| VID |
26841 |
| Severity |
40 |
| Port |
139,445 |
| Protocol |
TCP |
| Class |
SMB |
| Detailed Description |
Microsoft Security Update for March 2020 is not installed.
- An attacker could execute arbitrary code by accessing an object in memory incorrectly in Internet Explorer.
- An elevation of privilege vulnerability occurs because the Windows installer incorrectly handles the file system.
- Information disclosure vulnerabilities exist in Media Foundation, Windows Module Installer, Windows Network Connections, Windows Error Reporting service, Windows Imaging component, and GDI.
- DirectX, Universal Plug and Play (UPnP) service, Windows Network List service, GDI, Windows Error Reporting, Windows Network Connections service, graphic component, public photo folder, Win32k component, VBScript engine, Windows CSC, Windows Language Pack installer, indows An attacker can gain elevated privileges by incorrectly handling objects in memory in the ActiveX installer and Windows Search Indexer.
- A tampering vulnerability exists in the IIS server.
- Denial of service occurs when processing a link in Windows Tile Object service.
- Internet Explorer and Microsoft browser's script engine handle memory incorrectly, allowing an attacker to execute arbitrary code.
- The erroneous handling of symbolic links in the Windows kernel, the MSI package of the Windows installer, and the Windows Background Intelligent Transfer service can allow an attacker to gain elevated privileges.
* Note: This check requires an account with administrative privileges which can log into the host to scan. Absence of this condition will result in the check not being performed and a False Negative for all vulnerable hosts.
* References:
https://support.microsoft.com/en-us/help/4540693
* Platforms Affected:
Windows Server 2008 SP2
Windows Server 2008 x64 SP2
Windows Server 2008 R2 SP1
Windows Server 2008 R2 x64 SP1
Windows 8.1
Windows Server 2012
Windows Server 2012 R2
Windows 10
Windows Server 2016 |
| Recommendation |
Apply the appropriate patch for your system, as listed in Microsoft Security Bulletin March 2020 Microsoft security update at
https://support.microsoft.com/en-us/help/4540693
-- OR --
Patches for Windows platforms are also available from the Microsoft Windows Update Web site, http://windowsupdate.microsoft.com. Windows Update detects what version of Windows you are running and offers the appropriate patch. |
| Related URL |
CVE-2020-0877,CVE-2020-0879,CVE-2020-0880,CVE-2020-0881,CVE-2020-0882,CVE-2020-0883,CVE-2020-0885,CVE-2020-0887,CVE-2020-0896,CVE-2020-0897 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
