cvelistv5 - cve-2020-1350

CVE-2020-1350 (GCVE-0-2020-1350)

Vulnerability from cvelistv5 – Published: 2020-07-14 22:54 – Updated: 2025-10-21 23:35

CISA

Summary

A remote code execution vulnerability exists in Windows Domain Name System servers when they fail to properly handle requests, aka 'Windows DNS Server Remote Code Execution Vulnerability'.

Severity ?

10 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

CWE

Remote Code Execution

Assigner

microsoft

References

URL

Tags

	https://portal.msrc.microsoft.com/en-US/security-…	x_refsource_MISC
	http://packetstormsecurity.com/files/158484/SIGRe…	x_refsource_MISC

Impacted products

Vendor

Product

Version

Microsoft

Windows Server

Affected: 2019
Affected: 2019 (Core installation)
Affected: 2016
Affected: 2016 (Core installation)
Affected: 2008 for 32-bit Systems Service Pack 2
Affected: 2008 for 32-bit Systems Service Pack 2 (Core installation)
Affected: 2008 for x64-based Systems Service Pack 2
Affected: 2008 for x64-based Systems Service Pack 2 (Core installation)
Affected: 2008 R2 for x64-based Systems Service Pack 1
Affected: 2008 R2 for x64-based Systems Service Pack 1 (Core installation)
Affected: 2012
Affected: 2012 (Core installation)
Affected: 2012 R2
Affected: 2012 R2 (Core installation)

Microsoft	Windows Server, version 1909 (Server Core installation)	Affected: unspecified
Microsoft	Windows Server, version 1903 (Server Core installation)	Affected: unspecified
Microsoft	Windows Server, version 2004 (Server Core installation)	Affected: unspecified

CISA Known Exploited Vulnerability

Data from the CISA Known Exploited Vulnerabilities Catalog

Date added: 2021-11-03

Due date: 2020-07-24

Required action: Apply updates per vendor instructions.

Used in ransomware: Unknown

Notes: Reference CISA's ED 20-03 (https://www.cisa.gov/news-events/directives/ed-20-03-mitigate-windows-dns-server-remote-code-execution-vulnerability-july-2020-patch-tuesday) for further guidance and requirements. Note: The due date for addressing this vulnerability aligns with the requirements outlined in ED 20-03. https://nvd.nist.gov/vuln/detail/CVE-2020-1350

