems 4534314 Important of 4530734 Yes Vector: Service Pack Security Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 1 Only

Windows 7 4534310 Elevation Base: 7.8 for x64- Monthly Important of 4530734 Yes Temporal: 7 based Rollup Privilege

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0634 Systems 4534314 Vector: Service Pack Security CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 1 Only

4534297 Base: 7.8 Elevation Windows RT Monthly Temporal: 7 Important of 4530702 Unknown 8.1 Rollup Vector: Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0634 4534303 Windows Monthly Server 2008 Base: 7.8 Rollup Elevation for 32-bit Temporal: 7 4534312 Important of 4530695 Yes Systems Vector: Security Privilege Service Pack CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Only 2

Windows 4534303 Server 2008 Monthly for 32-bit Base: 7.8 Rollup Elevation Systems Temporal: 7 4534312 Important of 4530695 Yes Service Pack Vector: Security Privilege 2 (Server CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Only Core installation) Windows 4534303 Server 2008 Monthly Base: 7.8 for Itanium- Rollup Elevation Temporal: 7 Based 4534312 Important of 4530695 Yes Vector: Systems Security Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Service Pack Only 2

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0634 Windows 4534303 Server 2008 Monthly Base: 7.8 for x64- Rollup Elevation Temporal: 7 based 4534312 Important of 4530695 Yes Vector: Systems Security Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Service Pack Only 2 Windows Server 2008 4534303 for x64- Monthly Base: 7.8 based Rollup Elevation Temporal: 7 Systems 4534312 Important of 4530695 Yes Vector: Service Pack Security Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 2 (Server Only Core installation) 4534310 Windows Monthly Server 2008 Base: 7.8 Rollup Elevation R2 for Temporal: 7 4534314 Important of 4530734 Yes Itanium- Vector: Security Privilege Based CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Only Systems

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0634 Service Pack 1 Windows 4534310 Server 2008 Monthly Base: 7.8 R2 for x64- Rollup Elevation Temporal: 7 based 4534314 Important of 4530734 Yes Vector: Systems Security Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Service Pack Only 1 Windows Server 2008 4534310 R2 for x64- Monthly Base: 7.8 based Rollup Elevation Temporal: 7 Systems 4534314 Important of 4530734 Yes Vector: Service Pack Security Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 1 (Server Only Core installation) 4534283 Base: 7.8 Monthly Elevation Windows Temporal: 7 Rollup Important of 4530691 Unknown Server 2012 Vector: 4534288 Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Security

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0634 Only

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0634 Windows 10 4528760 Base: 7.8 Elevation Version Security Temporal: 7 Important of 4530684 Yes 1909 for 32- Update Vector: Privilege bit Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4528760 Base: 7.8 Version Elevation Security Temporal: 7 1909 for Important of 4530684 Yes Update Vector: x64-based Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems Windows 10 Version 4528760 Base: 7.8 Elevation 1909 for Security Temporal: 7 Important of 4530684 Yes ARM64- Update Vector: Privilege based CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems Windows Server, 4528760 Base: 7.8 Elevation version Security Temporal: 7 Important of 4530684 Yes 1909 (Server Update Vector: Privilege Core CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C installation)

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0635 - Windows Elevation of Privilege Vulnerability

Maximum Vulnerability CVE ID Vulnerability Description Severity Impact Rating CVE Title: Windows Elevation of Privilege Vulnerability Description: An elevation of privilege vulnerability exists in Microsoft Windows when Windows fails to properly handle certain symbolic links. An attacker who successfully exploited this vulnerability could potentially set certain items to run at a higher level and thereby elevate permissions.

CVE- To exploit this vulnerability, an attacker would first have to log on to the system. An 2020- attacker could then run a specially crafted application that could exploit the Elevation of 0635 vulnerability and take control of an affected system. Important Privilege MITRE The update addresses this vulnerability by correcting how the Windows handles NVD symbolic links.

FAQ: None Mitigations: None Workarounds:

@NSFOUS 2020 http://www.nsfocus.com

Maximum Vulnerability CVE ID Vulnerability Description Severity Impact Rating None Revision: 1.0 01/14/2020 08:00:00 Information published.

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2020-0635 KB Restart Product Severity Impact Supersedence CVSS Score Set Article Required Windows 10 4534293 Base: 7.8 Elevation Version Security Temporal: 7 Important of 4530717 Unknown 1803 for 32- Update Vector: Privilege bit Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0635 Windows 10 4534293 Base: 7.8 Version Elevation Security Temporal: 7 1803 for Important of 4530717 Unknown Update Vector: x64-based Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems Windows Server, 4534293 Base: 7.8 Elevation version Security Temporal: 7 Important of 4530717 Unknown 1803 (Server Update Vector: Privilege Core CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Installation) Windows 10 Version 4534293 Base: 7.8 Elevation 1803 for Security Temporal: 7 Important of 4530717 Unknown ARM64- Update Vector: Privilege based CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems Windows 10 4534273 Base: 7.8 Elevation Version Security Temporal: 7 Important of 4530715 Unknown 1809 for 32- Update Vector: Privilege bit Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0635 Windows 10 4534273 Base: 7.8 Version Elevation Security Temporal: 7 1809 for Important of 4530715 Unknown Update Vector: x64-based Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems Windows 10 Version 4534273 Base: 7.8 Elevation 1809 for Security Temporal: 7 Important of 4530715 Unknown ARM64- Update Vector: Privilege based CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems 4534273 Base: 7.8 Elevation Windows Security Temporal: 7 Important of 4530715 Unknown Server 2019 Update Vector: Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 4534273 Base: 7.8 Elevation Server 2019 Security Temporal: 7 Important of 4530715 Unknown (Server Core Update Vector: Privilege installation) CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4534276 Base: 7.8 Elevation Version Security Temporal: 7 Important of 4530714 Unknown 1709 for 32- Update Vector: Privilege bit Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0635 Windows 10 4534276 Base: 7.8 Version Elevation Security Temporal: 7 1709 for Important of 4530714 Unknown Update Vector: x64-based Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems Windows 10 Version 4534276 Base: 7.8 Elevation 1709 for Security Temporal: 7 Important of 4530714 Unknown ARM64- Update Vector: Privilege based CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems Windows 10 4528760 Base: 7.8 Elevation Version Security Temporal: 7 Important of 4530684 Yes 1903 for 32- Update Vector: Privilege bit Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4528760 Base: 7.8 Version Elevation Security Temporal: 7 1903 for Important of 4530684 Yes Update Vector: x64-based Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems Windows 10 Elevation 4528760 Base: 7.8 Version Important of 4530684 Yes Security Temporal: 7 1903 for Privilege

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0635 ARM64- Update Vector: based CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems Windows Server, 4528760 Base: 7.8 Elevation version Security Temporal: 7 Important of 4530684 Yes 1903 (Server Update Vector: Privilege Core CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C installation) 4534306 Base: 7.8 Windows 10 Elevation Security Temporal: 7 for 32-bit Important of 4530681 Unknown Update Vector: Systems Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4534306 Base: 7.8 Elevation for x64- Security Temporal: 7 Important of 4530681 Unknown based Update Vector: Privilege Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4534271 Base: 7.8 Elevation Version Security Temporal: 7 Important of 4530689 Unknown 1607 for 32- Update Vector: Privilege bit Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0635 Windows 10 4534271 Base: 7.8 Version Elevation Security Temporal: 7 1607 for Important of 4530689 Unknown Update Vector: x64-based Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems 4534271 Base: 7.8 Elevation Windows Security Temporal: 7 Important of 4530689 Unknown Server 2016 Update Vector: Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 4534271 Base: 7.8 Elevation Server 2016 Security Temporal: 7 Important of 4530689 Unknown (Server Core Update Vector: Privilege installation) CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 4534310 Windows 7 Monthly Base: 7.8 for 32-bit Rollup Elevation Temporal: 7 Systems 4534314 Important of 4530734 Yes Vector: Service Pack Security Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 1 Only

Windows 7 4534310 Elevation Base: 7.8 for x64- Monthly Important of 4530734 Yes Temporal: 7 based Rollup Privilege

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0635 Systems 4534314 Vector: Service Pack Security CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 1 Only

4534297 Base: 7.8 Elevation Windows RT Monthly Temporal: 7 Important of 4530702 Unknown 8.1 Rollup Vector: Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0635 4534303 Windows Monthly Server 2008 Base: 7.8 Rollup Elevation for 32-bit Temporal: 7 4534312 Important of 4530695 Yes Systems Vector: Security Privilege Service Pack CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Only 2

Windows 4534303 Server 2008 Monthly for 32-bit Base: 7.8 Rollup Elevation Systems Temporal: 7 4534312 Important of 4530695 Yes Service Pack Vector: Security Privilege 2 (Server CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Only Core installation) Windows 4534303 Server 2008 Monthly Base: 7.8 for Itanium- Rollup Elevation Temporal: 7 Based 4534312 Important of 4530695 Yes Vector: Systems Security Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Service Pack Only 2

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0635 Windows 4534303 Server 2008 Monthly Base: 7.8 for x64- Rollup Elevation Temporal: 7 based 4534312 Important of 4530695 Yes Vector: Systems Security Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Service Pack Only 2 Windows Server 2008 4534303 for x64- Monthly Base: 7.8 based Rollup Elevation Temporal: 7 Systems 4534312 Important of 4530695 Yes Vector: Service Pack Security Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 2 (Server Only Core installation) 4534310 Windows Monthly Server 2008 Base: 7.8 Rollup Elevation R2 for Temporal: 7 4534314 Important of 4530734 Yes Itanium- Vector: Security Privilege Based CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Only Systems

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0635 Service Pack 1 Windows 4534310 Server 2008 Monthly Base: 7.8 R2 for x64- Rollup Elevation Temporal: 7 based 4534314 Important of 4530734 Yes Vector: Systems Security Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Service Pack Only 1 Windows Server 2008 4534310 R2 for x64- Monthly Base: 7.8 based Rollup Elevation Temporal: 7 Systems 4534314 Important of 4530734 Yes Vector: Service Pack Security Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 1 (Server Only Core installation) 4534283 Base: 7.8 Monthly Elevation Windows Temporal: 7 Rollup Important of 4530691 Unknown Server 2012 Vector: 4534288 Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Security

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0635 Only

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0635 Windows 10 4528760 Base: 7.8 Elevation Version Security Temporal: 7 Important of 4530684 Yes 1909 for 32- Update Vector: Privilege bit Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4528760 Base: 7.8 Version Elevation Security Temporal: 7 1909 for Important of 4530684 Yes Update Vector: x64-based Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems Windows 10 Version 4528760 Base: 7.8 Elevation 1909 for Security Temporal: 7 Important of 4530684 Yes ARM64- Update Vector: Privilege based CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems Windows Server, 4528760 Base: 7.8 Elevation version Security Temporal: 7 Important of 4530684 Yes 1909 (Server Update Vector: Privilege Core CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C installation)

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0636 - Windows Subsystem for Linux Elevation of Privilege Vulnerability

Maximum Vulnerability CVE ID Vulnerability Description Severity Rating Impact CVE Title: Windows Subsystem for Linux Elevation of Privilege Vulnerability Description: An elevation of privilege vulnerability exists in the way that the Windows Subsystem for Linux handles files. An attacker who successfully exploited the vulnerability could execute code with elevated privileges.

