Microsoft Security Bulletin Coverage for July 2020

July 14, 2020

SonicWall Capture Labs threat research team has analyzed and addressed Microsoft’s security advisories for the month of July 2020. A list of issues reported, along with SonicWall coverage information are as follows:

CVE-2020-1147 .NET Framework, SharePoint Server, and Visual Studio Remote Code Execution Vulnerability
     ASPY 5964:Malformed-File exe.MP.144
CVE-2020-1350 Windows DNS Server Remote Code Execution Vulnerability
    IPS 15069:Windows DNS Server Remote Code Execution (CVE-2020-1350)
CVE-2020-1374 Remote Desktop Client Remote Code Execution Vulnerability
    ASPY 5966:Malformed-File exe.MP.146
CVE-2020-1381 Windows Graphics Component Elevation of Privilege Vulnerability
    ASPY 5965:Malformed-File exe.MP.145
CVE-2020-1382 Windows Graphics Component Elevation of Privilege Vulnerability
    ASPY 5967:Malformed-File exe.MP.148
CVE-2020-1399 Windows Runtime Elevation of Privilege Vulnerability
    ASPY 5968:Malformed-File exe.MP.149
CVE-2020-1403 VBScript Remote Code Execution Vulnerability
    IPS 14849:Suspicious JavaScript/VBScript Code 56
CVE-2020-1410 Windows Address Book Remote Code Execution Vulnerability
    ASPY 5963:Malformed-File wab.MP.1
CVE-2020-1426 Windows Kernel Information Disclosure Vulnerability
    ASPY 5962:Malformed-File exe.MP.147

Following vulnerabilities do not have exploits in the wild :

CVE-2020-1025 Microsoft Office Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1032 Hyper-V RemoteFX vGPU Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-1036 Hyper-V RemoteFX vGPU Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-1040 Hyper-V RemoteFX vGPU Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-1041 Hyper-V RemoteFX vGPU Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-1042 Hyper-V RemoteFX vGPU Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-1043 Hyper-V RemoteFX vGPU Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-1085 Windows Function Discovery Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1240 Microsoft Excel Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-1249 Windows Runtime Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1267 Local Security Authority Subsystem Service Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2020-1326 Azure DevOps Server Cross-site Scripting Vulnerability
There are no known exploits in the wild.
CVE-2020-1330 Windows Mobile Device Management Diagnostics Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-1333 Group Policy Services Policy Processing Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1336 Windows Kernel Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1342 Microsoft Office Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-1344 Windows WalletService Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1346 Windows Modules Installer Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1347 Windows Storage Services Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1349 Microsoft Outlook Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-1351 Microsoft Graphics Component Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-1352 Windows USO Core Worker Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1353 Windows Runtime Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1354 Windows UPnP Device Host Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1355 Windows Font Driver Host Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-1356 Windows iSCSI Target Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1357 Windows System Events Broker Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1358 Windows Resource Policy Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-1359 Windows CNG Key Isolation Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1360 Windows Profile Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1361 Windows WalletService Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-1362 Windows WalletService Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1363 Windows Picker Platform Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1364 Windows WalletService Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2020-1365 Windows Event Logging Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1366 Windows Print Workflow Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1367 Windows Kernel Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-1368 Windows Credential Enrollment Manager Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1369 Windows WalletService Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1370 Windows Runtime Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1371 Windows Event Logging Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1372 Windows Mobile Device Management Diagnostics Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1373 Windows Network Connections Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1375 Windows COM Server Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1384 Windows CNG Key Isolation Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1385 Windows Credential Picker Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1386 Connected User Experiences and Telemetry Service Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-1387 Windows Push Notification Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1388 Windows Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1389 Windows Kernel Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-1390 Windows Network Connections Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1391 Windows Agent Activation Runtime Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-1392 Windows Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1393 Windows Diagnostics Hub Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1394 Windows Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1395 Windows Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1396 Windows ALPC Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1397 Windows Imaging Component Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-1398 Windows Lockscreen Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1400 Jet Database Engine Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-1401 Jet Database Engine Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-1402 Windows ActiveX Installer Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1404 Windows Runtime Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1405 Windows Mobile Device Management Diagnostics Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1406 Windows Network List Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1407 Jet Database Engine Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-1408 Microsoft Graphics Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-1409 DirectWrite Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-1411 Windows Kernel Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1412 Microsoft Graphics Components Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-1413 Windows Runtime Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1414 Windows Runtime Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1415 Windows Runtime Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1416 Visual Studio and Visual Studio Code Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1418 Windows Diagnostics Hub Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1419 Windows Kernel Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-1420 Windows Error Reporting Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-1421 LNK Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-1422 Windows Runtime Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1423 Windows Subsystem for Linux Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1424 Windows Update Stack Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1427 Windows Network Connections Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1428 Windows Network Connections Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1429 Windows Error Reporting Manager Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1430 Windows UPnP Device Host Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1431 Windows AppX Deployment Extensions Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1432 Skype for Business via Internet Explorer Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-1433 Microsoft Edge PDF Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-1434 Windows Sync Host Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1435 GDI+ Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-1436 Windows Font Library Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-1437 Windows Network Location Awareness Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1438 Windows Network Connections Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1439 PerformancePoint Services Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-1442 Office Web Apps XSS Vulnerability
There are no known exploits in the wild.
CVE-2020-1443 Microsoft SharePoint Spoofing Vulnerability
There are no known exploits in the wild.
CVE-2020-1444 Microsoft SharePoint Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-1445 Microsoft Office Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-1446 Microsoft Word Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-1447 Microsoft Word Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-1448 Microsoft Word Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-1449 Microsoft Project Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-1450 Microsoft Office SharePoint XSS Vulnerability
There are no known exploits in the wild.
CVE-2020-1451 Microsoft Office SharePoint XSS Vulnerability
There are no known exploits in the wild.
CVE-2020-1454 Microsoft SharePoint Reflective XSS Vulnerability
There are no known exploits in the wild.
CVE-2020-1456 Microsoft Office SharePoint XSS Vulnerability
There are no known exploits in the wild.
CVE-2020-1458 Microsoft Office Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-1461 Microsoft Defender Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1462 Skype for Business via Microsoft Edge (EdgeHTML-based) Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-1463 Windows SharedStream Library Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1465 Microsoft OneDrive Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1468 Windows GDI Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-1469 Bond Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2020-1481 Visual Studio Code ESLint Extention Remote Code Execution Vulnerability
There are no known exploits in the wild.