Microsoft: >> Windows 10 >> 1803 Security Vulnerabilities
<p>An elevation of privilege vulnerability exists when Windows improperly handles COM object creation. An attacker who successfully exploited the vulnerability could run arbitrary code with elevated privileges.</p>
<p>To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system.</p>
<p>The update addresses the vulnerability by correcting how the Windows COM Server creates COM objects.</p>
CVSS Score
7.8
EPSS Score
0.01
Published
2020-10-16
<p>An elevation of privilege vulnerability exists when the Windows Backup Service improperly handles file operations.</p>
<p>To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.</p>
<p>The security update addresses the vulnerability by correcting how the Windows Backup Service handles file operations.</p>
CVSS Score
7.8
EPSS Score
0.006
Published
2020-10-16
<p>An information disclosure vulnerability exists when the .NET Framework improperly handles objects in memory. An attacker who successfully exploited the vulnerability could disclose contents of an affected system's memory.</p>
<p>To exploit the vulnerability, an authenticated attacker would need to run a specially crafted application.</p>
<p>The update addresses the vulnerability by correcting how the .NET Framework handles objects in memory.</p>
CVSS Score
4.7
EPSS Score
0.102
Published
2020-10-16
<p>An elevation of privilege vulnerability exists when Group Policy improperly checks access. An attacker who successfully exploited this vulnerability could run processes in an elevated context.</p>
<p>To exploit the vulnerability, an attacker would first have to log on to the system, and then run a specially crafted application to take control over the affected system.</p>
<p>The security update addresses the vulnerability by correcting how Group Policy checks access.</p>
CVSS Score
7.8
EPSS Score
0.209
Published
2020-10-16
<p>An elevation of privilege vulnerability exists when the Windows User Profile Service (ProfSvc) improperly handles junction points. An attacker who successfully exploited this vulnerability could delete files and folders in an elevated context.</p>
<p>To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and delete files or folders of their choosing.</p>
<p>The security update addresses the vulnerability by correcting how the Windows User Profile Service handles junction points.</p>
CVSS Score
7.8
EPSS Score
0.004
Published
2020-10-16
<p>An elevation of privilege vulnerability exists in Windows Error Reporting (WER) when WER handles and executes files. The vulnerability could allow elevation of privilege if an attacker can successfully exploit it.</p>
<p>An attacker who successfully exploited the vulnerability could gain greater access to sensitive information and system functionality. To exploit the vulnerability, an attacker could run a specially crafted application.</p>
<p>The security update addresses the vulnerability by correcting the way that WER handles and executes files.</p>
CVSS Score
6.8
EPSS Score
0.008
Published
2020-10-16
<p>An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.</p>
<p>To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system.</p>
<p>The update addresses this vulnerability by correcting how the Windows kernel-mode driver handles objects in memory.</p>
CVSS Score
7.8
EPSS Score
0.007
Published
2020-10-16
<p>An elevation of privilege vulnerability exists in Windows Setup in the way it handles directories.</p>
<p>A locally authenticated attacker could run arbitrary code with elevated system privileges. After successfully exploiting the vulnerability, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.</p>
<p>The security update addresses the vulnerability by ensuring Windows Setup properly handles directories.</p>
CVSS Score
7.8
EPSS Score
0.007
Published
2020-10-16
<p>An elevation of privilege vulnerability exists in Windows Error Reporting (WER) when WER handles and executes files. The vulnerability could allow elevation of privilege if an attacker can successfully exploit it.</p>
<p>An attacker who successfully exploited the vulnerability could gain greater access to sensitive information and system functionality. To exploit the vulnerability, an attacker could run a specially crafted application.</p>
<p>The security update addresses the vulnerability by correcting the way that WER handles and executes files.</p>
CVSS Score
7.8
EPSS Score
0.005
Published
2020-10-16
<p>A security feature bypass vulnerability exists when Microsoft Windows fails to handle file creation permissions, which could allow an attacker to create files in a protected Unified Extensible Firmware Interface (UEFI) location.</p>
<p>To exploit this vulnerability, an attacker could run a specially crafted application to bypass Unified Extensible Firmware Interface (UEFI) variable security in Windows.</p>
<p>The security update addresses the vulnerability by correcting security feature behavior to enforce permissions.</p>
CVSS Score
6.2
EPSS Score
0.03
Published
2020-10-16