overview description of critical and important vulnerabilities...a privilege escalation...
TRANSCRIPT
-
© NSFOCUS 2020 Confidentiality: PUBLIC
Microsoft's July 2020 Patches Fix 124 Security Vulnerabilities Threat Alert
Overview
Microsoft released July 2020 security updates on Tuesday that fix 124 vulnerabilities ranging from simple spoofing attacks to remote code
execution in various products, including .NET Framework, Azure DevOps, Internet Explorer, Microsoft Edge, Microsoft Graphics Component,
Microsoft JET Database Engine, Microsoft Malware Protection Engine, Microsoft Office, Microsoft Office SharePoint, Microsoft OneDrive,
Microsoft Scripting Engine, Microsoft Windows, Open Source Software, Skype for Business, Visual Studio, Windows Hyper-V, Windows IIS,
Windows Kernel, Windows Shell, Windows Subsystem for Linux, Windows Update Stack, and Windows WalletService.
Description of Critical and Important Vulnerabilities
This time, Microsoft fixes 16 critical vulnerabilities and 104 important vulnerabilities. Although the vulnerabilities disclosed this month
have not been reported to be exploited, all users are advised to install updates without delay:
Microsoft Windows DNS Server Remote Code Execution Vulnerability SigRed (CVE-2020-1350)
The severest vulnerability fixed this month is a wormable Windows DNS server vulnerability called SigRed (CVE-2020-1350).
-
© NSFOCUS 2020 Confidentiality: PUBLIC
According to Microsoft, the CVSS base score of this vulnerability is 10
(CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C).
An unauthenticated attacker could exploit the vulnerability by sending crafted request data packets to the affected server, thus causing the
target system to execute arbitrary code.
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1350
Hyper-V RemoteFX vGPU Remote Code Execution Vulnerabilities (CVE-2020-1041, CVE-2020-1040, CVE-2020-1032,
CVE-2020-1036, CVE-2020-1042, CVE-2020-1043)
Remote code execution vulnerabilities exist when Hyper-V RemoteFX vGPU on a host server fails to properly validate input from an
authenticated user on a guest operating system. To exploit these vulnerabilities, an attacker could run a specially crafted application on a guest
operating system, attacking certain third-party video drivers running on the Hyper-V host. This could then cause the host operating system to
execute arbitrary code.
The vendor has released no patch for the preceding vulnerabilities and explained why it planned to disable and remove RemoteFX instead
of fixing the vulnerabilities as follows:
In October 2019, Microsoft announced that it was stopping developing or adding features to Remote FX. For Windows 10 version 1809 and
later, and Windows Server 2019, RemoteFX vGPU is no longer supported or actively developed. Since these newly identified vulnerabilities are
architectural in nature, and the feature is already deprecated on newer versions of Windows, Microsoft has determined that disabling and
removing RemoteFX is a better course of action.
For more information, see Microsoft's security bulletins from the following links:
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1041
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1040
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1032
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1036
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1042
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1043
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1350https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1041https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1040https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1036https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1042
-
© NSFOCUS 2020 Confidentiality: PUBLIC
Microsoft Word Remote Code Execution Vulnerabilities (CVE-2020-1446, CVE-2020-1447, CVE-2020-1448)
Remote code execution vulnerabilities exist in Microsoft Word software when it fails to properly handle objects in memory. To exploit
these vulnerabilities, an attacker may rely on various ways to induce the user to open a specially crafted file with Microsoft Word software.
An attacker who successfully exploited the vulnerabilities could perform actions in the context of the current user.
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1446
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1447
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1448
Microsoft Excel Remote Code Execution Vulnerability (CVE-2020-1240)
A remote code execution vulnerability exists in Microsoft Excel software when it fails to properly handle objects in memory. To exploit the
vulnerability, an attacker may rely on various ways to induce the user to open a specially crafted file with an affected version of Microsoft Excel.
An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user.
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1240
Microsoft Outlook Remote Code Execution Vulnerability (CVE-2020-1349)
A remote code execution vulnerability exists in Microsoft Outlook software. An attacker who successfully exploited the vulnerability could
use a specially crafted file to perform actions in the context of the current user. To exploit the vulnerability, an attacker may induce the user to
open a specially crafted file with an affected version of Microsoft Outlook software.
Note that the Preview Pane is an attack vector for this vulnerability.
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1349
Windows LNK Remote Code Execution Vulnerability (CVE-2020-1421)
A remote code execution vulnerability exists in Microsoft Windows. The attacker could present to the user a removable drive, or remote
share, which contains a malicious .LNK file and an associated malicious binary. When the user opens this drive (or remote share) in Windows
Explorer, or any other application that parses the .LNK file, the malicious binary will execute arbitrary code on the target system.
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1448
-
© NSFOCUS 2020 Confidentiality: PUBLIC
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1421
Remote Desktop Client Remote Code Execution Vulnerability (CVE-2020-1374)
A remote code execution vulnerability exists in the Windows Remote Desktop Client. An attacker who successfully exploited this
vulnerability could execute arbitrary code on the client computer connected to a malicious server.
To exploit this vulnerability, an attacker would have control of a malicious server and then trick the user into connecting to the server via
various ways such as social engineering and DNS poisoning.
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1374
Microsoft Office Privilege Escalation Vulnerability (CVE-2020-1025)
A privilege escalation vulnerability exists when Microsoft SharePoint Server and Skype for Business Server improperly handle OAuth
token validation. An attacker who successfully exploited the vulnerability could bypass authentication and achieve improper access.
To exploit this vulnerability, an attacker would need to modify the token.
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1025
.NET Framework, SharePoint Server, and Visual Studio Remote Code Execution Vulnerability (CVE-2020-1147)
A remote code execution vulnerability exists in .NET Framework, Microsoft SharePoint, and Visual Studio when the software fails to check
the source markup of XML file input. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the
process responsible for deserialization of the XML content.
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1147
Vulnerabilities: Product CVE ID CVE Title Severity
-
© NSFOCUS 2020 Confidentiality: PUBLIC
.NET Framework CVE-2020-1147
.NET Framework, SharePoint
Server, and Visual Studio Remote
Code Execution Vulnerability
Critical
Microsoft Graphics Component CVE-2020-1435 GDI+ Remote Code Execution
Vulnerability Critical
Microsoft Graphics Component CVE-2020-1436 Windows Font Library Remote
Code Execution Vulnerability Critical
Microsoft Office CVE-2020-1349 Microsoft Outlook Remote Code
