This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Microsoft First view 2015-09-08
Product Windows 10 Last view 2020-06-09
Version - Type Os
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware x86  
Other *  
 
CPE Product cpe:2.3:o:microsoft:windows_10

Activity : Overall

Related : CVE

  Date Alert Description
7.8 2020-06-09 CVE-2020-1272

An elevation of privilege vulnerability exists in the Windows Installer when the Windows Installer fails to properly sanitize input leading to an insecure library loading behavior.A locally authenticated attacker could run arbitrary code with elevated system privileges, aka 'Windows Installer Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1277, CVE-2020-1302, CVE-2020-1312.

7.8 2020-06-09 CVE-2020-1271

An elevation of privilege vulnerability exists when the Windows Backup Service improperly handles file operations.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Backup Service Elevation of Privilege Vulnerability'.

7.8 2020-06-09 CVE-2020-1269

An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0986, CVE-2020-1237, CVE-2020-1246, CVE-2020-1262, CVE-2020-1264, CVE-2020-1266, CVE-2020-1273, CVE-2020-1274, CVE-2020-1275, CVE-2020-1276, CVE-2020-1307, CVE-2020-1316.

7.8 2020-06-09 CVE-2020-1266

An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0986, CVE-2020-1237, CVE-2020-1246, CVE-2020-1262, CVE-2020-1264, CVE-2020-1269, CVE-2020-1273, CVE-2020-1274, CVE-2020-1275, CVE-2020-1276, CVE-2020-1307, CVE-2020-1316.

7.8 2020-06-09 CVE-2020-1264

An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0986, CVE-2020-1237, CVE-2020-1246, CVE-2020-1262, CVE-2020-1266, CVE-2020-1269, CVE-2020-1273, CVE-2020-1274, CVE-2020-1275, CVE-2020-1276, CVE-2020-1307, CVE-2020-1316.

7.8 2020-06-09 CVE-2020-1262

An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0986, CVE-2020-1237, CVE-2020-1246, CVE-2020-1264, CVE-2020-1266, CVE-2020-1269, CVE-2020-1273, CVE-2020-1274, CVE-2020-1275, CVE-2020-1276, CVE-2020-1307, CVE-2020-1316.

4.3 2020-06-09 CVE-2020-1259

A security feature bypass vulnerability exists when Windows Host Guardian Service improperly handles hashes recorded and logged, aka 'Windows Host Guardian Service Security Feature Bypass Vulnerability'.

7.8 2020-05-21 CVE-2020-1143

An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1054.

7.8 2020-05-21 CVE-2020-1136

A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory, aka 'Media Foundation Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-1028, CVE-2020-1126, CVE-2020-1150.

5.5 2020-05-21 CVE-2020-1123

A denial of service vulnerability exists when Connected User Experiences and Telemetry Service improperly handles file operations, aka 'Connected User Experiences and Telemetry Service Denial of Service Vulnerability'. This CVE ID is unique from CVE-2020-1084.

7.8 2020-05-21 CVE-2020-1114

An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1087.

7.5 2020-05-21 CVE-2020-1113

A security feature bypass vulnerability exists in Microsoft Windows when the Task Scheduler service fails to properly verify client connections over RPC, aka 'Windows Task Scheduler Security Feature Bypass Vulnerability'.

9.9 2020-05-21 CVE-2020-1112

An elevation of privilege vulnerability exists when the Windows Background Intelligent Transfer Service (BITS) IIS module improperly handles uploaded content, aka 'Windows Background Intelligent Transfer Service Elevation of Privilege Vulnerability'.

5.5 2020-05-21 CVE-2020-1084

A Denial Of Service vulnerability exists when Connected User Experiences and Telemetry Service fails to validate certain function values.An attacker who successfully exploited this vulnerability could deny dependent security feature functionality.To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application.The security update addresses the vulnerability by correcting how the Connected User Experiences and Telemetry Service validates certain function values., aka 'Connected User Experiences and Telemetry Service Denial of Service Vulnerability'. This CVE ID is unique from CVE-2020-1123.

