las vulnerabilidades más últimas de la persona notable de Advisories

  • October 2020 - Microsoft Releases Security Patches
     Fecha recomendada:  14 de octubre de 2020

    Microsoft addresses several vulnerabilities in its October security bulletin. Trend Micro Deep Security covers the following:

    • CVE-2020-16915 - Media Foundation Memory Corruption Vulnerability
      Risk Rating: Critical

      This memory corruption vulnerability exists in the mishandling of objects in memory by the Windows Media Foundation. Attackers looking to take advantage of this vulnerability must convince a user to a webpage that hosts an exploit to this vulnerability.


    • CVE-2020-16922 - Windows Spoofing Vulnerability
      Risk Rating: Important

      This spoofing vulnerability exists in the validation of file signatures. When the vulnerability is successfully exploited, it will allow loading of potentially malicious files.


    • CVE-2020-16896 - Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability
      Risk Rating: Important

      This information disclousre vulnerability exists in the RDP when it checks specially crafted requests. When the vulnerability is successfully exploited, an attacker could gain information to further attacks to the vulnerable machine.


  • September 2020 - Microsoft Releases Security Patches
     Fecha recomendada:  08 de septiembre de 2020

    Microsoft addresses several vulnerabilities in its September security bulletin. Trend Micro Deep Security covers the following:

    • CVE-2020-0664 - Active Directory Information Disclosure Vulnerability
      Risk Rating: Important

      This information disclosure vulnerability exists in the mishandling of objects in memory by the Active Directory integrated DNS (ADIDNS). Attackers looking to take advantage of this vulnerability must be authenticated to send a specially crafted request to the ADIDNS service.


    • CVE-2020-0856 - Active Directory Information Disclosure Vulnerability
      Risk Rating: Important

      This information disclosure vulnerability exists in the mishandling of objects in memory by the Active Directory integrated DNS (ADIDNS). Attackers looking to take advantage of this vulnerability must be authenticated to send a specially crafted request to the ADIDNS service.


  • August 2020 - Microsoft Releases Security Patches
     Fecha recomendada:  11 de agosto de 2020

    Microsoft addresses several vulnerabilities in its August security bulletin. Trend Micro Deep Security covers the following:

    • CVE-2020-1570 - Scripting Engine Memory Corruption Vulnerability
      Risk Rating: Critical

      This remote code execution vulnerability exists in the handling of objects in memory by Internet Explorer. Attackers looking to take advantage of this vulnerability could persuade a user to visit a website that hosts an exploit to this vulnerability, or through an ActiveX control in an MS Office document.


    • CVE-2020-1380 - Scripting Engine Memory Corruption Vulnerability
      Risk Rating: Critical

      This remote code execution vulnerability exists in handling of objects in memory by the scripting engine of Internet Explorer. Attackers successful in exploiting this vulnerability may gain the same user rights as the current user.


    • CVE-2020-1567 - MSHTML Engine Remote Code Execution Vulnerability
      Risk Rating: Critical

      This remote code execution vulnerability exists in the validation of input by the MSHTML engine. Attackers looking to take advantage of this vulnerability could persuade a user to open a specially crafted file.


    • CVE-2020-1574 - Microsoft Windows Codecs Library Remote Code Execution Vulnerability
      Risk Rating: Critical

      This remote code execution vulnerability exists in the handling of objects in memory by the Windows Codec Library.


    • CVE-2020-1585 - Microsoft Windows Codecs Library Remote Code Execution Vulnerability
      Risk Rating: Critical

      This remote code execution vulnerability exists in the handling of objects in memory by the Windows Codec Library.


    • CVE-2020-1577 - DirectWrite Information Disclosure Vulnerability
      Risk Rating: Important

      This information disclosure vulnerability exists in the improper disclosure of contents of the DirectWrite memory. Attackers looking to exploit this vulnerability could find ways to convince a user of a vulnerable machine to connect to a malicious website.