Execution Vulnerability Critical
Microsoft Office CVE-2020-1439 PerformancePoint Services Remote
Code Execution Vulnerability Critical
Microsoft Windows CVE-2020-1350 Windows DNS Server Remote
Code Execution Vulnerability Critical
Microsoft Windows CVE-2020-1421 LNK Remote Code Execution
Vulnerability Critical
-
© NSFOCUS 2020 Confidentiality: PUBLIC
Microsoft Windows CVE-2020-1374 Remote Desktop Client Remote
Code Execution Vulnerability Critical
Microsoft Windows CVE-2020-1410 Windows Address Book Remote
Code Execution Vulnerability Critical
Skype for Business CVE-2020-1025 Microsoft Office Privilege
Escalation Vulnerability Critical
Windows Hyper-V CVE-2020-1032 Hyper-V RemoteFX vGPU Remote
Code Execution Vulnerability Critical
Windows Hyper-V CVE-2020-1036 Hyper-V RemoteFX vGPU Remote
Code Execution Vulnerability Critical
Windows Hyper-V CVE-2020-1040 Hyper-V RemoteFX vGPU Remote
Code Execution Vulnerability Critical
Windows Hyper-V CVE-2020-1041 Hyper-V RemoteFX vGPU Remote
Code Execution Vulnerability Critical
Windows Hyper-V CVE-2020-1043 Hyper-V RemoteFX vGPU Remote
Critical
-
© NSFOCUS 2020 Confidentiality: PUBLIC
Code Execution Vulnerability
Windows Hyper-V CVE-2020-1042 Hyper-V RemoteFX vGPU Remote
Code Execution Vulnerability Critical
Azure DevOps CVE-2020-1326 Azure DevOps Server Cross-site
Scripting Vulnerability Important
Microsoft Graphics Component CVE-2020-1351
Microsoft Graphics Component
Information Disclosure
Vulnerability
Important
Microsoft Graphics Component CVE-2020-1355 Windows Font Driver Host Remote
Code Execution Vulnerability Important
Microsoft Graphics Component CVE-2020-1381 Windows Graphics Component
Privilege Escalation Vulnerability
Important
Microsoft Graphics Component CVE-2020-1382 Windows Graphics Component
Privilege Escalation Vulnerability Important
Microsoft Graphics Component CVE-2020-1397 Windows Imaging Component
Information Disclosure
Important
-
© NSFOCUS 2020 Confidentiality: PUBLIC
Vulnerability
Microsoft Graphics Component CVE-2020-1408 Microsoft Graphics Remote Code
Execution Vulnerability Important
Microsoft Graphics Component CVE-2020-1409 DirectWrite Remote Code
Execution Vulnerability Important
Microsoft Graphics Component CVE-2020-1412
Microsoft Graphics Components
Remote Code Execution
Vulnerability
Important
Microsoft Graphics Component CVE-2020-1468
Windows GDI
Information Disclosure
Vulnerability
Important
Microsoft JET Database Engine CVE-2020-1400 Jet Database Engine Remote Code
Execution Vulnerability Important
Microsoft JET Database Engine CVE-2020-1401 Jet Database Engine Remote Code
Execution Vulnerability Important
Microsoft JET Database Engine CVE-2020-1407 Jet Database Engine Remote Code
Important
-
© NSFOCUS 2020 Confidentiality: PUBLIC
Execution Vulnerability
Microsoft Malware Protection Engine CVE-2020-1461 Microsoft Defender Privilege
Escalation Vulnerability Important
Microsoft Office CVE-2020-1442 Office Web Apps XSS
Vulnerability Important
Microsoft Office CVE-2020-1445
Microsoft Office
Information Disclosure
Vulnerability
Important
Microsoft Office CVE-2020-1446 Microsoft Word Remote Code
Execution Vulnerability Important
Microsoft Office CVE-2020-1447 Microsoft Word Remote Code
Execution Vulnerability Important
Microsoft Office CVE-2020-1448 Microsoft Word Remote Code
Execution Vulnerability Important
Microsoft Office CVE-2020-1449 Microsoft Project Remote Code
Execution Vulnerability Important
-
© NSFOCUS 2020 Confidentiality: PUBLIC
Microsoft Office CVE-2020-1458 Microsoft Office Remote Code
Execution Vulnerability Important
Microsoft Office CVE-2020-1240 Microsoft Excel Remote Code
Execution Vulnerability Important
Microsoft Office SharePoint CVE-2020-1342
Microsoft Office
Information Disclosure
Vulnerability
Important
Microsoft Office SharePoint CVE-2020-1456 Microsoft Office SharePoint XSS
Vulnerability Important
Microsoft Office SharePoint CVE-2020-1443 Microsoft SharePoint Spoofing
Vulnerability Important
Microsoft Office SharePoint CVE-2020-1444 Microsoft SharePoint Remote Code
Execution Vulnerability Important
Microsoft Office SharePoint CVE-2020-1450 Microsoft Office SharePoint XSS
Vulnerability Important
-
© NSFOCUS 2020 Confidentiality: PUBLIC
Microsoft Office SharePoint CVE-2020-1451 Microsoft Office SharePoint XSS
Vulnerability Important
Microsoft Office SharePoint CVE-2020-1454 Microsoft SharePoint Reflective
XSS Vulnerability Important
Microsoft OneDrive CVE-2020-1465 Microsoft OneDrive Privilege
Escalation Vulnerability Important
Microsoft Windows CVE-2020-1418 Windows Diagnostics Hub
Privilege Escalation Vulnerability Important
Microsoft Windows CVE-2020-1420
Windows Error Reporting
Information Disclosure
Vulnerability
Important
Microsoft Windows CVE-2020-1422 Windows Runtime Privilege
Escalation Vulnerability Important
Microsoft Windows CVE-2020-1347 Windows Storage Services
Privilege Escalation Vulnerability Important
-
© NSFOCUS 2020 Confidentiality: PUBLIC
Microsoft Windows CVE-2020-1352 Windows USO Core Worker
Privilege Escalation Vulnerability Important
Microsoft Windows CVE-2020-1353 Windows Runtime Privilege
Escalation Vulnerability Important
Microsoft Windows CVE-2020-1354 Windows UPnP Device Host
Privilege Escalation Vulnerability Important
Microsoft Windows CVE-2020-1356 Windows iSCSI Target Service
Privilege Escalation Vulnerability Important
Microsoft Windows CVE-2020-1359
Windows CNG Key Isolation
Service Privilege Escalation
Vulnerability
Important
Microsoft Windows CVE-2020-1363 Windows Picker Platform Privilege
Escalation Vulnerability Important
Microsoft Windows CVE-2020-1365 Windows Event Logging Service
Privilege Escalation Vulnerability Important
-
© NSFOCUS 2020 Confidentiality: PUBLIC
Microsoft Windows CVE-2020-1366 Windows Print Workflow Service
Privilege Escalation Vulnerability Important
Microsoft Windows CVE-2020-1370 Windows Runtime Privilege
Escalation Vulnerability Important
Microsoft Windows CVE-2020-1371 Windows Event Logging Service
Privilege Escalation Vulnerability Important
Microsoft Windows CVE-2020-1372
Windows Mobile Device
Management Diagnostics Privilege
Escalation Vulnerability
Important
Microsoft Windows CVE-2020-1373
Windows Network Connections
Service Privilege Escalation
Vulnerability
Important
Microsoft Windows CVE-2020-1375 Windows COM Server Privilege
Escalation Vulnerability Important
Microsoft Windows CVE-2020-1384
Windows CNG Key Isolation
Service Privilege Escalation
Vulnerability
Important
-
© NSFOCUS 2020 Confidentiality: PUBLIC
Microsoft Windows CVE-2020-1385 Windows Credential Picker
Privilege Escalation Vulnerability Important
Microsoft Windows CVE-2020-1386
Connected User Experiences and
Telemetry Service
Information Disclosure
Vulnerability
Important
Microsoft Windows CVE-2020-1387 Windows Push Notification Service
Privilege Escalation Vulnerability Important
Microsoft Windows CVE-2020-1390
Windows Network Connections
Service Privilege Escalation
Vulnerability
Important
Microsoft Windows CVE-2020-1391
Windows Agent Activation
Runtime Information Disclosure
Vulnerability
Important
Microsoft Windows CVE-2020-1393 Windows Diagnostics Hub
Privilege Escalation Vulnerability Important
Microsoft Windows CVE-2020-1394 Windows Privilege Escalation
Important
-
© NSFOCUS 2020 Confidentiality: PUBLIC
Vulnerability
Microsoft Windows CVE-2020-1395 Windows Privilege Escalation
Vulnerability Important
Microsoft Windows CVE-2020-1398 Windows Lockscreen Privilege
Escalation Vulnerability Important
Microsoft Windows CVE-2020-1399 Windows Runtime Privilege
Escalation Vulnerability Important
Microsoft Windows CVE-2020-1402 Windows ActiveX Installer Service
Privilege Escalation Vulnerability Important
Microsoft Windows CVE-2020-1404 Windows Runtime Privilege
Escalation Vulnerability Important
Microsoft Windows CVE-2020-1405
Windows Mobile Device
Management Diagnostics Privilege
Escalation Vulnerability
Important
Microsoft Windows CVE-2020-1406 Windows Network List Service
Privilege Escalation Vulnerability Important
-
© NSFOCUS 2020 Confidentiality: PUBLIC
Microsoft Windows CVE-2020-1413 Windows Runtime Privilege
Escalation Vulnerability Important