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T06:32:01.039Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1350"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/158484/SIGRed-Windows-DNS-Denial-Of-Service.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 10,
              "baseSeverity": "CRITICAL",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "CHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2020-1350",
                "options": [
                  {
                    "Exploitation": "active"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-07T14:38:31.758044Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "other": {
              "content": {
                "dateAdded": "2021-11-03",
                "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-1350"
              },
              "type": "kev"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-20",
                "description": "CWE-20 Improper Input Validation",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-21T23:35:39.529Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "government-resource"
            ],
            "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-1350"
          }
        ],
        "timeline": [
          {
            "lang": "en",
            "time": "2021-11-03T00:00:00+00:00",
            "value": "CVE-2020-1350 added to CISA KEV"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Windows Server",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "2019"
            },
            {
              "status": "affected",
              "version": "2019  (Core installation)"
            },
            {
              "status": "affected",
              "version": "2016"
            },
            {
              "status": "affected",
              "version": "2016  (Core installation)"
            },
            {
              "status": "affected",
              "version": "2008 for 32-bit Systems Service Pack 2"
            },
            {
              "status": "affected",
              "version": "2008 for 32-bit Systems Service Pack 2 (Core installation)"
            },
            {
              "status": "affected",
              "version": "2008 for x64-based Systems Service Pack 2"
            },
            {
              "status": "affected",
              "version": "2008 for x64-based Systems Service Pack 2 (Core installation)"
            },
            {
              "status": "affected",
              "version": "2008 R2 for x64-based Systems Service Pack 1"
            },
            {
              "status": "affected",
              "version": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)"
            },
            {
              "status": "affected",
              "version": "2012"
            },
            {
              "status": "affected",
              "version": "2012 (Core installation)"
            },
            {
              "status": "affected",
              "version": "2012 R2"
            },
            {
              "status": "affected",
              "version": "2012 R2 (Core installation)"
            }
          ]
        },
        {
          "product": "Windows Server, version 1909 (Server Core installation)",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "unspecified"
            }
          ]
        },
        {
          "product": "Windows Server, version 1903 (Server Core installation)",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "unspecified"
            }
          ]
        },
        {
          "product": "Windows Server, version 2004 (Server Core installation)",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "unspecified"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A remote code execution vulnerability exists in Windows Domain Name System servers when they fail to properly handle requests, aka \u0027Windows DNS Server Remote Code Execution Vulnerability\u0027."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Remote Code Execution",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-07-21T01:06:12.000Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1350"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/158484/SIGRed-Windows-DNS-Denial-Of-Service.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2020-1350",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Windows Server",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2019"
                          },
                          {
                            "version_value": "2019  (Core installation)"
                          },
                          {
                            "version_value": "2016"
                          },
                          {
                            "version_value": "2016  (Core installation)"
                          },
                          {
                            "version_value": "2008 for 32-bit Systems Service Pack 2"
                          },
                          {
                            "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)"
                          },
                          {
                            "version_value": "2008 for x64-based Systems Service Pack 2"
                          },
                          {
                            "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)"
                          },
                          {
                            "version_value": "2008 R2 for x64-based Systems Service Pack 1"
                          },
                          {
                            "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)"
                          },
                          {
                            "version_value": "2012"
                          },
                          {
                            "version_value": "2012 (Core installation)"
                          },
                          {
                            "version_value": "2012 R2"
                          },
                          {
                            "version_value": "2012 R2 (Core installation)"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Windows Server, version 1909 (Server Core installation)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": ""
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Windows Server, version 1903 (Server Core installation)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": ""
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Windows Server, version 2004 (Server Core installation)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": ""
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Microsoft"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A remote code execution vulnerability exists in Windows Domain Name System servers when they fail to properly handle requests, aka \u0027Windows DNS Server Remote Code Execution Vulnerability\u0027."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Remote Code Execution"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1350",
              "refsource": "MISC",
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1350"
            },
            {
              "name": "http://packetstormsecurity.com/files/158484/SIGRed-Windows-DNS-Denial-Of-Service.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/158484/SIGRed-Windows-DNS-Denial-Of-Service.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2020-1350",
    "datePublished": "2020-07-14T22:54:06.000Z",
    "dateReserved": "2019-11-04T00:00:00.000Z",
    "dateUpdated": "2025-10-21T23:35:39.529Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "cisa_known_exploited": {
      "cveID": "CVE-2020-1350",
      "dateAdded": "2021-11-03",
      "dueDate": "2020-07-24",
      "knownRansomwareCampaignUse": "Unknown",
      "notes": "Reference CISA\u0027s ED 20-03 (https://www.cisa.gov/news-events/directives/ed-20-03-mitigate-windows-dns-server-remote-code-execution-vulnerability-july-2020-patch-tuesday) for further guidance and requirements. Note: The due date for addressing this vulnerability aligns with the requirements outlined in ED 20-03. https://nvd.nist.gov/vuln/detail/CVE-2020-1350",
      "product": "Windows",
      "requiredAction": "Apply updates per vendor instructions.",
      "shortDescription": "Microsoft Windows DNS Servers fail to properly handle requests, allowing an attacker to perform remote code execution in the context of the Local System Account. The vulnerability is also known under the moniker of SIGRed.",
      "vendorProject": "Microsoft",
      "vulnerabilityName": "Microsoft Windows DNS Server Remote Code Execution Vulnerability"
    },
    "fkie_nvd": {
      "cisaActionDue": "2020-07-24",
      "cisaExploitAdd": "2021-11-03",
      "cisaRequiredAction": "Apply updates per vendor instructions.",
      "cisaVulnerabilityName": "Microsoft Windows DNS Server Remote Code Execution Vulnerability",
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*\", \"matchCriteriaId\": \"5F422A8C-2C4E-42C8-B420-E0728037E15C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*\", \"matchCriteriaId\": \"AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A7DF96F8-BA6A-4780-9CA3-F719B3F81074\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DB18C4CE-5917-401E-ACF7-2747084FD36E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5B921FDB-8E7D-427E-82BE-4432585080CF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C253A63F-03AB-41CB-A03A-B2674DEA98AA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0B60D940-80C7-49F0-8F4E-3F99AC15FA82\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DB79EE26-FC32-417D-A49C-A1A63165A968\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"A remote code execution vulnerability exists in Windows Domain Name System servers when they fail to properly handle requests, aka \u0027Windows DNS Server Remote Code Execution Vulnerability\u0027.\"}, {\"lang\": \"es\", \"value\": \"Se presenta una vulnerabilidad de ejecuci\\u00f3n de c\\u00f3digo remota en los servidores de Windows Domain Name System cuando presentan un fallo al manejar apropiadamente las peticiones, tambi\\u00e9n se conoce como \\\"Windows DNS Server Remote Code Execution Vulnerability\\\"\"}]",
      "id": "CVE-2020-1350",
      "lastModified": "2024-11-21T05:10:18.257",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\", \"baseScore\": 10.0, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 6.0}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:C/I:C/A:C\", \"baseScore\": 10.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2020-07-14T23:15:13.087",
      "references": "[{\"url\": \"http://packetstormsecurity.com/files/158484/SIGRed-Windows-DNS-Denial-Of-Service.html\", \"source\": \"secure@microsoft.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1350\", \"source\": \"secure@microsoft.com\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://packetstormsecurity.com/files/158484/SIGRed-Windows-DNS-Denial-Of-Service.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1350\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}]",
      "sourceIdentifier": "secure@microsoft.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-noinfo\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2020-1350\",\"sourceIdentifier\":\"secure@microsoft.com\",\"published\":\"2020-07-14T23:15:13.087\",\"lastModified\":\"2025-10-29T13:55:36.067\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A remote code execution vulnerability exists in Windows Domain Name System servers when they fail to properly handle requests, aka \u0027Windows DNS Server Remote Code Execution Vulnerability\u0027.\"},{\"lang\":\"es\",\"value\":\"Se presenta una vulnerabilidad de ejecuci\u00f3n de c\u00f3digo remota en los servidores de Windows Domain Name System cuando presentan un fallo al manejar apropiadamente las peticiones, tambi\u00e9n se conoce como \\\"Windows DNS Server Remote Code Execution Vulnerability\\\"\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\",\"baseScore\":10.0,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":6.0},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\",\"baseScore\":10.0,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":6.0}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:C/I:C/A:C\",\"baseScore\":10.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"cisaExploitAdd\":\"2021-11-03\",\"cisaActionDue\":\"2020-07-24\",\"cisaRequiredAction\":\"Apply updates per vendor instructions.\",\"cisaVulnerabilityName\":\"Microsoft Windows DNS Server Remote Code Execution Vulnerability\",\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*\",\"matchCriteriaId\":\"5F422A8C-2C4E-42C8-B420-E0728037E15C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*\",\"matchCriteriaId\":\"AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A7DF96F8-BA6A-4780-9CA3-F719B3F81074\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DB18C4CE-5917-401E-ACF7-2747084FD36E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DB79EE26-FC32-417D-A49C-A1A63165A968\"}]}]}],\"references\":[{\"url\":\"http://packetstormsecurity.com/files/158484/SIGRed-Windows-DNS-Denial-Of-Service.html\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1350\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://packetstormsecurity.com/files/158484/SIGRed-Windows-DNS-Denial-Of-Service.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1350\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-1350\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"tags\":[\"US Government Resource\"]}]}}",
    "vulnrichment": {
      "containers": "{\"cna\": {\"affected\": [{\"product\": \"Windows Server\", \"vendor\": \"Microsoft\", \"versions\": [{\"status\": \"affected\", \"version\": \"2019\"}, {\"status\": \"affected\", \"version\": \"2019  (Core installation)\"}, {\"status\": \"affected\", \"version\": \"2016\"}, {\"status\": \"affected\", \"version\": \"2016  (Core installation)\"}, {\"status\": \"affected\", \"version\": \"2008 for 32-bit Systems Service Pack 2\"}, {\"status\": \"affected\", \"version\": \"2008 for 32-bit Systems Service Pack 2 (Core installation)\"}, {\"status\": \"affected\", \"version\": \"2008 for x64-based Systems Service Pack 2\"}, {\"status\": \"affected\", \"version\": \"2008 for x64-based Systems Service Pack 2 (Core installation)\"}, {\"status\": \"affected\", \"version\": \"2008 R2 for x64-based Systems Service Pack 1\"}, {\"status\": \"affected\", \"version\": \"2008 R2 for x64-based Systems Service Pack 1 (Core installation)\"}, {\"status\": \"affected\", \"version\": \"2012\"}, {\"status\": \"affected\", \"version\": \"2012 (Core installation)\"}, {\"status\": \"affected\", \"version\": \"2012 R2\"}, {\"status\": \"affected\", \"version\": \"2012 R2 (Core installation)\"}]}, {\"product\": \"Windows Server, version 1909 (Server Core installation)\", \"vendor\": \"Microsoft\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\"}]}, {\"product\": \"Windows Server, version 1903 (Server Core installation)\", \"vendor\": \"Microsoft\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\"}]}, {\"product\": \"Windows Server, version 2004 (Server Core installation)\", \"vendor\": \"Microsoft\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\"}]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A remote code execution vulnerability exists in Windows Domain Name System servers when they fail to properly handle requests, aka \u0027Windows DNS Server Remote Code Execution Vulnerability\u0027.\"}], \"problemTypes\": [{\"descriptions\": [{\"description\": \"Remote Code Execution\", \"lang\": \"en\", \"type\": \"text\"}]}], \"providerMetadata\": {\"dateUpdated\": \"2020-07-21T01:06:12.000Z\", \"orgId\": \"f38d906d-7342-40ea-92c1-6c4a2c6478c8\", \"shortName\": \"microsoft\"}, \"references\": [{\"tags\": [\"x_refsource_MISC\"], \"url\": \"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1350\"}, {\"tags\": [\"x_refsource_MISC\"], \"url\": \"http://packetstormsecurity.com/files/158484/SIGRed-Windows-DNS-Denial-Of-Service.html\"}], \"x_legacyV4Record\": {\"CVE_data_meta\": {\"ASSIGNER\": \"secure@microsoft.com\", \"ID\": \"CVE-2020-1350\", \"STATE\": \"PUBLIC\"}, \"affects\": {\"vendor\": {\"vendor_data\": [{\"product\": {\"product_data\": [{\"product_name\": \"Windows Server\", \"version\": {\"version_data\": [{\"version_value\": \"2019\"}, {\"version_value\": \"2019  (Core installation)\"}, {\"version_value\": \"2016\"}, {\"version_value\": \"2016  (Core installation)\"}, {\"version_value\": \"2008 for 32-bit Systems Service Pack 2\"}, {\"version_value\": \"2008 for 32-bit Systems Service Pack 2 (Core installation)\"}, {\"version_value\": \"2008 for x64-based Systems Service Pack 2\"}, {\"version_value\": \"2008 for x64-based Systems Service Pack 2 (Core installation)\"}, {\"version_value\": \"2008 R2 for x64-based Systems Service Pack 1\"}, {\"version_value\": \"2008 R2 for x64-based Systems Service Pack 1 (Core installation)\"}, {\"version_value\": \"2012\"}, {\"version_value\": \"2012 (Core installation)\"}, {\"version_value\": \"2012 R2\"}, {\"version_value\": \"2012 R2 (Core installation)\"}]}}, {\"product_name\": \"Windows Server, version 1909 (Server Core installation)\", \"version\": {\"version_data\": [{\"version_value\": \"\"}]}}, {\"product_name\": \"Windows Server, version 1903 (Server Core installation)\", \"version\": {\"version_data\": [{\"version_value\": \"\"}]}}, {\"product_name\": \"Windows Server, version 2004 (Server Core installation)\", \"version\": {\"version_data\": [{\"version_value\": \"\"}]}}]}, \"vendor_name\": \"Microsoft\"}]}}, \"data_format\": \"MITRE\", \"data_type\": \"CVE\", \"data_version\": \"4.0\", \"description\": {\"description_data\": [{\"lang\": \"eng\", \"value\": \"A remote code execution vulnerability exists in Windows Domain Name System servers when they fail to properly handle requests, aka \u0027Windows DNS Server Remote Code Execution Vulnerability\u0027.\"}]}, \"problemtype\": {\"problemtype_data\": [{\"description\": [{\"lang\": \"eng\", \"value\": \"Remote Code Execution\"}]}]}, \"references\": {\"reference_data\": [{\"name\": \"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1350\", \"refsource\": \"MISC\", \"url\": \"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1350\"}, {\"name\": \"http://packetstormsecurity.com/files/158484/SIGRed-Windows-DNS-Denial-Of-Service.html\", \"refsource\": \"MISC\", \"url\": \"http://packetstormsecurity.com/files/158484/SIGRed-Windows-DNS-Denial-Of-Service.html\"}]}}}, \"adp\": [{\"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-04T06:32:01.039Z\"}, \"title\": \"CVE Program Container\", \"references\": [{\"tags\": [\"x_refsource_MISC\", \"x_transferred\"], \"url\": \"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1350\"}, {\"tags\": [\"x_refsource_MISC\", \"x_transferred\"], \"url\": \"http://packetstormsecurity.com/files/158484/SIGRed-Windows-DNS-Denial-Of-Service.html\"}]}, {\"metrics\": [{\"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 10, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2020-1350\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"active\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-02-07T14:38:31.758044Z\"}}}, {\"other\": {\"type\": \"kev\", \"content\": {\"dateAdded\": \"2021-11-03\", \"reference\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-1350\"}}}], \"references\": [{\"url\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-1350\", \"tags\": [\"government-resource\"]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-20\", \"description\": \"CWE-20 Improper Input Validation\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-02-07T14:38:14.544Z\"}, \"timeline\": [{\"time\": \"2021-11-03T00:00:00+00:00\", \"lang\": \"en\", \"value\": \"CVE-2020-1350 added to CISA KEV\"}], \"title\": \"CISA ADP Vulnrichment\"}]}",
      "cveMetadata": "{\"assignerOrgId\": \"f38d906d-7342-40ea-92c1-6c4a2c6478c8\", \"assignerShortName\": \"microsoft\", \"cveId\": \"CVE-2020-1350\", \"datePublished\": \"2020-07-14T22:54:06.000Z\", \"dateReserved\": \"2019-11-04T00:00:00.000Z\", \"dateUpdated\": \"2025-10-21T19:54:25.038Z\", \"state\": \"PUBLISHED\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

GSD-2020-1350

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

A remote code execution vulnerability exists in Windows Domain Name System servers when they fail to properly handle requests, aka 'Windows DNS Server Remote Code Execution Vulnerability'.