  • July 2020 - Microsoft Releases Security Patches
     Fecha recomendada:  14 de julio de 2020

    Microsoft addresses several vulnerabilities in its July security bulletin. Trend Micro Deep Security covers the following:

    • CVE-2020-1436 - Windows Font Library Remote Code Execution Vulnerability
      Risk Rating: Critical

      This remote code execution vulnerability exists in the improper handling of specially crafted fonts by the Windows font library. Attackers looking to take advantage of this vulnerability could persuade a user to click on a link that will lead to a specially crafted website that hosts an exploit to this vulnerability, or through a file-sharing session where the attacker sends a specially crafted document.


    • CVE-2020-1421 - LNK Remote Code Execution Vulnerability
      Risk Rating: Critical

      This remote code execution vulnerability exists in the processing of .LNK files by Windows. Attackers looking to take advantage of this vulnerability could persuade a user to access a file through a remote shared folder or removable drive.


    • CVE-2020-1400 - Jet Database Engine Remote Code Execution Vulnerability
      Risk Rating: Important

      This remote code execution vulnerability exists in the handling of objects in memory by the Windows Jet Database engine. Attackers looking to take advantage of this vulnerability could persuade a user to open a specially crafted file.


    • CVE-2020-1355 - Windows Font Driver Host Remote Code Execution Vulnerability
      Risk Rating: Important

      This remote code execution vulnerability exists in the way the handling of memory by the Windows Font Driver Host.


    • CVE-2020-1374 - Remote Desktop Client Remote Code Execution Vulnerability
      Risk Rating: Critical

      This remote code execution vulnerability exists in the Windows Remote Desktop Client. Attackers looking to exploit this vulnerability must find a way to control the server and convince a user to connect to it.


    • CVE-2020-1403 - VBScript Remote Code Execution Vulnerability
      Risk Rating: Critical

      This remote code execution vulnerability exists in the way the handling of objects in memory by the VBScript engine. Attackers looking to exploit this vulnerability could find ways to convince a user of a vulnerable machine to connect to a malicious website.


  • June 2020 - Microsoft Releases Security Patches
     Fecha recomendada:  10 de junio de 2020

    Microsoft addresses several vulnerabilities in its June security bulletin. Trend Micro Deep Security covers the following:

    • CVE-2020-1213 - VBScript Remote Code Execution Vulnerability
      Risk Rating: Critical

      This remote code execution vulnerability exists in the improper accessing of objects in memory by VBScript engine. Attackers looking to take advantage of this vulnerability could persuade a user to click on a link that will lead to a specially crafted website that hosts an exploit to this vulnerability.


    • CVE-2020-1214 - VBScript Remote Code Execution Vulnerability
      Risk Rating: Important

      This remote code execution vulnerability exists in the handling of objects in memory by VBScript engine. Attackers looking to take advantage of this vulnerability could persuade a user to click on a link that will lead to a specially crafted website that hosts an exploit to this vulnerability.


    • CVE-2020-1260 - VBScript Remote Code Execution Vulnerability
      Risk Rating: Critical

      This remote code execution vulnerability exists in the handling of objects in memory by VBScript engine. Attackers looking to take advantage of this vulnerability could persuade a user to click on a link that will lead to a specially crafted website that hosts an exploit to this vulnerability.


    • CVE-2020-1215 - VBScript Remote Code Execution Vulnerability
      Risk Rating: Important

      This remote code execution vulnerability exists in the way the handling of objects in memory by the VBScript engine. Attackers looking to exploit this vulnerability could find ways to convince a user of a vulnerable machine to connect to a malicious website.


    • CVE-2020-1216 - VBScript Remote Code Execution Vulnerability
      Risk Rating: Critical

      This remote code execution vulnerability exists in the way the handling of objects in memory by the VBScript engine. Attackers looking to exploit this vulnerability could find ways to convince a user of a vulnerable machine to connect to a malicious website.


