Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-10-16 | CVE-2020-16914 | Unspecified vulnerability in Microsoft products <p>An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface Plus (GDI+) handles objects in memory, allowing an attacker to retrieve information from a targeted system. | 5.5 |
| 2020-10-16 | CVE-2020-16913 | Unspecified vulnerability in Microsoft products <p>An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. | 7.8 |
| 2020-10-16 | CVE-2020-16912 | Unspecified vulnerability in Microsoft products <p>An elevation of privilege vulnerability exists when the Windows Backup Service improperly handles file operations.</p> <p>To exploit this vulnerability, an attacker would first have to gain execution on the victim system. | 7.8 |
| 2020-10-16 | CVE-2020-16911 | Unspecified vulnerability in Microsoft products <p>A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory. | 8.8 |
| 2020-10-16 | CVE-2020-16910 | Improper Preservation of Permissions vulnerability in Microsoft products <p>A security feature bypass vulnerability exists when Microsoft Windows fails to handle file creation permissions, which could allow an attacker to create files in a protected Unified Extensible Firmware Interface (UEFI) location.</p> <p>To exploit this vulnerability, an attacker could run a specially crafted application to bypass Unified Extensible Firmware Interface (UEFI) variable security in Windows.</p> <p>The security update addresses the vulnerability by correcting security feature behavior to enforce permissions.</p> | 6.2 |
| 2020-10-16 | CVE-2020-16909 | Unspecified vulnerability in Microsoft products <p>An elevation of privilege vulnerability exists in Windows Error Reporting (WER) when WER handles and executes files. | 7.8 |
| 2020-10-16 | CVE-2020-16908 | Unspecified vulnerability in Microsoft Windows 10 <p>An elevation of privilege vulnerability exists in Windows Setup in the way it handles directories.</p> <p>A locally authenticated attacker could run arbitrary code with elevated system privileges. | 7.8 |
| 2020-10-16 | CVE-2020-16907 | Unspecified vulnerability in Microsoft products <p>An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. | 7.8 |
| 2020-10-16 | CVE-2020-16905 | Unspecified vulnerability in Microsoft products <p>An elevation of privilege vulnerability exists in Windows Error Reporting (WER) when WER handles and executes files. | 6.8 |
| 2020-10-16 | CVE-2020-16904 | Incorrect Authorization vulnerability in Microsoft Azure Functions <p>An elevation of privilege vulnerability exists in the way Azure Functions validate access keys.</p> <p>An unauthenticated attacker who successfully exploited this vulnerability could invoke an HTTP Function without proper authorization.</p> <p>This security update addresses the vulnerability by correctly validating access keys used to access HTTP Functions.</p> | 5.3 |