Aliases

CVE-2020-1350

Aliases

CVE-2020-1350

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2020-1350",
    "description": "A remote code execution vulnerability exists in Windows Domain Name System servers when they fail to properly handle requests, aka \u0027Windows DNS Server Remote Code Execution Vulnerability\u0027.",
    "id": "GSD-2020-1350",
    "references": [
      "https://packetstormsecurity.com/files/cve/CVE-2020-1350"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2020-1350"
      ],
      "details": "A remote code execution vulnerability exists in Windows Domain Name System servers when they fail to properly handle requests, aka \u0027Windows DNS Server Remote Code Execution Vulnerability\u0027.",
      "id": "GSD-2020-1350",
      "modified": "2023-12-13T01:21:57.559050Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cisa.gov": {
      "cveID": "CVE-2020-1350",
      "dateAdded": "2021-11-03",
      "dueDate": "2020-07-24",
      "product": "Windows",
      "requiredAction": "Apply updates per vendor instructions.",
      "shortDescription": "A remote code execution vulnerability exists in Windows Domain Name System servers when they fail to properly handle requests.",
      "vendorProject": "Microsoft",
      "vulnerabilityName": "\"SigRed\" - Microsoft Windows Domain Name System (DNS) Server Remote Code Execution Vulnerability"
    },
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secure@microsoft.com",
        "ID": "CVE-2020-1350",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Windows Server",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "2019"
                        },
                        {
                          "version_value": "2019  (Core installation)"
                        },
                        {
                          "version_value": "2016"
                        },
                        {
                          "version_value": "2016  (Core installation)"
                        },
                        {
                          "version_value": "2008 for 32-bit Systems Service Pack 2"
                        },
                        {
                          "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)"
                        },
                        {
                          "version_value": "2008 for x64-based Systems Service Pack 2"
                        },
                        {
                          "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)"
                        },
                        {
                          "version_value": "2008 R2 for x64-based Systems Service Pack 1"
                        },
                        {
                          "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)"
                        },
                        {
                          "version_value": "2012"
                        },
                        {
                          "version_value": "2012 (Core installation)"
                        },
                        {
                          "version_value": "2012 R2"
                        },
                        {
                          "version_value": "2012 R2 (Core installation)"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Windows Server, version 1909 (Server Core installation)",
                    "version": {
                      "version_data": [
                        {
                          "version_value": ""
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Windows Server, version 1903 (Server Core installation)",
                    "version": {
                      "version_data": [
                        {
                          "version_value": ""
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Windows Server, version 2004 (Server Core installation)",
                    "version": {
                      "version_data": [
                        {
                          "version_value": ""
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Microsoft"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A remote code execution vulnerability exists in Windows Domain Name System servers when they fail to properly handle requests, aka \u0027Windows DNS Server Remote Code Execution Vulnerability\u0027."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Remote Code Execution"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1350",
            "refsource": "MISC",
            "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1350"
          },
          {
            "name": "http://packetstormsecurity.com/files/158484/SIGRed-Windows-DNS-Denial-Of-Service.html",
            "refsource": "MISC",
            "url": "http://packetstormsecurity.com/files/158484/SIGRed-Windows-DNS-Denial-Of-Service.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2020-1350"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "A remote code execution vulnerability exists in Windows Domain Name System servers when they fail to properly handle requests, aka \u0027Windows DNS Server Remote Code Execution Vulnerability\u0027."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-787"
                },
                {
                  "lang": "en",
                  "value": "CWE-190"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1350",
              "refsource": "MISC",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1350"
            },
            {
              "name": "http://packetstormsecurity.com/files/158484/SIGRed-Windows-DNS-Denial-Of-Service.html",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://packetstormsecurity.com/files/158484/SIGRed-Windows-DNS-Denial-Of-Service.html"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 10.0,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 6.0
        }
      },
      "lastModifiedDate": "2021-07-21T11:39Z",
      "publishedDate": "2020-07-14T23:15Z"
    }
  }
}

CERTFR-2021-AVI-772

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans les produits Schneider. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à l'intégrité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
N/A	N/A	IGSS Data Collector (dc.exe) versions antérieures à V15.0.0.21244
N/A	N/A	fellerLYnk versions antérieures à V2.6.2
N/A	N/A	micrologiciel TM5CSLC100FS version antérieures v2.57
N/A	N/A	Conext Advisor 2 Gateway
N/A	N/A	spaceLYnk versions antérieures à V2.6.2
N/A	N/A	micrologiciel TM5NS31 versions antérieures à 2.79
N/A	N/A	Conext Advisor 2 Cloud
N/A	N/A	Wiser for KNX versions antérieures à V2.6.2
N/A	N/A	Modicon M218 logic controller versions antérieures à 5.1.0.8
N/A	N/A	micrologiciel TM5NEIP1 versions antérieures à 3.12
N/A	N/A	ConneXium Network Manager
N/A	N/A	Conext Control V2 Gateway
N/A	N/A	micrologiciel TM5CSLC200FS version antérieures v2.57

References

Title

Publication Time

Tags

Bulletin de sécurité Schneider SEVD-2021-285-04 du 12 octobre 2021	None	vendor-advisory
Bulletin de sécurité Schneider SEVD-2021-285-03 du 12 octobre 2021	None	vendor-advisory
Bulletin de sécurité Schneider SEVD-2021-285-02 du 12 octobre 2021	None	vendor-advisory
Bulletin de sécurité Schneider SEVD-2021-285-05 du 12 octobre 2021	None	vendor-advisory
Bulletin de sécurité Schneider SEVD-2021-285-01 du 12 octobre 2021	None	vendor-advisory
Bulletin de sécurité Schneider SEVD-2021-285-06 du 12 octobre 2021	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "IGSS Data Collector (dc.exe) versions ant\u00e9rieures \u00e0 V15.0.0.21244",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "fellerLYnk versions ant\u00e9rieures \u00e0 V2.6.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "micrologiciel TM5CSLC100FS version ant\u00e9rieures v2.57",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Conext Advisor 2 Gateway",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "spaceLYnk versions ant\u00e9rieures \u00e0 V2.6.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "micrologiciel TM5NS31 versions ant\u00e9rieures \u00e0 2.79",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Conext Advisor 2 Cloud",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Wiser for KNX versions ant\u00e9rieures \u00e0 V2.6.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Modicon M218 logic controller versions ant\u00e9rieures \u00e0 5.1.0.8",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "micrologiciel TM5NEIP1 versions ant\u00e9rieures \u00e0 3.12",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "ConneXium Network Manager",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Conext Control V2 Gateway",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "micrologiciel TM5CSLC200FS version ant\u00e9rieures v2.57",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2020-17438",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-17438"
    },
    {
      "name": "CVE-2019-0685",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0685"
    },
    {
      "name": "CVE-2020-1472",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1472"
    },
    {
      "name": "CVE-2020-0601",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0601"
    },
    {
      "name": "CVE-2019-11135",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11135"
    },
    {
      "name": "CVE-2019-0803",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0803"
    },
    {
      "name": "CVE-2021-22801",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22801"
    },
    {
      "name": "CVE-2020-0609",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0609"
    },
    {
      "name": "CVE-2021-22802",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22802"
    },
    {
      "name": "CVE-2019-0859",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0859"
    },
    {
      "name": "CVE-2020-13987",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-13987"
    },
    {
      "name": "CVE-2020-1020",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1020"
    },
    {
      "name": "CVE-2020-0610",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0610"
    },
    {
      "name": "CVE-2020-0938",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0938"
    },
    {
      "name": "CVE-2020-1350",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1350"
    },
    {
      "name": "CVE-2021-22800",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22800"
    },
    {
      "name": "CVE-2021-22804",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22804"
    },
    {
      "name": "CVE-2020-0796",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0796"
    },
    {
      "name": "CVE-2021-22803",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22803"
    },
    {
      "name": "CVE-2021-22806",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22806"
    },
    {
      "name": "CVE-2019-1040",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-1040"
    },
    {
      "name": "CVE-2021-22805",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22805"
    }
  ],
  "links": [],
  "reference": "CERTFR-2021-AVI-772",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2021-10-12T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSchneider. Certaines d\u0027entre elles permettent \u00e0 un attaquant de\nprovoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de\nservice \u00e0 distance et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Schneider",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2021-285-04 du 12 octobre 2021",
      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-285-04"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2021-285-03 du 12 octobre 2021",
      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-285-03"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2021-285-02 du 12 octobre 2021",
      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-285-02"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2021-285-05 du 12 octobre 2021",
      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-285-05"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2021-285-01 du 12 octobre 2021",
      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-285-01"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2021-285-06 du 12 octobre 2021",
      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-285-06"
    }
  ]
}

CERTFR-2020-AVI-429

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été corrigées dans Microsoft Windows. Elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données, un déni de service, une élévation de privilèges et une exécution de code à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Microsoft	Windows	Windows Server 2012
Microsoft	Windows	Windows 10 Version 1709 pour ARM64-based Systems
Microsoft	Windows	Windows 8.1 pour systèmes 32 bits
Microsoft	Windows	Windows Server 2012 R2
Microsoft	Windows	Windows Server 2012 (Server Core installation)
Microsoft	Windows	Windows 10 Version 1607 pour systèmes 32 bits
Microsoft	Windows	Windows Server, version 1903 (Server Core installation)
Microsoft	Windows	Windows 10 Version 1909 pour systèmes 32 bits
Microsoft	Windows	Windows Server 2016 (Server Core installation)
Microsoft	Windows	Windows 7 pour systèmes 32 bits Service Pack 1
Microsoft	Windows	Windows 10 Version 1709 pour systèmes 32 bits
Microsoft	Windows	Windows 10 Version 1903 pour systèmes x64
Microsoft	Windows	Windows 10 Version 1803 pour systèmes 32 bits
Microsoft	Windows	Windows 10 Version 1809 pour systèmes x64
Microsoft	Windows	Windows Defender
Microsoft	Windows	Windows 10 pour systèmes x64
Microsoft	Windows	Windows RT 8.1
Microsoft	Windows	Windows 10 Version 1903 pour ARM64-based Systems
Microsoft	Windows	Windows 10 Version 2004 pour systèmes 32 bits
Microsoft	Windows	Windows Server 2019 (Server Core installation)
Microsoft	Windows	Windows Server 2012 R2 (Server Core installation)
Microsoft	Windows	Windows Server 2008 R2 pour systèmes x64 Service Pack 1 (Server Core installation)
Microsoft	Windows	Windows Server 2016
Microsoft	Windows	Windows Server 2008 pour systèmes 32 bits Service Pack 2 (Server Core installation)
Microsoft	Windows	Windows 10 Version 1803 pour ARM64-based Systems
Microsoft	Windows	Windows 10 Version 1909 pour systèmes x64
Microsoft	Windows	Windows 10 Version 2004 pour ARM64-based Systems
Microsoft	Windows	Windows 7 pour systèmes x64 Service Pack 1
Microsoft	Windows	Windows Server 2019
Microsoft	Windows	OneDrive pour Windows
Microsoft	Windows	Windows 10 Version 1709 pour systèmes x64
Microsoft	Windows	Windows 10 Version 1803 pour systèmes x64
Microsoft	Windows	Windows 10 Version 1903 pour systèmes 32 bits
Microsoft	Windows	Windows 10 Version 1909 pour ARM64-based Systems
Microsoft	Windows	Windows Server, version 2004 (Server Core installation)
Microsoft	Windows	Windows 10 Version 1809 pour ARM64-based Systems
Microsoft	Windows	Windows Server 2008 pour systèmes x64 Service Pack 2 (Server Core installation)
Microsoft	Windows	Windows 8.1 pour systèmes x64
Microsoft	Windows	Windows Server 2008 R2 pour systèmes x64 Service Pack 1
Microsoft	Windows	Windows 10 Version 1607 pour systèmes x64
Microsoft	Windows	Windows Server 2008 pour systèmes x64 Service Pack 2
Microsoft	Windows	Windows 10 Version 2004 pour systèmes x64
Microsoft	Windows	Windows Server, version 1909 (Server Core installation)
Microsoft	Windows	Windows Server 2008 pour systèmes 32 bits Service Pack 2
Microsoft	Windows	Windows 10 Version 1809 pour systèmes 32 bits
Microsoft	Windows	Windows 10 pour systèmes 32 bits

