últimos alertas Vulnerabilidades notáveis

  • September 2020 - Microsoft Releases Security Patches
     Data do informe:  08 de setembro de 2020

    Microsoft addresses several vulnerabilities in its September security bulletin. Trend Micro Deep Security covers the following:

    • CVE-2020-0664 - Active Directory Information Disclosure Vulnerability
      Risk Rating: Important

      This information disclosure vulnerability exists in the mishandling of objects in memory by the Active Directory integrated DNS (ADIDNS). Attackers looking to take advantage of this vulnerability must be authenticated to send a specially crafted request to the ADIDNS service.


    • CVE-2020-0856 - Active Directory Information Disclosure Vulnerability
      Risk Rating: Important

      This information disclosure vulnerability exists in the mishandling of objects in memory by the Active Directory integrated DNS (ADIDNS). Attackers looking to take advantage of this vulnerability must be authenticated to send a specially crafted request to the ADIDNS service.


  • August 2020 - Microsoft Releases Security Patches
     Data do informe:  11 de agosto de 2020

    Microsoft addresses several vulnerabilities in its August security bulletin. Trend Micro Deep Security covers the following:

    • CVE-2020-1570 - Scripting Engine Memory Corruption Vulnerability
      Risk Rating: Critical

      This remote code execution vulnerability exists in the handling of objects in memory by Internet Explorer. Attackers looking to take advantage of this vulnerability could persuade a user to visit a website that hosts an exploit to this vulnerability, or through an ActiveX control in an MS Office document.


    • CVE-2020-1380 - Scripting Engine Memory Corruption Vulnerability
      Risk Rating: Critical

      This remote code execution vulnerability exists in handling of objects in memory by the scripting engine of Internet Explorer. Attackers successful in exploiting this vulnerability may gain the same user rights as the current user.


    • CVE-2020-1567 - MSHTML Engine Remote Code Execution Vulnerability
      Risk Rating: Critical

      This remote code execution vulnerability exists in the validation of input by the MSHTML engine. Attackers looking to take advantage of this vulnerability could persuade a user to open a specially crafted file.


    • CVE-2020-1574 - Microsoft Windows Codecs Library Remote Code Execution Vulnerability
      Risk Rating: Critical

      This remote code execution vulnerability exists in the handling of objects in memory by the Windows Codec Library.


    • CVE-2020-1585 - Microsoft Windows Codecs Library Remote Code Execution Vulnerability
      Risk Rating: Critical

      This remote code execution vulnerability exists in the handling of objects in memory by the Windows Codec Library.


    • CVE-2020-1577 - DirectWrite Information Disclosure Vulnerability
      Risk Rating: Important

      This information disclosure vulnerability exists in the improper disclosure of contents of the DirectWrite memory. Attackers looking to exploit this vulnerability could find ways to convince a user of a vulnerable machine to connect to a malicious website.


  • July 2020 - Microsoft Releases Security Patches
     Data do informe:  14 de julho de 2020

    Microsoft addresses several vulnerabilities in its July security bulletin. Trend Micro Deep Security covers the following:

    • CVE-2020-1436 - Windows Font Library Remote Code Execution Vulnerability
      Risk Rating: Critical

      This remote code execution vulnerability exists in the improper handling of specially crafted fonts by the Windows font library. Attackers looking to take advantage of this vulnerability could persuade a user to click on a link that will lead to a specially crafted website that hosts an exploit to this vulnerability, or through a file-sharing session where the attacker sends a specially crafted document.


    • CVE-2020-1421 - LNK Remote Code Execution Vulnerability
      Risk Rating: Critical

      This remote code execution vulnerability exists in the processing of .LNK files by Windows. Attackers looking to take advantage of this vulnerability could persuade a user to access a file through a remote shared folder or removable drive.


    • CVE-2020-1400 - Jet Database Engine Remote Code Execution Vulnerability
      Risk Rating: Important

      This remote code execution vulnerability exists in the handling of objects in memory by the Windows Jet Database engine. Attackers looking to take advantage of this vulnerability could persuade a user to open a specially crafted file.


    • CVE-2020-1355 - Windows Font Driver Host Remote Code Execution Vulnerability
      Risk Rating: Important

      This remote code execution vulnerability exists in the way the handling of memory by the Windows Font Driver Host.