    • CVE-2020-1230 - VBScript Remote Code Execution Vulnerability
      Risk Rating: Important

      This remote code execution vulnerability exists in the way the handling of objects in memory by the VBScript engine. Attackers looking to exploit this vulnerability could find ways to convince a user of a vulnerable machine to connect to a malicious website.


    • CVE-2020-1301 - Microsoft Windows SMB Remote Code Execution Vulnerability
      Risk Rating: Important

      This remote code execution vulnerability exists in the improper handling of certain requests by the Microsoft Server Message Block 1.0 (SMBv1) server. Attackers looking to exploit this vulnerability must find a way to convince a user to open a specially crafted file.


    • CVE-2020-1219 - Microsoft Browser Memory Corruption Vulnerability
      Risk Rating: Critical

      This remote code execution vulnerability exists in the improper handling of objects in memory by Microsoft browsers. Attackers looking to exploit this vulnerability must find a way to convince a user to open a website that contains the exploit.


    • CVE-2020-1284 - Windows SMBv3 Client/Server Denial of Service Vulnerability
      Risk Rating: Important

      This denial of service vulnerability exists in the handling of certain requests by the Microsoft Server Message Block 3.1.1 (SMBv3) server. Attackers looking to exploit this vulnerability must find a way to convince a user to open a specially crafted file.


  • May 2020 - Microsoft Releases Security Patches
     Fecha recomendada:  13 de mayo de 2020

    Microsoft addresses several vulnerabilities in its May security bulletin. Trend Micro Deep Security covers the following:

    • CVE-2020-1062 - Internet Explorer Memory Corruption Vulnerability
      Risk Rating: Critical

      This remote code execution vulnerability exists in the improper accessing of objects in memory by Internet Explorer. Attackers looking to take advantage of this vulnerability could persuade a user to click on a link that will lead to a specially crafted website that hosts an exploit to this vulnerability.


    • CVE-2020-1060 - VBScript Remote Code Execution Vulnerability
      Risk Rating: Important

      This remote code execution vulnerability exists in the handling of objects in memory by VBScript engine. Attackers looking to take advantage of this vulnerability could persuade a user to click on a link that will lead to a specially crafted website that hosts an exploit to this vulnerability.


    • CVE-2020-1058 - VBScript Remote Code Execution Vulnerability
      Risk Rating: Important

      This remote code execution vulnerability exists in the handling of objects in memory by VBScript engine. Attackers looking to take advantage of this vulnerability could persuade a user to click on a link that will lead to a specially crafted website that hosts an exploit to this vulnerability.


    • CVE-2020-1035 - VBScript Remote Code Execution Vulnerability
      Risk Rating: Important

      This remote code execution vulnerability exists in the way the handling of objects in memory by the VBScript engine. Attackers looking to exploit this vulnerability could find ways to convince a user of a vulnerable machine to connect to a malicious website.


    • CVE-2020-1118 - Microsoft Windows Transport Layer Security Denial of Service Vulnerability
      Risk Rating: Important

      This denial of service vulnerability exists in the improper handling of certain key exchanges in the Windows implementation of Transport Layer Security (TLS). Attackers looking to exploit this vulnerability could find ways to send a specially crafted request that could trigger a machine reboot.


    • CVE-2020-1153 - Microsoft Graphics Components Remote Code Execution Vulnerability
      Risk Rating: Important

      This remote code execution vulnerability exists in the improper handling of objects in memory by the Microsoft Graphics Components. Attackers looking to exploit this vulnerability must find a way to convince a user to open a specially crafted file.


    • CVE-2020-1096 - Microsoft Edge PDF Remote Code Execution Vulnerability
      Risk Rating: Important

      This remote code execution vulnerability exists in the improper handling of objects in memory by the Microsoft Edge PDF Reader. Attackers looking to exploit this vulnerability must find a way to convince a user to open a specially crafted file.


    • CVE-2020-1028 - Media Foundation Memory Corruption Vulnerability
      Risk Rating: Critical

      This remote code execution vulnerability exists in the improper handling of objects in memory by the Microsoft Edge PDF Reader. Attackers looking to exploit this vulnerability must find a way to convince a user to open a specially crafted file.