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft du 14 juillet 2020

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Windows Server 2012",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 Version 1709 pour ARM64-based Systems",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 8.1 pour syst\u00e8mes 32 bits",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2012 R2",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2012 (Server Core installation)",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 Version 1607 pour syst\u00e8mes 32 bits",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server, version 1903 (Server Core installation)",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 Version 1909 pour syst\u00e8mes 32 bits",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2016 (Server Core installation)",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 7 pour syst\u00e8mes 32 bits Service Pack 1",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 Version 1709 pour syst\u00e8mes 32 bits",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 Version 1903 pour syst\u00e8mes x64",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 Version 1803 pour syst\u00e8mes 32 bits",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 Version 1809 pour syst\u00e8mes x64",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Defender",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 pour syst\u00e8mes x64",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows RT 8.1",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 Version 1903 pour ARM64-based Systems",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 Version 2004 pour syst\u00e8mes 32 bits",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2019 (Server Core installation)",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2012 R2 (Server Core installation)",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2008 R2 pour syst\u00e8mes x64 Service Pack 1 (Server Core installation)",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2016",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2008 pour syst\u00e8mes 32 bits Service Pack 2 (Server Core installation)",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 Version 1803 pour ARM64-based Systems",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 Version 1909 pour syst\u00e8mes x64",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 Version 2004 pour ARM64-based Systems",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 7 pour syst\u00e8mes x64 Service Pack 1",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2019",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "OneDrive pour Windows",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 Version 1709 pour syst\u00e8mes x64",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 Version 1803 pour syst\u00e8mes x64",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 Version 1903 pour syst\u00e8mes 32 bits",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 Version 1909 pour ARM64-based Systems",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server, version 2004 (Server Core installation)",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 Version 1809 pour ARM64-based Systems",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2008 pour syst\u00e8mes x64 Service Pack 2 (Server Core installation)",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 8.1 pour syst\u00e8mes x64",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2008 R2 pour syst\u00e8mes x64 Service Pack 1",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 Version 1607 pour syst\u00e8mes x64",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2008 pour syst\u00e8mes x64 Service Pack 2",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 Version 2004 pour syst\u00e8mes x64",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server, version 1909 (Server Core installation)",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2008 pour syst\u00e8mes 32 bits Service Pack 2",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 Version 1809 pour syst\u00e8mes 32 bits",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 pour syst\u00e8mes 32 bits",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2020-1391",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1391"
    },
    {
      "name": "CVE-2020-1384",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1384"
    },
    {
      "name": "CVE-2020-1431",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1431"
    },
    {
      "name": "CVE-2020-1043",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1043"
    },
    {
      "name": "CVE-2020-1463",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1463"
    },
    {
      "name": "CVE-2020-1423",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1423"
    },
    {
      "name": "CVE-2020-1428",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1428"
    },
    {
      "name": "CVE-2020-1424",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1424"
    },
    {
      "name": "CVE-2020-1351",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1351"
    },
    {
      "name": "CVE-2020-1374",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1374"
    },
    {
      "name": "CVE-2020-1032",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1032"
    },
    {
      "name": "CVE-2020-1357",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1357"
    },
    {
      "name": "CVE-2020-1438",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1438"
    },
    {
      "name": "CVE-2020-1389",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1389"
    },
    {
      "name": "CVE-2020-1354",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1354"
    },
    {
      "name": "CVE-2020-1401",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1401"
    },
    {
      "name": "CVE-2020-1381",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1381"
    },
    {
      "name": "CVE-2020-1382",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1382"
    },
    {
      "name": "CVE-2020-1406",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1406"
    },
    {
      "name": "CVE-2020-1397",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1397"
    },
    {
      "name": "CVE-2020-1368",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1368"
    },
    {
      "name": "CVE-2020-1085",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1085"
    },
    {
      "name": "CVE-2020-1249",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1249"
    },
    {
      "name": "CVE-2020-1435",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1435"
    },
    {
      "name": "CVE-2020-1386",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1386"
    },
    {
      "name": "CVE-2020-1419",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1419"
    },
    {
      "name": "CVE-2020-1330",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1330"
    },
    {
      "name": "CVE-2020-1361",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1361"
    },
    {
      "name": "CVE-2020-1415",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1415"
    },
    {
      "name": "CVE-2020-1426",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1426"
    },
    {
      "name": "CVE-2020-1457",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1457"
    },
    {
      "name": "CVE-2020-1399",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1399"
    },
    {
      "name": "CVE-2020-1407",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1407"
    },
    {
      "name": "CVE-2020-1370",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1370"
    },
    {
      "name": "CVE-2020-1365",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1365"
    },
    {
      "name": "CVE-2020-1393",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1393"
    },
    {
      "name": "CVE-2020-1036",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1036"
    },
    {
      "name": "CVE-2020-1371",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1371"
    },
    {
      "name": "CVE-2020-1422",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1422"
    },
    {
      "name": "CVE-2020-1364",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1364"
    },
    {
      "name": "CVE-2020-1430",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1430"
    },
    {
      "name": "CVE-2020-1405",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1405"
    },
    {
      "name": "CVE-2020-1360",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1360"
    },
    {
      "name": "CVE-2020-1409",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1409"
    },
    {
      "name": "CVE-2020-1347",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1347"
    },
    {
      "name": "CVE-2020-1363",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1363"
    },
    {
      "name": "CVE-2020-1369",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1369"
    },
    {
      "name": "CVE-2020-1355",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1355"
    },
    {
      "name": "CVE-2020-1400",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1400"
    },
    {
      "name": "CVE-2020-1395",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1395"
    },
    {
      "name": "CVE-2020-1385",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1385"
    },
    {
      "name": "CVE-2020-1402",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1402"
    },
    {
      "name": "CVE-2020-1408",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1408"
    },
    {
      "name": "CVE-2020-1412",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1412"
    },
    {
      "name": "CVE-2020-1387",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1387"
    },
    {
      "name": "CVE-2020-1356",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1356"
    },
    {
      "name": "CVE-2020-1333",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1333"
    },
    {
      "name": "CVE-2020-1468",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1468"
    },
    {
      "name": "CVE-2020-1404",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1404"
    },
    {
      "name": "CVE-2020-1411",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1411"
    },
    {
      "name": "CVE-2020-1372",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1372"
    },
    {
      "name": "CVE-2020-1041",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1041"
    },
    {
      "name": "CVE-2020-1336",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1336"
    },
    {
      "name": "CVE-2020-1437",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1437"
    },
    {
      "name": "CVE-2020-1414",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1414"
    },
    {
      "name": "CVE-2020-1418",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1418"
    },
    {
      "name": "CVE-2020-1461",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1461"
    },
    {
      "name": "CVE-2020-1436",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1436"
    },
    {
      "name": "CVE-2020-1396",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1396"
    },
    {
      "name": "CVE-2020-1373",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1373"
    },
    {
      "name": "CVE-2020-1429",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1429"
    },
    {
      "name": "CVE-2020-1040",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1040"
    },
    {
      "name": "CVE-2020-1465",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1465"
    },
    {
      "name": "CVE-2020-1441",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1441"
    },
    {
      "name": "CVE-2020-1350",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1350"
    },
    {
      "name": "CVE-2020-1367",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1367"
    },
    {
      "name": "CVE-2020-1410",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1410"
    },
    {
      "name": "CVE-2020-1421",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1421"
    },
    {
      "name": "CVE-2020-1344",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1344"
    },
    {
      "name": "CVE-2020-1427",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1427"
    },
    {
      "name": "CVE-2020-1420",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1420"
    },
    {
      "name": "CVE-2020-1388",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1388"
    },
    {
      "name": "CVE-2020-1434",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1434"
    },
    {
      "name": "CVE-2020-1359",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1359"
    },
    {
      "name": "CVE-2020-1352",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1352"
    },
    {
      "name": "CVE-2020-1346",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1346"
    },
    {
      "name": "CVE-2020-1375",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1375"
    },
    {
      "name": "CVE-2020-1425",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1425"
    },
    {
      "name": "CVE-2020-1394",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1394"
    },
    {
      "name": "CVE-2020-1392",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1392"
    },
    {
      "name": "CVE-2020-1353",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1353"
    },
    {
      "name": "CVE-2020-1362",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1362"
    },
    {
      "name": "CVE-2020-1358",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1358"
    },
    {
      "name": "CVE-2020-1366",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1366"
    },
    {
      "name": "CVE-2020-1413",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1413"
    },
    {
      "name": "CVE-2020-1390",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1390"
    },
    {
      "name": "CVE-2020-1042",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1042"
    },
    {
      "name": "CVE-2020-1267",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1267"
    },
    {
      "name": "CVE-2020-1398",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1398"
    }
  ],
  "links": [],
  "reference": "CERTFR-2020-AVI-429",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2020-07-15T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eMicrosoft Windows\u003c/span\u003e. Elles permettent \u00e0 un attaquant\nde provoquer une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es, un d\u00e9ni de\nservice, une \u00e9l\u00e9vation de privil\u00e8ges et une ex\u00e9cution de code \u00e0\ndistance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft Windows",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft du 14 juillet 2020",
      "url": "https://portal.msrc.microsoft.com/fr-FR/security-guidance"
    }
  ]
}