    • CVE-2020-1374 - Remote Desktop Client Remote Code Execution Vulnerability
      Risk Rating: Critical

      This remote code execution vulnerability exists in the Windows Remote Desktop Client. Attackers looking to exploit this vulnerability must find a way to control the server and convince a user to connect to it.


    • CVE-2020-1403 - VBScript Remote Code Execution Vulnerability
      Risk Rating: Critical

      This remote code execution vulnerability exists in the way the handling of objects in memory by the VBScript engine. Attackers looking to exploit this vulnerability could find ways to convince a user of a vulnerable machine to connect to a malicious website.


  • June 2020 - Microsoft Releases Security Patches
     Data do informe:  10 de junho de 2020

    Microsoft addresses several vulnerabilities in its June security bulletin. Trend Micro Deep Security covers the following:

    • CVE-2020-1213 - VBScript Remote Code Execution Vulnerability
      Risk Rating: Critical

      This remote code execution vulnerability exists in the improper accessing of objects in memory by VBScript engine. Attackers looking to take advantage of this vulnerability could persuade a user to click on a link that will lead to a specially crafted website that hosts an exploit to this vulnerability.


    • CVE-2020-1214 - VBScript Remote Code Execution Vulnerability
      Risk Rating: Important

      This remote code execution vulnerability exists in the handling of objects in memory by VBScript engine. Attackers looking to take advantage of this vulnerability could persuade a user to click on a link that will lead to a specially crafted website that hosts an exploit to this vulnerability.


    • CVE-2020-1260 - VBScript Remote Code Execution Vulnerability
      Risk Rating: Critical

      This remote code execution vulnerability exists in the handling of objects in memory by VBScript engine. Attackers looking to take advantage of this vulnerability could persuade a user to click on a link that will lead to a specially crafted website that hosts an exploit to this vulnerability.


    • CVE-2020-1215 - VBScript Remote Code Execution Vulnerability
      Risk Rating: Important

      This remote code execution vulnerability exists in the way the handling of objects in memory by the VBScript engine. Attackers looking to exploit this vulnerability could find ways to convince a user of a vulnerable machine to connect to a malicious website.


    • CVE-2020-1216 - VBScript Remote Code Execution Vulnerability
      Risk Rating: Critical

      This remote code execution vulnerability exists in the way the handling of objects in memory by the VBScript engine. Attackers looking to exploit this vulnerability could find ways to convince a user of a vulnerable machine to connect to a malicious website.


    • CVE-2020-1230 - VBScript Remote Code Execution Vulnerability
      Risk Rating: Important

      This remote code execution vulnerability exists in the way the handling of objects in memory by the VBScript engine. Attackers looking to exploit this vulnerability could find ways to convince a user of a vulnerable machine to connect to a malicious website.


    • CVE-2020-1301 - Microsoft Windows SMB Remote Code Execution Vulnerability
      Risk Rating: Important

      This remote code execution vulnerability exists in the improper handling of certain requests by the Microsoft Server Message Block 1.0 (SMBv1) server. Attackers looking to exploit this vulnerability must find a way to convince a user to open a specially crafted file.


    • CVE-2020-1219 - Microsoft Browser Memory Corruption Vulnerability
      Risk Rating: Critical

      This remote code execution vulnerability exists in the improper handling of objects in memory by Microsoft browsers. Attackers looking to exploit this vulnerability must find a way to convince a user to open a website that contains the exploit.


    • CVE-2020-1284 - Windows SMBv3 Client/Server Denial of Service Vulnerability
      Risk Rating: Important

      This denial of service vulnerability exists in the handling of certain requests by the Microsoft Server Message Block 3.1.1 (SMBv3) server. Attackers looking to exploit this vulnerability must find a way to convince a user to open a specially crafted file.


  • May 2020 - Microsoft Releases Security Patches
     Data do informe:  13 de maio de 2020

    Microsoft addresses several vulnerabilities in its May security bulletin. Trend Micro Deep Security covers the following:

    • CVE-2020-1062 - Internet Explorer Memory Corruption Vulnerability
      Risk Rating: Critical

      This remote code execution vulnerability exists in the improper accessing of objects in memory by Internet Explorer. Attackers looking to take advantage of this vulnerability could persuade a user to click on a link that will lead to a specially crafted website that hosts an exploit to this vulnerability.


