Microsoft: >> Windows 7 Security Vulnerabilities
An information disclosure vulnerability exists in RPC if the server has Routing and Remote Access enabled. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system
To exploit this vulnerability, an attacker would need to run a specially crafted application against an RPC server which has Routing and Remote Access enabled. Routing and Remote Access is a non-default configuration; systems without it enabled are not vulnerable.
The security update addresses the vulnerability by correcting how the Routing and Remote Access service handles requests.
CVSS Score
5.5
EPSS Score
0.01
Published
2020-08-17
CVE-2020-1464
A spoofing vulnerability exists when Windows incorrectly validates file signatures. An attacker who successfully exploited this vulnerability could bypass security features and load improperly signed files.
In an attack scenario, an attacker could bypass security features intended to prevent improperly signed files from being loaded.
The update addresses the vulnerability by correcting how Windows validates file signatures.
Known exploited
CVSS Score
7.8
EPSS Score
0.051
Published
2020-08-17
An elevation of privilege vulnerability exists when Windows improperly handles hard links. An attacker who successfully exploited this vulnerability could overwrite a targeted file leading to an elevated status.
To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system.
The security update addresses the vulnerability by correcting how Windows handles hard links.
CVSS Score
10.0
EPSS Score
0.019
Published
2020-08-17
Race condition in software installer for some Intel(R) Wireless Bluetooth(R) products on Windows* 7, 8.1 and 10 may allow an unprivileged user to potentially enable escalation of privilege via local access.
CVSS Score
7.0
EPSS Score
0.014
Published
2020-08-13
Insecure inherited permissions in some Intel(R) PROSet/Wireless WiFi products on Windows* 7 and 8.1 before version 21.40.5.1 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVSS Score
7.8
EPSS Score
0.0
Published
2020-08-13
An elevation of privilege vulnerability exists when the MpSigStub.exe for Defender allows file deletion in arbitrary locations.To exploit the vulnerability, an attacker would first have to log on to the system, aka 'Microsoft Defender Elevation of Privilege Vulnerability'.
CVSS Score
7.1
EPSS Score
0.002
Published
2020-07-14
An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'.
CVSS Score
6.5
EPSS Score
0.202
Published
2020-07-14
A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory, aka 'GDI+ Remote Code Execution Vulnerability'.
CVSS Score
8.8
EPSS Score
0.329
Published
2020-07-14
A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted fonts.For all systems except Windows 10, an attacker who successfully exploited the vulnerability could execute code remotely, aka 'Windows Font Library Remote Code Execution Vulnerability'.
CVSS Score
8.8
EPSS Score
0.1
Published
2020-07-14
An elevation of privilege vulnerability exists in the way that the Windows Network Location Awareness Service handles objects in memory, aka 'Windows Network Location Awareness Service Elevation of Privilege Vulnerability'.
CVSS Score
7.8
EPSS Score
0.003
Published
2020-07-14