CERTFR-2021-AVI-772

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
N/A	N/A	IGSS Data Collector (dc.exe) versions antérieures à V15.0.0.21244
N/A	N/A	fellerLYnk versions antérieures à V2.6.2
N/A	N/A	micrologiciel TM5CSLC100FS version antérieures v2.57
N/A	N/A	Conext Advisor 2 Gateway
N/A	N/A	spaceLYnk versions antérieures à V2.6.2
N/A	N/A	micrologiciel TM5NS31 versions antérieures à 2.79
N/A	N/A	Conext Advisor 2 Cloud
N/A	N/A	Wiser for KNX versions antérieures à V2.6.2
N/A	N/A	Modicon M218 logic controller versions antérieures à 5.1.0.8
N/A	N/A	micrologiciel TM5NEIP1 versions antérieures à 3.12
N/A	N/A	ConneXium Network Manager
N/A	N/A	Conext Control V2 Gateway
N/A	N/A	micrologiciel TM5CSLC200FS version antérieures v2.57

References

Title

Publication Time

Tags

Bulletin de sécurité Schneider SEVD-2021-285-04 du 12 octobre 2021	None	vendor-advisory
Bulletin de sécurité Schneider SEVD-2021-285-03 du 12 octobre 2021	None	vendor-advisory
Bulletin de sécurité Schneider SEVD-2021-285-02 du 12 octobre 2021	None	vendor-advisory
Bulletin de sécurité Schneider SEVD-2021-285-05 du 12 octobre 2021	None	vendor-advisory
Bulletin de sécurité Schneider SEVD-2021-285-01 du 12 octobre 2021	None	vendor-advisory
Bulletin de sécurité Schneider SEVD-2021-285-06 du 12 octobre 2021	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "IGSS Data Collector (dc.exe) versions ant\u00e9rieures \u00e0 V15.0.0.21244",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "fellerLYnk versions ant\u00e9rieures \u00e0 V2.6.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "micrologiciel TM5CSLC100FS version ant\u00e9rieures v2.57",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Conext Advisor 2 Gateway",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "spaceLYnk versions ant\u00e9rieures \u00e0 V2.6.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "micrologiciel TM5NS31 versions ant\u00e9rieures \u00e0 2.79",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Conext Advisor 2 Cloud",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Wiser for KNX versions ant\u00e9rieures \u00e0 V2.6.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Modicon M218 logic controller versions ant\u00e9rieures \u00e0 5.1.0.8",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "micrologiciel TM5NEIP1 versions ant\u00e9rieures \u00e0 3.12",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "ConneXium Network Manager",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Conext Control V2 Gateway",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "micrologiciel TM5CSLC200FS version ant\u00e9rieures v2.57",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2020-17438",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-17438"
    },
    {
      "name": "CVE-2019-0685",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0685"
    },
    {
      "name": "CVE-2020-1472",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1472"
    },
    {
      "name": "CVE-2020-0601",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0601"
    },
    {
      "name": "CVE-2019-11135",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11135"
    },
    {
      "name": "CVE-2019-0803",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0803"
    },
    {
      "name": "CVE-2021-22801",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22801"
    },
    {
      "name": "CVE-2020-0609",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0609"
    },
    {
      "name": "CVE-2021-22802",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22802"
    },
    {
      "name": "CVE-2019-0859",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0859"
    },
    {
      "name": "CVE-2020-13987",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-13987"
    },
    {
      "name": "CVE-2020-1020",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1020"
    },
    {
      "name": "CVE-2020-0610",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0610"
    },
    {
      "name": "CVE-2020-0938",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0938"
    },
    {
      "name": "CVE-2020-1350",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1350"
    },
    {
      "name": "CVE-2021-22800",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22800"
    },
    {
      "name": "CVE-2021-22804",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22804"
    },
    {
      "name": "CVE-2020-0796",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0796"
    },
    {
      "name": "CVE-2021-22803",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22803"
    },
    {
      "name": "CVE-2021-22806",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22806"
    },
    {
      "name": "CVE-2019-1040",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-1040"
    },
    {
      "name": "CVE-2021-22805",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22805"
    }
  ],
  "links": [],
  "reference": "CERTFR-2021-AVI-772",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2021-10-12T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSchneider. Certaines d\u0027entre elles permettent \u00e0 un attaquant de\nprovoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de\nservice \u00e0 distance et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Schneider",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2021-285-04 du 12 octobre 2021",
      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-285-04"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2021-285-03 du 12 octobre 2021",
      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-285-03"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2021-285-02 du 12 octobre 2021",
      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-285-02"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2021-285-05 du 12 octobre 2021",
      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-285-05"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2021-285-01 du 12 octobre 2021",
      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-285-01"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2021-285-06 du 12 octobre 2021",
      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-285-06"
    }
  ]
}

CERTFR-2020-AVI-429

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Microsoft	Windows	Windows Server 2012
Microsoft	Windows	Windows 10 Version 1709 pour ARM64-based Systems
Microsoft	Windows	Windows 8.1 pour systèmes 32 bits
Microsoft	Windows	Windows Server 2012 R2
Microsoft	Windows	Windows Server 2012 (Server Core installation)
Microsoft	Windows	Windows 10 Version 1607 pour systèmes 32 bits
Microsoft	Windows	Windows Server, version 1903 (Server Core installation)
Microsoft	Windows	Windows 10 Version 1909 pour systèmes 32 bits
Microsoft	Windows	Windows Server 2016 (Server Core installation)
Microsoft	Windows	Windows 7 pour systèmes 32 bits Service Pack 1
Microsoft	Windows	Windows 10 Version 1709 pour systèmes 32 bits
Microsoft	Windows	Windows 10 Version 1903 pour systèmes x64
Microsoft	Windows	Windows 10 Version 1803 pour systèmes 32 bits
Microsoft	Windows	Windows 10 Version 1809 pour systèmes x64
Microsoft	Windows	Windows Defender
Microsoft	Windows	Windows 10 pour systèmes x64
Microsoft	Windows	Windows RT 8.1
Microsoft	Windows	Windows 10 Version 1903 pour ARM64-based Systems
Microsoft	Windows	Windows 10 Version 2004 pour systèmes 32 bits
Microsoft	Windows	Windows Server 2019 (Server Core installation)
Microsoft	Windows	Windows Server 2012 R2 (Server Core installation)
Microsoft	Windows	Windows Server 2008 R2 pour systèmes x64 Service Pack 1 (Server Core installation)
Microsoft	Windows	Windows Server 2016
Microsoft	Windows	Windows Server 2008 pour systèmes 32 bits Service Pack 2 (Server Core installation)
Microsoft	Windows	Windows 10 Version 1803 pour ARM64-based Systems
Microsoft	Windows	Windows 10 Version 1909 pour systèmes x64
Microsoft	Windows	Windows 10 Version 2004 pour ARM64-based Systems
Microsoft	Windows	Windows 7 pour systèmes x64 Service Pack 1
Microsoft	Windows	Windows Server 2019
Microsoft	Windows	OneDrive pour Windows
Microsoft	Windows	Windows 10 Version 1709 pour systèmes x64
Microsoft	Windows	Windows 10 Version 1803 pour systèmes x64
Microsoft	Windows	Windows 10 Version 1903 pour systèmes 32 bits
Microsoft	Windows	Windows 10 Version 1909 pour ARM64-based Systems
Microsoft	Windows	Windows Server, version 2004 (Server Core installation)
Microsoft	Windows	Windows 10 Version 1809 pour ARM64-based Systems
Microsoft	Windows	Windows Server 2008 pour systèmes x64 Service Pack 2 (Server Core installation)
Microsoft	Windows	Windows 8.1 pour systèmes x64
Microsoft	Windows	Windows Server 2008 R2 pour systèmes x64 Service Pack 1
Microsoft	Windows	Windows 10 Version 1607 pour systèmes x64
Microsoft	Windows	Windows Server 2008 pour systèmes x64 Service Pack 2
Microsoft	Windows	Windows 10 Version 2004 pour systèmes x64
Microsoft	Windows	Windows Server, version 1909 (Server Core installation)
Microsoft	Windows	Windows Server 2008 pour systèmes 32 bits Service Pack 2
Microsoft	Windows	Windows 10 Version 1809 pour systèmes 32 bits
Microsoft	Windows	Windows 10 pour systèmes 32 bits

