Microsoft: >> Windows 10 1709 Security Vulnerabilities
CVE-2020-0601
A spoofing vulnerability exists in the way Windows CryptoAPI (Crypt32.dll) validates Elliptic Curve Cryptography (ECC) certificates.An attacker could exploit the vulnerability by using a spoofed code-signing certificate to sign a malicious executable, making it appear the file was from a trusted, legitimate source, aka 'Windows CryptoAPI Spoofing Vulnerability'.
Known exploited
CVSS Score
8.1
EPSS Score
0.939
Published
2020-01-14
CVE-2019-1429
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1426, CVE-2019-1427, CVE-2019-1428.
Known exploited
CVSS Score
7.5
EPSS Score
0.831
Published
2019-11-12
CVE-2019-1405
An elevation of privilege vulnerability exists when the Windows Universal Plug and Play (UPnP) service improperly allows COM object creation, aka 'Windows UPnP Service Elevation of Privilege Vulnerability'.
Known exploited
CVSS Score
7.8
EPSS Score
0.6
Published
2019-11-12
CVE-2019-1385
An elevation of privilege vulnerability exists when the Windows AppX Deployment Extensions improperly performs privilege management, resulting in access to system files.To exploit this vulnerability, an authenticated attacker would need to run a specially crafted application to elevate privileges.The security update addresses the vulnerability by correcting how AppX Deployment Extensions manages privileges., aka 'Windows AppX Deployment Extensions Elevation of Privilege Vulnerability'.
Known exploited
CVSS Score
7.8
EPSS Score
0.004
Published
2019-11-12
CVE-2019-1388
An elevation of privilege vulnerability exists in the Windows Certificate Dialog when it does not properly enforce user privileges, aka 'Windows Certificate Dialog Elevation of Privilege Vulnerability'.
Known exploited
CVSS Score
7.8
EPSS Score
0.034
Published
2019-11-12
CVE-2019-1315
An elevation of privilege vulnerability exists when Windows Error Reporting manager improperly handles hard links, aka 'Windows Error Reporting Manager Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1339, CVE-2019-1342.
Known exploited
CVSS Score
7.8
EPSS Score
0.062
Published
2019-10-10
CVE-2019-1367
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1221.
Known exploited
CVSS Score
7.5
EPSS Score
0.879
Published
2019-09-23
CVE-2019-1253
An elevation of privilege vulnerability exists when the Windows AppX Deployment Server improperly handles junctions.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1215, CVE-2019-1278, CVE-2019-1303.
Known exploited
CVSS Score
7.8
EPSS Score
0.196
Published
2019-09-11
CVE-2019-1214
An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory, aka 'Windows Common Log File System Driver Elevation of Privilege Vulnerability'.
Known exploited
CVSS Score
7.8
EPSS Score
0.117
Published
2019-09-11
CVE-2019-1215
An elevation of privilege vulnerability exists in the way that ws2ifsl.sys (Winsock) handles objects in memory, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1253, CVE-2019-1278, CVE-2019-1303.
Known exploited
CVSS Score
7.8
EPSS Score
0.027
Published
2019-09-11