CVE- To exploit the vulnerability, an attacker would first need code execution on a victim 2020- system. An attacker could then run a specially crafted application. Elevation of 0636 Important The security update addresses the vulnerability by correcting how the Windows Privilege MITRE Subsystem for Linux handles files. NVD

FAQ: None Mitigations: None Workarounds:

@NSFOUS 2020 http://www.nsfocus.com

Maximum Vulnerability CVE ID Vulnerability Description Severity Rating Impact None Revision: 1.0 01/14/2020 08:00:00 Information published.

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2020-0636 KB Restart Product Severity Impact Supersedence CVSS Score Set Article Required Windows 10 4528760 Base: 7.8 Elevation Version Security Temporal: 7 Important of 4530684 Yes 1903 for 32- Update Vector: Privilege bit Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 Elevation 4528760 Base: 7.8 Version Important of 4530684 Yes Security Temporal: 7 1903 for Privilege

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0636 x64-based Update Vector: Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 Version 4528760 Base: 7.8 Elevation 1903 for Security Temporal: 7 Important of 4530684 Yes ARM64- Update Vector: Privilege based CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems Windows Server, 4528760 Base: 7.8 Elevation version Security Temporal: 7 Important of 4530684 Yes 1903 Update Vector: Privilege (Server Core CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C installation) Windows 10 4528760 Base: 7.8 Elevation Version Security Temporal: 7 Important of 4530684 Yes 1909 for 32- Update Vector: Privilege bit Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4528760 Base: 7.8 Version Elevation Security Temporal: 7 1909 for Important of 4530684 Yes Update Vector: x64-based Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0636 Windows 10 Version 4528760 Base: 7.8 Elevation 1909 for Security Temporal: 7 Important of 4530684 Yes ARM64- Update Vector: Privilege based CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems Windows Server, 4528760 Base: 7.8 Elevation version Security Temporal: 7 Important of 4530684 Yes 1909 Update Vector: Privilege (Server Core CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C installation)

CVE-2020-0637 - Remote Desktop Web Access Information Disclosure Vulnerability

Maximum Vulnerability CVE ID Vulnerability Description Severity Rating Impact CVE- CVE Title: Remote Desktop Web Access Information Disclosure Vulnerability Information Important 2020- Description: Disclosure

@NSFOUS 2020 http://www.nsfocus.com

Maximum Vulnerability CVE ID Vulnerability Description Severity Rating Impact 0637 An information disclosure vulnerability exists when Remote Desktop Web Access MITRE improperly handles credential information. An attacker who successfully exploited NVD this vulnerability could obtain legitimate users' credentials. To exploit this vulnerability, an attacker would need access to a vulnerable server with the Remote Desktop Web Access role. The security update addresses the vulnerability by correcting how Remote Desktop Web Access handles credential information.

Mitigations: None Workarounds: None Revision: 1.0 01/14/2020 08:00:00 Information published.

@NSFOUS 2020 http://www.nsfocus.com

Maximum Vulnerability CVE ID Vulnerability Description Severity Rating Impact

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2020-0637 Restart KB Supersedenc Product Severity Impact CVSS Score Set Require Article e d 453427 Base: 5.7 Windows 3 Informatio Temporal: 5.1 Importan Server Security n 4530715 Vector: Unknown t 2019 Update Disclosure CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC: C Windows 453427 Base: 5.7 Server 3 Informatio Temporal: 5.1 Importan 2019 Security n 4530715 Vector: Unknown t (Server Update Disclosure CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC: Core C

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0637 installation ) 453427 Base: 5.7 Windows 1 Informatio Temporal: 5.1 Importan Server Security n 4530689 Vector: Unknown t 2016 Update Disclosure CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC: C Windows Server 453427 Base: 5.7 2016 1 Informatio Temporal: 5.1 Importan (Server Security n 4530689 Vector: Unknown t Core Update Disclosure CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC: installation C ) 453431 Windows 0 Server Monthly Base: 5.7 2008 R2 for Rollup Informatio Temporal: 5.1 Importan x64-based 453431 n 4530734 Vector: Yes t Systems 4 Disclosure CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC: Service Security C Pack 1 Only

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0637 Windows Server 453431 2008 R2 for 0 x64-based Monthly Base: 5.7 Systems Rollup Informatio Temporal: 5.1 Importan Service 453431 n 4530734 Vector: Yes t Pack 1 4 Disclosure CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC: (Server Security C Core Only installation ) 453428 3 Monthly Base: 5.7 Windows Rollup Informatio Temporal: 5.1 Importan Server 453428 n 4530691 Vector: Unknown t 2012 8 Disclosure CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC: Security C Only

Windows 453428 Informatio Base: 5.7 Importan Server 3 n 4530691 Temporal: 5.1 Unknown t 2012 Monthly Disclosure Vector:

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0637 (Server Rollup CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC: Core 453428 C installation 8 ) Security Only

453429 7 Monthly Base: 5.7 Windows Rollup Informatio Temporal: 5.1 Importan Server 453430 n 4530702 Vector: Unknown t 2012 R2 9 Disclosure CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC: Security C Only

Windows 453429 Server 7 Base: 5.7 2012 R2 Monthly Informatio Temporal: 5.1 Importan (Server Rollup n 4530702 Vector: Unknown t Core 453430 Disclosure CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC: installation 9 C ) Security

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0637 Only

CVE-2020-0638 - Update Notification Manager Elevation of Privilege Vulnerability

Maximum Vulnerability CVE ID Vulnerability Description Severity Rating Impact CVE Title: Update Notification Manager Elevation of Privilege Vulnerability Description: An elevation of privilege vulnerability exists in the way the Update Notification Manager handles files. CVE- 2020- To exploit this vulnerability, an attacker would first have to gain execution on the Elevation of 0638 victim system. An attacker could then run a specially crafted application to elevate Important Privilege MITRE privileges. NVD The security update addresses the vulnerability by correcting how the Update Notification Manager handles files.

FAQ:

@NSFOUS 2020 http://www.nsfocus.com

Maximum Vulnerability CVE ID Vulnerability Description Severity Rating Impact None Mitigations: None Workarounds: None Revision: 1.0 01/14/2020 08:00:00 Information published.

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2020-0638 KB Restart Product Severity Impact Supersedence CVSS Score Set Article Required Elevation Windows 10 4534276 Base: 7.8 Important of 4530714 Unknown Version Security Temporal: 7 Privilege

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0638 1709 for 32- Update Vector: bit Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4534293 Base: 7.8 Elevation Version Security Temporal: 7 Important of 4530717 Unknown 1803 for 32- Update Vector: Privilege bit Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 Version 4534273 Base: 7.8 Elevation 1809 for Security Temporal: 7 Important of 4530715 Unknown ARM64- Update Vector: Privilege based CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems Windows 10 4534293 Base: 7.8 Version Elevation Security Temporal: 7 1803 for Important of 4530717 Unknown Update Vector: x64-based Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems Windows 10 Version 4528760 Base: 7.8 Elevation 1903 for Security Temporal: 7 Important of 4530684 Yes ARM64- Update Vector: Privilege based CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0638 Windows 10 Version 4534276 Base: 7.8 Elevation 1709 for Security Temporal: 7 Important of 4530714 Unknown ARM64- Update Vector: Privilege based CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems Windows 10 4534276 Base: 7.8 Version Elevation Security Temporal: 7 1709 for Important of 4530714 Unknown Update Vector: x64-based Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems Windows 10 Version 4534293 Base: 7.8 Elevation 1803 for Security Temporal: 7 Important of 4530717 Unknown ARM64- Update Vector: Privilege based CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems Windows 10 4534273 Base: 7.8 Elevation Version Security Temporal: 7 Important of 4530715 Unknown 1809 for 32- Update Vector: Privilege bit Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0638 Windows 10 4528760 Base: 7.8 Elevation Version Security Temporal: 7 Important of 4530684 Yes 1903 for 32- Update Vector: Privilege bit Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4534273 Base: 7.8 Version Elevation Security Temporal: 7 1809 for Important of 4530715 Unknown Update Vector: x64-based Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems Windows 10 4528760 Base: 7.8 Version Elevation Security Temporal: 7 1903 for Important of 4530684 Yes Update Vector: x64-based Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems 4534273 Base: 7.8 Elevation Windows Security Temporal: 7 Important of 4530715 Unknown Server 2019 Update Vector: Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 4534273 Base: 7.8 Elevation Server 2019 Security Temporal: 7 Important of 4530715 Unknown (Server Core Update Vector: Privilege installation) CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0638 Windows Server, 4534293 Base: 7.8 Elevation version Security Temporal: 7 Important of 4530717 Unknown 1803 Update Vector: Privilege (Server Core CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Installation) Windows Server, 4528760 Base: 7.8 Elevation version Security Temporal: 7 Important of 4530684 Yes 1903 Update Vector: Privilege (Server Core CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C installation) Windows 10 4528760 Base: 7.8 Elevation Version Security Temporal: 7 Important of 4530684 Yes 1909 for 32- Update Vector: Privilege bit Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4528760 Base: 7.8 Version Elevation Security Temporal: 7 1909 for Important of 4530684 Yes Update Vector: x64-based Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0638 Windows Server, 4528760 Base: 7.8 Elevation version Security Temporal: 7 Important of 4530684 Yes 1909 Update Vector: Privilege (Server Core CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C installation) Windows 10 Version 4528760 Base: 7.8 Elevation 1909 for Security Temporal: 7 Important of 4530684 Yes ARM64- Update Vector: Privilege based CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0639 - Windows Common Log File System Driver Information Disclosure Vulnerability

Maximum Vulnerability CVE ID Vulnerability Description Severity Impact Rating CVE Title: Windows Common Log File System Driver Information Disclosure Vulnerability Description: An information disclosure vulnerability exists in the Windows Common Log File System (CLFS) driver when it fails to properly handle objects in memory. An attacker who CVE- successfully exploited this vulnerability could potentially read data that was not 2020- intended to be disclosed. Note that this vulnerability would not allow an attacker to Information 0639 Important execute code or to elevate their user rights directly, but it could be used to obtain Disclosure MITRE information that could be used to try to further compromise the affected system. NVD To exploit the vulnerability, an attacker would first have to log on to the system, and then run a specially crafted application to take control over the affected system. The security update addresses the vulnerability by correcting how CLFS handles objects in memory.

@NSFOUS 2020 http://www.nsfocus.com

Maximum Vulnerability CVE ID Vulnerability Description Severity Impact Rating

FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is the contents of Kernel memory. An attacker could read the contents of Kernel memory from a user mode process.

Mitigations: None Workarounds: None Revision: 1.0 01/14/2020 08:00:00 Information published.

Affected Software

The following tables list the affected software details for the vulnerability.

