Security Vulnerabilities - CVEs Published In June 2020
An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1207, CVE-2020-1247, CVE-2020-1251, CVE-2020-1310.
CVSS Score
6.7
EPSS Score
0.004
Published
2020-06-09
An elevation of privilege vulnerability exists when Windows Modules Installer Service improperly handles class object members.A locally authenticated attacker could run arbitrary code with elevated system privileges, aka 'Windows Modules Installer Service Elevation of Privilege Vulnerability'.
CVSS Score
7.8
EPSS Score
0.003
Published
2020-06-09
An elevation of privilege vulnerability exists when the Windows Background Intelligent Transfer Service (BITS) IIS module improperly handles uploaded content, aka 'Windows Background Intelligent Transfer Service Elevation of Privilege Vulnerability'.
CVSS Score
8.8
EPSS Score
0.173
Published
2020-06-09
An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly handles file operations, aka 'Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1278, CVE-2020-1293.
CVSS Score
7.8
EPSS Score
0.004
Published
2020-06-09
An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory, aka 'DirectX Elevation of Privilege Vulnerability'.
CVSS Score
6.7
EPSS Score
0.004
Published
2020-06-09
A security feature bypass vulnerability exists when Windows Host Guardian Service improperly handles hashes recorded and logged, aka 'Windows Host Guardian Service Security Feature Bypass Vulnerability'.
CVSS Score
4.3
EPSS Score
0.067
Published
2020-06-09
A spoofing vulnerability exists when theMicrosoft Edge (Chromium-based) in IE Mode improperly handles specific redirects, aka 'Microsoft Edge (Chromium-based) in IE Mode Spoofing Vulnerability'.
CVSS Score
6.1
EPSS Score
0.003
Published
2020-06-09
An elevation of privilege vulnerability exists when the Microsoft Store Runtime improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Microsoft Store Runtime Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1309.
CVSS Score
7.8
EPSS Score
0.006
Published
2020-06-09
A remote code execution vulnerability exists when Microsoft Word for Android fails to properly handle certain files.To exploit the vulnerability, an attacker would have to convince a user to open a specially crafted URL file.The update addresses the vulnerability by correcting how Microsoft Word for Android handles specially crafted URL files., aka 'Word for Android Remote Code Execution Vulnerability'.
CVSS Score
8.8
EPSS Score
0.368
Published
2020-06-09
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1226.
CVSS Score
8.8
EPSS Score
0.187
Published
2020-06-09