Microsoft Windows CVE-2020-1427
Windows Network Connections
Service Privilege Escalation
Vulnerability
Important
Microsoft Windows CVE-2020-1428
Windows Network Connections
Service Privilege Escalation
Vulnerability
Important
Microsoft Windows CVE-2020-1429 Windows Error Reporting Manager
Privilege Escalation Vulnerability Important
Microsoft Windows CVE-2020-1430 Windows UPnP Device Host
Privilege Escalation Vulnerability Important
Microsoft Windows CVE-2020-1431
Windows AppX Deployment
Extensions Privilege Escalation
Vulnerability
Important
Microsoft Windows CVE-2020-1434 Windows Sync Host Service
Privilege Escalation Vulnerability Important
-
© NSFOCUS 2020 Confidentiality: PUBLIC
Microsoft Windows CVE-2020-1437
Windows Network Location
Awareness Service Privilege
Escalation Vulnerability
Important
Microsoft Windows CVE-2020-1438
Windows Network Connections
Service Privilege Escalation
Vulnerability
Important
Microsoft Windows CVE-2020-1463 Windows SharedStream Library
Privilege Escalation Vulnerability Important
Microsoft Windows CVE-2020-1249 Windows Runtime Privilege
Escalation Vulnerability Important
Microsoft Windows CVE-2020-1267
Local Security Authority
Subsystem
Service Denial-of-Service
Vulnerability
Important
Microsoft Windows CVE-2020-1333
Group Policy Services Policy
Processing Privilege Escalation
Vulnerability
Important
-
© NSFOCUS 2020 Confidentiality: PUBLIC
Microsoft Windows CVE-2020-1085
Windows Function Discovery
Service Privilege Escalation
Vulnerability
Important
Microsoft Windows CVE-2020-1330
Windows Mobile Device
Management Diagnostics
Information Disclosure
Vulnerability
Important
Open Source Software CVE-2020-1469 Bond Denial-of-Service
Vulnerability Important
Visual Studio CVE-2020-1416
Visual Studio and Visual Studio
Code Privilege Escalation
Vulnerability
Important
Visual Studio CVE-2020-1481
Visual Studio Code ESLint
Extention Remote Code Execution
Vulnerability
Important
Windows IIS ADV200008
Microsoft Guidance for Enabling
Request Smuggling Filter on IIS
Servers
Important
-
© NSFOCUS 2020 Confidentiality: PUBLIC
Windows Kernel CVE-2020-1336 Windows Kernel Privilege
Escalation Vulnerability Important
Windows Kernel CVE-2020-1419
Windows Kernel
Information Disclosure
Vulnerability
Important
Windows Kernel CVE-2020-1357 Windows System Events Broker
Privilege Escalation Vulnerability Important
Windows Kernel CVE-2020-1358
Windows Resource Policy
Information Disclosure
Vulnerability
Important
Windows Kernel CVE-2020-1367
Windows Kernel
Information Disclosure
Vulnerability
Important
Windows Kernel CVE-2020-1388 Windows Privilege Escalation
Vulnerability Important
Windows Kernel CVE-2020-1389 Windows Kernel
Information Disclosure
Important
-
© NSFOCUS 2020 Confidentiality: PUBLIC
Vulnerability
Windows Kernel CVE-2020-1396 Windows ALPC Privilege
Escalation Vulnerability Important
Windows Kernel CVE-2020-1411 Windows Kernel Privilege
Escalation Vulnerability Important
Windows Kernel CVE-2020-1426
Windows Kernel
Information Disclosure
Vulnerability
Important
Windows Shell CVE-2020-1360 Windows Profile Service Privilege
Escalation Vulnerability Important
Windows Shell CVE-2020-1368
Windows Credential Enrollment
Manager Service Privilege
Escalation Vulnerability
Important
Windows Shell CVE-2020-1414 Windows Runtime Privilege
Escalation Vulnerability Important
Windows Shell CVE-2020-1415 Windows Runtime Privilege
Important
-
© NSFOCUS 2020 Confidentiality: PUBLIC
Escalation Vulnerability
Windows Subsystem for Linux CVE-2020-1423 Windows Subsystem for Linux
Privilege Escalation Vulnerability Important
Windows Update Stack CVE-2020-1424 Windows Update Stack Privilege
Escalation Vulnerability Important
Windows Update Stack CVE-2020-1346 Windows Modules Installer
Privilege Escalation Vulnerability Important
Windows Update Stack CVE-2020-1392 Windows Privilege Escalation
Vulnerability Important
Windows WalletService CVE-2020-1344 Windows WalletService Privilege
Escalation Vulnerability Important
Windows WalletService CVE-2020-1361
Windows WalletService
Information Disclosure
Vulnerability
Important
Windows WalletService CVE-2020-1362 Windows WalletService Privilege
Escalation Vulnerability Important
-
© NSFOCUS 2020 Confidentiality: PUBLIC
Windows WalletService CVE-2020-1364
Windows
WalletService Denial-of-Service
Vulnerability
Important
Windows WalletService CVE-2020-1369 Windows WalletService Privilege
Escalation Vulnerability Important
Internet Explorer CVE-2020-1432
Skype for Business via Internet
Explorer Information Disclosure
Vulnerability
Low
Microsoft Edge CVE-2020-1433
Microsoft Edge PDF
Information Disclosure
Vulnerability
Low
Microsoft Edge CVE-2020-1462
Skype for Business via Microsoft
Edge (EdgeHTML-based)
Information Disclosure
Vulnerability
Low
Microsoft Scripting Engine CVE-2020-1403 VBScript Remote Code Execution
Vulnerability Moderate
-
© NSFOCUS 2020 Confidentiality: PUBLIC
Recommended Mitigation Measures
Microsoft has released security updates to fix these issues. Please download and install them as soon as possible.
Appendix
ADV200008 - Microsoft Guidance for Enabling Request Smuggling Filter
on IIS Servers
CVE ID Vulnerability Description
Maximum
Severity
Rating
Vulnerability
Impact
ADV200008
MITRE
CVE Title: Microsoft Guidance for Enabling Request Smuggling Filter on IIS Servers
Description: Important Tampering
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=ADV200008
-
© NSFOCUS 2020 Confidentiality: PUBLIC
CVE ID Vulnerability Description
Maximum
Severity
Rating
Vulnerability
Impact
NVD
Executive Summary
Microsoft is aware of a tampering vulnerability in the way that HTTP proxies (front-end) and web
servers (back-end) that do not strictly adhere to RFC standards handle sequences of HTTP requests
received from multiple sources. An attacker who successfully exploited the vulnerability could
combine multiple requests into the body of a single request to a web server, allowing them to modify
responses or retrieve information from another user's HTTP session.
To exploit the vulnerability against an IIS Server hosting a website, an unauthenticated attacker could
send a specially crafted request to a targeted IIS Server serviced by a front-end load balancer or proxy
that does not strictly adhere to RFC standards.
Recommended Actions
Microsoft recommends that administrators review front-end environmental configurations, and if
necessary, enable the request smuggling filter. Testing is required to determine that front-end load
balancers and proxies do not forward malformed requests; these requests will be rejected when the
filter is enabled, and may disrupt communications.
https://web.nvd.nist.gov/view/vuln/detail?vulnId=ADV200008
-
© NSFOCUS 2020 Confidentiality: PUBLIC
CVE ID Vulnerability Description
Maximum
Severity
Rating
Vulnerability
Impact
Enable the request smuggling filter on your web server by using the Registry Editor
Note Using Registry Editor incorrectly can cause serious problems that may require you to reinstall
your operating system. Microsoft cannot guarantee that problems resulting from the incorrect use of
Registry Editor can be solved. Use Registry Editor at your own risk. For information about how to edit
the registry, view the "Changing Keys and Values" Help topic in Registry Editor (Regedit.exe) or view
the "Add and Delete Information in the Registry" and "Edit Registry Data" Help topics in
Regedt32.exe.
1. Click Start, click Run, type Regedit in the Open box, and then click OK.
2. Locate and then click the following registry subkey:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\HTTP\Parameters
3. Set DWORD type value DisableRequestSmuggling to one of the following:
o Set to 0 to disable the filter
o Set to 1 to enable the filter
4. Exit Registry Editor.
5. Restart the computer.
FAQ:
None
Mitigations:
-
© NSFOCUS 2020 Confidentiality: PUBLIC
CVE ID Vulnerability Description
Maximum
Severity
Rating
Vulnerability
Impact
None
Workarounds:
None
Revision:
1.0 07/14/2020 07:00:00
Information published.
Affected Software
The following tables list the affected software details for the vulnerability.