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0639 KB Restart Product Severity Impact Supersedence CVSS Score Set Article Required Windows Base: 5.5 4534293 10 Version Temporal: 5 Security Information 1803 for Important 4530717 Vector: Unknown Update Disclosure 32-bit CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0639 ARM64- Update CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC: based C Systems Windows Base: 5.5 4534273 10 Version Temporal: 5 Security Information 1809 for Important 4530715 Vector: Unknown Update Disclosure 32-bit CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0639 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC: C Windows Base: 5.5 Server 4534273 Temporal: 5 2019 Security Information Important 4530715 Vector: Unknown (Server Update Disclosure CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC: Core C installation) Windows Base: 5.5 4534276 10 Version Temporal: 5 Security Information 1709 for Important 4530714 Vector: Unknown Update Disclosure 32-bit CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0639 based Systems Windows Base: 5.5 4528760 10 Version Temporal: 5 Security Information 1903 for Important 4530684 Vector: Yes Update Disclosure 32-bit CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:

(Server C

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0639 Core installation) Base: 5.5 4534306 Windows Temporal: 5 Security Information 10 for 32- Important 4530681 Vector: Unknown Update Disclosure bit Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:

Systems C

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0639 Base: 5.5 4534271 Windows Temporal: 5 Security Information Server Important 4530689 Vector: Unknown Update Disclosure 2016 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:

C Windows Base: 5.5 Server 4534271 Temporal: 5 2016 Security Information Important 4530689 Vector: Unknown (Server Update Disclosure CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC: Core C installation) 4534310 Windows 7 Monthly Base: 5.5 for 32-bit Rollup Temporal: 5 Information Systems 4534314 Important 4530734 Vector: Yes Disclosure Service Security CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC: Pack 1 Only C

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0639 Service Only Pack 1 4534297 Monthly Base: 5.5 Windows Rollup Temporal: 5 Information 8.1 for 32- 4534309 Important 4530702 Vector: Unknown Disclosure bit systems Security CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC: Only C

Base: 5.5 4534297 Temporal: 5 Windows Monthly Information Important 4530702 Vector: Unknown RT 8.1 Rollup Disclosure CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:

C Windows 4534303 Information Base: 5.5 Important 4530695 Yes Server Monthly Disclosure Temporal: 5

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0639 2008 for Rollup Vector: 32-bit 4534312 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC: Systems Security C Service Only Pack 2 Windows Server 4534303 2008 for Monthly Base: 5.5 32-bit Rollup Temporal: 5 Systems Information 4534312 Important 4530695 Vector: Yes Service Disclosure Security CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC: Pack 2 Only C (Server

Pack 2

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0639 Windows 4534303 Server Monthly Base: 5.5 2008 for Rollup Temporal: 5 Information x64-based 4534312 Important 4530695 Vector: Yes Disclosure Systems Security CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC: Service Only C Pack 2 Windows Server 4534303 2008 for Monthly Base: 5.5 x64-based Rollup Temporal: 5 Systems Information 4534312 Important 4530695 Vector: Yes Service Disclosure Security CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC: Pack 2 Only C (Server

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0639 Service Only Pack 1 Windows 4534310 Server Monthly Base: 5.5 2008 R2 for Rollup Temporal: 5 Information x64-based 4534314 Important 4530734 Vector: Yes Disclosure Systems Security CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC: Service Only C Pack 1 Windows Server 4534310 2008 R2 for Monthly Base: 5.5 x64-based Rollup Temporal: 5 Systems Information 4534314 Important 4530734 Vector: Yes Service Disclosure Security CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC: Pack 1 Only C (Server

Core installation) 4534283 Windows Base: 5.5 Monthly Information Server Important 4530691 Temporal: 5 Unknown Rollup Disclosure 2012 Vector: 4534288

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0639 Security CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC: Only C

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0639 Only

Windows Base: 5.5 4528760 10 Version Temporal: 5 Security Information 1909 for Important 4530684 Vector: Yes Update Disclosure 32-bit CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:

(Server C

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0639 Core installation)

CVE-2020-0640 - Internet Explorer Memory Corruption Vulnerability

Maximum Vulnerability CVE ID Vulnerability Description Severity Impact Rating CVE Title: Internet Explorer Memory Corruption Vulnerability Description: A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that CVE- an attacker could execute arbitrary code in the context of the current user. An attacker 2020- who successfully exploited the vulnerability could gain the same user rights as the Remote Code 0640 current user. If the current user is logged on with administrative user rights, the attacker Critical Execution MITRE could take control of an affected system. An attacker could then install programs; view, NVD change, or delete data; or create new accounts with full user rights. An attacker could host a specially crafted website designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website. The attacker could also take advantage of compromised websites, or websites that accept or host user-provided content or advertisements, by adding specially crafted content that could

@NSFOUS 2020 http://www.nsfocus.com

Maximum Vulnerability CVE ID Vulnerability Description Severity Impact Rating exploit the vulnerability. However, in all cases an attacker would have no way to force a user to view the attacker-controlled content. Instead, an attacker would have to convince a user to take action, typically by an enticement in an email or instant message, or by getting the user to open an attachment sent through email. The security update addresses the vulnerability by modifying how Internet Explorer handles objects in memory.

FAQ: None Mitigations: None Workarounds: None Revision: 1.0 01/14/2020 08:00:00 Information published.

@NSFOUS 2020 http://www.nsfocus.com

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2020-0640 Restart Product KB Article Severity Impact Supersedence CVSS Score Set Required Internet 4534283 Explorer Monthly Base: 6.4 Remote 10 on Rollup Temporal: 5.8 Moderate Code 4530677 Yes Windows 4534251 IE Vector: Execution Server Cumulative CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 2012 Internet Explorer 9 on 4534251 IE Windows Cumulative Base: 6.4 Remote Server 4534303 Temporal: 5.8 Moderate Code 4530695 Yes 2008 for Monthly Vector: Execution 32-bit Rollup CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems Service Pack 2

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0640 Internet Explorer 9 on 4534251 IE Windows Cumulative Base: 6.4 Server Remote 4534303 Temporal: 5.8 2008 for Moderate Code 4530695 Yes Monthly Vector: x64- Execution Rollup CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C based

Systems Service Pack 2 Internet Explorer 11 on 4534293 Base: 7.5 Windows Remote Security Temporal: 6.7 10 Critical Code 4530717 Unknown Update Vector: Version Execution CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 1803 for 32-bit Systems Internet Remote 4534293 Base: 7.5 Explorer Critical Code 4530717 Unknown Security Temporal: 6.7 11 on Execution

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0640 Windows Update Vector: 10 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Version 1803 for x64- based Systems Internet Explorer 11 on Windows 4534293 Base: 7.5 Remote 10 Security Temporal: 6.7 Critical Code 4530717 Unknown Version Update Vector: Execution 1803 for CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C ARM64- based Systems Internet Explorer 4534273 Base: 7.5 Remote 11 on Security Temporal: 6.7 Critical Code 4530715 Unknown Windows Update Vector: Execution 10 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Version

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0640 1809 for 32-bit Systems Internet Explorer 11 on Windows 4534273 Base: 7.5 Remote 10 Security Temporal: 6.7 Critical Code 4530715 Unknown Version Update Vector: Execution 1809 for CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C x64- based Systems Internet Explorer 11 on Windows 4534273 Base: 7.5 Remote 10 Security Temporal: 6.7 Critical Code 4530715 Unknown Version Update Vector: Execution 1809 for CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C ARM64- based Systems

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0640 Internet Explorer 4534273 Base: 6.4 Remote 11 on Security Temporal: 5.8 Moderate Code 4530715 Unknown Windows Update Vector: Execution Server CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 2019 Internet Explorer 11 on 4534276 Base: 7.5 Windows Remote Security Temporal: 6.7 10 Critical Code 4530714 Unknown Update Vector: Version Execution CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 1709 for 32-bit Systems Internet Explorer 11 on 4534276 Base: 7.5 Remote Windows Security Temporal: 6.7 Critical Code 4530714 Unknown 10 Update Vector: Execution Version CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 1709 for x64-

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0640 based Systems Internet Explorer 11 on Windows 4534276 Base: 7.5 Remote 10 Security Temporal: 6.7 Critical Code 4530714 Unknown Version Update Vector: Execution 1709 for CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C ARM64- based Systems Internet Explorer 11 on 4528760 Base: 7.5 Windows Remote Security Temporal: 6.7 10 Critical Code 4530684 Yes Update Vector: Version Execution CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 1903 for 32-bit Systems

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0640 Internet Explorer 11 on Windows 4528760 Base: 7.5 Remote 10 Security Temporal: 6.7 Critical Code 4530684 Yes Version Update Vector: Execution 1903 for CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C x64- based Systems Internet Explorer 11 on Windows 4528760 Base: 7.5 Remote 10 Security Temporal: 6.7 Critical Code 4530684 Yes Version Update Vector: Execution 1903 for CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C ARM64- based Systems Internet Remote 4534306 Base: 7.5 Explorer Critical Code 4530681 Unknown Security Temporal: 6.7 11 on Execution

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0640 Windows Update Vector: 10 for CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 32-bit Systems Internet Explorer 11 on 4534306 Base: 7.5 Remote Windows Security Temporal: 6.7 Critical Code 4530681 Unknown 10 for Update Vector: Execution x64- CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C based Systems Internet Explorer 11 on 4534271 Base: 7.5 Windows Remote Security Temporal: 6.7 10 Critical Code 4530689 Unknown Update Vector: Version Execution CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 1607 for 32-bit Systems

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0640 Internet Explorer 11 on Windows 4534271 Base: 7.5 Remote 10 Security Temporal: 6.7 Critical Code 4530689 Unknown Version Update Vector: Execution 1607 for CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C x64- based Systems Internet Explorer 4534271 Base: 6.4 Remote 11 on Security Temporal: 5.8 Moderate Code 4530689 Unknown Windows Update Vector: Execution Server CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 2016 Internet 4534251 IE Explorer Cumulative Base: 7.5 11 on Remote 4534310 Temporal: 6.7 Windows Critical Code 4530734 Yes Monthly Vector: 7 for 32- Execution Rollup CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C bit

Systems

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0640 Service Pack 1 Internet Explorer 11 on 4534251 IE Windows Cumulative Base: 7.5 Remote 7 for 4534310 Temporal: 6.7 Critical Code 4530734 Yes x64- Monthly Vector: Execution based Rollup CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems Service Pack 1 Internet 4534251 IE Explorer Cumulative Base: 7.5 11 on Remote 4534297 Temporal: 6.7 Windows Critical Code 4530702 Unknown Monthly Vector: 8.1 for Execution Rollup CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 32-bit systems Internet 4534251 IE Base: 7.5 Remote Explorer Cumulative Temporal: 6.7 Critical Code 4530702 Unknown 11 on 4534297 Vector: Execution Windows Monthly CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0640 8.1 for Rollup x64- based systems Internet 4534297 Base: 7.5 Explorer Remote Monthly Temporal: 6.7 11 on Critical Code 4530702 Unknown Rollup Vector: Windows Execution CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C RT 8.1 Internet Explorer 11 on 4534251 IE Windows Cumulative Base: 6.4 Server Remote 4534310 Temporal: 5.8 2008 R2 Moderate Code 4530734 Yes Monthly Vector: for x64- Execution Rollup CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C based

Systems Service Pack 1 Internet 4534251 IE Remote Base: 6.4 Explorer Cumulative Moderate Code 4530677 Yes Temporal: 5.8 11 on Execution

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0640 Windows Vector: Server CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 2012 Internet 4534251 IE Explorer Cumulative Base: 6.4 Remote 11 on 4534297 Temporal: 5.8 Moderate Code 4530702 Unknown Windows Monthly Vector: Execution Server Rollup CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 2012 R2 Internet Explorer 11 on 4528760 Base: 7.5 Windows Remote Security Temporal: 6.7 10 Critical Code 4530684 Yes Update Vector: Version Execution CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 1909 for 32-bit Systems Internet 4528760 Base: 7.5 Explorer Remote Security Temporal: 6.7 11 on Critical Code 4530684 Yes Update Vector: Windows Execution CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0640 Version 1909 for x64- based Systems Internet Explorer 11 on Windows 4528760 Base: 7.5 Remote 10 Security Temporal: 6.7 Critical Code 4530684 Yes Version Update Vector: Execution 1909 for CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C ARM64- based Systems

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0641 - Microsoft Windows Elevation of Privilege Vulnerability

Maximum Vulnerability CVE ID Vulnerability Description Severity Rating Impact CVE Title: Microsoft Windows Elevation of Privilege Vulnerability Description: An elevation of privilege vulnerability exists in Windows Media Service that allows file creation in arbitrary locations. To exploit the vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system. CVE- 2020- The update addresses the vulnerability by correcting how the Windows Media Elevation of 0641 Service handles file creation. Important Privilege MITRE NVD FAQ: None Mitigations: None Workarounds: None Revision: 1.0 01/14/2020 08:00:00

@NSFOUS 2020 http://www.nsfocus.com

Maximum Vulnerability CVE ID Vulnerability Description Severity Rating Impact Information published.