    • CVE-2020-1060 - VBScript Remote Code Execution Vulnerability
      Risk Rating: Important

      This remote code execution vulnerability exists in the handling of objects in memory by VBScript engine. Attackers looking to take advantage of this vulnerability could persuade a user to click on a link that will lead to a specially crafted website that hosts an exploit to this vulnerability.


    • CVE-2020-1058 - VBScript Remote Code Execution Vulnerability
      Risk Rating: Important

      This remote code execution vulnerability exists in the handling of objects in memory by VBScript engine. Attackers looking to take advantage of this vulnerability could persuade a user to click on a link that will lead to a specially crafted website that hosts an exploit to this vulnerability.


    • CVE-2020-1035 - VBScript Remote Code Execution Vulnerability
      Risk Rating: Important

      This remote code execution vulnerability exists in the way the handling of objects in memory by the VBScript engine. Attackers looking to exploit this vulnerability could find ways to convince a user of a vulnerable machine to connect to a malicious website.


    • CVE-2020-1118 - Microsoft Windows Transport Layer Security Denial of Service Vulnerability
      Risk Rating: Important

      This denial of service vulnerability exists in the improper handling of certain key exchanges in the Windows implementation of Transport Layer Security (TLS). Attackers looking to exploit this vulnerability could find ways to send a specially crafted request that could trigger a machine reboot.


    • CVE-2020-1153 - Microsoft Graphics Components Remote Code Execution Vulnerability
      Risk Rating: Important

      This remote code execution vulnerability exists in the improper handling of objects in memory by the Microsoft Graphics Components. Attackers looking to exploit this vulnerability must find a way to convince a user to open a specially crafted file.


    • CVE-2020-1096 - Microsoft Edge PDF Remote Code Execution Vulnerability
      Risk Rating: Important

      This remote code execution vulnerability exists in the improper handling of objects in memory by the Microsoft Edge PDF Reader. Attackers looking to exploit this vulnerability must find a way to convince a user to open a specially crafted file.


    • CVE-2020-1028 - Media Foundation Memory Corruption Vulnerability
      Risk Rating: Critical

      This remote code execution vulnerability exists in the improper handling of objects in memory by the Microsoft Edge PDF Reader. Attackers looking to exploit this vulnerability must find a way to convince a user to open a specially crafted file.


    • CVE-2020-1126 - Media Foundation Memory Corruption Vulnerability
      Risk Rating: Critical

      This remote code execution vulnerability exists in the improper handling of objects in memory by the Microsoft Edge PDF Reader. Attackers looking to exploit this vulnerability must find a way to convince a user to open a specially crafted file.


    • CVE-2020-1150 - Media Foundation Memory Corruption Vulnerability
      Risk Rating: Important

      This memory corruption vulnerability exists in the improper handling of objects in memory by the Windows Media Foundation. There are multiple ways for attackers to exploit this vulnerability.


    • CVE-2020-1051 - Jet Database Engine Remote Code Execution Vulnerability
      Risk Rating: Important

      This remote code execution vulnerability exists in the improper handling of objects in memory by the Windows Jet Database Engine. Attackers looking to exploit this vulnerability must find a way for a user to open a specially crafted file.


    • CVE-2020-1174 - Jet Database Engine Remote Code Execution Vulnerability
      Risk Rating: Important

      This remote code execution vulnerability exists in the improper handling of objects in memory by the Windows Jet Database Engine. Attackers looking to exploit this vulnerability must find a way for a user to open a specially crafted file.


    • CVE-2020-1175 - Jet Database Engine Remote Code Execution Vulnerability
      Risk Rating: Important

      This remote code execution vulnerability exists in the improper handling of objects in memory by the Windows Jet Database Engine. Attackers looking to exploit this vulnerability must find a way for a user to open a specially crafted file.


    • CVE-2020-1176 - Jet Database Engine Remote Code Execution Vulnerability
      Risk Rating: Important

      This remote code execution vulnerability exists in the improper handling of objects in memory by the Windows Jet Database Engine. Attackers looking to exploit this vulnerability must find a way for a user to open a specially crafted file.


    • CVE-2020-1102 - Microsoft SharePoint Remote Code Execution Vulnerability
      Risk Rating: Critical

      This remote code execution vulnerability exists in the failure to check source markup of an application package by the Microsoft SharePoit. Attackers looking to exploit this vulnerability must find a way for a user to open a specially crafted file.