ADV200008
Product KB
Article Severity Impact Supersedence
CVSS Score
Set
Restart
Required
Windows 10 Version 2004 for 32-bit Systems
Important Tampering
Base: N/A
Temporal:
N/A
Vector: N/A
-
© NSFOCUS 2020 Confidentiality: PUBLIC
ADV200008
Windows Server, version 2004 (Server Core installation)
Important Tampering
Base: N/A
Temporal:
N/A
Vector: N/A
Windows 10 Version 1803 for 32-bit Systems
Important Tampering
Base: N/A
Temporal:
N/A
Vector: N/A
Windows 10 Version 1803 for x64-based Systems
Important Tampering
Base: N/A
Temporal:
N/A
Vector: N/A
Windows 10 Version 1803 for ARM64-based Systems
Important Tampering
Base: N/A
Temporal:
N/A
Vector: N/A
Windows 10 Version 1809 for 32-bit Systems
Important Tampering
Base: N/A
Temporal:
N/A
Vector: N/A
Windows 10 Version 1809 for x64-based Systems
Important Tampering
Base: N/A
Temporal:
N/A
-
© NSFOCUS 2020 Confidentiality: PUBLIC
ADV200008
Vector: N/A
Windows 10 Version 1809 for ARM64-based Systems
Important Tampering
Base: N/A
Temporal:
N/A
Vector: N/A
Windows Server 2019
Important Tampering
Base: N/A
Temporal:
N/A
Vector: N/A
Windows Server 2019 (Server Core installation)
Important Tampering
Base: N/A
Temporal:
N/A
Vector: N/A
Windows 10 Version 1709 for 32-bit Systems
Important Tampering
Base: N/A
Temporal:
N/A
Vector: N/A
Windows 10 Version 1709 for x64-based Systems
Important Tampering
Base: N/A
Temporal:
N/A
Vector: N/A
Windows 10 Version 1709 for ARM64-based Systems
Important Tampering
Base: N/A
-
© NSFOCUS 2020 Confidentiality: PUBLIC
ADV200008
Temporal:
N/A
Vector: N/A
Windows 10 Version 1903 for 32-bit Systems
Important Tampering
Base: N/A
Temporal:
N/A
Vector: N/A
Windows 10 Version 1903 for x64-based Systems
Important Tampering
Base: N/A
Temporal:
N/A
Vector: N/A
Windows 10 Version 1903 for ARM64-based Systems
Important Tampering
Base: N/A
Temporal:
N/A
Vector: N/A
Windows Server, version 1903 (Server Core installation)
Important Tampering
Base: N/A
Temporal:
N/A
Vector: N/A
Windows 10 for 32-bit Systems
Important Tampering
Base: N/A
Temporal:
N/A
Vector: N/A
-
© NSFOCUS 2020 Confidentiality: PUBLIC
ADV200008
Windows 10 for x64-based Systems
Important Tampering
Base: N/A
Temporal:
N/A
Vector: N/A
Windows 10 Version 1607 for 32-bit Systems
Important Tampering
Base: N/A
Temporal:
N/A
Vector: N/A
Windows 10 Version 1607 for x64-based Systems
Important Tampering
Base: N/A
Temporal:
N/A
Vector: N/A
Windows Server 2016
Important Tampering
Base: N/A
Temporal:
N/A
Vector: N/A
Windows Server 2016 (Server Core installation)
Important Tampering
Base: N/A
Temporal:
N/A
Vector: N/A
Windows 7 for 32-bit Systems Service Pack 1
Important Tampering
Base: N/A
Temporal:
N/A
-
© NSFOCUS 2020 Confidentiality: PUBLIC
ADV200008
Vector: N/A
Windows 7 for x64-based Systems Service Pack 1
Important Tampering
Base: N/A
Temporal:
N/A
Vector: N/A
Windows 8.1 for 32-bit systems
Important Tampering
Base: N/A
Temporal:
N/A
Vector: N/A
Windows 8.1 for x64-based systems
Important Tampering
Base: N/A
Temporal:
N/A
Vector: N/A
Windows RT 8.1
Important Tampering
Base: N/A
Temporal:
N/A
Vector: N/A
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Important Tampering
Base: N/A
Temporal:
N/A
Vector: N/A
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Important Tampering
Base: N/A
-
© NSFOCUS 2020 Confidentiality: PUBLIC
ADV200008
(Server Core installation) Temporal:
N/A
Vector: N/A
Windows Server 2012
Important Tampering
Base: N/A
Temporal:
N/A
Vector: N/A
Windows Server 2012 (Server Core installation)
Important Tampering
Base: N/A
Temporal:
N/A
Vector: N/A
Windows Server 2012 R2
Important Tampering
Base: N/A
Temporal:
N/A
Vector: N/A
Windows Server 2012 R2 (Server Core installation)
Important Tampering
Base: N/A
Temporal:
N/A
Vector: N/A
Windows 10 Version 1909 for 32-bit Systems
Important Tampering
Base: N/A
Temporal:
N/A
Vector: N/A
-
© NSFOCUS 2020 Confidentiality: PUBLIC
ADV200008
Windows 10 Version 1909 for x64-based Systems
Important Tampering
Base: N/A
Temporal:
N/A
Vector: N/A
Windows 10 Version 1909 for ARM64-based Systems
Important Tampering
Base: N/A
Temporal:
N/A
Vector: N/A
Windows Server, version 1909 (Server Core installation)
Important Tampering
Base: N/A
Temporal:
N/A
Vector: N/A
Windows 10 Version 2004 for ARM64-based Systems
Important Tampering
Base: N/A
Temporal:
N/A
Vector: N/A
Windows 10 Version 2004 for x64-based Systems
Important Tampering
Base: N/A
Temporal:
N/A
Vector: N/A
-
© NSFOCUS 2020 Confidentiality: PUBLIC
CVE-2020-1025 - Microsoft Office Privilege Escalation Vulnerability
CVE ID Vulnerability Description Maximum
Severity Rating
Vulnerability
Impact
CVE-202
0-1025
MITRE
NVD
CVE Title: Microsoft Office Privilege Escalation Vulnerability
Description:
A privilege escalation vulnerability exists when Microsoft SharePoint Server and Skype for
Business Server improperly handle OAuth token validation. An attacker who successfully
exploited the vulnerability could bypass authentication and achieve improper access.
To exploit this vulnerability, an attacker would need to modify the token.
The update addresses the vulnerability by modifying how Microsoft SharePoint Server and Skype
for Business Server validate tokens.
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0 07/14/2020 07:00:00
Critical Privilege
Escalation
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1025https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1025
-
© NSFOCUS 2020 Confidentiality: PUBLIC
CVE ID Vulnerability Description Maximum
Severity Rating
Vulnerability
Impact
Information published.
Affected Software
The following tables list the affected software details for the vulnerability.
CVE-2020-1025
Product KB Article Severity Impact Supersedence CVSS Score
Set
Restart
Required
Skype for Business Server 2019 CU2
4571332 Security
Update
Critical Privilege
Escalation
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Skype for Business Server 2015 CU 8
4571333 Security
Update
Critical Privilege
Escalation
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Lync Server 2013
4571334 Security
Update
Critical Privilege
Escalation
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft SharePoint Enterprise Server 2016 4484436 Security Critical Privilege 4484402 Base: N/A Maybe
https://www.microsoft.com/downloads/details.aspx?familyid=dac7c777-fe8a-45a2-9a82-07a2e15c298fhttps://www.microsoft.com/downloads/details.aspx?familyid=dac7c777-fe8a-45a2-9a82-07a2e15c298fhttps://www.microsoft.com/downloads/details.aspx?familyid=0d08ed37-106a-456f-a5c6-61df22588bechttps://www.microsoft.com/downloads/details.aspx?familyid=0d08ed37-106a-456f-a5c6-61df22588bechttps://www.microsoft.com/downloads/details.aspx?familyid=dac7c777-fe8a-45a2-9a82-07a2e15c298fhttps://www.microsoft.com/downloads/details.aspx?familyid=dac7c777-fe8a-45a2-9a82-07a2e15c298fhttps://www.microsoft.com/downloads/details.aspx?familyid=f232400f-0b93-444c-804d-a8b87bdad0ee
-
© NSFOCUS 2020 Confidentiality: PUBLIC
CVE-2020-1025
Update
Escalation Temporal: N/A
Vector: N/A
Microsoft SharePoint Server 2019
4484453 Security
Update
Critical Privilege
Escalation 4484400
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft SharePoint Foundation 2013
Service Pack 1
4484448 Security
Update
Critical Privilege
Escalation 4484409
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
CVE-2020-1032 - Hyper-V RemoteFX vGPU Remote Code Execution
Vulnerability
CVE ID Vulnerability Description
Maximum
Severity
Rating
Vulnerability
Impact
CVE-202
0-1032
MITRE
NVD
CVE Title: Hyper-V RemoteFX vGPU Remote Code Execution Vulnerability
Description:
A remote code execution vulnerability exists when Hyper-V RemoteFX vGPU on a host server
fails to properly validate input from an authenticated user on a guest operating system. To exploit
the vulnerability, an attacker could run a specially crafted application on a guest operating system,
Critical Remote Code
Execution
https://www.microsoft.com/downloads/details.aspx?familyid=f232400f-0b93-444c-804d-a8b87bdad0eehttps://www.microsoft.com/downloads/details.aspx?familyid=f19e809b-213a-4915-a441-00c66ef9678ahttps://www.microsoft.com/downloads/details.aspx?familyid=f19e809b-213a-4915-a441-00c66ef9678ahttps://www.microsoft.com/downloads/details.aspx?familyid=87b05d3b-6b80-4372-abba-e4610744ba4chttps://www.microsoft.com/downloads/details.aspx?familyid=87b05d3b-6b80-4372-abba-e4610744ba4chttp://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1032https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1032
-
© NSFOCUS 2020 Confidentiality: PUBLIC
CVE ID Vulnerability Description
Maximum
Severity
Rating
Vulnerability
Impact
attacking certain third-party video drivers running on the Hyper-V host. This could then cause the
host operating system to execute arbitrary code.
An attacker who successfully exploited the vulnerability could execute arbitrary code on the host
operating system.
There is no patch to fix this vulnerability, and the update listed will forcibly disable RemoteFX when
applied. More information can be found in the FAQ below.
The software listed in the Security Updates table indicates those operating systems for which
RemoteFX vGPU is currently available. RemoteFX vGPU has been deprecated in Windows Server
2019 and customers are advised to use Discrete Device Assignment (DDA) instead of RemoteFX
vGPU. DDA was introduced in Windows Server 2016.
FAQ:
How do I know if I'm using RemoteFX?
Please review the information here to determine if you are using RemoteFX.
How can I protect my server from this vulnerability?