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2020-0641 KB Restart Product Severity Impact Supersedence CVSS Score Set Article Required Windows 10 4534293 Base: 7.8 Elevation Version Security Temporal: 7 Important of 4530717 Unknown 1803 for 32- Update Vector: Privilege bit Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4534293 Base: 7.8 Version Elevation Security Temporal: 7 1803 for Important of 4530717 Unknown Update Vector: x64-based Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0641 Windows Server, 4534293 Base: 7.8 Elevation version Security Temporal: 7 Important of 4530717 Unknown 1803 Update Vector: Privilege (Server Core CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Installation) Windows 10 Version 4534293 Base: 7.8 Elevation 1803 for Security Temporal: 7 Important of 4530717 Unknown ARM64- Update Vector: Privilege based CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems Windows 10 4534273 Base: 7.8 Elevation Version Security Temporal: 7 Important of 4530715 Unknown 1809 for 32- Update Vector: Privilege bit Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4534273 Base: 7.8 Version Elevation Security Temporal: 7 1809 for Important of 4530715 Unknown Update Vector: x64-based Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0641 Windows 10 Version 4534273 Base: 7.8 Elevation 1809 for Security Temporal: 7 Important of 4530715 Unknown ARM64- Update Vector: Privilege based CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems 4534273 Base: 7.8 Elevation Windows Security Temporal: 7 Important of 4530715 Unknown Server 2019 Update Vector: Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 4534273 Base: 7.8 Elevation Server 2019 Security Temporal: 7 Important of 4530715 Unknown (Server Core Update Vector: Privilege installation) CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4534276 Base: 7.8 Elevation Version Security Temporal: 7 Important of 4530714 Unknown 1709 for 32- Update Vector: Privilege bit Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4534276 Base: 7.8 Version Elevation Security Temporal: 7 1709 for Important of 4530714 Unknown Update Vector: x64-based Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0641 Windows 10 Version 4534276 Base: 7.8 Elevation 1709 for Security Temporal: 7 Important of 4530714 Unknown ARM64- Update Vector: Privilege based CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems Windows 10 4528760 Base: 7.8 Elevation Version Security Temporal: 7 Important of 4530684 Yes 1903 for 32- Update Vector: Privilege bit Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4528760 Base: 7.8 Version Elevation Security Temporal: 7 1903 for Important of 4530684 Yes Update Vector: x64-based Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems Windows 10 Version 4528760 Base: 7.8 Elevation 1903 for Security Temporal: 7 Important of 4530684 Yes ARM64- Update Vector: Privilege based CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0641 Windows Server, 4528760 Base: 7.8 Elevation version Security Temporal: 7 Important of 4530684 Yes 1903 Update Vector: Privilege (Server Core CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C installation) 4534306 Base: 7.8 Windows 10 Elevation Security Temporal: 7 for 32-bit Important of 4530681 Unknown Update Vector: Systems Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4534306 Base: 7.8 Elevation for x64- Security Temporal: 7 Important of 4530681 Unknown based Update Vector: Privilege Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4534271 Base: 7.8 Elevation Version Security Temporal: 7 Important of 4530689 Unknown 1607 for 32- Update Vector: Privilege bit Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4534271 Base: 7.8 Version Elevation Security Temporal: 7 1607 for Important of 4530689 Unknown Update Vector: x64-based Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0641 4534271 Base: 7.8 Elevation Windows Security Temporal: 7 Important of 4530689 Unknown Server 2016 Update Vector: Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 4534271 Base: 7.8 Elevation Server 2016 Security Temporal: 7 Important of 4530689 Unknown (Server Core Update Vector: Privilege installation) CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 4534297 Monthly Base: 7.8 Windows Rollup Elevation Temporal: 7 8.1 for 32- 4534309 Important of 4530702 Unknown Vector: bit systems Security Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Only

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0641 4534297 Base: 7.8 Elevation Windows RT Monthly Temporal: 7 Important of 4530702 Unknown 8.1 Rollup Vector: Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 4534283 Monthly Base: 7.8 Rollup Elevation Windows Temporal: 7 4534288 Important of 4530691 Unknown Server 2012 Vector: Security Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Only

4534297 Base: 7.8 Windows Monthly Elevation Temporal: 7 Server 2012 Rollup Important of 4530702 Unknown Vector: R2 4534309 Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Security

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0641 Only

Windows 10 4528760 Base: 7.8 Elevation Version Security Temporal: 7 Important of 4530684 Yes 1909 for 32- Update Vector: Privilege bit Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4528760 Base: 7.8 Version Elevation Security Temporal: 7 1909 for Important of 4530684 Yes Update Vector: x64-based Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems Windows 10 4528760 Base: 7.8 Elevation Version Security Temporal: 7 Important of 4530684 Yes 1909 for Update Vector: Privilege ARM64- CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0641 based Systems Windows Server, 4528760 Base: 7.8 Elevation version Security Temporal: 7 Important of 4530684 Yes 1909 Update Vector: Privilege (Server Core CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C installation)

CVE-2020-0642 - Win32k Elevation of Privilege Vulnerability

Maximum Vulnerability CVE ID Vulnerability Description Severity Impact Rating CVE Title: Win32k Elevation of Privilege Vulnerability CVE- Description: 2020- An elevation of privilege vulnerability exists in Windows when the Win32k component Elevation of 0642 Important fails to properly handle objects in memory. An attacker who successfully exploited this Privilege MITRE vulnerability could run arbitrary code in kernel mode. An attacker could then install NVD programs; view, change, or delete data; or create new accounts with full user rights.

@NSFOUS 2020 http://www.nsfocus.com

Maximum Vulnerability CVE ID Vulnerability Description Severity Impact Rating To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system. The update addresses this vulnerability by correcting how Win32k handles objects in memory.

FAQ: None Mitigations: None Workarounds: None Revision: 1.0 01/14/2020 08:00:00 Information published.

@NSFOUS 2020 http://www.nsfocus.com

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2020-0642 KB Restart Product Severity Impact Supersedence CVSS Score Set Article Required Windows 10 4534293 Base: 7.8 Elevation Version Security Temporal: 7 Important of 4530717 Unknown 1803 for 32- Update Vector: Privilege bit Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4534293 Base: 7.8 Version Elevation Security Temporal: 7 1803 for Important of 4530717 Unknown Update Vector: x64-based Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems Windows Server, 4534293 Base: 7.8 Elevation version Security Temporal: 7 Important of 4530717 Unknown 1803 (Server Update Vector: Privilege Core CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Installation)

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0642 Windows 10 Version 4534293 Base: 7.8 Elevation 1803 for Security Temporal: 7 Important of 4530717 Unknown ARM64- Update Vector: Privilege based CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems Windows 10 4534273 Base: 7.8 Elevation Version Security Temporal: 7 Important of 4530715 Unknown 1809 for 32- Update Vector: Privilege bit Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4534273 Base: 7.8 Version Elevation Security Temporal: 7 1809 for Important of 4530715 Unknown Update Vector: x64-based Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems Windows 10 Version 4534273 Base: 7.8 Elevation 1809 for Security Temporal: 7 Important of 4530715 Unknown ARM64- Update Vector: Privilege based CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0642 4534273 Base: 7.8 Elevation Windows Security Temporal: 7 Important of 4530715 Unknown Server 2019 Update Vector: Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 4534273 Base: 7.8 Elevation Server 2019 Security Temporal: 7 Important of 4530715 Unknown (Server Core Update Vector: Privilege installation) CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4534276 Base: 7.8 Elevation Version Security Temporal: 7 Important of 4530714 Unknown 1709 for 32- Update Vector: Privilege bit Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4534276 Base: 7.8 Version Elevation Security Temporal: 7 1709 for Important of 4530714 Unknown Update Vector: x64-based Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems Windows 10 Version 4534276 Base: 7.8 Elevation 1709 for Security Temporal: 7 Important of 4530714 Unknown ARM64- Update Vector: Privilege based CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0642 Windows 10 4528760 Base: 7.8 Elevation Version Security Temporal: 7 Important of 4530684 Yes 1903 for 32- Update Vector: Privilege bit Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4528760 Base: 7.8 Version Elevation Security Temporal: 7 1903 for Important of 4530684 Yes Update Vector: x64-based Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems Windows 10 Version 4528760 Base: 7.8 Elevation 1903 for Security Temporal: 7 Important of 4530684 Yes ARM64- Update Vector: Privilege based CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems Windows Server, 4528760 Base: 7.8 Elevation version Security Temporal: 7 Important of 4530684 Yes 1903 (Server Update Vector: Privilege Core CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C installation)

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0642 4534306 Base: 7.8 Windows 10 Elevation Security Temporal: 7 for 32-bit Important of 4530681 Unknown Update Vector: Systems Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4534306 Base: 7.8 Elevation for x64- Security Temporal: 7 Important of 4530681 Unknown based Update Vector: Privilege Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4534271 Base: 7.8 Elevation Version Security Temporal: 7 Important of 4530689 Unknown 1607 for 32- Update Vector: Privilege bit Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4534271 Base: 7.8 Version Elevation Security Temporal: 7 1607 for Important of 4530689 Unknown Update Vector: x64-based Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems 4534271 Base: 7.8 Elevation Windows Security Temporal: 7 Important of 4530689 Unknown Server 2016 Update Vector: Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0642 Windows 4534271 Base: 7.8 Elevation Server 2016 Security Temporal: 7 Important of 4530689 Unknown (Server Core Update Vector: Privilege installation) CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 4534310 Windows 7 Monthly Base: 7.8 for 32-bit Rollup Elevation Temporal: 7 Systems 4534314 Important of 4530734 Yes Vector: Service Pack Security Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 1 Only

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0642 Only

4534297 Base: 7.8 Elevation Windows RT Monthly Temporal: 7 Important of 4530702 Unknown 8.1 Rollup Vector: Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 4534303 Windows Monthly Server 2008 Base: 7.8 Rollup Elevation for 32-bit Temporal: 7 4534312 Important of 4530695 Yes Systems Vector: Security Privilege Service Pack CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Only 2

Windows 4534303 Elevation Base: 7.8 Server 2008 Monthly Important of 4530695 Yes Temporal: 7 for 32-bit Rollup Privilege

