Microsoft: >> Windows 10 1507 Security Vulnerabilities
CVE-2020-0674
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0673, CVE-2020-0710, CVE-2020-0711, CVE-2020-0712, CVE-2020-0713, CVE-2020-0767.
Known exploited
CVSS Score
7.5
EPSS Score
0.939
Published
2020-02-11
CVE-2020-0601
A spoofing vulnerability exists in the way Windows CryptoAPI (Crypt32.dll) validates Elliptic Curve Cryptography (ECC) certificates.An attacker could exploit the vulnerability by using a spoofed code-signing certificate to sign a malicious executable, making it appear the file was from a trusted, legitimate source, aka 'Windows CryptoAPI Spoofing Vulnerability'.
Known exploited
CVSS Score
8.1
EPSS Score
0.94
Published
2020-01-14
CVE-2019-1458
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'.
Known exploited
CVSS Score
7.8
EPSS Score
0.926
Published
2019-12-10
CVE-2019-1429
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1426, CVE-2019-1427, CVE-2019-1428.
Known exploited
CVSS Score
7.5
EPSS Score
0.671
Published
2019-11-12
CVE-2019-1405
An elevation of privilege vulnerability exists when the Windows Universal Plug and Play (UPnP) service improperly allows COM object creation, aka 'Windows UPnP Service Elevation of Privilege Vulnerability'.
Known exploited
CVSS Score
7.8
EPSS Score
0.64
Published
2019-11-12
CVE-2019-1388
An elevation of privilege vulnerability exists in the Windows Certificate Dialog when it does not properly enforce user privileges, aka 'Windows Certificate Dialog Elevation of Privilege Vulnerability'.
Known exploited
CVSS Score
7.8
EPSS Score
0.034
Published
2019-11-12
CVE-2019-1214
An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory, aka 'Windows Common Log File System Driver Elevation of Privilege Vulnerability'.
Known exploited
CVSS Score
7.8
EPSS Score
0.116
Published
2019-09-11
CVE-2019-1215
An elevation of privilege vulnerability exists in the way that ws2ifsl.sys (Winsock) handles objects in memory, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1253, CVE-2019-1278, CVE-2019-1303.
Known exploited
CVSS Score
7.8
EPSS Score
0.031
Published
2019-09-11
CVE-2019-1130
An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1129.
Known exploited
CVSS Score
7.8
EPSS Score
0.04
Published
2019-07-15
CVE-2019-0880
A local elevation of privilege vulnerability exists in how splwow64.exe handles certain calls, aka 'Microsoft splwow64 Elevation of Privilege Vulnerability'.
Known exploited
CVSS Score
7.8
EPSS Score
0.014
Published
2019-07-15