If you are running Windows Server 2016 or Windows Server 2019, we recommend you
use Discrete Device Assignment (DDA) as opposed to RemoteFX vGPU to enable graphics
virtualization. If you are running windows Server 2012 R2 or older, we recommend not using
https://go.microsoft.com/fwlink/?linkid=2131976
-
© NSFOCUS 2020 Confidentiality: PUBLIC
CVE ID Vulnerability Description
Maximum
Severity
Rating
Vulnerability
Impact
RemoteFX vGPU. Please see Plan for GPU acceleration in Windows Server for more information.
What steps should I take if RemoteFX is required in my environment?
Customers who require RemoteFX in their environment can review the information here.
Where can I find more information about the deprecation of RemoteFX?
1. Features removed or planned for replacement starting Windows Server 2019
2. Features removed or planned for replacement starting with Windows Server, version 1803
Why is Microsoft planning to disable and remove RemoteFX instead of fixing the
vulnerability?
In October 2019, Microsoft announced that we were stopping development of Remote FX and
building new functionality. For Windows 10 version 1809 and higher, and Windows Server 2019,
RemoteFX vGPU is no longer supported or actively developed. Since these newly identified
vulnerabilities are architectural in nature, and the feature is already deprecated on newer versions
of Windows, Microsoft has determined that disabling and removing RemoteFX is a better course
of action. Microsoft has developed a different platform that is inherently much more secure. Please
see Plan for GPU acceleration in Windows Server for more information.
Mitigations:
https://docs.microsoft.com/en-us/windows-server/virtualization/hyper-v/plan/plan-for-gpu-acceleration-in-windows-server#remotefx-vgpuhttps://go.microsoft.com/fwlink/?linkid=2131976https://docs.microsoft.com/en-us/windows-server/get-started-19/removed-features-19#features-we-removed-in-this-releasehttps://docs.microsoft.com/en-us/windows-server/get-started/windows-server-1803-removed-featureshttps://docs.microsoft.com/en-us/windows-server/get-started-19/removed-features-19#features-we-removed-in-this-releasehttps://docs.microsoft.com/en-us/windows-server/virtualization/hyper-v/plan/plan-for-gpu-acceleration-in-windows-server#remotefx-vgpu
-
© NSFOCUS 2020 Confidentiality: PUBLIC
CVE ID Vulnerability Description
Maximum
Severity
Rating
Vulnerability
Impact
None
Workarounds:
None
Revision:
1.0 07/14/2020 07:00:00
Information published.
Affected Software
The following tables list the affected software details for the vulnerability.
CVE-2020-1032
Product KB
Article Severity Impact Supersedence CVSS Score Set
Restart
Required
Windows
Server 2016 Critical
Remote
Code
Execution
Base: 8
Temporal: 7.6
Vector:
CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:U/RC:C
-
© NSFOCUS 2020 Confidentiality: PUBLIC
CVE-2020-1032
Windows
Server 2016
(Server Core
installation)
Critical
Remote
Code
Execution
Base: 8
Temporal: 7.6
Vector:
CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:U/RC:C
Windows
Server 2008 R2
for x64-based
Systems
Service Pack 1
Critical
Remote
Code
Execution
Base: 8
Temporal: 7.6
Vector:
CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:U/RC:C
Windows
Server 2008 R2
for x64-based
Systems
Service Pack 1
(Server Core
installation)
Critical
Remote
Code
Execution
Base: 8
Temporal: 7.6
Vector:
CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:U/RC:C
Windows
Server 2012 Critical
Remote
Code
Execution
Base: 8
Temporal: 7.6
Vector:
CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:U/RC:C
Windows
Server 2012
(Server Core
Critical
Remote
Code
Execution
Base: 8
Temporal: 7.6
Vector:
-
© NSFOCUS 2020 Confidentiality: PUBLIC
CVE-2020-1032
installation) CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:U/RC:C
Windows
Server 2012 R2 Critical
Remote
Code
Execution
Base: 8
Temporal: 7.6
Vector:
CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:U/RC:C
Windows
Server 2012 R2
(Server Core
installation)
Critical
Remote
Code
Execution
Base: 8
Temporal: 7.6
Vector:
CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:U/RC:C
CVE-2020-1036 - Hyper-V RemoteFX vGPU Remote Code Execution
Vulnerability
CVE ID Vulnerability Description
Maximum
Severity
Rating
Vulnerability
Impact
CVE-202
0-1036
MITRE
NVD
CVE Title: Hyper-V RemoteFX vGPU Remote Code Execution Vulnerability
Description:
A remote code execution vulnerability exists when Hyper-V RemoteFX vGPU on a host server
fails to properly validate input from an authenticated user on a guest operating system. To exploit
Critical Remote Code
Execution
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1036https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1036
-
© NSFOCUS 2020 Confidentiality: PUBLIC
CVE ID Vulnerability Description
Maximum
Severity
Rating
Vulnerability
Impact
the vulnerability, an attacker could run a specially crafted application on a guest operating system,
attacking certain third-party video drivers running on the Hyper-V host. This could then cause the
host operating system to execute arbitrary code.
An attacker who successfully exploited the vulnerability could execute arbitrary code on the host
operating system.
There is no patch to fix this vulnerability, and the update listed will forcibly disable RemoteFX when
applied. More information can be found in the FAQ below.
The software listed in the Security Updates table indicates those operating systems for which
RemoteFX vGPU is currently available. RemoteFX vGPU has been deprecated in Windows Server
2019 and customers are advised to use Discrete Device Assignment (DDA) instead of RemoteFX
vGPU. DDA was introduced in Windows Server 2016.
FAQ:
How do I know if I'm using RemoteFX?
Please review the information here to determine if you are using RemoteFX.
How can I protect my server from this vulnerability?
If you are running Windows Server 2016 or Windows Server 2019, we recommend you
use Discrete Device Assignment (DDA) as opposed to RemoteFX vGPU to enable graphics
https://go.microsoft.com/fwlink/?linkid=2131976
-
© NSFOCUS 2020 Confidentiality: PUBLIC
CVE ID Vulnerability Description
Maximum
Severity
Rating
Vulnerability
Impact
virtualization. If you are running windows Server 2012 R2 or older, we recommend not using
RemoteFX vGPU. Please see Plan for GPU acceleration in Windows Server for more information.
What steps should I take if RemoteFX is required in my environment?
Customers who require RemoteFX in their environment can review the information here.
Where can I find more information about the deprecation of RemoteFX?
1. Features removed or planned for replacement starting Windows Server 2019
2. Features removed or planned for replacement starting with Windows Server, version 1803
Why is Microsoft planning to disable and remove RemoteFX instead of fixing the
vulnerability?
In October 2019, Microsoft announced that we were stopping development of Remote FX and
building new functionality. For Windows 10 version 1809 and higher, and Windows Server 2019,
RemoteFX vGPU is no longer supported or actively developed. Since these newly identified
vulnerabilities are architectural in nature, and the feature is already deprecated on newer versions
of Windows, Microsoft has determined that disabling and removing RemoteFX is a better course
of action. Microsoft has developed a different platform that is inherently much more secure. Please
see Plan for GPU acceleration in Windows Server for more information.
https://docs.microsoft.com/en-us/windows-server/virtualization/hyper-v/plan/plan-for-gpu-acceleration-in-windows-server#remotefx-vgpuhttps://go.microsoft.com/fwlink/?linkid=2131976https://docs.microsoft.com/en-us/windows-server/get-started-19/removed-features-19#features-we-removed-in-this-releasehttps://docs.microsoft.com/en-us/windows-server/get-started/windows-server-1803-removed-featureshttps://docs.microsoft.com/en-us/windows-server/get-started-19/removed-features-19#features-we-removed-in-this-releasehttps://docs.microsoft.com/en-us/windows-server/virtualization/hyper-v/plan/plan-for-gpu-acceleration-in-windows-server#remotefx-vgpu
-
© NSFOCUS 2020 Confidentiality: PUBLIC
CVE ID Vulnerability Description
Maximum
Severity
Rating
Vulnerability
Impact
Mitigations:
None
Workarounds:
None
Revision:
1.0 07/14/2020 07:00:00
Information published.
Affected Software
The following tables list the affected software details for the vulnerability.