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0642 Systems 4534312 Vector: Service Pack Security CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 2 (Server Only Core installation) Windows 4534303 Server 2008 Monthly Base: 7.8 for Itanium- Rollup Elevation Temporal: 7 Based 4534312 Important of 4530695 Yes Vector: Systems Security Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Service Pack Only 2 Windows 4534303 Server 2008 Monthly Base: 7.8 for x64- Rollup Elevation Temporal: 7 based 4534312 Important of 4530695 Yes Vector: Systems Security Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Service Pack Only 2 Windows 4534303 Base: 7.8 Elevation Server 2008 Monthly Temporal: 7 Important of 4530695 Yes for x64- Rollup Vector: Privilege based 4534312 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0642 Systems Security Service Pack Only 2 (Server Core installation) Windows 4534310 Server 2008 Monthly R2 for Base: 7.8 Rollup Elevation Itanium- Temporal: 7 4534314 Important of 4530734 Yes Based Vector: Security Privilege Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Only Service Pack

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0642 based 4534314 Vector: Systems Security CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Service Pack Only 1 (Server Core installation) 4534283 Monthly Base: 7.8 Rollup Elevation Windows Temporal: 7 4534288 Important of 4530691 Unknown Server 2012 Vector: Security Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Only

Windows 4534297 Elevation Base: 7.8 Server 2012 Monthly Important of 4530702 Unknown Temporal: 7 R2 Rollup Privilege

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0642 4534309 Vector: Security CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Only

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0642 ARM64- Update Vector: based CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems Windows Server, 4528760 Base: 7.8 Elevation version Security Temporal: 7 Important of 4530684 Yes 1909 (Server Update Vector: Privilege Core CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C installation)

CVE-2020-0643 - Windows GDI+ Information Disclosure Vulnerability

Maximum Vulnerability CVE ID Vulnerability Description Severity Impact Rating CVE- CVE Title: Windows GDI+ Information Disclosure Vulnerability 2020- Description: Information 0643 An information disclosure vulnerability exists in the way that the Windows Graphics Important Disclosure MITRE Device Interface Plus (GDI+) handles objects in memory, allowing an attacker to retrieve NVD information from a targeted system. By itself, the information disclosure does not allow

@NSFOUS 2020 http://www.nsfocus.com

Maximum Vulnerability CVE ID Vulnerability Description Severity Impact Rating arbitrary code execution; however, it could allow arbitrary code to be run if the attacker uses it in combination with another vulnerability. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The security update addresses the vulnerability by correcting how GDI+ handles memory addresses.

Mitigations: None Workarounds: None Revision: 1.0 01/14/2020 08:00:00 Information published.

@NSFOUS 2020 http://www.nsfocus.com

Maximum Vulnerability CVE ID Vulnerability Description Severity Impact Rating

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2020-0643 KB Restart Product Severity Impact Supersedence CVSS Score Set Article Required Windows Base: 5.5 4534293 10 Version Temporal: 5 Security Information 1803 for Important 4530717 Vector: Unknown Update Disclosure 32-bit CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:

Systems C

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0643 Windows Server, Base: 5.5 version 4534293 Temporal: 5 1803 Security Information Important 4530717 Vector: Unknown (Server Update Disclosure CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC: Core C Installation ) Windows Base: 5.5 10 Version 4534293 Temporal: 5 1803 for Security Information Important 4530717 Vector: Unknown ARM64- Update Disclosure CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC: based C Systems Windows Base: 5.5 4534273 10 Version Temporal: 5 Security Information 1809 for Important 4530715 Vector: Unknown Update Disclosure 32-bit CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:

Systems C 4534273 Windows Base: 5.5 Security Information 10 Version Important 4530715 Temporal: 5 Unknown Update Disclosure 1809 for Vector:

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0643 x64-based CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC: Systems C Windows Base: 5.5 10 Version 4534273 Temporal: 5 1809 for Security Information Important 4530715 Vector: Unknown ARM64- Update Disclosure CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC: based C Systems Base: 5.5 4534273 Windows Temporal: 5 Security Information Server Important 4530715 Vector: Unknown Update Disclosure 2019 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0643 32-bit CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC: Systems C Windows Base: 5.5 4534276 10 Version Temporal: 5 Security Information 1709 for Important 4530714 Vector: Unknown Update Disclosure x64-based CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:

Systems C

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0643 Windows Base: 5.5 10 Version 4528760 Temporal: 5 1903 for Security Information Important 4530684 Vector: Yes ARM64- Update Disclosure CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC: based C Systems Windows Server, Base: 5.5 4528760 version Temporal: 5 Security Information 1903 Important 4530684 Vector: Yes Update Disclosure (Server CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:

C Base: 5.5 Windows 4534306 Temporal: 5 10 for x64- Security Information Important 4530681 Vector: Unknown based Update Disclosure CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC: Systems C

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0643 Windows Base: 5.5 4534271 10 Version Temporal: 5 Security Information 1607 for Important 4530689 Vector: Unknown Update Disclosure 32-bit CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:

Systems C Base: 5.5 4534271 Windows Temporal: 5 Security Information Server Important 4530689 Vector: Unknown Update Disclosure 2016 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0643 Systems Rollup Vector: Service 4534314 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC: Pack 1 Security C Only

Windows 4534297 Base: 5.5 8.1 for x64- Monthly Information Important 4530702 Temporal: 5 Unknown based Rollup Disclosure Vector: systems 4534309

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0643 Security CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC: Only C

Base: 5.5 4534297 Temporal: 5 Windows Monthly Information Important 4530702 Vector: Unknown RT 8.1 Rollup Disclosure CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:

C Windows 4534303 Server Monthly Base: 5.5 2008 for Rollup Temporal: 5 Information 32-bit 4534312 Important 4530695 Vector: Yes Disclosure Systems Security CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC: Service Only C Pack 2 Windows 4534303 Server Monthly Base: 5.5 2008 for Rollup Temporal: 5 32-bit Information 4534312 Important 4530695 Vector: Yes Systems Disclosure Security CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC: Service Only C Pack 2

(Server

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0643 Core installation) Windows 4534303 Server Monthly Base: 5.5 2008 for Rollup Temporal: 5 Itanium- Information 4534312 Important 4530695 Vector: Yes Based Disclosure Security CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC: Systems Only C Service

Pack 2 Windows 4534303 Server Monthly Base: 5.5 2008 for Rollup Temporal: 5 Information x64-based 4534312 Important 4530695 Vector: Yes Disclosure Systems Security CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC: Service Only C Pack 2 Windows 4534303 Base: 5.5 Server Monthly Temporal: 5 2008 for Information Rollup Important 4530695 Vector: Yes x64-based Disclosure 4534312 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC: Systems Security C Service

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0643 Pack 2 Only (Server Core installation) Windows 4534310 Server Monthly Base: 5.5 2008 R2 for Rollup Temporal: 5 Itanium- Information 4534314 Important 4530734 Vector: Yes Based Disclosure Security CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC: Systems Only C Service

Pack 1 Windows 4534310 Server Monthly Base: 5.5 2008 R2 for Rollup Temporal: 5 Information x64-based 4534314 Important 4530734 Vector: Yes Disclosure Systems Security CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC: Service Only C Pack 1 Windows 4534310 Base: 5.5 Server Monthly Information Important 4530734 Temporal: 5 Yes 2008 R2 for Rollup Disclosure Vector: x64-based 4534314

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0643 Systems Security CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC: Service Only C Pack 1 (Server Core installation) 4534283 Monthly Base: 5.5 Windows Rollup Temporal: 5 Information Server 4534288 Important 4530691 Vector: Unknown Disclosure 2012 Security CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC: Only C

Windows 4534297 Base: 5.5 Information Server Monthly Important 4530702 Temporal: 5 Unknown Disclosure 2012 R2 Rollup Vector:

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0643 4534309 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC: Security C Only

Windows Base: 5.5 4528760 10 Version Temporal: 5 Security Information 1909 for Important 4530684 Vector: Yes Update Disclosure 32-bit CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:

Systems C Windows 4528760 Information Base: 5.5 Important 4530684 Yes 10 Version Security Disclosure Temporal: 5

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0643 1909 for Update Vector: ARM64- CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC: based C Systems Windows Server, Base: 5.5 4528760 version Temporal: 5 Security Information 1909 Important 4530684 Vector: Yes Update Disclosure (Server CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:

Core C installation)

CVE-2020-0644 - Windows Elevation of Privilege Vulnerability

Maximum Vulnerability CVE ID Vulnerability Description Severity Impact Rating CVE Title: Windows Elevation of Privilege Vulnerability CVE- Description: Elevation of 2020- Important An elevation of privilege vulnerability exists when Microsoft Windows implements Privilege 0644 predictable memory section names. An attacker who successfully exploited this

@NSFOUS 2020 http://www.nsfocus.com

Maximum Vulnerability CVE ID Vulnerability Description Severity Impact Rating MITRE vulnerability could run arbitrary code as system. An attacker could then install programs; NVD view, change, or delete data; or create new accounts with full user rights. To exploit the vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application designed to elevate privileges. The update addresses the vulnerability by correcting how Windows assigns memory to specific processes.

FAQ: None Mitigations: None Workarounds: None Revision: 1.0 01/14/2020 08:00:00 Information published.

@NSFOUS 2020 http://www.nsfocus.com

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2020-0644 KB Restart Product Severity Impact Supersedence CVSS Score Set Article Required Windows 10 4534293 Base: 7.8 Elevation Version Security Temporal: 7 Important of 4530717 Unknown 1803 for 32- Update Vector: Privilege bit Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4534293 Base: 7.8 Version Elevation Security Temporal: 7 1803 for Important of 4530717 Unknown Update Vector: x64-based Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems Windows Server, 4534293 Base: 7.8 Elevation version Security Temporal: 7 Important of 4530717 Unknown 1803 Update Vector: Privilege (Server Core CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Installation)

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0644 Windows 10 Version 4534293 Base: 7.8 Elevation 1803 for Security Temporal: 7 Important of 4530717 Unknown ARM64- Update Vector: Privilege based CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems Windows 10 4534273 Base: 7.8 Elevation Version Security Temporal: 7 Important of 4530715 Unknown 1809 for 32- Update Vector: Privilege bit Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4534273 Base: 7.8 Version Elevation Security Temporal: 7 1809 for Important of 4530715 Unknown Update Vector: x64-based Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems Windows 10 Version 4534273 Base: 7.8 Elevation 1809 for Security Temporal: 7 Important of 4530715 Unknown ARM64- Update Vector: Privilege based CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0644 4534273 Base: 7.8 Elevation Windows Security Temporal: 7 Important of 4530715 Unknown Server 2019 Update Vector: Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 4534273 Base: 7.8 Elevation Server 2019 Security Temporal: 7 Important of 4530715 Unknown (Server Core Update Vector: Privilege installation) CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4534276 Base: 7.8 Elevation Version Security Temporal: 7 Important of 4530714 Unknown 1709 for 32- Update Vector: Privilege bit Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4534276 Base: 7.8 Version Elevation Security Temporal: 7 1709 for Important of 4530714 Unknown Update Vector: x64-based Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems Windows 10 Version 4534276 Base: 7.8 Elevation 1709 for Security Temporal: 7 Important of 4530714 Unknown ARM64- Update Vector: Privilege based CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0644 Windows 10 4528760 Base: 7.8 Elevation Version Security Temporal: 7 Important of 4530684 Yes 1903 for 32- Update Vector: Privilege bit Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4528760 Base: 7.8 Version Elevation Security Temporal: 7 1903 for Important of 4530684 Yes Update Vector: x64-based Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems Windows 10 Version 4528760 Base: 7.8 Elevation 1903 for Security Temporal: 7 Important of 4530684 Yes ARM64- Update Vector: Privilege based CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems Windows Server, 4528760 Base: 7.8 Elevation version Security Temporal: 7 Important of 4530684 Yes 1903 Update Vector: Privilege (Server Core CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C installation)