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft du 14 juillet 2020

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Windows Server 2012",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 Version 1709 pour ARM64-based Systems",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 8.1 pour syst\u00e8mes 32 bits",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2012 R2",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2012 (Server Core installation)",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 Version 1607 pour syst\u00e8mes 32 bits",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server, version 1903 (Server Core installation)",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 Version 1909 pour syst\u00e8mes 32 bits",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2016 (Server Core installation)",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 7 pour syst\u00e8mes 32 bits Service Pack 1",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 Version 1709 pour syst\u00e8mes 32 bits",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 Version 1903 pour syst\u00e8mes x64",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 Version 1803 pour syst\u00e8mes 32 bits",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 Version 1809 pour syst\u00e8mes x64",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Defender",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 pour syst\u00e8mes x64",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows RT 8.1",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 Version 1903 pour ARM64-based Systems",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 Version 2004 pour syst\u00e8mes 32 bits",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2019 (Server Core installation)",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2012 R2 (Server Core installation)",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2008 R2 pour syst\u00e8mes x64 Service Pack 1 (Server Core installation)",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2016",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2008 pour syst\u00e8mes 32 bits Service Pack 2 (Server Core installation)",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 Version 1803 pour ARM64-based Systems",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 Version 1909 pour syst\u00e8mes x64",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 Version 2004 pour ARM64-based Systems",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 7 pour syst\u00e8mes x64 Service Pack 1",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2019",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "OneDrive pour Windows",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 Version 1709 pour syst\u00e8mes x64",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 Version 1803 pour syst\u00e8mes x64",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 Version 1903 pour syst\u00e8mes 32 bits",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 Version 1909 pour ARM64-based Systems",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server, version 2004 (Server Core installation)",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 Version 1809 pour ARM64-based Systems",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2008 pour syst\u00e8mes x64 Service Pack 2 (Server Core installation)",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 8.1 pour syst\u00e8mes x64",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2008 R2 pour syst\u00e8mes x64 Service Pack 1",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 Version 1607 pour syst\u00e8mes x64",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2008 pour syst\u00e8mes x64 Service Pack 2",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 Version 2004 pour syst\u00e8mes x64",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server, version 1909 (Server Core installation)",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2008 pour syst\u00e8mes 32 bits Service Pack 2",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 Version 1809 pour syst\u00e8mes 32 bits",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 pour syst\u00e8mes 32 bits",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2020-1391",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1391"
    },
    {
      "name": "CVE-2020-1384",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1384"
    },
    {
      "name": "CVE-2020-1431",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1431"
    },
    {
      "name": "CVE-2020-1043",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1043"
    },
    {
      "name": "CVE-2020-1463",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1463"
    },
    {
      "name": "CVE-2020-1423",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1423"
    },
    {
      "name": "CVE-2020-1428",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1428"
    },
    {
      "name": "CVE-2020-1424",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1424"
    },
    {
      "name": "CVE-2020-1351",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1351"
    },
    {
      "name": "CVE-2020-1374",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1374"
    },
    {
      "name": "CVE-2020-1032",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1032"
    },
    {
      "name": "CVE-2020-1357",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1357"
    },
    {
      "name": "CVE-2020-1438",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1438"
    },
    {
      "name": "CVE-2020-1389",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1389"
    },
    {
      "name": "CVE-2020-1354",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1354"
    },
    {
      "name": "CVE-2020-1401",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1401"
    },
    {
      "name": "CVE-2020-1381",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1381"
    },
    {
      "name": "CVE-2020-1382",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1382"
    },
    {
      "name": "CVE-2020-1406",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1406"
    },
    {
      "name": "CVE-2020-1397",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1397"
    },
    {
      "name": "CVE-2020-1368",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1368"
    },
    {
      "name": "CVE-2020-1085",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1085"
    },
    {
      "name": "CVE-2020-1249",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1249"
    },
    {
      "name": "CVE-2020-1435",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1435"
    },
    {
      "name": "CVE-2020-1386",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1386"
    },
    {
      "name": "CVE-2020-1419",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1419"
    },
    {
      "name": "CVE-2020-1330",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1330"
    },
    {
      "name": "CVE-2020-1361",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1361"
    },
    {
      "name": "CVE-2020-1415",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1415"
    },
    {
      "name": "CVE-2020-1426",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1426"
    },
    {
      "name": "CVE-2020-1457",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1457"
    },
    {
      "name": "CVE-2020-1399",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1399"
    },
    {
      "name": "CVE-2020-1407",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1407"
    },
    {
      "name": "CVE-2020-1370",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1370"
    },
    {
      "name": "CVE-2020-1365",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1365"
    },
    {
      "name": "CVE-2020-1393",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1393"
    },
    {
      "name": "CVE-2020-1036",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1036"
    },
    {
      "name": "CVE-2020-1371",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1371"
    },
    {
      "name": "CVE-2020-1422",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1422"
    },
    {
      "name": "CVE-2020-1364",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1364"
    },
    {
      "name": "CVE-2020-1430",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1430"
    },
    {
      "name": "CVE-2020-1405",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1405"
    },
    {
      "name": "CVE-2020-1360",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1360"
    },
    {
      "name": "CVE-2020-1409",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1409"
    },
    {
      "name": "CVE-2020-1347",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1347"
    },
    {
      "name": "CVE-2020-1363",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1363"
    },
    {
      "name": "CVE-2020-1369",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1369"
    },
    {
      "name": "CVE-2020-1355",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1355"
    },
    {
      "name": "CVE-2020-1400",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1400"
    },
    {
      "name": "CVE-2020-1395",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1395"
    },
    {
      "name": "CVE-2020-1385",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1385"
    },
    {
      "name": "CVE-2020-1402",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1402"
    },
    {
      "name": "CVE-2020-1408",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1408"
    },
    {
      "name": "CVE-2020-1412",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1412"
    },
    {
      "name": "CVE-2020-1387",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1387"
    },
    {
      "name": "CVE-2020-1356",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1356"
    },
    {
      "name": "CVE-2020-1333",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1333"
    },
    {
      "name": "CVE-2020-1468",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1468"
    },
    {
      "name": "CVE-2020-1404",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1404"
    },
    {
      "name": "CVE-2020-1411",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1411"
    },
    {
      "name": "CVE-2020-1372",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1372"
    },
    {
      "name": "CVE-2020-1041",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1041"
    },
    {
      "name": "CVE-2020-1336",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1336"
    },
    {
      "name": "CVE-2020-1437",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1437"
    },
    {
      "name": "CVE-2020-1414",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1414"
    },
    {
      "name": "CVE-2020-1418",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1418"
    },
    {
      "name": "CVE-2020-1461",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1461"
    },
    {
      "name": "CVE-2020-1436",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1436"
    },
    {
      "name": "CVE-2020-1396",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1396"
    },
    {
      "name": "CVE-2020-1373",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1373"
    },
    {
      "name": "CVE-2020-1429",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1429"
    },
    {
      "name": "CVE-2020-1040",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1040"
    },
    {
      "name": "CVE-2020-1465",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1465"
    },
    {
      "name": "CVE-2020-1441",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1441"
    },
    {
      "name": "CVE-2020-1350",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1350"
    },
    {
      "name": "CVE-2020-1367",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1367"
    },
    {
      "name": "CVE-2020-1410",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1410"
    },
    {
      "name": "CVE-2020-1421",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1421"
    },
    {
      "name": "CVE-2020-1344",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1344"
    },
    {
      "name": "CVE-2020-1427",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1427"
    },
    {
      "name": "CVE-2020-1420",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1420"
    },
    {
      "name": "CVE-2020-1388",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1388"
    },
    {
      "name": "CVE-2020-1434",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1434"
    },
    {
      "name": "CVE-2020-1359",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1359"
    },
    {
      "name": "CVE-2020-1352",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1352"
    },
    {
      "name": "CVE-2020-1346",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1346"
    },
    {
      "name": "CVE-2020-1375",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1375"
    },
    {
      "name": "CVE-2020-1425",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1425"
    },
    {
      "name": "CVE-2020-1394",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1394"
    },
    {
      "name": "CVE-2020-1392",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1392"
    },
    {
      "name": "CVE-2020-1353",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1353"
    },
    {
      "name": "CVE-2020-1362",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1362"
    },
    {
      "name": "CVE-2020-1358",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1358"
    },
    {
      "name": "CVE-2020-1366",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1366"
    },
    {
      "name": "CVE-2020-1413",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1413"
    },
    {
      "name": "CVE-2020-1390",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1390"
    },
    {
      "name": "CVE-2020-1042",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1042"
    },
    {
      "name": "CVE-2020-1267",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1267"
    },
    {
      "name": "CVE-2020-1398",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1398"
    }
  ],
  "links": [],
  "reference": "CERTFR-2020-AVI-429",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2020-07-15T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eMicrosoft Windows\u003c/span\u003e. Elles permettent \u00e0 un attaquant\nde provoquer une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es, un d\u00e9ni de\nservice, une \u00e9l\u00e9vation de privil\u00e8ges et une ex\u00e9cution de code \u00e0\ndistance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft Windows",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft du 14 juillet 2020",
      "url": "https://portal.msrc.microsoft.com/fr-FR/security-guidance"
    }
  ]
}

GHSA-HCMX-443W-MR76

Vulnerability from github – Published: 2022-05-24 17:22 – Updated: 2025-10-22 00:31

Details

A remote code execution vulnerability exists in Windows Domain Name System servers when they fail to properly handle requests, aka 'Windows DNS Server Remote Code Execution Vulnerability'.

Severity ?

10.0 (Critical)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2020-1350"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-119",
      "CWE-20",
      "CWE-787"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-07-14T23:15:00Z",
    "severity": "HIGH"
  },
  "details": "A remote code execution vulnerability exists in Windows Domain Name System servers when they fail to properly handle requests, aka \u0027Windows DNS Server Remote Code Execution Vulnerability\u0027.",
  "id": "GHSA-hcmx-443w-mr76",
  "modified": "2025-10-22T00:31:56Z",
  "published": "2022-05-24T17:22:59Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1350"
    },
    {
      "type": "WEB",
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1350"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-1350"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/158484/SIGRed-Windows-DNS-Denial-Of-Service.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

CERTFR-2020-ALE-016

Vulnerability from certfr_alerte - Published: - Updated:

[mise à jour du 17 juillet 2020]

Une première preuve de concept permettant de provoquer un déni de service a été publiée le 16 juillet 2020.

