This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Microsoft First view 2015-09-08
Product Windows 10 Last view 2020-06-09
Version - Type Os
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware x64  
Other *  
 
CPE Product cpe:2.3:o:microsoft:windows_10

Activity : Overall

Related : CVE

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
  Date Alert Description
7.8 2020-06-09 CVE-2020-1272

An elevation of privilege vulnerability exists in the Windows Installer when the Windows Installer fails to properly sanitize input leading to an insecure library loading behavior.A locally authenticated attacker could run arbitrary code with elevated system privileges, aka 'Windows Installer Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1277, CVE-2020-1302, CVE-2020-1312.

7.8 2020-06-09 CVE-2020-1271

An elevation of privilege vulnerability exists when the Windows Backup Service improperly handles file operations.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Backup Service Elevation of Privilege Vulnerability'.

7.8 2020-06-09 CVE-2020-1269

An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0986, CVE-2020-1237, CVE-2020-1246, CVE-2020-1262, CVE-2020-1264, CVE-2020-1266, CVE-2020-1273, CVE-2020-1274, CVE-2020-1275, CVE-2020-1276, CVE-2020-1307, CVE-2020-1316.

7.8 2020-06-09 CVE-2020-1266

An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0986, CVE-2020-1237, CVE-2020-1246, CVE-2020-1262, CVE-2020-1264, CVE-2020-1269, CVE-2020-1273, CVE-2020-1274, CVE-2020-1275, CVE-2020-1276, CVE-2020-1307, CVE-2020-1316.

7.8 2020-06-09 CVE-2020-1264

An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0986, CVE-2020-1237, CVE-2020-1246, CVE-2020-1262, CVE-2020-1266, CVE-2020-1269, CVE-2020-1273, CVE-2020-1274, CVE-2020-1275, CVE-2020-1276, CVE-2020-1307, CVE-2020-1316.

7.8 2020-06-09 CVE-2020-1262

An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0986, CVE-2020-1237, CVE-2020-1246, CVE-2020-1264, CVE-2020-1266, CVE-2020-1269, CVE-2020-1273, CVE-2020-1274, CVE-2020-1275, CVE-2020-1276, CVE-2020-1307, CVE-2020-1316.

4.3 2020-06-09 CVE-2020-1259

A security feature bypass vulnerability exists when Windows Host Guardian Service improperly handles hashes recorded and logged, aka 'Windows Host Guardian Service Security Feature Bypass Vulnerability'.

7.8 2020-05-21 CVE-2020-1143

An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1054.

7.8 2020-05-21 CVE-2020-1136

A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory, aka 'Media Foundation Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-1028, CVE-2020-1126, CVE-2020-1150.

5.5 2020-05-21 CVE-2020-1123

A denial of service vulnerability exists when Connected User Experiences and Telemetry Service improperly handles file operations, aka 'Connected User Experiences and Telemetry Service Denial of Service Vulnerability'. This CVE ID is unique from CVE-2020-1084.

7.8 2020-05-21 CVE-2020-1114

An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1087.

7.5 2020-05-21 CVE-2020-1113

A security feature bypass vulnerability exists in Microsoft Windows when the Task Scheduler service fails to properly verify client connections over RPC, aka 'Windows Task Scheduler Security Feature Bypass Vulnerability'.

9.9 2020-05-21 CVE-2020-1112

An elevation of privilege vulnerability exists when the Windows Background Intelligent Transfer Service (BITS) IIS module improperly handles uploaded content, aka 'Windows Background Intelligent Transfer Service Elevation of Privilege Vulnerability'.

5.5 2020-05-21 CVE-2020-1084

A Denial Of Service vulnerability exists when Connected User Experiences and Telemetry Service fails to validate certain function values.An attacker who successfully exploited this vulnerability could deny dependent security feature functionality.To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application.The security update addresses the vulnerability by correcting how the Connected User Experiences and Telemetry Service validates certain function values., aka 'Connected User Experiences and Telemetry Service Denial of Service Vulnerability'. This CVE ID is unique from CVE-2020-1123.

7.5 2020-05-21 CVE-2020-0909

A denial of service vulnerability exists when Hyper-V on a Windows Server fails to properly handle specially crafted network packets.To exploit the vulnerability, an attacker would send specially crafted network packets to the Hyper-V Server.The security update addresses the vulnerability by resolving the conditions where Hyper-V would fail to properly handle these network packets., aka 'Windows Hyper-V Denial of Service Vulnerability'.

8.8 2020-02-11 CVE-2020-0662

A remote code execution vulnerability exists in the way that Windows handles objects in memory, aka 'Windows Remote Code Execution Vulnerability'.