CVE-2020-1036
Product KB
Article Severity Impact Supersedence CVSS Score Set
Restart
Required
Windows
Server 2016 Critical
Remote
Code
Execution
Base: 8
Temporal: 7.6
Vector:
-
© NSFOCUS 2020 Confidentiality: PUBLIC
CVE-2020-1036
CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:U/RC:C
Windows
Server 2016
(Server Core
installation)
Critical
Remote
Code
Execution
Base: 8
Temporal: 7.6
Vector:
CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:U/RC:C
Windows
Server 2008 R2
for x64-based
Systems
Service Pack 1
Critical
Remote
Code
Execution
Base: 8
Temporal: 7.6
Vector:
CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:U/RC:C
Windows
Server 2008 R2
for x64-based
Systems
Service Pack 1
(Server Core
installation)
Critical
Remote
Code
Execution
Base: 8
Temporal: 7.6
Vector:
CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:U/RC:C
Windows
Server 2012 Critical
Remote
Code
Execution
Base: 8
Temporal: 7.6
Vector:
CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:U/RC:C
Windows
Server 2012 Critical
Remote
Code
Base: 8
Temporal: 7.6
-
© NSFOCUS 2020 Confidentiality: PUBLIC
CVE-2020-1036
(Server Core
installation)
Execution Vector:
CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:U/RC:C
Windows
Server 2012 R2 Critical
Remote
Code
Execution
Base: 8
Temporal: 7.6
Vector:
CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:U/RC:C
Windows
Server 2012 R2
(Server Core
installation)
Critical
Remote
Code
Execution
Base: 8
Temporal: 7.6
Vector:
CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:U/RC:C
CVE-2020-1040 - Hyper-V RemoteFX vGPU Remote Code Execution
Vulnerability
CVE ID Vulnerability Description
Maximum
Severity
Rating
Vulnerability
Impact
CVE-202
0-1040
MITRE
CVE Title: Hyper-V RemoteFX vGPU Remote Code Execution Vulnerability
Description:
A remote code execution vulnerability exists when Hyper-V RemoteFX vGPU on a host server
Critical Remote Code
Execution
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1040
-
© NSFOCUS 2020 Confidentiality: PUBLIC
CVE ID Vulnerability Description
Maximum
Severity
Rating
Vulnerability
Impact
NVD fails to properly validate input from an authenticated user on a guest operating system. To exploit
the vulnerability, an attacker could run a specially crafted application on a guest operating system,
attacking certain third-party video drivers running on the Hyper-V host. This could then cause the
host operating system to execute arbitrary code.
An attacker who successfully exploited the vulnerability could execute arbitrary code on the host
operating system.
There is no patch to fix this vulnerability, and the update listed will forcibly disable RemoteFX when
applied. More information can be found in the FAQ below.
The software listed in the Security Updates table indicates those operating systems for which
RemoteFX vGPU is currently available. RemoteFX vGPU has been deprecated in Windows Server
2019 and customers are advised to use Discrete Device Assignment (DDA) instead of RemoteFX
vGPU. DDA was introduced in Windows Server 2016.
FAQ:
How do I know if I'm using RemoteFX?
Please review the information here to determine if you are using RemoteFX.
How can I protect my server from this vulnerability?
If you are running Windows Server 2016 or Windows Server 2019, we recommend you
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1040https://go.microsoft.com/fwlink/?linkid=2131976
-
© NSFOCUS 2020 Confidentiality: PUBLIC
CVE ID Vulnerability Description
Maximum
Severity
Rating
Vulnerability
Impact
use Discrete Device Assignment (DDA) as opposed to RemoteFX vGPU to enable graphics
virtualization. If you are running windows Server 2012 R2 or older, we recommend not using
RemoteFX vGPU. Please see Plan for GPU acceleration in Windows Server for more information.
What steps should I take if RemoteFX is required in my environment?
Customers who require RemoteFX in their environment can review the information here.
Where can I find more information about the deprecation of RemoteFX?
1. Features removed or planned for replacement starting Windows Server 2019
2. Features removed or planned for replacement starting with Windows Server, version 1803
Why is Microsoft planning to disable and remove RemoteFX instead of fixing the
vulnerability?
In October 2019, Microsoft announced that we were stopping development of Remote FX and
building new functionality. For Windows 10 version 1809 and higher, and Windows Server 2019,
RemoteFX vGPU is no longer supported or actively developed. Since these newly identified
vulnerabilities are architectural in nature, and the feature is already deprecated on newer versions
of Windows, Microsoft has determined that disabling and removing RemoteFX is a better course
of action. Microsoft has developed a different platform that is inherently much more secure. Please
see Plan for GPU acceleration in Windows Server for more information.
https://docs.microsoft.com/en-us/windows-server/virtualization/hyper-v/plan/plan-for-gpu-acceleration-in-windows-server#remotefx-vgpuhttps://go.microsoft.com/fwlink/?linkid=2131976https://docs.microsoft.com/en-us/windows-server/get-started-19/removed-features-19#features-we-removed-in-this-releasehttps://docs.microsoft.com/en-us/windows-server/get-started/windows-server-1803-removed-featureshttps://docs.microsoft.com/en-us/windows-server/get-started-19/removed-features-19#features-we-removed-in-this-releasehttps://docs.microsoft.com/en-us/windows-server/virtualization/hyper-v/plan/plan-for-gpu-acceleration-in-windows-server#remotefx-vgpu
-
© NSFOCUS 2020 Confidentiality: PUBLIC
CVE ID Vulnerability Description
Maximum
Severity
Rating
Vulnerability
Impact
Mitigations:
None
Workarounds:
None
Revision:
1.0 07/14/2020 07:00:00
Information published.
Affected Software
The following tables list the affected software details for the vulnerability.
CVE-2020-1040
Product KB
Article Severity Impact Supersedence CVSS Score Set
Restart
Required
Windows
Server 2016 Critical
Remote
Code
Base: 8
Temporal: 7.6
-
© NSFOCUS 2020 Confidentiality: PUBLIC
CVE-2020-1040
Execution Vector:
CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:U/RC:C
Windows
Server 2016
(Server Core
installation)
Critical
Remote
Code
Execution
Base: 8
Temporal: 7.6
Vector:
CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:U/RC:C
Windows
Server 2008 R2
for x64-based
Systems
Service Pack 1
Critical
Remote
Code
Execution
Base: 8
Temporal: 7.6
Vector:
CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:U/RC:C
Windows
Server 2008 R2
for x64-based
Systems
Service Pack 1
(Server Core
installation)
Critical
Remote
Code
Execution
Base: 8
Temporal: 7.6
Vector:
CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:U/RC:C
Windows
Server 2012 Critical
Remote
Code
Execution
Base: 8
Temporal: 7.6
Vector:
CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:U/RC:C
Windows
Critical Remote
Base: 8
-
© NSFOCUS 2020 Confidentiality: PUBLIC
CVE-2020-1040
Server 2012
(Server Core
installation)
Code
Execution
Temporal: 7.6
Vector:
CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:U/RC:C
Windows
Server 2012 R2 Critical
Remote
Code
Execution
Base: 8
Temporal: 7.6
Vector:
CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:U/RC:C
Windows
Server 2012 R2
(Server Core
installation)
Critical
Remote
Code
Execution
Base: 8
Temporal: 7.6
Vector:
CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:U/RC:C
CVE-2020-1041 - Hyper-V RemoteFX vGPU Remote Code Execution
Vulnerability
CVE ID Vulnerability Description
Maximum
Severity
Rating
Vulnerability
Impact
CVE-202
0-1041
CVE Title: Hyper-V RemoteFX vGPU Remote Code Execution Vulnerability
Description: Critical
Remote Code
Execution
-
© NSFOCUS 2020 Confidentiality: PUBLIC
CVE ID Vulnerability Description
Maximum
Severity
Rating
Vulnerability
Impact
MITRE
NVD
A remote code execution vulnerability exists when Hyper-V RemoteFX vGPU on a host server
fails to properly validate input from an authenticated user on a guest operating system. To exploit
the vulnerability, an attacker could run a specially crafted application on a guest operating system,
attacking certain third-party video drivers running on the Hyper-V host. This could then cause the
host operating system to execute arbitrary code.
An attacker who successfully exploited the vulnerability could execute arbitrary code on the host
operating system.
There is no patch to fix this vulnerability, and the update listed will forcibly disable RemoteFX when
applied. More information can be found in the FAQ below.
The software listed in the Security Updates table indicates those operating systems for which
RemoteFX vGPU is currently available. RemoteFX vGPU has been deprecated in Windows Server
2019 and customers are advised to use Discrete Device Assignment (DDA) instead of RemoteFX
vGPU. DDA was introduced in Windows Server 2016.
FAQ:
How do I know if I'm using RemoteFX?
Please review the information here to determine if you are using RemoteFX.
How can I protect my server from this vulnerability?
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1041https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1041https://go.microsoft.com/fwlink/?linkid=2131976
-
© NSFOCUS 2020 Confidentiality: PUBLIC
CVE ID Vulnerability Description
Maximum
Severity
Rating
Vulnerability
Impact
If you are running Windows Server 2016 or Windows Server 2019, we recommend you
use Discrete Device Assignment (DDA) as opposed to RemoteFX vGPU to enable graphics
virtualization. If you are running windows Server 2012 R2 or older, we recommend not using
RemoteFX vGPU. Please see Plan for GPU acceleration in Windows Server for more information.
What steps should I take if RemoteFX is required in my environment?
Customers who require RemoteFX in their environment can review the information here.
Where can I find more information about the deprecation of RemoteFX?
1. Features removed or planned for replacement starting Windows Server 2019
2. Features removed or planned for replacement starting with Windows Server, version 1803
Why is Microsoft planning to disable and remove RemoteFX instead of fixing the
vulnerability?