Le CERT-FR rappelle qu'il est urgent d'appliquer le correctif publié par l'éditeur sans délai.

[version initiale]

Une vulnérabilité a été découverte dans le service Microsoft Domain Name System (DNS) Server. Cette vulnérabilité se situe dans le code qui analyse les réponses à des requêtes DNS. Elle peut être exploitée par un attaquant qui aurait le contrôle d'un serveur DNS ayant autorité sur un nom de domaine Internet. En construisant une réponse, dans un format particulier, à une requête légitime émise par un serveur Microsoft DNS Server, l'attaquant peut provoquer un dépassement de tampon (buffer overflow) au niveau du service Microsoft DNS Server.

L'exploitation de cette vulnérabilité peut résulter en une exécution de code arbitraire avec les privilèges SYSTEM.

Le service Microsoft DNS Server étant généralement activé sur les contrôleurs de domaines Active Directory, l'attaquant est alors capable de compromettre les contrôleurs de domaines Active Directory du système d'information.

Solution

Les correctifs ont été publiés par Microsoft le 14/07/2020 et doivent être appliqués au plus vite.

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

La mise à jour d'un produit ou d'un logiciel est une opération délicate qui doit être menée avec prudence. Il est notamment recommander d'effectuer des tests autant que possible. Des dispositions doivent également être prises pour garantir la continuité de service en cas de difficultés lors de l'application des mises à jour comme des correctifs ou des changements de version.

Contournement provisoire

Les correctifs ont été publiés par Microsoft le 14/07/2020 et doivent être appliqués au plus vite. Cependant, un contournement temporaire peut être appliqué.

L’attaque consiste à répondre à une requête avec une réponse dépassant la taille de 65535 octets. Au-delà de 4096 octets, les services DNS utilisent le protocole TCP pour échanger les messages.

Le contournement proposé par l'éditeur [1] consiste à limiter la taille des messages acceptés par le service. Cette modification consiste à ajouter une clé de registre et à redémarrer le service DNS :

reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DNS\Parameters" /v "TcpReceivePacketSize" /t REG_DWORD /d 0xFF00 /f
net stop DNS && net start DNS

Cette opération doit être réalisée sur l’ensemble des machines portant le service Microsoft DNS Server

None

Impacted products

Vendor	Product	Description
Microsoft	Windows	Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Microsoft	Windows	Windows Server 2008 R2 for x64-based Systems Service Pack 1
Microsoft	Windows	Windows Server 2012
Microsoft	Windows	Windows Server 2012 R2
Microsoft	Windows	Windows Server 2012 (Server Core installation)
Microsoft	Windows	Windows Server, version 1903 (Server Core installation)
Microsoft	Windows	Windows Server 2016 (Server Core installation)
Microsoft	Windows	Windows Server 2019 (Server Core installation)
Microsoft	Windows	Windows Server 2008 for x64-based Systems Service Pack 2
Microsoft	Windows	Windows Server 2012 R2 (Server Core installation)
Microsoft	Windows	Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Microsoft	Windows	Windows Server 2016
Microsoft	Windows	Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Microsoft	Windows	Windows Server 2019
Microsoft	Windows	Windows Server 2008 for 32-bit Systems Service Pack 2
Microsoft	Windows	Windows Server, version 2004 (Server Core installation)
Microsoft	Windows	Windows Server, version 1909 (Server Core installation)

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft CVE-2020-1350 du 14 juillet 2020	None	vendor-advisory
Avis CERT-FR CERTFR-2020-AVI-429 du 15 juillet 2020	None	vendor-advisory
[1] Bulletin du support technique Microsoft sur la vulnérabilité CVE-2020-1350	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2008 R2 for x64-based Systems Service Pack 1",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2012",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2012 R2",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2012 (Server Core installation)",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server, version 1903 (Server Core installation)",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2016 (Server Core installation)",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2019 (Server Core installation)",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2008 for x64-based Systems Service Pack 2",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2012 R2 (Server Core installation)",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2016",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2019",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2008 for 32-bit Systems Service Pack 2",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server, version 2004 (Server Core installation)",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server, version 1909 (Server Core installation)",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "closed_at": "2020-10-12",
  "content": "## Solution\n\n**\u003cspan class=\"mx_MTextBody mx_EventTile_content\"\u003e\u003cspan\nclass=\"mx_EventTile_body\" dir=\"auto\"\u003eLes correctifs ont \u00e9t\u00e9 publi\u00e9s par\nMicrosoft le 14/07/2020 et doivent \u00eatre appliqu\u00e9s au plus\nvite.\u003c/span\u003e\u003c/span\u003e**\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n\n------------------------------------------------------------------------\n\nLa mise \u00e0\u00a0jour d\u0027un produit ou d\u0027un logiciel est une op\u00e9ration d\u00e9licate\nqui doit \u00eatre men\u00e9e avec prudence. Il est notamment recommander\nd\u0027effectuer des tests autant que possible. Des dispositions doivent\n\u00e9galement \u00eatre prises pour garantir la continuit\u00e9 de service en cas de\ndifficult\u00e9s lors de l\u0027application des mises \u00e0 jour comme des correctifs\nou des changements de version.\n\n## Contournement provisoire\n\n\u003cspan class=\"mx_MTextBody mx_EventTile_content\"\u003e\u003cspan\nclass=\"mx_EventTile_body\" dir=\"auto\"\u003eLes correctifs ont \u00e9t\u00e9 publi\u00e9s par\nMicrosoft le 14/07/2020 et doivent \u00eatre appliqu\u00e9s au plus vite.\nCependant, un contournement temporaire peut \u00eatre appliqu\u00e9.  \n\u003c/span\u003e\u003c/span\u003e\n\n\u003cspan class=\"mx_MTextBody mx_EventTile_content\"\u003e\u003cspan\nclass=\"mx_EventTile_body\" dir=\"auto\"\u003eL\u2019attaque consiste \u00e0 r\u00e9pondre \u00e0 une\nrequ\u00eate avec une r\u00e9ponse d\u00e9passant la taille de 65535 octets. Au-del\u00e0 de\n4096 octets, les services DNS utilisent le protocole TCP pour \u00e9changer\nles messages. \u003c/span\u003e\u003c/span\u003e\n\n\u003cspan class=\"mx_MTextBody mx_EventTile_content\"\u003e\u003cspan\nclass=\"mx_EventTile_body\" dir=\"auto\"\u003eLe contournement propos\u00e9 par\nl\u0027\u00e9diteur \\[1\\] consiste \u00e0 limiter la taille des messages accept\u00e9s par\nle service. Cette modification consiste \u00e0 ajouter une cl\u00e9 de registre et\n\u00e0 red\u00e9marrer le service DNS :\u003c/span\u003e\u003c/span\u003e\n\n``` EnlighterJSRAW\nreg add \"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\DNS\\Parameters\" /v \"TcpReceivePacketSize\" /t REG_DWORD /d 0xFF00 /f\nnet stop DNS \u0026\u0026 net start DNS\n```\n\n\u003cspan class=\"mx_MTextBody mx_EventTile_content\"\u003e\u003cspan\nclass=\"mx_EventTile_body\" dir=\"auto\"\u003eCette op\u00e9ration doit \u00eatre r\u00e9alis\u00e9e\nsur l\u2019ensemble des machines portant le service Microsoft DNS\nServ\u003c/span\u003e\u003c/span\u003eer\n",
  "cves": [
    {
      "name": "CVE-2020-1350",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1350"
    }
  ],
  "links": [
    {
      "title": "[1] Bulletin du support technique Microsoft sur la vuln\u00e9rabilit\u00e9 CVE-2020-1350",
      "url": "https://support.microsoft.com/fr-fr/help/4569509/windows-dns-server-remote-code-execution-vulnerability"
    }
  ],
  "reference": "CERTFR-2020-ALE-016",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2020-07-15T00:00:00.000000"
    },
    {
      "description": "Rappel de l\u0027urgence d\u0027appliquer le correctif.",
      "revision_date": "2020-07-17T00:00:00.000000"
    },
    {
      "description": "Cl\u00f4ture de l\u0027alerte. La cl\u00f4ture d\u0027une alerte ne signifie pas la fin d\u0027une menace. Seule l\u0027application de la mise \u00e0 jour permet de vous pr\u00e9munir contre l\u0027exploitation de la vuln\u00e9rabilit\u00e9 correspondante.",
      "revision_date": "2020-10-12T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "\u003cstrong\u003e\\[mise \u00e0 jour du 17 juillet 2020\\]\u003c/strong\u003e\n\nUne premi\u00e8re preuve de concept permettant de provoquer un d\u00e9ni de\nservice a \u00e9t\u00e9 publi\u00e9e le 16 juillet 2020.\n\nLe CERT-FR rappelle qu\u0027il est urgent d\u0027appliquer le correctif publi\u00e9 par\nl\u0027\u00e9diteur sans d\u00e9lai.\n\n\u003cstrong\u003e\\[version initiale\\]\u003c/strong\u003e\n\nUne vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans le service Microsoft Domain Name\nSystem (*DNS*) Server. Cette vuln\u00e9rabilit\u00e9 se situe dans le code qui\nanalyse les r\u00e9ponses \u00e0 des requ\u00eates *DNS*. Elle peut \u00eatre exploit\u00e9e par\nun attaquant qui aurait le contr\u00f4le d\u0027un serveur *DNS* ayant autorit\u00e9\nsur un nom de domaine Internet. En construisant une r\u00e9ponse, dans un\nformat particulier, \u00e0 une requ\u00eate l\u00e9gitime \u00e9mise par un serveur\nMicrosoft *DNS* Server, l\u0027attaquant peut provoquer un d\u00e9passement de\ntampon (*buffer overflow*) au niveau du service Microsoft *DNS* Server.\n\nL\u0027exploitation de cette vuln\u00e9rabilit\u00e9 peut r\u00e9sulter en une ex\u00e9cution de\ncode arbitraire avec les privil\u00e8ges SYSTEM.\n\nLe service Microsoft *DNS* Server \u00e9tant g\u00e9n\u00e9ralement activ\u00e9 sur les\ncontr\u00f4leurs de domaines *Active Directory*, l\u0027attaquant est alors\ncapable de compromettre les contr\u00f4leurs de domaines *Active Directory*\ndu syst\u00e8me d\u0027information.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans Microsoft Domain Name System (DNS) Server",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2020-1350 du 14 juillet 2020",
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1350"
    },
    {
      "published_at": null,
      "title": "Avis CERT-FR CERTFR-2020-AVI-429 du 15 juillet 2020",
      "url": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2020-AVI-429"
    }
  ]
}

CERTFR-2020-ALE-016

Vulnerability from certfr_alerte - Published: - Updated:

[mise à jour du 17 juillet 2020]

Une première preuve de concept permettant de provoquer un déni de service a été publiée le 16 juillet 2020.

