| VID |
26843 |
| Severity |
40 |
| Port |
139,445 |
| Protocol |
TCP |
| Class |
SMB |
| Detailed Description |
Microsoft Security Update for May 2020 is not installed.
- Denial of service occurs because the .NET Core or .NET Framework does not properly handle web requests.
- An information disclosure vulnerability exists due to improper handling of objects in memory in GDI components, Windows kernel, and CSRSS.
- An elevation of privilege vulnerability occurs when processing and executing files in Windows Error Reporting.
- Denial of service occurs because Hyper-V does not properly process the manipulated packet.
- The Windows Push Notification service, Windows Update stack, GDI, CLFS, Windows kernel, Windows State Repository service, and Windows Runtim mishandle objects in memory, so an attacker can gain elevated privileges.
- Denial of service may occur due to improper handling of objects in memory in Windows.
- The Windows Jet Database engine, Microsoft Graphics component, and Microsoft Script Runtime incorrectly handle objects in memory, so an attacker could execute arbitrary code.
- Internet Explorer and VBScript engines can access arbitrary objects in memory and execute arbitrary code.
- By handling files incorrectly in the storage service, an attacker can gain elevated privileges.
- A vulnerability exists in exposing memory contents to GDI components.
- The cross-domain policy is not properly handled in Microsoft Edge, so an attacker can gain elevated privileges.
- Denial of service occurs due to incorrect handling of TLS key exchange in Windows.
- The MSHTML engine does not handle input values correctly, so an attacker can execute arbitrary code.
- Windows Media Foundation incorrectly handles objects in memory, allowing an attacker to install programs, modify and delete data, and create arbitrary accounts.
* Note: This check requires an account with administrative privileges which can log into the host to scan. Absence of this condition will result in the check not being performed and a False Negative for all vulnerable hosts.
* References:
https://support.microsoft.com/en-us/help/4556812
* Platforms Affected:
Windows Server 2008 SP2
Windows Server 2008 x64 SP2
Windows Server 2008 R2 SP1
Windows Server 2008 R2 x64 SP1
Windows 8.1
Windows Server 2012
Windows Server 2012 R2
Windows 10
Windows Server 2016 |
| Recommendation |
Apply the appropriate patch for your system, as listed in Microsoft Security Bulletin May 2020 Microsoft security update at
https://support.microsoft.com/en-us/help/4556812
-- OR --
Patches for Windows platforms are also available from the Microsoft Windows Update Web site, http://windowsupdate.microsoft.com. Windows Update detects what version of Windows you are running and offers the appropriate patch. |
| Related URL |
CVE-2020-1176,CVE-2020-1179,CVE-2020-1184,CVE-2020-1185,CVE-2020-1186,CVE-2020-1187,CVE-2020-1188,CVE-2020-1189,CVE-2020-1190,CVE-2020-1191 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
