{"id":14905,"date":"2020-07-02T00:04:00","date_gmt":"2020-07-01T22:04:00","guid":{"rendered":"http:\/\/159.69.82.204\/win\/?p=14905"},"modified":"2023-04-04T21:07:13","modified_gmt":"2023-04-04T19:07:13","slug":"german-bsi-warns-of-several-critical-windows-vulnerabilities","status":"publish","type":"post","link":"https:\/\/borncity.com\/win\/2020\/07\/02\/german-bsi-warns-of-several-critical-windows-vulnerabilities\/","title":{"rendered":"German BSI warns of several critical Windows vulnerabilities"},"content":{"rendered":"<p><img loading=\"lazy\" decoding=\"async\" style=\"float: left; margin: 0px 10px 0px 0px; display: inline\" src=\"https:\/\/www.borncity.com\/blog\/wp-content\/uploads\/2013\/03\/winb.jpg\" width=\"58\" align=\"left\" height=\"58\">[<a href=\"https:\/\/www.borncity.com\/blog\/2020\/07\/01\/bsi-warnt-vor-mehreren-kritischen-windows-schwachstellen\/\" target=\"_blank\" rel=\"noopener noreferrer\">German<\/a>]There are a number of critical vulnerabilities in Windows 8.1 through Windows 10 and the corresponding server versions for which updates are available since June 9, 2020. German Federal Office for Information Security (BSI) has now issued a security advisory that warns against the exploitation of various vulnerabilities. Also Hitachi has published a security advisory Administrators should patch. <\/p>\n<p><!--more--><\/p>\n<p><img loading=\"lazy\" decoding=\"async\" alt=\"\" src=\"https:\/\/vg07.met.vgwort.de\/na\/359d467127a948ed95174d1f53573ab7\" width=\"1\" height=\"1\">In a warning <a href=\"https:\/\/www.bsi.bund.de\/SharedDocs\/Warnmeldungen\/DE\/CB\/2020\/06\/warnmeldung_cb-k20-0561_update_2.html\" target=\"_blank\" rel=\"noopener noreferrer\">CB-K20\/0561 Update 2<\/a> German Federal Office for Information Security (BSI) points out numerous vulnerabilities in Windows. Also Hitachi Japan has listed these CVEs in a <a href=\"https:\/\/web.archive.org\/web\/20210724225807\/https:\/\/www.hitachi.co.jp\/products\/it\/storage-solutions\/global\/sec_info\/2020\/06.html\" target=\"_blank\" rel=\"noopener noreferrer\">Security information for Hitachi Disk Array Systems<\/a> advisory:<\/p>\n<p>CVE-2020-9633 | June 2020 Adobe Flash Security Update<br \/>CVE-2020-0915 | Windows GDI Elevation of Privilege Vulnerability<br \/>CVE-2020-0916 | Windows GDI Elevation of Privilege Vulnerability<br \/>CVE-2020-0986 | Windows Kernel Elevation of Privilege Vulnerability<br \/>CVE-2020-1073 | Scripting Engine Memory Corruption Vulnerability<br \/>CVE-2020-1160 | Microsoft Graphics Component Information Disclosure Vulnerability<br \/>CVE-2020-1162 | Windows Elevation of Privilege Vulnerability<br \/>CVE-2020-1163 | Microsoft Windows Defender Elevation of Privilege Vulnerability<br \/>CVE-2020-1170 | Microsoft Windows Defender Elevation of Privilege Vulnerability<br \/>CVE-2020-1194 | Windows Registry Denial of Service Vulnerability<br \/>CVE-2020-1196 | Windows Print Configuration Elevation of Privilege Vulnerability<br \/>CVE-2020-1197 | Windows Error Reporting Manager Elevation of Privilege Vulnerability<br \/>CVE-2020-1199 | Windows Feedback Hub Elevation of Privilege Vulnerability<br \/>CVE-2020-1201 | Windows Now Playing Session Manager Elevation of Privilege Vulnerability<br \/>CVE-2020-1202 | Diagnostic Hub Standard Collector Elevation of Privilege Vulnerability<br \/>CVE-2020-1203 | Diagnostic Hub Standard Collector Elevation of Privilege Vulnerability<br \/>CVE-2020-1204 | Windows Mobile Device Management Diagnostics Elevation of Privilege Vulnerability<br \/>CVE-2020-1207 | Win32k Elevation of Privilege Vulnerability<br \/>CVE-2020-1208 | Jet Database Engine Remote Code Execution Vulnerability<br \/>CVE-2020-1211 | Connected Devices Platform Service Elevation of Privilege Vulnerability<br \/>CVE-2020-1212 | OLE Automation Elevation of Privilege Vulnerability<br \/>CVE-2020-1213 | VBScript Remote Code Execution Vulnerability<br \/>CVE-2020-1214 | VBScript Remote Code Execution Vulnerability<br \/>CVE-2020-1215 | VBScript Remote Code Execution Vulnerability<br \/>CVE-2020-1216 | VBScript Remote Code Execution Vulnerability<br \/>CVE-2020-1217 | Windows Runtime Information Disclosure Vulnerability<br \/>CVE-2020-1219 | Microsoft Browser Memory Corruption Vulnerability<br \/>CVE-2020-1220 | Microsoft Edge (Chromium-based) in IE Mode Spoofing Vulnerability<br \/>CVE-2020-1222 | Microsoft Store Runtime Elevation of Privilege Vulnerability<br \/>CVE-2020-1230 | VBScript Remote Code Execution Vulnerability<br \/>CVE-2020-1231 | Windows Runtime Elevation of Privilege Vulnerability<br \/>CVE-2020-1232 | Media Foundation Information Disclosure Vulnerability<br \/>CVE-2020-1233 | Windows Runtime Elevation of Privilege Vulnerability<br \/>CVE-2020-1234 | Windows Error Reporting Elevation of Privilege Vulnerability<br \/>CVE-2020-1235 | Windows Runtime Elevation of Privilege Vulnerability<br \/>CVE-2020-1236 | Jet Database Engine Remote Code Execution Vulnerability<br \/>CVE-2020-1237 | Windows Kernel Elevation of Privilege Vulnerability<br \/>CVE-2020-1238 | Media Foundation Memory Corruption Vulnerability<br \/>CVE-2020-1239 | Media Foundation Memory Corruption Vulnerability<br \/>CVE-2020-1241 | Windows Kernel Security Feature Bypass Vulnerability<br \/>CVE-2020-1242 | Microsoft Edge Information Disclosure Vulnerability<br \/>CVE-2020-1244 | Connected User Experiences and Telemetry Service Denial of Service Vulnerability<br \/>CVE-2020-1246 | Windows Kernel Elevation of Privilege Vulnerability<br \/>CVE-2020-1247 | Win32k Elevation of Privilege Vulnerability<br \/>CVE-2020-1251 | Win32k Elevation of Privilege Vulnerability<br \/>CVE-2020-1253 | Win32k Elevation of Privilege Vulnerability<br \/>CVE-2020-1254 | Windows Modules Installer Service Elevation of Privilege Vulnerability<br \/>CVE-2020-1255 | Windows Background Intelligent Transfer Service Elevation of Privilege Vulnerability<br \/>CVE-2020-1257 | Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability<br \/>CVE-2020-1258 | DirectX Elevation of Privilege Vulnerability<br \/>CVE-2020-1259 | Windows Host Guardian Service Security Feature Bypass Vulnerability<br \/>CVE-2020-1260 | VBScript Remote Code Execution Vulnerability<br \/>CVE-2020-1261 | Windows Error Reporting Information Disclosure Vulnerability<br \/>CVE-2020-1262 | Windows Kernel Elevation of Privilege Vulnerability<br \/>CVE-2020-1263 | Windows Error Reporting Information Disclosure Vulnerability<br \/>CVE-2020-1264 | Windows Kernel Elevation of Privilege Vulnerability<br \/>CVE-2020-1266 | Windows Kernel Elevation of Privilege Vulnerability<br \/>CVE-2020-1269 | Windows Kernel Elevation of Privilege Vulnerability<br \/>CVE-2020-1270 | Windows WLAN Service Elevation of Privilege Vulnerability<br \/>CVE-2020-1271 | Windows Backup Service Elevation of Privilege Vulnerability<br \/>CVE-2020-1272 | Windows Installer Elevation of Privilege Vulnerability<br \/>CVE-2020-1274 | Windows Kernel Elevation of Privilege Vulnerability<br \/>CVE-2020-1276 | Windows Kernel Elevation of Privilege Vulnerability<br \/>CVE-2020-1277 | Windows Installer Elevation of Privilege Vulnerability<br \/>CVE-2020-1278 | Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability<br \/>CVE-2020-1279 | Windows Lockscreen Elevation of Privilege Vulnerability<br \/>CVE-2020-1280 | Windows Bluetooth Service Elevation of Privilege Vulnerability<br \/>CVE-2020-1281 | Windows OLE Remote Code Execution Vulnerability<br \/>CVE-2020-1282 | Windows Runtime Elevation of Privilege Vulnerability<br \/>CVE-2020-1283 | Windows Denial of Service Vulnerability<br \/>CVE-2020-1286 | Windows Shell Remote Code Execution Vulnerability<br \/>CVE-2020-1287 | Windows Wallet Service Elevation of Privilege Vulnerability<br \/>CVE-2020-1290 | Win32k Information Disclosure Vulnerability<br \/>CVE-2020-1291 | Windows Network Connections Service Elevation of Privilege Vulnerability<br \/>CVE-2020-1292 | OpenSSH for Windows Elevation of Privilege Vulnerability<br \/>CVE-2020-1293 | Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability<br \/>CVE-2020-1294 | Windows Wallet Service Elevation of Privilege Vulnerability<br \/>CVE-2020-1296 | Windows Diagnostics &amp; feedback Information Disclosure Vulnerability<br \/>CVE-2020-1299 | LNK Remote Code Execution Vulnerability<br \/>CVE-2020-1300 | Windows Remote Code Execution Vulnerability<br \/>CVE-2020-1301 | Windows SMB Remote Code Execution Vulnerability<br \/>CVE-2020-1302 | Windows Installer Elevation of Privilege Vulnerability<br \/>CVE-2020-1304 | Windows Runtime Elevation of Privilege Vulnerability<br \/>CVE-2020-1305 | Windows State Repository Service Elevation of Privilege Vulnerability<br \/>CVE-2020-1306 | Windows Runtime Elevation of Privilege Vulnerability<br \/>CVE-2020-1309 | Microsoft Store Runtime Elevation of Privilege Vulnerability<br \/>CVE-2020-1310 | Win32k Elevation of Privilege Vulnerability<br \/>CVE-2020-1311 | Component Object Model Elevation of Privilege Vulnerability<br \/>CVE-2020-1312 | Windows Installer Elevation of Privilege Vulnerability<br \/>CVE-2020-1314 | Windows Text Service Framework Elevation of Privilege Vulnerability<br \/>CVE-2020-1315 | Internet Explorer Information Disclosure Vulnerability<br \/>CVE-2020-1316 | Windows Kernel Elevation of Privilege Vulnerability<br \/>CVE-2020-1317 | Group Policy Elevation of Privilege Vulnerability<br \/>CVE-2020-1324 | Windows Elevation of Privilege Vulnerability<br \/>CVE-2020-1334 | Windows Runtime Elevation of Privilege Vulnerability<br \/>CVE-2020-1348 | Windows GDI Information Disclosure Vulnerability  <\/p>\n<p>These vulnerabilities may allow remote code execution (RCE). A remote, anonymous, or authenticated attacker could exploit multiple vulnerabilities in various Microsoft Windows operating systems to perform a denial of service attack, bypass security mechanisms, execute code, view confidential information, or extend privileges.  <\/p>\n<p>One of these vulnerabilities (<a href=\"https:\/\/blog.zecops.com\/vulnerabilities\/smbleedingghost-writeup-chaining-smbleed-cve-2020-1206-with-smbghost\/\" target=\"_blank\" rel=\"noopener noreferrer\">CVE-2020-1206<\/a>) is the SMBleed vulnerability that I discussed in the blog post <a href=\"https:\/\/borncity.com\/win\/2020\/06\/11\/windows-10-smbleed-vulnearbility-in-smbv3-protocol\/\">Windows 10: SMBleed vulnerability in SMBv3 protocol<\/a>. The following versions of Windows are affected.&nbsp; <\/p>\n<ul>\n<li>Microsoft Windows 10,\n<li>Microsoft Windows 8.1,\n<li>Microsoft Windows RT 8.1,\n<li>Microsoft Windows Server,\n<li>Microsoft Windows Server 2012,\n<li>Microsoft Windows Server 2012 R2,\n<li>Microsoft Windows Server 2016,\n<li>Microsoft Windows Server 2019,\n<li>Hitachi Network Attached Storage<\/li>\n<\/ul>\n<p>Microsoft has closed these vulnerabilities with the security updates of June 9, 2020 (see also <a href=\"https:\/\/web.archive.org\/web\/20200806191856\/https:\/\/portal.msrc.microsoft.com\/en-us\/security-guidance\/releasenotedetail\/2020-Jun\" target=\"_blank\" rel=\"noopener noreferrer\">this page<\/a>).&nbsp; <\/p>\n","protected":false},"excerpt":{"rendered":"<p>[German]There are a number of critical vulnerabilities in Windows 8.1 through Windows 10 and the corresponding server versions for which updates are available since June 9, 2020. German Federal Office for Information Security (BSI) has now issued a security advisory &hellip; <a href=\"https:\/\/borncity.com\/win\/2020\/07\/02\/german-bsi-warns-of-several-critical-windows-vulnerabilities\/\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[580,22,2],"tags":[69,195,194],"class_list":["post-14905","post","type-post","status-publish","format-standard","hentry","category-security","category-update","category-windows","tag-security","tag-update","tag-windows"],"_links":{"self":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/14905","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/comments?post=14905"}],"version-history":[{"count":0,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/14905\/revisions"}],"wp:attachment":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/media?parent=14905"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/categories?post=14905"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/tags?post=14905"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}