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0644 4534306 Base: 7.8 Windows 10 Elevation Security Temporal: 7 for 32-bit Important of 4530681 Unknown Update Vector: Systems Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4534306 Base: 7.8 Elevation for x64- Security Temporal: 7 Important of 4530681 Unknown based Update Vector: Privilege Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4534271 Base: 7.8 Elevation Version Security Temporal: 7 Important of 4530689 Unknown 1607 for 32- Update Vector: Privilege bit Systems CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Windows 10 4534271 Base: 7.8 Version Elevation Security Temporal: 7 1607 for Important of 4530689 Unknown Update Vector: x64-based Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Systems 4534271 Base: 7.8 Elevation Windows Security Temporal: 7 Important of 4530689 Unknown Server 2016 Update Vector: Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0644 Windows 4534271 Base: 7.8 Elevation Server 2016 Security Temporal: 7 Important of 4530689 Unknown (Server Core Update Vector: Privilege installation) CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 4534297 Monthly Base: 7.8 Windows Rollup Elevation Temporal: 7 8.1 for 32- 4534309 Important of 4530702 Unknown Vector: bit systems Security Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Only

4534297 Base: 7.8 Elevation Windows RT Monthly Temporal: 7 Important of 4530702 Unknown 8.1 Rollup Vector: Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0644 4534283 Monthly Base: 7.8 Rollup Elevation Windows Temporal: 7 4534288 Important of 4530691 Unknown Server 2012 Vector: Security Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Only

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0644 4534297 Windows Monthly Base: 7.8 Server 2012 Rollup Elevation Temporal: 7 R2 (Server 4534309 Important of 4530702 Unknown Vector: Core Security Privilege CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C installation) Only

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0644 Windows Server, 4528760 Base: 7.8 Elevation version Security Temporal: 7 Important of 4530684 Yes 1909 Update Vector: Privilege (Server Core CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C installation)

CVE-2020-0646 - .NET Framework Remote Code Execution Injection Vulnerability

Maximum Vulnerability CVE ID Vulnerability Description Severity Impact Rating CVE Title: .NET Framework Remote Code Execution Injection Vulnerability CVE- Description: 2020- A remote code execution vulnerability exists when the Microsoft .NET Framework fails Remote Code 0646 Critical to validate input properly. An attacker who successfully exploited this vulnerability Execution MITRE could take control of an affected system. An attacker could then install programs; view, NVD change, or delete data; or create new accounts with full user rights. Users whose

@NSFOUS 2020 http://www.nsfocus.com

Maximum Vulnerability CVE ID Vulnerability Description Severity Impact Rating accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. To exploit the vulnerability, an attacker would need to pass specific input to an application utilizing susceptible .Net methods. The security update addresses the vulnerability by correcting how the Microsoft .NET Framework validates input.

FAQ: None Mitigations: None Workarounds: None Revision: 1.0 01/14/2020 08:00:00 Information published.

@NSFOUS 2020 http://www.nsfocus.com

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2020-0646 CVSS Restart Product KB Article Severity Impact Supersedence Score Set Required 4535102 Monthly Base: N/A Microsoft .NET Framework Rollup Remote Temporal: 4524741; 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 on Windows 7 for 32-bit 4534976 Critical Code N/A Maybe 4533095 Systems Service Pack 1 Security Execution Vector: Only N/A

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0646 4535104 Monthly Base: N/A Microsoft .NET Framework Rollup Remote Temporal: 4524743; 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 on Windows 8.1 for 32- 4534978 Critical Code N/A Maybe 4533097 bit systems Security Execution Vector: Only N/A

4535104 Monthly Base: N/A Microsoft .NET Framework Rollup Remote Temporal: 4524743; 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 on Windows 8.1 for x64- 4534978 Critical Code N/A Maybe 4533097 based systems Security Execution Vector: Only N/A

Base: N/A 4535104 Remote Temporal: Microsoft .NET Framework Monthly 4524743; Critical Code N/A Maybe 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 on Windows RT 8.1 Rollup 4533097 Execution Vector:

N/A 4535102 Microsoft .NET Framework Remote Base: N/A Monthly 4524741; 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2008 Critical Code Temporal: Maybe Rollup 4533095 R2 for x64-based Systems Service Pack 1 Execution N/A 4534976

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0646 Security Vector: Only N/A

4535102 Monthly Base: N/A Microsoft .NET Framework Rollup Remote Temporal: 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2008 4524741; 4534976 Critical Code N/A Maybe R2 for x64-based Systems Service Pack 1 (Server Core 4533095 Security Execution Vector: installation) Only N/A

4535103 Monthly Base: N/A Rollup Remote Temporal: Microsoft .NET Framework 4524742; 4534977 Critical Code N/A Maybe 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2012 4533096 Security Execution Vector: Only N/A

4535103 Base: N/A Microsoft .NET Framework Monthly Remote Temporal: 4524742; 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2012 Rollup Critical Code N/A Maybe 4533096 (Server Core installation) 4534977 Execution Vector: Security N/A

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0646 Only

4535104 Monthly Base: N/A Microsoft .NET Framework Rollup Remote Temporal: 4524743; 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2012 4534978 Critical Code N/A Maybe 4533097 R2 Security Execution Vector: Only N/A

Base: N/A 4534271 Remote Temporal: Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Security Critical Code 4530689 N/A Unknown Windows 10 Version 1607 for 32-bit Systems Update Execution Vector:

N/A

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0646 Base: N/A 4532936 Remote Temporal: Microsoft .NET Framework 4.8 on Windows 10 Version Security Critical Code 4530689 N/A Maybe 1803 for 32-bit Systems Update Execution Vector:

N/A Base: N/A 4532936 Remote Temporal: Microsoft .NET Framework 4.8 on Windows 10 Version Security Critical Code 4530689 N/A Maybe 1803 for x64-based Systems Update Execution Vector:

N/A Base: N/A 4532936 Remote Temporal: Microsoft .NET Framework 4.8 on Windows Server, Security Critical Code 4530689 N/A Maybe version 1803 (Server Core Installation) Update Execution Vector:

N/A Base: N/A 4532935 Remote Temporal: Microsoft .NET Framework 4.8 on Windows 10 Version Security Critical Code 4530689 N/A Maybe 1709 for 32-bit Systems Update Execution Vector:

N/A Remote Base: N/A Microsoft .NET Framework 4.8 on Windows 10 Version 4532935 Critical Code 4530689 Temporal: Maybe 1709 for x64-based Systems Security Execution N/A

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0646 Update Vector: N/A Base: N/A 4532933 Remote Temporal: Microsoft .NET Framework 4.8 on Windows 10 Version Security Critical Code 4530689 N/A Maybe 1607 for 32-bit Systems Update Execution Vector:

N/A Base: N/A 4532933 Remote Temporal: Microsoft .NET Framework 4.8 on Windows 10 Version Security Critical Code 4530689 N/A Maybe 1607 for x64-based Systems Update Execution Vector:

N/A Base: N/A 4532933 Remote Temporal: Microsoft .NET Framework 4.8 on Windows Server Security Critical Code 4530689 N/A Maybe 2016 Update Execution Vector:

N/A Base: N/A 4532933 Remote Temporal: Microsoft .NET Framework 4.8 on Windows Server Security Critical Code 4530689 N/A Maybe 2016 (Server Core installation) Update Execution Vector:

N/A

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0646 4535102 Monthly Base: N/A Rollup Remote Temporal: Microsoft .NET Framework 4.8 on Windows 7 for 32- 4524741; 4534976 Critical Code N/A Maybe bit Systems Service Pack 1 4533095 Security Execution Vector: Only N/A

4535104 Monthly Base: N/A Rollup Remote Temporal: Microsoft .NET Framework 4.8 on Windows 8.1 for 32- 4524743; 4534978 Critical Code N/A Maybe bit systems 4533097 Security Execution Vector: Only N/A

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0646 4535104 Monthly Base: N/A Rollup Remote Temporal: Microsoft .NET Framework 4.8 on Windows 8.1 for 4524743; 4534978 Critical Code N/A Maybe x64-based systems 4533097 Security Execution Vector: Only N/A

Base: N/A 4535104 Remote Temporal: Monthly 4524743; Microsoft .NET Framework 4.8 on Windows RT 8.1 Critical Code N/A Maybe Rollup 4533097 Execution Vector:

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0646 Security Vector: Only N/A

4535103 Monthly Base: N/A Rollup Remote Temporal: Microsoft .NET Framework 4.8 on Windows Server 4524742; 4534977 Critical Code N/A Maybe 2012 4533096 Security Execution Vector: Only N/A

4535104 Base: N/A Monthly Remote Temporal: Microsoft .NET Framework 4.8 on Windows Server 4524743; Rollup Critical Code N/A Maybe 2012 R2 4533097 4534978 Execution Vector: Security N/A

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0646 Only

Base: N/A 4535101 Remote Temporal: Microsoft .NET Framework 3.5 AND 4.8 on Windows Security 4524743; Critical Code N/A Maybe 10 Version 1809 for 32-bit Systems Update 4533097 Execution Vector:

N/A Base: N/A 4535101 Remote Temporal: Microsoft .NET Framework 3.5 AND 4.8 on Windows Security 4524743; Critical Code N/A Maybe 10 Version 1809 for x64-based Systems Update 4533097 Execution Vector:

N/A 4535101 Remote Base: N/A Microsoft .NET Framework 3.5 AND 4.8 on Windows Security 4524743; Critical Code Temporal: Maybe Server 2019 Update 4533097 Execution N/A

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0646 Vector: N/A Base: N/A 4535101 Remote Temporal: Microsoft .NET Framework 3.5 AND 4.8 on Windows Security 4524743; Critical Code N/A Maybe Server 2019 (Server Core installation) Update 4533097 Execution Vector:

N/A Base: N/A 4532938 Remote Temporal: Microsoft .NET Framework 3.5 AND 4.8 on Windows Security 4524743; Critical Code N/A Maybe 10 Version 1903 for 32-bit Systems Update 4533097 Execution Vector:

N/A Base: N/A 4532938 Remote Temporal: Microsoft .NET Framework 3.5 AND 4.8 on Windows Security 4524743; Critical Code N/A Maybe 10 Version 1903 for x64-based Systems Update 4533097 Execution Vector:

N/A

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0646 Base: N/A 4535101 Remote Temporal: Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Security 4524743; Critical Code N/A Maybe 10 Version 1809 for 32-bit Systems Update 4533097 Execution Vector:

N/A Base: N/A 4535101 Remote Temporal: Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Security 4524743; Critical Code N/A Maybe Server 2019 Update 4533097 Execution Vector:

N/A 4535105 Remote Base: N/A Microsoft .NET Framework 4.6 on Windows Server 4524743; Monthly Critical Code Temporal: Maybe 2008 for 32-bit Systems Service Pack 2 4533097 Rollup Execution N/A

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0646 4534979 Vector: Security N/A Only

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0646 Only

Base: N/A 4534271 Remote Temporal: Microsoft .NET Framework 3.5 on Windows 10 Version Security Critical Code 4530689 N/A Unknown 1607 for 32-bit Systems Update Execution Vector:

N/A 4535104 Monthly Base: N/A Rollup Remote Temporal: Microsoft .NET Framework 3.5 on Windows 8.1 for 32- 4524743; 4534978 Critical Code N/A Maybe bit systems 4533097 Security Execution Vector: Only N/A