In October 2019, Microsoft announced that we were stopping development of Remote FX and
building new functionality. For Windows 10 version 1809 and higher, and Windows Server 2019,
RemoteFX vGPU is no longer supported or actively developed. Since these newly identified
vulnerabilities are architectural in nature, and the feature is already deprecated on newer versions
of Windows, Microsoft has determined that disabling and removing RemoteFX is a better course
of action. Microsoft has developed a different platform that is inherently much more secure. Please
https://docs.microsoft.com/en-us/windows-server/virtualization/hyper-v/plan/plan-for-gpu-acceleration-in-windows-server#remotefx-vgpuhttps://go.microsoft.com/fwlink/?linkid=2131976https://docs.microsoft.com/en-us/windows-server/get-started-19/removed-features-19#features-we-removed-in-this-releasehttps://docs.microsoft.com/en-us/windows-server/get-started/windows-server-1803-removed-featureshttps://docs.microsoft.com/en-us/windows-server/get-started-19/removed-features-19#features-we-removed-in-this-release
-
© NSFOCUS 2020 Confidentiality: PUBLIC
CVE ID Vulnerability Description
Maximum
Severity
Rating
Vulnerability
Impact
see Plan for GPU acceleration in Windows Server for more information.
Mitigations:
None
Workarounds:
None
Revision:
1.0 07/14/2020 07:00:00
Information published.
Affected Software
The following tables list the affected software details for the vulnerability.
CVE-2020-1041
Product KB
Article Severity Impact Supersedence CVSS Score Set
Restart
Required
Windows
Critical Remote
Base: 8
https://docs.microsoft.com/en-us/windows-server/virtualization/hyper-v/plan/plan-for-gpu-acceleration-in-windows-server#remotefx-vgpu
-
© NSFOCUS 2020 Confidentiality: PUBLIC
CVE-2020-1041
Server 2016 Code
Execution
Temporal: 7.6
Vector:
CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:U/RC:C
Windows
Server 2016
(Server Core
installation)
Critical
Remote
Code
Execution
Base: 8
Temporal: 7.6
Vector:
CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:U/RC:C
Windows
Server 2008 R2
for x64-based
Systems
Service Pack 1
Critical
Remote
Code
Execution
Base: 8
Temporal: 7.6
Vector:
CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:U/RC:C
Windows
Server 2008 R2
for x64-based
Systems
Service Pack 1
(Server Core
installation)
Critical
Remote
Code
Execution
Base: 8
Temporal: 7.6
Vector:
CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:U/RC:C
Windows
Server 2012 Critical
Remote
Code
Execution
Base: 8
Temporal: 7.6
Vector:
CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:U/RC:C
-
© NSFOCUS 2020 Confidentiality: PUBLIC
CVE-2020-1041
Windows
Server 2012
(Server Core
installation)
Critical
Remote
Code
Execution
Base: 8
Temporal: 7.6
Vector:
CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:U/RC:C
Windows
Server 2012 R2 Critical
Remote
Code
Execution
Base: 8
Temporal: 7.6
Vector:
CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:U/RC:C
Windows
Server 2012 R2
(Server Core
installation)
Critical
Remote
Code
Execution
Base: 8
Temporal: 7.6
Vector:
CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:U/RC:C
CVE-2020-1042 - Hyper-V RemoteFX vGPU Remote Code Execution
Vulnerability
CVE ID Vulnerability Description
Maximum
Severity
Rating
Vulnerability
Impact
CVE-202 CVE Title: Hyper-V RemoteFX vGPU Remote Code Execution Vulnerability Critical Remote Code
-
© NSFOCUS 2020 Confidentiality: PUBLIC
CVE ID Vulnerability Description
Maximum
Severity
Rating
Vulnerability
Impact
0-1042
MITRE
NVD
Description:
A remote code execution vulnerability exists when Hyper-V RemoteFX vGPU on a host server
fails to properly validate input from an authenticated user on a guest operating system. To exploit
the vulnerability, an attacker could run a specially crafted application on a guest operating system,
attacking certain third-party video drivers running on the Hyper-V host. This could then cause the
host operating system to execute arbitrary code.
An attacker who successfully exploited the vulnerability could execute arbitrary code on the host
operating system.
There is no patch to fix this vulnerability, and the update listed will forcibly disable RemoteFX when
applied. More information can be found in the FAQ below.
The software listed in the Security Updates table indicates those operating systems for which
RemoteFX vGPU is currently available. RemoteFX vGPU has been deprecated in Windows Server
2019 and customers are advised to use Discrete Device Assignment (DDA) instead of RemoteFX
vGPU. DDA was introduced in Windows Server 2016.
FAQ:
How do I know if I'm using RemoteFX?
Please review the information here to determine if you are using RemoteFX.
Execution
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1042https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1042https://go.microsoft.com/fwlink/?linkid=2131976
-
© NSFOCUS 2020 Confidentiality: PUBLIC
CVE ID Vulnerability Description
Maximum
Severity
Rating
Vulnerability
Impact
How can I protect my server from this vulnerability?
If you are running Windows Server 2016 or Windows Server 2019, we recommend you
use Discrete Device Assignment (DDA) as opposed to RemoteFX vGPU to enable graphics
virtualization. If you are running windows Server 2012 R2 or older, we recommend not using
RemoteFX vGPU. Please see Plan for GPU acceleration in Windows Server for more information.
What steps should I take if RemoteFX is required in my environment?
Customers who require RemoteFX in their environment can review the information here.
Where can I find more information about the deprecation of RemoteFX?
1. Features removed or planned for replacement starting Windows Server 2019
2. Features removed or planned for replacement starting with Windows Server, version 1803
Why is Microsoft planning to disable and remove RemoteFX instead of fixing the
vulnerability?
In October 2019, Microsoft announced that we were stopping development of Remote FX and
building new functionality. For Windows 10 version 1809 and higher, and Windows Server 2019,
RemoteFX vGPU is no longer supported or actively developed. Since these newly identified
vulnerabilities are architectural in nature, and the feature is already deprecated on newer versions
of Windows, Microsoft has determined that disabling and removing RemoteFX is a better course
https://docs.microsoft.com/en-us/windows-server/virtualization/hyper-v/plan/plan-for-gpu-acceleration-in-windows-server#remotefx-vgpuhttps://go.microsoft.com/fwlink/?linkid=2131976https://docs.microsoft.com/en-us/windows-server/get-started-19/removed-features-19#features-we-removed-in-this-releasehttps://docs.microsoft.com/en-us/windows-server/get-started/windows-server-1803-removed-featureshttps://docs.microsoft.com/en-us/windows-server/get-started-19/removed-features-19#features-we-removed-in-this-release
-
© NSFOCUS 2020 Confidentiality: PUBLIC
CVE ID Vulnerability Description
Maximum
Severity
Rating
Vulnerability
Impact
of action. Microsoft has developed a different platform that is inherently much more secure. Please
see Plan for GPU acceleration in Windows Server for more information.
Mitigations:
None
Workarounds:
None
Revision:
1.0 07/14/2020 07:00:00
Information published.
Affected Software
The following tables list the affected software details for the vulnerability.
CVE-2020-1042
Product KB
Article Severity Impact Supersedence CVSS Score Set
Restart
Required
https://docs.microsoft.com/en-us/windows-server/virtualization/hyper-v/plan/plan-for-gpu-acceleration-in-windows-server#remotefx-vgpu
-
© NSFOCUS 2020 Confidentiality: PUBLIC
CVE-2020-1042
Windows
Server 2016 Critical
Remote
Code
Execution
Base: 8
Temporal: 7.6
Vector:
CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:U/RC:C
Windows
Server 2016
(Server Core
installation)
Critical
Remote
Code
Execution
Base: 8
Temporal: 7.6
Vector:
CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:U/RC:C
Windows
Server 2008 R2
for x64-based
Systems
Service Pack 1
Critical
Remote
Code
Execution
Base: 8
Temporal: 7.6
Vector:
CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:U/RC:C
Windows
Server 2008 R2
for x64-based
Systems
Service Pack 1
(Server Core
installation)
Critical
Remote
Code
Execution
Base: 8
Temporal: 7.6
Vector:
CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:U/RC:C
Windows
Server 2012 Critical
Remote
Code
Execution
Base: 8
Temporal: 7.6
Vector:
-
© NSFOCUS 2020 Confidentiality: PUBLIC
CVE-2020-1042
CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:U/RC:C
Windows
Server 2012
(Server Core
installation)
Critical
Remote
Code
Execution
Base: 8
Temporal: 7.6
Vector:
CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:U/RC:C
Windows
Server 2012 R2 Critical
Remote
Code
Execution
Base: 8
Temporal: 7.6
Vector:
CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:U/RC:C
Windows
Server 2012 R2
(Server Core
installation)
Critical
Remote
Code
Execution
Base: 8
Temporal: 7.6
Vector:
CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:U/RC:C
CVE-2020-1043 - Hyper-V RemoteFX vGPU Remote Code Execution
Vulnerability
CVE ID Vulnerability Description
Maximum
Severity
Rating
Vulnerability
Impact
-
© NSFOCUS 2020 Confidentiality: PUBLIC
CVE ID Vulnerability Description
Maximum
Severity
Rating
Vulnerability
Impact
CVE-202
0-1043
MITRE
NVD
CVE Title: Hyper-V RemoteFX vGPU Remote Code Execution Vulnerability
Description:
A remote code execution vulnerability exists when Hyper-V RemoteFX vGPU on a host server
fails to properly validate input from an authenticated user on a guest operating system. To exploit
the vulnerability, an attacker could run a specially crafted application on a guest operating system,
attacking certain third-party video drivers running on the Hyper-V host. This could then cause the
host operating system to execute arbitrary code.
