Microsoft Security Bulletin Coverage for September 2020

September 8, 2020

SonicWall Capture Labs threat research team has analyzed and addressed Microsoft’s security advisories for the month of September 2020. A list of issues reported, along with SonicWall coverage information are as follows:

CVE-2020-0664 Active Directory Information Disclosure Vulnerability
IPS 15131:Microsoft Active Directory Information Disclosure Vulnerability (CVE-2020-0664)

CVE-2020-0856 Active Directory Information Disclosure Vulnerability
IPS 15132:Microsoft Active Directory Information Disclosure Vulnerability (CVE-2020-0856)

CVE-2020-0941 Win32k Information Disclosure Vulnerability
ASPY 5993:Malformed-File exe.MP.156

CVE-2020-1115 Windows Common Log File System Driver Elevation of Privilege Vulnerability
ASPY 5994:Malformed-File exe.MP.157

CVE-2020-1152 Windows Win32k Elevation of Privilege Vulnerability
ASPY 5995:Malformed-File exe.MP.158

CVE-2020-1245 Win32k Elevation of Privilege Vulnerability
ASPY 5991:Malformed-File exe.MP.154

CVE-2020-1308 DirectX Elevation of Privilege Vulnerability
ASPY 5992:Malformed-File exe.MP.155

Following vulnerabilities do not have exploits in the wild :
CVE-2020-0648 Windows RSoP Service Application Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0718 Active Directory Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-0761 Active Directory Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-0766 Microsoft Store Runtime Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0782 Windows Cryptographic Catalog Services Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0790 Microsoft splwow64 Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0805 Projected Filesystem Security Feature Bypass Vulnerability
There are no known exploits in the wild.
CVE-2020-0836 Windows DNS Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2020-0837 ADFS Spoofing Vulnerability
There are no known exploits in the wild.
CVE-2020-0838 NTFS Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0839 Windows dnsrslvr.dll Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0870 Shell infrastructure component Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0875 Microsoft splwow64 Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-0878 Microsoft Browser Memory Corruption Vulnerability
There are no known exploits in the wild.
CVE-2020-0886 Windows Storage Services Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0890 Windows Hyper-V Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2020-0904 Windows Hyper-V Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2020-0908 Windows Text Service Module Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-0914 Windows State Repository Service Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-0921 Microsoft Graphics Component Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-0922 Microsoft COM for Windows Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-0928 Windows Kernel Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-0951 Windows Defender Application Control Security Feature Bypass Vulnerability
There are no known exploits in the wild.
CVE-2020-0989 Windows Mobile Device Management Diagnostics Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-0997 Windows Camera Codec Pack Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-0998 Windows Graphics Component Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1012 WinINet API Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1013 Group Policy Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1030 Windows Print Spooler Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1031 Windows DHCP Server Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-1033 Windows Kernel Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-1034 Windows Kernel Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1038 Windows Routing Utilities Denial of Service
There are no known exploits in the wild.
CVE-2020-1039 Jet Database Engine Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-1044 SQL Server Reporting Services Security Feature Bypass Vulnerability
There are no known exploits in the wild.
CVE-2020-1045 Microsoft ASP.NET Core Security Feature Bypass Vulnerability
There are no known exploits in the wild.
CVE-2020-1052 Windows Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1053 DirectX Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1057 Scripting Engine Memory Corruption Vulnerability
There are no known exploits in the wild.
CVE-2020-1074 Jet Database Engine Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-1083 Microsoft Graphics Component Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-1091 Windows Graphics Component Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-1097 Windows Graphics Component Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-1098 Windows Shell Infrastructure Component Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1119 Windows Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-1122 Windows Language Pack Installer Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1129 Microsoft Windows Codecs Library Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-1130 Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1133 Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1146 Microsoft Store Runtime Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1159 Windows Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1169 Windows Runtime Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1172 Scripting Engine Memory Corruption Vulnerability
There are no known exploits in the wild.
CVE-2020-1180 Scripting Engine Memory Corruption Vulnerability
There are no known exploits in the wild.
CVE-2020-1193 Microsoft Excel Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-1198 Microsoft Office SharePoint XSS Vulnerability
There are no known exploits in the wild.
CVE-2020-1200 Microsoft SharePoint Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-1205 Microsoft SharePoint Spoofing Vulnerability
There are no known exploits in the wild.
CVE-2020-1210 Microsoft SharePoint Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-1218 Microsoft Word Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-1224 Microsoft Excel Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-1227 Microsoft Office SharePoint XSS Vulnerability
There are no known exploits in the wild.
CVE-2020-1228 Windows DNS Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2020-1250 Win32k Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-1252 Windows Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-1256 Windows GDI Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-1285 GDI+ Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-1303 Windows Runtime Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1319 Microsoft Windows Codecs Library Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-1332 Microsoft Excel Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-1335 Microsoft Excel Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-1338 Microsoft Word Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-1345 Microsoft Office SharePoint XSS Vulnerability
There are no known exploits in the wild.
CVE-2020-1376 Windows Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1440 Microsoft SharePoint Server Tampering Vulnerability
There are no known exploits in the wild.
CVE-2020-1452 Microsoft SharePoint Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-1453 Microsoft SharePoint Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-1460 Microsoft SharePoint Server Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-1471 Windows CloudExperienceHost Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1482 Microsoft Office SharePoint XSS Vulnerability
There are no known exploits in the wild.
CVE-2020-1491 Windows Function Discovery Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1506 Windows Start-Up Application Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1507 Microsoft COM for Windows Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1508 Windows Media Audio Decoder Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-1514 Microsoft Office SharePoint XSS Vulnerability
There are no known exploits in the wild.
CVE-2020-1523 Microsoft SharePoint Server Tampering Vulnerability
There are no known exploits in the wild.
CVE-2020-1532 Windows InstallService Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1559 Windows Storage Services Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1575 Microsoft Office SharePoint XSS Vulnerability
There are no known exploits in the wild.
CVE-2020-1576 Microsoft SharePoint Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-1589 Windows Kernel Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-1590 Connected User Experiences and Telemetry Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1592 Windows Kernel Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-1593 Windows Media Audio Decoder Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-1594 Microsoft Excel Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-1595 Microsoft SharePoint Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-1596 TLS Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-1598 Windows UPnP Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-16851 OneDrive for Windows Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-16852 OneDrive for Windows Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-16853 OneDrive for Windows Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-16854 Windows Kernel Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-16855 Microsoft Office Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-16856 Visual Studio Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-16857 Microsoft Dynamics 365 for Finance and Operations (on-premises) Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-16858 Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability
There are no known exploits in the wild.
CVE-2020-16859 Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability
There are no known exploits in the wild.
CVE-2020-16860 Microsoft Dynamics 365 (on-premises) Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-16861 Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability
There are no known exploits in the wild.
CVE-2020-16862 Microsoft Dynamics 365 (on-premises) Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-16864 Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability
There are no known exploits in the wild.
CVE-2020-16871 Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability
There are no known exploits in the wild.
CVE-2020-16872 Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability
There are no known exploits in the wild.
CVE-2020-16873 Xamarin.Forms Spoofing Vulnerability
There are no known exploits in the wild.
CVE-2020-16874 Visual Studio Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-16875 Microsoft Exchange Memory Corruption Vulnerability
There are no known exploits in the wild.
CVE-2020-16878 Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability
There are no known exploits in the wild.
CVE-2020-16879 Projected Filesystem Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-16881 Visual Studio JSON Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-16884 Internet Explorer Browser Helper Object (BHO) Memory Corruption Vulnerability
There are no known exploits in the wild.