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0646 4535104 Monthly Base: N/A Rollup Remote Temporal: Microsoft .NET Framework 3.5 on Windows 8.1 for 4524743; 4534978 Critical Code N/A Maybe x64-based systems 4533097 Security Execution Vector: Only N/A

4535103 Monthly Base: N/A Rollup Remote Temporal: Microsoft .NET Framework 3.5 on Windows Server 4524742; 4534977 Critical Code N/A Maybe 2012 4533096 Security Execution Vector: Only N/A

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0646 4535104 Monthly Base: N/A Rollup Remote Temporal: Microsoft .NET Framework 3.5 on Windows Server 4524743; 4534978 Critical Code N/A Maybe 2012 R2 4533097 Security Execution Vector: Only N/A

4535102 Monthly Base: N/A Rollup Remote Temporal: Microsoft .NET Framework 3.5.1 on Windows 7 for 32- 4524741; 4534976 Critical Code N/A Maybe bit Systems Service Pack 1 4533095 Security Execution Vector: Only N/A

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0646 4535102 Monthly Base: N/A Rollup Remote Temporal: Microsoft .NET Framework 3.5.1 on Windows 7 for 4524741; 4534976 Critical Code N/A Maybe x64-based Systems Service Pack 1 4533095 Security Execution Vector: Only N/A

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0646 4535102 Monthly Base: N/A Microsoft .NET Framework 3.5.1 on Windows Server Rollup Remote Temporal: 4524741; 2008 R2 for x64-based Systems Service Pack 1 (Server 4534976 Critical Code N/A Maybe 4533095 Core installation) Security Execution Vector: Only N/A

4535102 Monthly Base: N/A Rollup Remote Temporal: Microsoft .NET Framework 4.5.2 on Windows 7 for 32- 4524741; 4534976 Critical Code N/A Maybe bit Systems Service Pack 1 4533095 Security Execution Vector: Only N/A

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0646 4535104 Monthly Base: N/A Rollup Remote Temporal: Microsoft .NET Framework 4.5.2 on Windows 8.1 for 4524743; 4534978 Critical Code N/A Maybe 32-bit systems 4533097 Security Execution Vector: Only N/A

Base: N/A 4535104 Remote Temporal: Monthly 4524743; Microsoft .NET Framework 4.5.2 on Windows RT 8.1 Critical Code N/A Maybe Rollup 4533097 Execution Vector:

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0646 Security Vector: Only N/A

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0646 Only

4535103 Monthly Base: N/A Rollup Remote Temporal: Microsoft .NET Framework 4.5.2 on Windows Server 4524742; 4534977 Critical Code N/A Maybe 2012 4533096 Security Execution Vector: Only N/A

4535104 Monthly Base: N/A Rollup Remote Temporal: Microsoft .NET Framework 4.5.2 on Windows Server 4524743; 4534978 Critical Code N/A Maybe 2012 R2 4533097 Security Execution Vector: Only N/A

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0646 4535104 Monthly Base: N/A Rollup Remote Temporal: Microsoft .NET Framework 4.5.2 on Windows Server 4524743; 4534978 Critical Code N/A Maybe 2012 R2 (Server Core installation) 4533097 Security Execution Vector: Only N/A

Base: N/A 4532938 Remote Temporal: Microsoft .NET Framework 3.5 AND 4.8 on Windows Security 4524743; Critical Code N/A Maybe 10 Version 1909 for 32-bit Systems Update 4533097 Execution Vector:

N/A Base: N/A 4532938 Remote Temporal: Microsoft .NET Framework 3.5 AND 4.8 on Windows Security 4524743; Critical Code N/A Maybe 10 Version 1909 for x64-based Systems Update 4533097 Execution Vector:

N/A

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0646 Base: N/A 4534293 Remote Temporal: Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Security Critical Code 4530717 N/A Unknown Server, version 1803 (Server Core Installation) Update Execution Vector:

N/A Base: N/A 4534306 Remote Temporal: Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Security Critical Code 4530681 N/A Unknown 10 for 32-bit Systems Update Execution Vector:

N/A Base: N/A 4534293 Remote Temporal: Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Security Critical Code 4530717 N/A Unknown 10 Version 1803 for 32-bit Systems Update Execution Vector:

N/A Base: N/A 4534293 Remote Temporal: Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Security Critical Code 4530717 N/A Unknown 10 Version 1803 for x64-based Systems Update Execution Vector:

N/A Remote Base: N/A Microsoft .NET Framework 3.5 AND 4.7.1/4.7.2 on 4534276 Critical Code 4530714 Temporal: Unknown Windows 10 Version 1709 for x64-based Systems Security Execution N/A

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0646 Update Vector: N/A Base: N/A 4534271 Microsoft .NET Framework 3.5 AND Remote Temporal: Security 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2016 (Server Critical Code 4530689 N/A Unknown Update Core installation) Execution Vector:

N/A Base: N/A 4534306 Remote Temporal: Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Security Critical Code 4530681 N/A Unknown 10 for x64-based Systems Update Execution Vector:

N/A Base: N/A 4534276 Remote Temporal: Microsoft .NET Framework 3.5 AND 4.7.1/4.7.2 on Security Critical Code 4530714 N/A Unknown Windows 10 Version 1709 for 32-bit Systems Update Execution Vector:

N/A

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0646 Base: N/A 4534271 Microsoft .NET Framework 3.5 AND Remote Temporal: Security 4.6.2/4.7/4.7.1/4.7.2 on Windows 10 Version 1607 for Critical Code 4530689 N/A Unknown Update x64-based Systems Execution Vector:

N/A Base: N/A 4534271 Remote Temporal: Microsoft .NET Framework 3.5 AND Security Critical Code 4530689 N/A Unknown 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2016 Update Execution Vector:

N/A

CVE-2020-0647 - Microsoft Office Online Spoofing Vulnerability

Maximum Vulnerability CVE ID Vulnerability Description Severity Impact Rating CVE- CVE Title: Microsoft Office Online Spoofing Vulnerability 2020- Description: 0647 A spoofing vulnerability exists when Office Online does not validate origin in cross- Important Spoofing MITRE origin communications correctly. An attacker could exploit the vulnerability by sending a NVD specially crafted request to an affected site.

@NSFOUS 2020 http://www.nsfocus.com

Maximum Vulnerability CVE ID Vulnerability Description Severity Impact Rating The attacker who successfully exploited the vulnerability could then perform cross- origin attacks on affected systems. These attacks could allow the attacker to read content that the attacker is not authorized to read, and use the victim's identity to take actions on the site on behalf of the victim. The victim needs to be authenticated for an attacker to compromise the victim. The security update addresses the vulnerability by ensuring that Office Online properly validates origins.

FAQ: Is the Preview Pane an attack vector for this vulnerability? No, the Preview Pane is not an attack vector.

Mitigations: None Workarounds: None Revision: 1.0 01/14/2020 08:00:00 Information published.

@NSFOUS 2020 http://www.nsfocus.com

Maximum Vulnerability CVE ID Vulnerability Description Severity Impact Rating

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2020-0647 Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required Base: N/A 4484223 Security Update Office Online Server Important Spoofing 4484141 Temporal: N/A Maybe

Vector: N/A

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0650 - Microsoft Excel Remote Code Execution Vulnerability

Maximum Vulnerability CVE ID Vulnerability Description Severity Impact Rating CVE Title: Microsoft Excel Remote Code Execution Vulnerability Description: A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take CVE- control of the affected system. An attacker could then install programs; view, change, or 2020- delete data; or create new accounts with full user rights. Users whose accounts are Remote Code 0650 configured to have fewer user rights on the system could be less impacted than users Important Execution MITRE who operate with administrative user rights. NVD Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Excel. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability. An attacker would have no way to force users to visit the website. Instead, an attacker would have

@NSFOUS 2020 http://www.nsfocus.com

Maximum Vulnerability CVE ID Vulnerability Description Severity Impact Rating to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file. The security update addresses the vulnerability by correcting how Microsoft Excel handles objects in memory.

FAQ: Is the Preview Pane an attack vector for this vulnerability? No, the Preview Pane is not an attack vector.

Mitigations: None Workarounds: None Revision: 1.0 01/14/2020 08:00:00 Information published.

@NSFOUS 2020 http://www.nsfocus.com

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2020-0650 CVSS Score Restart Product KB Article Severity Impact Supersedence Set Required Base: N/A Click to Run Security Microsoft Office 2019 for 32-bit Remote Code Temporal: Update Important No editions Execution N/A

Vector: N/A Base: N/A Click to Run Security Microsoft Office 2019 for 64-bit Remote Code Temporal: Update Important No editions Execution N/A

Vector: N/A Base: N/A Release Notes Remote Code Temporal: Microsoft Office 2019 for Mac Security Update Important No Execution N/A

Vector: N/A Base: N/A Click to Run Security Office 365 ProPlus for 32-bit Remote Code Temporal: Update Important No Systems Execution N/A

Vector: N/A

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0650 Base: N/A Click to Run Security Office 365 ProPlus for 64-bit Remote Code Temporal: Update Important No Systems Execution N/A

Vector: N/A Base: N/A 4484217 Security Microsoft Excel 2016 (32-bit Remote Code Temporal: Update Important 4484179 Maybe edition) Execution N/A

Vector: N/A Base: N/A 4484217 Security Microsoft Excel 2016 (64-bit Remote Code Temporal: Update Important 4484179 Maybe edition) Execution N/A

Vector: N/A Base: N/A Release Notes Remote Code Temporal: Microsoft Office 2016 for Mac Security Update Important 4484179 No Execution N/A

Vector: N/A Base: N/A 4484243 Security Microsoft Excel 2010 Service Pack Remote Code Temporal: Update Important 4484196 Maybe 2 (32-bit editions) Execution N/A

Vector: N/A 4484243 Security Microsoft Excel 2010 Service Pack Remote Code Base: N/A Update Important 4484196 Maybe 2 (64-bit editions) Execution Temporal:

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0650 N/A Vector: N/A Base: N/A 4484234 Security Microsoft Excel 2013 RT Service Remote Code Temporal: Update Important 4484190 Maybe Pack 1 Execution N/A

Vector: N/A Base: N/A 4484234 Security Microsoft Excel 2013 Service Pack Remote Code Temporal: Update Important 4484190 Maybe 1 (32-bit editions) Execution N/A

Vector: N/A Base: N/A 4484234 Security Microsoft Excel 2013 Service Pack Remote Code Temporal: Update Important 4484190 Maybe 1 (64-bit editions) Execution N/A

Vector: N/A

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0651 - Microsoft Excel Remote Code Execution Vulnerability

Maximum Vulnerability CVE ID Vulnerability Description Severity Impact Rating CVE Title: Microsoft Excel Remote Code Execution Vulnerability Description: A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take CVE- control of the affected system. An attacker could then install programs; view, change, or 2020- delete data; or create new accounts with full user rights. Users whose accounts are Remote Code 0651 configured to have fewer user rights on the system could be less impacted than users Important Execution MITRE who operate with administrative user rights. NVD Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Excel. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability. An attacker would have no way to force users to visit the website. Instead, an attacker would have

@NSFOUS 2020 http://www.nsfocus.com

FAQ: Is the Preview Pane an attack vector for this vulnerability? No, the Preview Pane is not an attack vector.

Mitigations: None Workarounds: None Revision: 1.0 01/14/2020 08:00:00 Information published.