  • April 2020 - Microsoft Releases Security Patches
     Data do informe:  15 de abril de 2020

    Microsoft addresses several vulnerabilities in its April security bulletin. Trend Micro Deep Security covers the following:

    • CVE-2020-1020 - Adobe Font Manager Library Remote Code Execution Vulnerability
      Risk Rating: Important

      This remote code execution vulnerability exists in the improper handling of the specially-crafted multi-master font Adobe Type 1 PostSCript format by the Windows Adobe Type Manager Library. Attackers looking to take advantage of this vulnerability could persuade a user to open a specially-crafted file.


    • CVE-2020-0938 - Adobe Font Manager Library Remote Code Execution Vulnerability
      Risk Rating: Important

      This remote code execution vulnerability exists in the improper handling of the specially-crafted multi-master font Adobe Type 1 PostSCript format by the Windows Adobe Type Manager Library. Attackers looking to take advantage of this vulnerability could persuade a user to open a specially-crafted file.


    • CVE-2020-0968 - Scripting Engine Memory Corruption Vulnerability
      Risk Rating: Critical

      This remote code execution vulnerability exists in the way that Internet Explorer scripting engine handles objects in memory. Attackers looking to exploit this vulnerability could find ways to convince a user of a vulnerable machine to connect to a malicious server.


  • March 2020 - Microsoft Releases Security Patches
     Data do informe:  11 de março de 2020

    Microsoft addresses several vulnerabilities in its March security bulletin. Trend Micro Deep Security covers the following:

    • CVE-2020-0824 - Internet Explorer Memory Corruption Vulnerability
      Risk Rating: Critical

      This remote code execution vulnerability exists in the improper accessing of objects in memory by Internet Explorer. Attackers looking to take advantage of this vulnerability could persuade a user to click on a link that will lead to a specially crafted website that hosts an exploit to this vulnerability.


    • CVE-2020-0832 - Scripting Engine Memory Corruption Vulnerability
      Risk Rating: Critical

      This remote code execution vulnerability exists in the way that Internet Explorer scripting engine handles objects in memory. Attackers looking to exploit this vulnerability could find ways to convince a user of a vulnerable machine to connect to a malicious server.


    • CVE-2020-0833 - Scripting Engine Memory Corruption Vulnerability
      Risk Rating: Critical

      This remote code execution vulnerability exists in the way that Internet Explorer scripting engine handles objects in memory. Attackers looking to exploit this vulnerability could find ways to convince a user of a vulnerable machine to connect to a malicious server.


    • CVE-2020-0847 - VBScript Remote Code Execution Vulnerability
      Risk Rating: Critical

      This remote code execution vulnerability exists in the way the handling of objects in memory by the VBScript scripting engine. Attackers looking to exploit this vulnerability could find ways to convince a user of a vulnerable machine to connect to a malicious website.


  • February 2020 - Microsoft Releases Security Patches
     Data do informe:  12 de fevereiro de 2020

    Microsoft addresses several vulnerabilities in its February security bulletin. Trend Micro Deep Security covers the following:

    • CVE-2020-0674 - Scripting Engine Memory Corruption Vulnerability
      Risk Rating: Critical

      This remote code execution vulnerability exists in the scripting engine of Internet explorer in the way it handles objects in memory. Attackers looking to exploit this vulnerability could host a specially crafted website that contains an exploit.


    • CVE-2020-0681 - Remote Desktop Client Remote Code Execution Vulnerability
      Risk Rating: Critical

      This remote code execution vulnerability exists in the Windows Remote Desktop Client. It exists when a user connects to a malicious server. Attackers looking to exploit this vulnerability could find ways to convince a user of a vulnerable machine to connect to a malicious server.


    • CVE-2020-0692 - Microsoft Exchange Server Elevation of Privilege Vulnerability
      Risk Rating: Important

      This elevation of privilege vulnerability, that requires an enabled Exchange Web Services (EWS), exists in the Microsoft Exchange Server. Attackers looking to exploit this vulnerability must find a way to change Security Access Token parameters and forward that to the vulnerable Microsoft Exchange Server.