6 2020-01-14 CVE-2020-0617

A denial of service vulnerability exists when Microsoft Hyper-V Virtual PCI on a host server fails to properly validate input from a privileged user on a guest operating system, aka 'Hyper-V Denial of Service Vulnerability'.

6 2019-12-10 CVE-2019-1470

An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated user on a guest operating system, aka 'Windows Hyper-V Information Disclosure Vulnerability'.

8.4 2019-11-12 CVE-2019-1397

A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system, aka 'Windows Hyper-V Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1389, CVE-2019-1398.

8.4 2019-11-12 CVE-2019-1389

A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system, aka 'Windows Hyper-V Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1397, CVE-2019-1398.

9.1 2019-11-12 CVE-2019-0719

A remote code execution vulnerability exists when Windows Hyper-V Network Switch on a host server fails to properly validate input from an authenticated user on a guest operating system, aka 'Hyper-V Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0721.

6.8 2019-11-12 CVE-2019-0712

A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system, aka 'Windows Hyper-V Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-1309, CVE-2019-1310, CVE-2019-1399.

6.2 2019-09-11 CVE-2019-0928

A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate input from a privileged user on a guest operating system, aka 'Windows Hyper-V Denial of Service Vulnerability'.

6.2 2019-08-14 CVE-2019-0723

A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system, aka 'Windows Hyper-V Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-0714, CVE-2019-0715, CVE-2019-0717, CVE-2019-0718.

8.4 2019-08-14 CVE-2019-0720

A remote code execution vulnerability exists when Windows Hyper-V Network Switch on a host server fails to properly validate input from an authenticated user on a guest operating system, aka 'Hyper-V Remote Code Execution Vulnerability'.

CWE : Common Weakness Enumeration

%idName
45% (22) CWE-20 Improper Input Validation
16% (8) CWE-269 Improper Privilege Management
10% (5) CWE-200 Information Exposure
6% (3) CWE-264 Permissions, Privileges, and Access Controls
4% (2) CWE-732 Incorrect Permission Assignment for Critical Resource
4% (2) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
2% (1) CWE-522 Insufficiently Protected Credentials
2% (1) CWE-434 Unrestricted Upload of File with Dangerous Type
2% (1) CWE-331 Insufficient Entropy
2% (1) CWE-295 Certificate Issues
2% (1) CWE-284 Access Control (Authorization) Issues
2% (1) CWE-254 Security Features

Information Assurance Vulnerability Management (IAVM)

id Description
2015-B-0111 Microsoft Hyper-V Security Bypass Vulnerability (MS15-105)
Severity: Category II - VMSKEY: V0061371
2015-A-0212 Multiple Vulnerabilities in Microsoft Graphics Component (MS15-097)
Severity: Category II - VMSKEY: V0061385

Snort® IPS/IDS

Date Description
2020-06-11 Microsoft Windows Win32k privilege escalation attempt
RuleID : 53933 - Type : OS-WINDOWS - Revision : 1
2020-06-11 Microsoft Windows Win32k privilege escalation attempt
RuleID : 53932 - Type : OS-WINDOWS - Revision : 1
2016-03-14 Microsoft Windows gpuenergydrv.sys driver privilege escalation attempt
RuleID : 36990 - Type : OS-WINDOWS - Revision : 2
2016-03-14 Microsoft Windows gpuenergydrv.sys driver privilege escalation attempt
RuleID : 36989 - Type : OS-WINDOWS - Revision : 2

Nessus® Vulnerability Scanner

id Description
2016-09-13 Name: The remote host is affected by an information disclosure vulnerability.
File: smb_nt_ms16-113.nasl - Type: ACT_GATHER_INFO
2016-08-09 Name: The remote host is affected by an information disclosure vulnerability.
File: smb_nt_ms16-103.nasl - Type: ACT_GATHER_INFO
2016-01-13 Name: The remote Windows host is affected by multiple vulnerabilities.
File: smb_nt_ms16-005.nasl - Type: ACT_GATHER_INFO
2016-01-13 Name: The remote Windows host is affected by multiple vulnerabilities.
File: smb_nt_ms16-007.nasl - Type: ACT_GATHER_INFO
2015-12-08 Name: The remote Windows host is affected by multiple elevation of privilege vulner...
File: smb_nt_ms15-135.nasl - Type: ACT_GATHER_INFO
2015-09-09 Name: The remote host is affected by multiple vulnerabilities.
File: smb_nt_ms15-097.nasl - Type: ACT_GATHER_INFO
2015-09-08 Name: The remote Windows host is affected by a security bypass vulnerability.
File: smb_nt_ms15-105.nasl - Type: ACT_GATHER_INFO