An attacker who successfully exploited the vulnerability could execute arbitrary code on the host
operating system.
There is no patch to fix this vulnerability, and the update listed will forcibly disable RemoteFX when
applied. More information can be found in the FAQ below.
The software listed in the Security Updates table indicates those operating systems for which
RemoteFX vGPU is currently available. RemoteFX vGPU has been deprecated in Windows Server
2019 and customers are advised to use Discrete Device Assignment (DDA) instead of RemoteFX
vGPU. DDA was introduced in Windows Server 2016.
FAQ:
How do I know if I'm using RemoteFX?
Please review the information here to determine if you are using RemoteFX.
Critical Remote Code
Execution
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1043https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1043https://go.microsoft.com/fwlink/?linkid=2131976
-
© NSFOCUS 2020 Confidentiality: PUBLIC
CVE ID Vulnerability Description
Maximum
Severity
Rating
Vulnerability
Impact
How can I protect my server from this vulnerability?
If you are running Windows Server 2016 or Windows Server 2019, we recommend you
use Discrete Device Assignment (DDA) as opposed to RemoteFX vGPU to enable graphics
virtualization. If you are running windows Server 2012 R2 or older, we recommend not using
RemoteFX vGPU. Please see Plan for GPU acceleration in Windows Server for more information.
What steps should I take if RemoteFX is required in my environment?
Customers who require RemoteFX in their environment can review the information here.
Where can I find more information about the deprecation of RemoteFX?
1. Features removed or planned for replacement starting Windows Server 2019
2. Features removed or planned for replacement starting with Windows Server, version 1803
Why is Microsoft planning to disable and remove RemoteFX instead of fixing the
vulnerability?
In October 2019, Microsoft announced that we were stopping development of Remote FX and
building new functionality. For Windows 10 version 1809 and higher, and Windows Server 2019,
RemoteFX vGPU is no longer supported or actively developed. Since these newly identified
vulnerabilities are architectural in nature, and the feature is already deprecated on newer versions
of Windows, Microsoft has determined that disabling and removing RemoteFX is a better course
https://docs.microsoft.com/en-us/windows-server/virtualization/hyper-v/plan/plan-for-gpu-acceleration-in-windows-server#remotefx-vgpuhttps://go.microsoft.com/fwlink/?linkid=2131976https://docs.microsoft.com/en-us/windows-server/get-started-19/removed-features-19#features-we-removed-in-this-releasehttps://docs.microsoft.com/en-us/windows-server/get-started/windows-server-1803-removed-featureshttps://docs.microsoft.com/en-us/windows-server/get-started-19/removed-features-19#features-we-removed-in-this-release
-
© NSFOCUS 2020 Confidentiality: PUBLIC
CVE ID Vulnerability Description
Maximum
Severity
Rating
Vulnerability
Impact
of action. Microsoft has developed a different platform that is inherently much more secure. Please
see Plan for GPU acceleration in Windows Server for more information.
Mitigations:
None
Workarounds:
None
Revision:
1.0 07/14/2020 07:00:00
Information published.
Affected Software
The following tables list the affected software details for the vulnerability.
CVE-2020-1043
Product KB
Article Severity Impact Supersedence CVSS Score Set
Restart
Required
https://docs.microsoft.com/en-us/windows-server/virtualization/hyper-v/plan/plan-for-gpu-acceleration-in-windows-server#remotefx-vgpu
-
© NSFOCUS 2020 Confidentiality: PUBLIC
CVE-2020-1043
Windows
Server 2016 Critical
Remote
Code
Execution
Base: 8
Temporal: 7.6
Vector:
CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:U/RC:C
Windows
Server 2016
(Server Core
installation)
Critical
Remote
Code
Execution
Base: 8
Temporal: 7.6
Vector:
CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:U/RC:C
Windows
Server 2008 R2
for x64-based
Systems
Service Pack 1
Critical
Remote
Code
Execution
Base: 8
Temporal: 7.6
Vector:
CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:U/RC:C
Windows
Server 2008 R2
for x64-based
Systems
Service Pack 1
(Server Core
installation)
Critical
Remote
Code
Execution
Base: 8
Temporal: 7.6
Vector:
CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:U/RC:C
Windows
Server 2012 Critical
Remote
Code
Execution
Base: 8
Temporal: 7.6
Vector:
-
© NSFOCUS 2020 Confidentiality: PUBLIC
CVE-2020-1043
CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:U/RC:C
Windows
Server 2012
(Server Core
installation)
Critical
Remote
Code
Execution
Base: 8
Temporal: 7.6
Vector:
CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:U/RC:C
Windows
Server 2012 R2 Critical
Remote
Code
Execution
Base: 8
Temporal: 7.6
Vector:
CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:U/RC:C
Windows
Server 2012 R2
(Server Core
installation)
Critical
Remote
Code
Execution
Base: 8
Temporal: 7.6
Vector:
CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:U/RC:C
CVE-2020-1085 - Windows Function Discovery Service Privilege
Escalation Vulnerability
CVE ID Vulnerability Description Maximum
Severity Rating
Vulnerability
Impact
-
© NSFOCUS 2020 Confidentiality: PUBLIC
CVE ID Vulnerability Description Maximum
Severity Rating
Vulnerability
Impact
CVE-2020
-1085
MITRE
NVD
CVE Title: Windows Function Discovery Service Privilege Escalation Vulnerability
Description:
A privilege escalation vulnerability exists in the way that the Windows Function Discovery
Service handles objects in memory. An attacker who successfully exploited the vulnerability
could execute code with elevated permissions.
To exploit the vulnerability, a locally authenticated attacker could run a specially crafted
application.
The security update addresses the vulnerability by ensuring the Windows Function Discovery
Service properly handles objects in memory.
FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0 07/14/2020 07:00:00
Information published.
Important Privilege
Escalation
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1085https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1085
-
© NSFOCUS 2020 Confidentiality: PUBLIC
Affected Software
The following tables list the affected software details for the vulnerability.
CVE-2020-1085
Product KB
Article Severity Impact Supersedence CVSS Score Set
Restart
Required
Windows 10
Version 2004
for
ARM64-base
d Systems
4565503
Security
Update
Important Privilege
Escalation 4557957
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 2004
for x64-based
Systems
4565503
Security
Update
Important Privilege
Escalation 4557957
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows
Server,
version 2004
(Server Core
installation)
4565503
Security
Update
Important Privilege
Escalation 4557957
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1803
4565489
Security Important
Privilege
Escalation 4561621
Base: 7.8
Temporal: 7 Yes
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4565503https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4565503https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4565503https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4565503https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4565503https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4565503https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4565503https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4565503https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4565503https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4565489https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4565489
-
© NSFOCUS 2020 Confidentiality: PUBLIC
CVE-2020-1085
for 32-bit
Systems
Update
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Windows 10
Version 1803
for x64-based
Systems
4565489
Security
Update
Important Privilege
Escalation 4561621
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1803
for
ARM64-base
d Systems
4565489
Security
Update
Important Privilege
Escalation 4561621
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10
Version 1809
for 32-bit
Systems
4558998
Security
Update
Important Privilege
Escalation 4561608
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Unknown
Windows 10
Version 1809
for x64-based
Systems
4558998
Security
Update
Important Privilege
Escalation 4561608
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Unknown
Windows 10
Version 1809
for
ARM64-base
4558998
Security
Update
Important Privilege
Escalation 4561608
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Unknown
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4565489https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4565489https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4565489https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4565489https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4565489https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4565489https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4565489https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4558998https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4558998https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4558998https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4558998https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4558998https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4558998https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4558998https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4558998https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4558998
-
© NSFOCUS 2020 Confidentiality: PUBLIC
CVE-2020-1085
d Systems
Windows
Server 2019
4558998
Security
Update
Important Privilege
Escalation 4561608
Base: 7.8
Temporal: 7
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Unknown
Windows
Server 2019
(Server Core
installation)
4558998
Security