Vulnerabilities > Microsoft > Windows 10 > 1803
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-10-16 | CVE-2020-16910 | Improper Preservation of Permissions vulnerability in Microsoft products <p>A security feature bypass vulnerability exists when Microsoft Windows fails to handle file creation permissions, which could allow an attacker to create files in a protected Unified Extensible Firmware Interface (UEFI) location.</p> <p>To exploit this vulnerability, an attacker could run a specially crafted application to bypass Unified Extensible Firmware Interface (UEFI) variable security in Windows.</p> <p>The security update addresses the vulnerability by correcting security feature behavior to enforce permissions.</p> | 6.2 |
2020-10-16 | CVE-2020-16909 | Unspecified vulnerability in Microsoft products <p>An elevation of privilege vulnerability exists in Windows Error Reporting (WER) when WER handles and executes files. | 7.8 |
2020-10-16 | CVE-2020-16908 | Unspecified vulnerability in Microsoft Windows 10 <p>An elevation of privilege vulnerability exists in Windows Setup in the way it handles directories.</p> <p>A locally authenticated attacker could run arbitrary code with elevated system privileges. | 7.8 |
2020-10-16 | CVE-2020-16907 | Unspecified vulnerability in Microsoft products <p>An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. | 7.8 |
2020-10-16 | CVE-2020-16905 | Unspecified vulnerability in Microsoft products <p>An elevation of privilege vulnerability exists in Windows Error Reporting (WER) when WER handles and executes files. | 6.8 |
2020-10-16 | CVE-2020-16902 | Improper Privilege Management vulnerability in Microsoft products <p>An elevation of privilege vulnerability exists in the Windows Installer when the Windows Installer fails to properly sanitize input leading to an insecure library loading behavior.</p> <p>A locally authenticated attacker could run arbitrary code with elevated system privileges. | 7.8 |
2020-10-16 | CVE-2020-16900 | Unspecified vulnerability in Microsoft products <p>An elevation of privilege vulnerability exists when the Windows Event System improperly handles objects in memory.</p> <p>To exploit this vulnerability, an attacker would first have to gain execution on the victim system. | 7.0 |
2020-10-16 | CVE-2020-16899 | Unspecified vulnerability in Microsoft products <p>A denial of service vulnerability exists when the Windows TCP/IP stack improperly handles ICMPv6 Router Advertisement packets. | 7.5 |
2020-10-16 | CVE-2020-16898 | Unspecified vulnerability in Microsoft products <p>A remote code execution vulnerability exists when the Windows TCP/IP stack improperly handles ICMPv6 Router Advertisement packets. low complexity microsoft | 8.8 |
2020-10-16 | CVE-2020-16897 | Unspecified vulnerability in Microsoft products <p>An information disclosure vulnerability exists when NetBIOS over TCP (NBT) Extensions (NetBT) improperly handle objects in memory. | 5.5 |