    • CVE-2020-1126 - Media Foundation Memory Corruption Vulnerability
      Risk Rating: Critical

      This remote code execution vulnerability exists in the improper handling of objects in memory by the Microsoft Edge PDF Reader. Attackers looking to exploit this vulnerability must find a way to convince a user to open a specially crafted file.


    • CVE-2020-1150 - Media Foundation Memory Corruption Vulnerability
      Risk Rating: Important

      This memory corruption vulnerability exists in the improper handling of objects in memory by the Windows Media Foundation. There are multiple ways for attackers to exploit this vulnerability.


    • CVE-2020-1051 - Jet Database Engine Remote Code Execution Vulnerability
      Risk Rating: Important

      This remote code execution vulnerability exists in the improper handling of objects in memory by the Windows Jet Database Engine. Attackers looking to exploit this vulnerability must find a way for a user to open a specially crafted file.


    • CVE-2020-1174 - Jet Database Engine Remote Code Execution Vulnerability
      Risk Rating: Important

      This remote code execution vulnerability exists in the improper handling of objects in memory by the Windows Jet Database Engine. Attackers looking to exploit this vulnerability must find a way for a user to open a specially crafted file.


    • CVE-2020-1175 - Jet Database Engine Remote Code Execution Vulnerability
      Risk Rating: Important

      This remote code execution vulnerability exists in the improper handling of objects in memory by the Windows Jet Database Engine. Attackers looking to exploit this vulnerability must find a way for a user to open a specially crafted file.


    • CVE-2020-1176 - Jet Database Engine Remote Code Execution Vulnerability
      Risk Rating: Important

      This remote code execution vulnerability exists in the improper handling of objects in memory by the Windows Jet Database Engine. Attackers looking to exploit this vulnerability must find a way for a user to open a specially crafted file.


    • CVE-2020-1102 - Microsoft SharePoint Remote Code Execution Vulnerability
      Risk Rating: Critical

      This remote code execution vulnerability exists in the failure to check source markup of an application package by the Microsoft SharePoit. Attackers looking to exploit this vulnerability must find a way for a user to open a specially crafted file.


  • April 2020 - Microsoft Releases Security Patches
     Fecha recomendada:  15 de abril de 2020

    Microsoft addresses several vulnerabilities in its April security bulletin. Trend Micro Deep Security covers the following:

    • CVE-2020-1020 - Adobe Font Manager Library Remote Code Execution Vulnerability
      Risk Rating: Important

      This remote code execution vulnerability exists in the improper handling of the specially-crafted multi-master font Adobe Type 1 PostSCript format by the Windows Adobe Type Manager Library. Attackers looking to take advantage of this vulnerability could persuade a user to open a specially-crafted file.


    • CVE-2020-0938 - Adobe Font Manager Library Remote Code Execution Vulnerability
      Risk Rating: Important

      This remote code execution vulnerability exists in the improper handling of the specially-crafted multi-master font Adobe Type 1 PostSCript format by the Windows Adobe Type Manager Library. Attackers looking to take advantage of this vulnerability could persuade a user to open a specially-crafted file.


    • CVE-2020-0968 - Scripting Engine Memory Corruption Vulnerability
      Risk Rating: Critical

      This remote code execution vulnerability exists in the way that Internet Explorer scripting engine handles objects in memory. Attackers looking to exploit this vulnerability could find ways to convince a user of a vulnerable machine to connect to a malicious server.


  • March 2020 - Microsoft Releases Security Patches
     Fecha recomendada:  11 de marzo de 2020

    Microsoft addresses several vulnerabilities in its March security bulletin. Trend Micro Deep Security covers the following:

    • CVE-2020-0824 - Internet Explorer Memory Corruption Vulnerability
      Risk Rating: Critical

      This remote code execution vulnerability exists in the improper accessing of objects in memory by Internet Explorer. Attackers looking to take advantage of this vulnerability could persuade a user to click on a link that will lead to a specially crafted website that hosts an exploit to this vulnerability.