  • January 2020 - Microsoft Releases Security Patches
     Data do informe:  14 de janeiro de 2020

    Microsoft addresses several vulnerabilities in its January security bulletin. Trend Micro Deep Security covers the following:

    • CVE-2020-0609 - Windows Remote Desktop Gateway (RD Gateway) Remote Code Execution Vulnerability
      Risk Rating: Critical

      This remote code execution, pre-authentication vulnerability exists in the Windows Remote Desktop Gateway (RD Gateway) and requires no user interaction. Attackers looking to exploit this vulnerability could send a specially crafted request via RDP.


    • CVE-2020-0610 - Windows Remote Desktop Gateway (RD Gateway) Remote Code Execution Vulnerability
      Risk Rating: Critical

      This remote code execution, pre-authentication vulnerability exists in the Windows Remote Desktop Gateway (RD Gateway) and requires no user interaction. Attackers looking to exploit this vulnerability could send a specially crafted request via RDP.


    • CVE-2020-0652 - Microsoft Office Memory Corruption Vulnerability
      Risk Rating: Important

      This remote code execution vulnerability exists in the improper handling of objects by Microsoft Office. Attackers looking to exploit this vulnerability must find a way for a user to open a website that contains the exploit, or to open a specially crafted file.


    • CVE-2020-0601 - Windows CryptoAPI Spoofing Vulnerability
      Risk Rating: Important

      This spoofing vulnerability exists in the validation of Elliptic Curve Cryptography (ECC) certificates by the the Windows CryptoAPI (crypt32.dll). A successful exploitation of this vulnerability could allow man-in-the-middle (MiTM) attacks.


  • December 2019 - Microsoft Releases Security Patches
     Data do informe:  11 de dezembro de 2019

    Microsoft addresses several vulnerabilities in its December security bulletin. Trend Micro Deep Security covers the following:

    • CVE-2019-0617 - Jet Database Engine Remote Code Execution Vulnerability
      Risk Rating: Important

      This remote code execution vulnerability exists in the Windows Jet Database engine in respect to handling objects in memory. Attackers looking to exploit this vulnerability must find a way to convince a user to open a specially crafted file.


    • CVE-2019-1485 - VBScript Remote Code Execution Vulnerability
      Risk Rating: Important

      This remote code execution vulnerability exists in the improper handling of objects in memory by VBScript engine. Attackers looking to exploit this vulnerability must find a way to convince a user to access a malicious website where the exploit is hosted.


    • CVE-2019-0853 - GDI Remote Code Execution Vulnerability
      Risk Rating: Critical

      This remote code execution vulnerability exists in the improper handling of objects by the Windows Graphics Device Interface (GDI). Attackers looking to exploit this vulnerability must find a way for a user to open a website that contains the exploit, or to open a specially crafted file via file-sharing.


    • CVE-2019-1458 - Win32k Elevation of Privilege Vulnerability
      Risk Rating: Important

      This elevation of privilege vulnerability exists in the improper handling of objects by the the Win32k component in Windows. Attackers looking to exploit this vulnerability must find a way for a user to open a specially crafted application.


    • CVE-2019-1439 - Windows GDI Information Disclosure Vulnerability
      Risk Rating: Important

      This information disclosure vulnerability exists in the improper handling of objects in memory by the Windows GDI component. Attackers looking to exploit this vulnerability must find a way for a user to execute a specially crafted document.


    • CVE-2019-1117 - DirectWrite Remote Code Execution Vulnerability
      Risk Rating: Important

      This remote code execution vulnerability exists in the improper handling of objects in memory by the DirectWrite. Attackers looking to exploit this vulnerability must find a way for a user to execute a specially crafted document.


    • CVE-2019-1118 - DirectWrite Remote Code Execution Vulnerability
      Risk Rating: Important

      This remote code execution vulnerability exists in the improper handling of objects in memory by the DirectWrite. Attackers looking to exploit this vulnerability must find a way for a user to execute a specially crafted document.


    • CVE-2019-1119 - DirectWrite Remote Code Execution Vulnerability
      Risk Rating: Important

      This remote code execution vulnerability exists in the improper handling of objects in memory by the DirectWrite. Attackers looking to exploit this vulnerability must find a way for a user to execute a specially crafted document.


    • CVE-2019-0959 - Windows Common Log File System Driver Elevation of Privilege Vulnerability
      Risk Rating: Important

      This elevation of privilege vulnerability exists in the improper handling of objects in memory by the Windows Common Log File System. Attackers looking to exploit this vulnerability must find a way for a user to execute a specially crafted application.