Windows 10 1909
Sign in to watchby Microsoft
CVEs (703)
| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2021-34484 | 0.12 | — | 0.03 | KEV | Aug 12, 2021 | Windows User Profile Service Elevation of Privilege Vulnerability | |
| CVE-2021-34448 | 0.12 | — | 0.02 | KEV | Jul 16, 2021 | Scripting Engine Memory Corruption Vulnerability | |
| CVE-2021-31955 | 0.12 | — | 0.04 | KEV | Jun 8, 2021 | Windows Kernel Information Disclosure Vulnerability | |
| CVE-2021-31199 | 0.12 | — | 0.01 | KEV | Jun 8, 2021 | Microsoft Enhanced Cryptographic Provider Elevation of Privilege Vulnerability | |
| CVE-2021-31201 | 0.12 | — | 0.01 | KEV | Jun 8, 2021 | Microsoft Enhanced Cryptographic Provider Elevation of Privilege Vulnerability | |
| CVE-2020-1337 | 0.07 | — | 0.55 | Aug 17, 2020 | An elevation of privilege vulnerability exists when the Windows Print Spooler service improperly allows arbitrary writing to the file system. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted script or application. The update addresses the vulnerability by correcting how the Windows Print Spooler Component writes to the file system. | ||
| CVE-2021-1678 | 0.06 | — | 0.76 | Jan 12, 2021 | Windows Print Spooler Spoofing Vulnerability | ||
| CVE-2021-28476 | 0.04 | — | 0.55 | May 11, 2021 | Windows Hyper-V Remote Code Execution Vulnerability | ||
| CVE-2021-24086 | 0.04 | — | 0.51 | Feb 25, 2021 | Windows TCP/IP Denial of Service Vulnerability | ||
| CVE-2021-38666 | 0.03 | — | 0.32 | Nov 10, 2021 | Remote Desktop Client Remote Code Execution Vulnerability | ||
| CVE-2021-1645 | 0.03 | — | 0.37 | Jan 12, 2021 | Windows Docker Information Disclosure Vulnerability | ||
| CVE-2020-16899 | 0.03 | — | 0.41 | Oct 16, 2020 | <p>A denial of service vulnerability exists when the Windows TCP/IP stack improperly handles ICMPv6 Router Advertisement packets. An attacker who successfully exploited this vulnerability could cause a target system to stop responding.</p> <p>To exploit this vulnerability, an attacker would have to send specially crafted ICMPv6 Router Advertisement packets to a remote Windows computer. The vulnerability would not allow an attacker to execute code or to elevate user rights directly.</p> <p>The update addresses the vulnerability by correcting how the Windows TCP/IP stack handles ICMPv6 Router Advertisement packets.</p> | ||
| CVE-2020-16898 | 0.03 | — | 0.33 | Oct 16, 2020 | <p>A remote code execution vulnerability exists when the Windows TCP/IP stack improperly handles ICMPv6 Router Advertisement packets. An attacker who successfully exploited this vulnerability could gain the ability to execute code on the target server or client.</p> <p>To exploit this vulnerability, an attacker would have to send specially crafted ICMPv6 Router Advertisement packets to a remote Windows computer.</p> <p>The update addresses the vulnerability by correcting how the Windows TCP/IP stack handles ICMPv6 Router Advertisement packets.</p> | ||
| CVE-2020-1074 | 0.03 | — | 0.31 | Sep 11, 2020 | <p>A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.</p> <p>An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file.</p> <p>The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory.</p> | ||
| CVE-2020-1013 | 0.03 | — | 0.32 | Sep 11, 2020 | <p>An elevation of privilege vulnerability exists when Microsoft Windows processes group policy updates. An attacker who successfully exploited this vulnerability could potentially escalate permissions or perform additional privileged actions on the target machine.</p> <p>To exploit this vulnerability, an attacker would need to launch a man-in-the-middle (MiTM) attack against the traffic passing between a domain controller and the target machine. An attacker could then create a group policy to grant administrator rights to a standard user.</p> <p>The security update addresses the vulnerability by enforcing Kerberos authentication for certain calls over LDAP.</p> | ||
| CVE-2021-43217 | 0.02 | — | 0.24 | Dec 15, 2021 | Windows Encrypting File System (EFS) Remote Code Execution Vulnerability | ||
| CVE-2021-41332 | 0.02 | — | 0.21 | Oct 13, 2021 | Windows Print Spooler Information Disclosure Vulnerability | ||
| CVE-2021-38629 | 0.02 | — | 0.22 | Sep 15, 2021 | Windows Ancillary Function Driver for WinSock Information Disclosure Vulnerability | ||
| CVE-2021-36932 | 0.02 | — | 0.23 | Aug 12, 2021 | Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vulnerability | ||
| CVE-2021-34481 | 0.02 | — | 0.22 | Jul 16, 2021 | <p>A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.</p> <p><strong>UPDATE</strong> August 10, 2021: Microsoft has completed the investigation and has released security updates to address this vulnerability. Please see the Security Updates table for the applicable update for your system. We recommend that you install these updates immediately. This security update changes the Point and Print default behavior; please see <a href="https://support.microsoft.com/help/5005652">KB5005652</a>.</p> |
Page 2 of 36