    • CVE-2020-0832 - Scripting Engine Memory Corruption Vulnerability
      Risk Rating: Critical

      This remote code execution vulnerability exists in the way that Internet Explorer scripting engine handles objects in memory. Attackers looking to exploit this vulnerability could find ways to convince a user of a vulnerable machine to connect to a malicious server.


    • CVE-2020-0833 - Scripting Engine Memory Corruption Vulnerability
      Risk Rating: Critical

      This remote code execution vulnerability exists in the way that Internet Explorer scripting engine handles objects in memory. Attackers looking to exploit this vulnerability could find ways to convince a user of a vulnerable machine to connect to a malicious server.


    • CVE-2020-0847 - VBScript Remote Code Execution Vulnerability
      Risk Rating: Critical

      This remote code execution vulnerability exists in the way the handling of objects in memory by the VBScript scripting engine. Attackers looking to exploit this vulnerability could find ways to convince a user of a vulnerable machine to connect to a malicious website.


  • February 2020 - Microsoft Releases Security Patches
     Fecha recomendada:  12 de febrero de 2020

    Microsoft addresses several vulnerabilities in its February security bulletin. Trend Micro Deep Security covers the following:

    • CVE-2020-0674 - Scripting Engine Memory Corruption Vulnerability
      Risk Rating: Critical

      This remote code execution vulnerability exists in the scripting engine of Internet explorer in the way it handles objects in memory. Attackers looking to exploit this vulnerability could host a specially crafted website that contains an exploit.


    • CVE-2020-0681 - Remote Desktop Client Remote Code Execution Vulnerability
      Risk Rating: Critical

      This remote code execution vulnerability exists in the Windows Remote Desktop Client. It exists when a user connects to a malicious server. Attackers looking to exploit this vulnerability could find ways to convince a user of a vulnerable machine to connect to a malicious server.


    • CVE-2020-0692 - Microsoft Exchange Server Elevation of Privilege Vulnerability
      Risk Rating: Important

      This elevation of privilege vulnerability, that requires an enabled Exchange Web Services (EWS), exists in the Microsoft Exchange Server. Attackers looking to exploit this vulnerability must find a way to change Security Access Token parameters and forward that to the vulnerable Microsoft Exchange Server.


  • January 2020 - Microsoft Releases Security Patches
     Fecha recomendada:  14 de enero de 2020

    Microsoft addresses several vulnerabilities in its January security bulletin. Trend Micro Deep Security covers the following:

    • CVE-2020-0609 - Windows Remote Desktop Gateway (RD Gateway) Remote Code Execution Vulnerability
      Risk Rating: Critical

      This remote code execution, pre-authentication vulnerability exists in the Windows Remote Desktop Gateway (RD Gateway) and requires no user interaction. Attackers looking to exploit this vulnerability could send a specially crafted request via RDP.


    • CVE-2020-0610 - Windows Remote Desktop Gateway (RD Gateway) Remote Code Execution Vulnerability
      Risk Rating: Critical

      This remote code execution, pre-authentication vulnerability exists in the Windows Remote Desktop Gateway (RD Gateway) and requires no user interaction. Attackers looking to exploit this vulnerability could send a specially crafted request via RDP.


    • CVE-2020-0652 - Microsoft Office Memory Corruption Vulnerability
      Risk Rating: Important

      This remote code execution vulnerability exists in the improper handling of objects by Microsoft Office. Attackers looking to exploit this vulnerability must find a way for a user to open a website that contains the exploit, or to open a specially crafted file.


    • CVE-2020-0601 - Windows CryptoAPI Spoofing Vulnerability
      Risk Rating: Important

      This spoofing vulnerability exists in the validation of Elliptic Curve Cryptography (ECC) certificates by the the Windows CryptoAPI (crypt32.dll). A successful exploitation of this vulnerability could allow man-in-the-middle (MiTM) attacks.