3.3 2016-09-14 CVE-2016-3344

The Secure Kernel Mode feature in Microsoft Windows 10 Gold and 1511 allows local users to obtain sensitive information via a crafted application, aka "Windows Secure Kernel Mode Information Disclosure Vulnerability."

9.1 2016-08-09 CVE-2016-3312

ActiveSyncProvider in Microsoft Windows 10 Gold and 1511 allows attackers to discover credentials by leveraging failure of Universal Outlook to obtain a secure connection, aka "Universal Outlook Information Disclosure Vulnerability."

8.1 2016-01-13 CVE-2016-0019

The Remote Desktop Protocol (RDP) service implementation in Microsoft Windows 10 Gold and 1511 allows remote attackers to bypass intended access restrictions and establish sessions for blank-password accounts via a modified RDP client, aka "Windows Remote Desktop Protocol Security Bypass Vulnerability."

8.8 2016-01-13 CVE-2016-0009

Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, and Windows 10 Gold and 1511 allow remote attackers to execute arbitrary code via unspecified vectors, aka "Win32k Remote Code Execution Vulnerability."

7.2 2015-12-09 CVE-2015-6175

The kernel in Microsoft Windows 10 Gold allows local users to gain privileges via a crafted application, aka "Windows Kernel Memory Elevation of Privilege Vulnerability."

7.2 2015-09-08 CVE-2015-2508

The Adobe Type Manager Library in Microsoft Windows 10 allows local users to gain privileges via a crafted application, aka "Font Driver Elevation of Privilege Vulnerability."

CWE : Common Weakness Enumeration

%idName
40% (8) CWE-269 Improper Privilege Management
15% (3) CWE-264 Permissions, Privileges, and Access Controls
10% (2) CWE-732 Incorrect Permission Assignment for Critical Resource
10% (2) CWE-200 Information Exposure
5% (1) CWE-522 Insufficiently Protected Credentials
5% (1) CWE-434 Unrestricted Upload of File with Dangerous Type
5% (1) CWE-295 Certificate Issues
5% (1) CWE-254 Security Features
5% (1) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer

Information Assurance Vulnerability Management (IAVM)

id Description
2015-A-0212 Multiple Vulnerabilities in Microsoft Graphics Component (MS15-097)
Severity: Category II - VMSKEY: V0061385

Snort® IPS/IDS

Date Description
2020-06-11 Microsoft Windows Win32k privilege escalation attempt
RuleID : 53933 - Type : OS-WINDOWS - Revision : 1
2020-06-11 Microsoft Windows Win32k privilege escalation attempt
RuleID : 53932 - Type : OS-WINDOWS - Revision : 1
2016-03-14 Microsoft Windows gpuenergydrv.sys driver privilege escalation attempt
RuleID : 36990 - Type : OS-WINDOWS - Revision : 2
2016-03-14 Microsoft Windows gpuenergydrv.sys driver privilege escalation attempt
RuleID : 36989 - Type : OS-WINDOWS - Revision : 2

Nessus® Vulnerability Scanner

id Description
2016-09-13 Name: The remote host is affected by an information disclosure vulnerability.
File: smb_nt_ms16-113.nasl - Type: ACT_GATHER_INFO
2016-08-09 Name: The remote host is affected by an information disclosure vulnerability.
File: smb_nt_ms16-103.nasl - Type: ACT_GATHER_INFO
2016-01-13 Name: The remote Windows host is affected by multiple vulnerabilities.
File: smb_nt_ms16-005.nasl - Type: ACT_GATHER_INFO
2016-01-13 Name: The remote Windows host is affected by multiple vulnerabilities.
File: smb_nt_ms16-007.nasl - Type: ACT_GATHER_INFO
2015-12-08 Name: The remote Windows host is affected by multiple elevation of privilege vulner...
File: smb_nt_ms15-135.nasl - Type: ACT_GATHER_INFO
2015-09-09 Name: The remote host is affected by multiple vulnerabilities.
File: smb_nt_ms15-097.nasl - Type: ACT_GATHER_INFO