| VID |
26840 |
| Severity |
40 |
| Port |
139,445 |
| Protocol |
TCP |
| Class |
SMB |
| Detailed Description |
Microsoft Security Update for February 2020 is not installed.
- A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server.
- A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory
- An information disclosure vulnerability exists in the way that affected Microsoft browsers handle cross-origin requests.
- An information disclosure vulnerability exists in the Windows Common Log File System (CLFS) driver when it fails to properly handle objects in memory.
- An elevation of privilege vulnerability exists in the way that the tapisrv.dll handles objects in memory.
- An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory.
- A security feature bypass vulnerability exists in secure boot.
- An information disclosure vulnerability exists in the Cryptography Next Generation (CNG) service when it fails to properly handle objects in memory.
- An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory.
- An elevation of privilege vulnerability exists in Active Directory Forest trusts due to a default setting that lets an attacker in the trusting forest request delegation of a TGT for an identity from the trusted forest.
- An elevation of privilege vulnerability exists in Windows Error Reporting (WER) when WER handles and executes files.
- An information disclosure vulnerability exists when the win32k component improperly provides kernel information.
- A remote code execution vulnerability exists in the way that Windows handles objects in memory.
- An elevation of privilege vulnerability exists in the Windows Installer when MSI packages process symbolic links.
- A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed.
- An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory.
- An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory.
- An elevation of privilege vulnerability exists when the Windows User Profile Service (ProfSvc) improperly handles symlinks.
- An elevation of privilege vulnerability exists in the way that the Windows Function Discovery Service handles objects in memory.
- An information disclosure vulnerability exists when the Windows Network Driver Interface Specification (NDIS) improperly handles memory.
- A denial of service vulnerability exists in Remote Desktop Protocol (RDP) when an attacker connects to the target system using RDP and sends specially crafted requests.
- An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory
- An elevation of privilege vulnerability exists when the Windows IME improperly handles memory.
- A remote code execution vulnerability exists in Remote Desktop Services formerly known as Terminal Services when an authenticated attacker abuses clipboard redirection.
* Note: This check requires an account with administrative privileges which can log into the host to scan. Absence of this condition will result in the check not being performed and a False Negative for all vulnerable hosts.
* References:
https://support.microsoft.com/en-us/help/4537821
https://support.microsoft.com/en-us/help/4537803
* Platforms Affected:
Windows Server 2008 SP2
Windows Server 2008 x64 SP2
Windows Server 2008 R2 SP1
Windows Server 2008 R2 x64 SP1
Windows 8.1
Windows Server 2012
Windows Server 2012 R2
Windows 10
Windows Server 2016 |
| Recommendation |
Apply the appropriate patch for your system, as listed in Microsoft Security Bulletin February 2020 Microsoft security update at
https://support.microsoft.com/en-us/help/4537821
https://support.microsoft.com/en-us/help/4537803
-- OR --
Patches for Windows platforms are also available from the Microsoft Windows Update Web site, http://windowsupdate.microsoft.com. Windows Update detects what version of Windows you are running and offers the appropriate patch. |
| Related URL |
CVE-2020-0655,CVE-2020-0657,CVE-2020-0658,CVE-2020-0660,CVE-2020-0662,CVE-2020-0665,CVE-2020-0666,CVE-2020-0667,CVE-2020-0668,CVE-2020-0673 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