@NSFOUS 2020 http://www.nsfocus.com

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2020-0651 CVSS Score Restart Product KB Article Severity Impact Supersedence Set Required Base: N/A Click to Run Security Microsoft Office 2019 for 32-bit Remote Code Temporal: Update Important No editions Execution N/A

Vector: N/A Base: N/A Click to Run Security Microsoft Office 2019 for 64-bit Remote Code Temporal: Update Important No editions Execution N/A

Vector: N/A Base: N/A Release Notes Remote Code Temporal: Microsoft Office 2019 for Mac Security Update Important No Execution N/A

Vector: N/A Base: N/A Click to Run Security Office 365 ProPlus for 32-bit Remote Code Temporal: Update Important No Systems Execution N/A

Vector: N/A

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0651 Base: N/A Click to Run Security Office 365 ProPlus for 64-bit Remote Code Temporal: Update Important No Systems Execution N/A

Vector: N/A Base: N/A 4484217 Security Microsoft Excel 2016 (32-bit Remote Code Temporal: Update Important 4484179 Maybe edition) Execution N/A

Vector: N/A Base: N/A 4484217 Security Microsoft Excel 2016 (64-bit Remote Code Temporal: Update Important 4484179 Maybe edition) Execution N/A

Vector: N/A Base: N/A Release Notes Remote Code Temporal: Microsoft Office 2016 for Mac Security Update Important 4484179 No Execution N/A

Vector: N/A Base: N/A 4484243 Security Microsoft Excel 2010 Service Pack Remote Code Temporal: Update Important 4484196 Maybe 2 (32-bit editions) Execution N/A

Vector: N/A 4484243 Security Microsoft Excel 2010 Service Pack Remote Code Base: N/A Update Important 4484196 Maybe 2 (64-bit editions) Execution Temporal:

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0651 N/A Vector: N/A Base: N/A 4484234 Security Microsoft Excel 2013 RT Service Remote Code Temporal: Update Important 4484190 Maybe Pack 1 Execution N/A

Vector: N/A Base: N/A 4484234 Security Microsoft Excel 2013 Service Pack Remote Code Temporal: Update Important 4484190 Maybe 1 (32-bit editions) Execution N/A

Vector: N/A Base: N/A 4484234 Security Microsoft Excel 2013 Service Pack Remote Code Temporal: Update Important 4484190 Maybe 1 (64-bit editions) Execution N/A

Vector: N/A

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0652 - Microsoft Office Memory Corruption Vulnerability

Maximum Vulnerability CVE ID Vulnerability Description Severity Impact Rating CVE Title: Microsoft Office Memory Corruption Vulnerability Description: A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take CVE- control of the affected system. An attacker could then install programs; view, change, or 2020- delete data; or create new accounts with full user rights. Users whose accounts are Remote Code 0652 configured to have fewer user rights on the system could be less impacted than users Important Execution MITRE who operate with administrative user rights. NVD Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Office software. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file designed to exploit the vulnerability. An attacker would have no way to force users to visit the website. Instead, an attacker

@NSFOUS 2020 http://www.nsfocus.com

Maximum Vulnerability CVE ID Vulnerability Description Severity Impact Rating would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file. Note that the Preview Pane is not an attack vector for this vulnerability. The security update addresses the vulnerability by correcting how Office handles objects in memory.

FAQ: Is the Preview Pane an attack vector for this vulnerability? No, the Preview Pane is not an attack vector.

Mitigations: None Workarounds: None Revision: 1.0 01/14/2020 08:00:00 Information published.

@NSFOUS 2020 http://www.nsfocus.com

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2020-0652 CVSS Score Restart Product KB Article Severity Impact Supersedence Set Required Base: N/A Click to Run Microsoft Office 2019 for 32-bit Remote Code Temporal: Security Update Important No editions Execution N/A

Vector: N/A Base: N/A Click to Run Microsoft Office 2019 for 64-bit Remote Code Temporal: Security Update Important No editions Execution N/A

Vector: N/A Base: N/A Click to Run Office 365 ProPlus for 32-bit Remote Code Temporal: Security Update Important No Systems Execution N/A

Vector: N/A Base: N/A Click to Run Office 365 ProPlus for 64-bit Remote Code Temporal: Security Update Important No Systems Execution N/A

Vector: N/A

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0652 Base: N/A 4484221 Security Microsoft Office 2016 (32-bit Remote Code Temporal: Update Important 4484182 Maybe edition) Execution N/A

Vector: N/A Base: N/A 4484221 Security Microsoft Office 2016 (64-bit Remote Code Temporal: Update Important 4484182 Maybe edition) Execution N/A

Vector: N/A Base: N/A 4484236 Security Microsoft Office 2010 Service Pack Remote Code Temporal: Update Important 4484192 Maybe 2 (32-bit editions) Execution N/A

Vector: N/A Base: N/A 4484236 Security Microsoft Office 2010 Service Pack Remote Code Temporal: Update Important 4484192 Maybe 2 (64-bit editions) Execution N/A

Vector: N/A Base: N/A 4484227 Security Microsoft Office 2013 RT Service Remote Code Temporal: Update Important 4484184 Maybe Pack 1 Execution N/A

Vector: N/A 4484227 Security Microsoft Office 2013 Service Pack Remote Code Base: N/A Update Important 4484184 Maybe 1 (32-bit editions) Execution Temporal:

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0652 N/A Vector: N/A Base: N/A 4484227 Security Microsoft Office 2013 Service Pack Remote Code Temporal: Update Important 4484184 Maybe 1 (64-bit editions) Execution N/A

Vector: N/A

CVE-2020-0653 - Microsoft Excel Remote Code Execution Vulnerability

Maximum Vulnerability CVE ID Vulnerability Description Severity Impact Rating CVE Title: Microsoft Excel Remote Code Execution Vulnerability Description: CVE- A remote code execution vulnerability exists in Microsoft Excel software when the 2020- software fails to properly handle objects in memory. An attacker who successfully Remote Code 0653 Important exploited the vulnerability could run arbitrary code in the context of the current user. If Execution MITRE the current user is logged on with administrative user rights, an attacker could take NVD control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are

@NSFOUS 2020 http://www.nsfocus.com

Maximum Vulnerability CVE ID Vulnerability Description Severity Impact Rating configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Excel. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability. An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file. The security update addresses the vulnerability by correcting how Microsoft Excel handles objects in memory.

FAQ: Is the Preview Pane an attack vector for this vulnerability? No, the Preview Pane is not an attack vector.

Mitigations:

@NSFOUS 2020 http://www.nsfocus.com

Maximum Vulnerability CVE ID Vulnerability Description Severity Impact Rating None Workarounds: None Revision: 1.0 01/14/2020 08:00:00 Information published.

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2020-0653 CVSS Score Restart Product KB Article Severity Impact Supersedence Set Required Base: N/A Click to Run Security Office 365 ProPlus for 32-bit Remote Code Temporal: Update Important No Systems Execution N/A

Vector: N/A

@NSFOUS 2020 http://www.nsfocus.com

CVE-2020-0653 Base: N/A Click to Run Security Office 365 ProPlus for 64-bit Remote Code Temporal: Update Important No Systems Execution N/A

Vector: N/A

CVE-2020-0654 - Microsoft OneDrive for Android Security Feature Bypass Vulnerability

Maximum Vulnerability CVE ID Vulnerability Description Severity Impact Rating CVE Title: Microsoft OneDrive for Android Security Feature Bypass Vulnerability Description: CVE- A security feature bypass vulnerability exists in Microsoft OneDrive App for Android. 2020- Security 0654 This could allow an attacker to bypass the passcode or fingerprint requirements of the Important Feature Bypass MITRE App. NVD The security update addresses the vulnerability by correcting the way Microsoft OneDrive App for Android handles sharing links.

@NSFOUS 2020 http://www.nsfocus.com

Maximum Vulnerability CVE ID Vulnerability Description Severity Impact Rating

FAQ: How do I get the update for OneDrive for Android?

1. Tap the Google Play icon on your home screen. 2. Swipe in from the left edge of the screen. 3. Tap My apps & games. 4. Tap the Update box next to the OneDrive app.

Is there a direct link on the web? Yes: https://play.google.com/store/apps/details?id=com.microsoft.skydrive&hl=en_US

Mitigations: None Workarounds: None Revision: 1.0 01/14/2020 08:00:00 Information published.

@NSFOUS 2020 http://www.nsfocus.com

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2020-0654 CVSS Score Restart Product KB Article Severity Impact Supersedence Set Required Release Notes Security Base: N/A One Drive for Security Feature Update Important Temporal: N/A Maybe Android Bypass Vector: N/A

CVE-2020-0656 - Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability

Maximum Vulnerability CVE ID Vulnerability Description Severity Impact Rating CVE- CVE Title: Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability 2020- Important Spoofing Description: 0656

@NSFOUS 2020 http://www.nsfocus.com

Maximum Vulnerability CVE ID Vulnerability Description Severity Impact Rating MITRE A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) NVD does not properly sanitize a specially crafted web request to an affected Dynamics server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected Dynamics server. The attacker who successfully exploited the vulnerability could then perform cross-site scripting attacks on affected systems and run script in the security context of the current authenticated user. These attacks could allow the attacker to read content that the attacker is not authorized to read, use the victim's identity to take actions within Dynamics Server on behalf of the user, such as change permissions and delete content, and inject malicious content in the browser of the user. The security update addresses the vulnerability by helping to ensure that Dynamics Server properly sanitizes web requests.

FAQ: None Mitigations: None Workarounds: None

@NSFOUS 2020 http://www.nsfocus.com

Maximum Vulnerability CVE ID Vulnerability Description Severity Impact Rating Revision: 1.0 01/14/2020 08:00:00 Information published.

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2020-0656 CVSS Score Restart Product KB Article Severity Impact Supersedence Set Required Base: N/A Relelase Notes Security Dynamics 365 Field Service (on- Temporal: Update Important Spoofing Maybe premises) v7 series N/A

Vector: N/A

@NSFOUS 2020 http://www.nsfocus.com

Statement

This advisory is only used to describe a potential risk. NSFOCUS does not provide any commitment or promise on this advisory. NSFOCUS and the author will not bear any liability for any direct and/or indirect consequences and losses caused by transmitting and/or using this advisory. NSFOCUS reserves all the rights to modify and interpret this advisory. Please include this statement paragraph when reproducing or transferring this advisory. Do not modify this advisory, add/delete any information to/from it, or use this advisory for commercial purposes without permission from NSFOCUS.

About NSFOCUS

NSFOCUS, Inc., a global network and cyber security leader, protects enterprises and carriers from advanced cyber attacks. The company's Intelligent Hybrid Security strategy utilizes both cloud and on-premises security platforms, built on a foundation of real-time global threat intelligence, to provide multi-layered, unified and dynamic protection against advanced cyber attacks.

NSFOCUS works with Fortune Global 500 companies, including four of the world's five largest financial institutions, organizations in insurance, retail, healthcare, critical infrastructure industries as well as government agencies. NSFOCUS has technology and channel partners in more than 60 countries, is a member of both the Microsoft Active Protections Program (MAPP), and the Cloud Security Alliance (CSA).

A wholly owned subsidiary of NSFOCUS Information Technology Co. Ltd., the company has operations in the Americas, Europe, the Middle East and Asia Pacific.

@NSFOUS 2020 http://www.nsfocus.com