| VID |
26847 |
| Severity |
40 |
| Port |
139,445 |
| Protocol |
TCP |
| Class |
SMB |
| Detailed Description |
Microsoft Security Update for October 2020 is not installed.
- A spoofing vulnerability exists when Windows incorrectly validates file signatures. An attacker who successfully exploited this
vulnerability could bypass security features and load improperly signed files. In an attack scenario, an attacker could bypass
security features intended to prevent improperly signed files from being loaded. The update addresses the vulnerability by correcting
how Windows validates file signatures. (CVE-2020-16922)
- An elevation of privilege vulnerability exists when Windows Error Reporting manager improperly handles a process crash. An attacker
who successfully exploited this vulnerability could delete a targeted file leading to an elevated status. (CVE-2020-16895)
- A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker
who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this
vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the
Windows Jet Database Engine handles objects in memory. (CVE-2020-16924)
- An elevation of privilege vulnerability exists when Microsoft Windows improperly handles reparse points. An attacker who
successfully exploited this vulnerability could overwrite or delete a targeted file that would normally require elevated permissions.
(CVE-2020-16877)
- A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory. An attacker
who successfully exploited the vulnerability could execute arbitrary code on a target system. (CVE-2020-1167, CVE-2020-16923)
- A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an
authenticated user on a guest operating system. (CVE-2020-16891)
- A remote code execution vulnerability exists when the Windows TCP/IP stack improperly handles ICMPv6 Router Advertisement packets.
An attacker who successfully exploited this vulnerability could gain the ability to execute code on the target server or client.
(CVE-2020-16898)
- An elevation of privilege vulnerability exists in the way that the Windows kernel image handles objects in memory. An attacker who
successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-16892)
* Note: This check requires an account with administrative privileges which can log into the host to scan. Absence of this condition
will result in the check not being performed and a False Negative for all vulnerable hosts.
* References:
https://support.microsoft.com/en-us/help/4009469
https://support.microsoft.com/en-us/help/4009470
https://support.microsoft.com/en-us/help/4009471
https://support.microsoft.com/en-us/help/4000825
* Platforms Affected:
Windows Server 2008 R2 SP1
Windows Server 2008 R2 x64 SP1
Windows 8.1
Windows Server 2012
Windows Server 2012 R2
Windows 10
Windows Server 2016 |
| Recommendation |
Apply the appropriate patch for your system, as listed in Microsoft Security Bulletin October 2020 Microsoft security update at
https://support.microsoft.com/en-us/help/4009469
https://support.microsoft.com/en-us/help/4009470
https://support.microsoft.com/en-us/help/4009471
https://support.microsoft.com/en-us/help/4000825
-- OR --
Patches for Windows platforms are also available from the Microsoft Windows Update Web site, http://windowsupdate.microsoft.com. Windows Update detects what version of Windows you are running and offers the appropriate patch. |
| Related URL |
CVE-2020-1337,CVE-2020-1339,CVE-2020-1377,CVE-2020-1378,CVE-2020-1379,CVE-2020-1380,CVE-2020-1383,CVE-2020-1417,CVE-2020-1459,CVE-2020-1464 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