Le CERT-FR rappelle qu'il est urgent d'appliquer le correctif publié par l'éditeur sans délai.

[version initiale]

L'exploitation de cette vulnérabilité peut résulter en une exécution de code arbitraire avec les privilèges SYSTEM.

Solution

Les correctifs ont été publiés par Microsoft le 14/07/2020 et doivent être appliqués au plus vite.

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Contournement provisoire

Les correctifs ont été publiés par Microsoft le 14/07/2020 et doivent être appliqués au plus vite. Cependant, un contournement temporaire peut être appliqué.

reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DNS\Parameters" /v "TcpReceivePacketSize" /t REG_DWORD /d 0xFF00 /f
net stop DNS && net start DNS

Cette opération doit être réalisée sur l’ensemble des machines portant le service Microsoft DNS Server

None

Impacted products

Vendor	Product	Description
Microsoft	Windows	Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Microsoft	Windows	Windows Server 2008 R2 for x64-based Systems Service Pack 1
Microsoft	Windows	Windows Server 2012
Microsoft	Windows	Windows Server 2012 R2
Microsoft	Windows	Windows Server 2012 (Server Core installation)
Microsoft	Windows	Windows Server, version 1903 (Server Core installation)
Microsoft	Windows	Windows Server 2016 (Server Core installation)
Microsoft	Windows	Windows Server 2019 (Server Core installation)
Microsoft	Windows	Windows Server 2008 for x64-based Systems Service Pack 2
Microsoft	Windows	Windows Server 2012 R2 (Server Core installation)
Microsoft	Windows	Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Microsoft	Windows	Windows Server 2016
Microsoft	Windows	Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Microsoft	Windows	Windows Server 2019
Microsoft	Windows	Windows Server 2008 for 32-bit Systems Service Pack 2
Microsoft	Windows	Windows Server, version 2004 (Server Core installation)
Microsoft	Windows	Windows Server, version 1909 (Server Core installation)

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft CVE-2020-1350 du 14 juillet 2020	None	vendor-advisory
Avis CERT-FR CERTFR-2020-AVI-429 du 15 juillet 2020	None	vendor-advisory
[1] Bulletin du support technique Microsoft sur la vulnérabilité CVE-2020-1350	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2008 R2 for x64-based Systems Service Pack 1",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2012",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2012 R2",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2012 (Server Core installation)",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server, version 1903 (Server Core installation)",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2016 (Server Core installation)",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2019 (Server Core installation)",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2008 for x64-based Systems Service Pack 2",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2012 R2 (Server Core installation)",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2016",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2019",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2008 for 32-bit Systems Service Pack 2",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server, version 2004 (Server Core installation)",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server, version 1909 (Server Core installation)",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "closed_at": "2020-10-12",
  "content": "## Solution\n\n**\u003cspan class=\"mx_MTextBody mx_EventTile_content\"\u003e\u003cspan\nclass=\"mx_EventTile_body\" dir=\"auto\"\u003eLes correctifs ont \u00e9t\u00e9 publi\u00e9s par\nMicrosoft le 14/07/2020 et doivent \u00eatre appliqu\u00e9s au plus\nvite.\u003c/span\u003e\u003c/span\u003e**\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n\n------------------------------------------------------------------------\n\nLa mise \u00e0\u00a0jour d\u0027un produit ou d\u0027un logiciel est une op\u00e9ration d\u00e9licate\nqui doit \u00eatre men\u00e9e avec prudence. Il est notamment recommander\nd\u0027effectuer des tests autant que possible. Des dispositions doivent\n\u00e9galement \u00eatre prises pour garantir la continuit\u00e9 de service en cas de\ndifficult\u00e9s lors de l\u0027application des mises \u00e0 jour comme des correctifs\nou des changements de version.\n\n## Contournement provisoire\n\n\u003cspan class=\"mx_MTextBody mx_EventTile_content\"\u003e\u003cspan\nclass=\"mx_EventTile_body\" dir=\"auto\"\u003eLes correctifs ont \u00e9t\u00e9 publi\u00e9s par\nMicrosoft le 14/07/2020 et doivent \u00eatre appliqu\u00e9s au plus vite.\nCependant, un contournement temporaire peut \u00eatre appliqu\u00e9.  \n\u003c/span\u003e\u003c/span\u003e\n\n\u003cspan class=\"mx_MTextBody mx_EventTile_content\"\u003e\u003cspan\nclass=\"mx_EventTile_body\" dir=\"auto\"\u003eL\u2019attaque consiste \u00e0 r\u00e9pondre \u00e0 une\nrequ\u00eate avec une r\u00e9ponse d\u00e9passant la taille de 65535 octets. Au-del\u00e0 de\n4096 octets, les services DNS utilisent le protocole TCP pour \u00e9changer\nles messages. \u003c/span\u003e\u003c/span\u003e\n\n\u003cspan class=\"mx_MTextBody mx_EventTile_content\"\u003e\u003cspan\nclass=\"mx_EventTile_body\" dir=\"auto\"\u003eLe contournement propos\u00e9 par\nl\u0027\u00e9diteur \\[1\\] consiste \u00e0 limiter la taille des messages accept\u00e9s par\nle service. Cette modification consiste \u00e0 ajouter une cl\u00e9 de registre et\n\u00e0 red\u00e9marrer le service DNS :\u003c/span\u003e\u003c/span\u003e\n\n``` EnlighterJSRAW\nreg add \"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\DNS\\Parameters\" /v \"TcpReceivePacketSize\" /t REG_DWORD /d 0xFF00 /f\nnet stop DNS \u0026\u0026 net start DNS\n```\n\n\u003cspan class=\"mx_MTextBody mx_EventTile_content\"\u003e\u003cspan\nclass=\"mx_EventTile_body\" dir=\"auto\"\u003eCette op\u00e9ration doit \u00eatre r\u00e9alis\u00e9e\nsur l\u2019ensemble des machines portant le service Microsoft DNS\nServ\u003c/span\u003e\u003c/span\u003eer\n",
  "cves": [
    {
      "name": "CVE-2020-1350",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1350"
    }
  ],
  "links": [
    {
      "title": "[1] Bulletin du support technique Microsoft sur la vuln\u00e9rabilit\u00e9 CVE-2020-1350",
      "url": "https://support.microsoft.com/fr-fr/help/4569509/windows-dns-server-remote-code-execution-vulnerability"
    }
  ],
  "reference": "CERTFR-2020-ALE-016",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2020-07-15T00:00:00.000000"
    },
    {
      "description": "Rappel de l\u0027urgence d\u0027appliquer le correctif.",
      "revision_date": "2020-07-17T00:00:00.000000"
    },
    {
      "description": "Cl\u00f4ture de l\u0027alerte. La cl\u00f4ture d\u0027une alerte ne signifie pas la fin d\u0027une menace. Seule l\u0027application de la mise \u00e0 jour permet de vous pr\u00e9munir contre l\u0027exploitation de la vuln\u00e9rabilit\u00e9 correspondante.",
      "revision_date": "2020-10-12T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "\u003cstrong\u003e\\[mise \u00e0 jour du 17 juillet 2020\\]\u003c/strong\u003e\n\nUne premi\u00e8re preuve de concept permettant de provoquer un d\u00e9ni de\nservice a \u00e9t\u00e9 publi\u00e9e le 16 juillet 2020.\n\nLe CERT-FR rappelle qu\u0027il est urgent d\u0027appliquer le correctif publi\u00e9 par\nl\u0027\u00e9diteur sans d\u00e9lai.\n\n\u003cstrong\u003e\\[version initiale\\]\u003c/strong\u003e\n\nUne vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans le service Microsoft Domain Name\nSystem (*DNS*) Server. Cette vuln\u00e9rabilit\u00e9 se situe dans le code qui\nanalyse les r\u00e9ponses \u00e0 des requ\u00eates *DNS*. Elle peut \u00eatre exploit\u00e9e par\nun attaquant qui aurait le contr\u00f4le d\u0027un serveur *DNS* ayant autorit\u00e9\nsur un nom de domaine Internet. En construisant une r\u00e9ponse, dans un\nformat particulier, \u00e0 une requ\u00eate l\u00e9gitime \u00e9mise par un serveur\nMicrosoft *DNS* Server, l\u0027attaquant peut provoquer un d\u00e9passement de\ntampon (*buffer overflow*) au niveau du service Microsoft *DNS* Server.\n\nL\u0027exploitation de cette vuln\u00e9rabilit\u00e9 peut r\u00e9sulter en une ex\u00e9cution de\ncode arbitraire avec les privil\u00e8ges SYSTEM.\n\nLe service Microsoft *DNS* Server \u00e9tant g\u00e9n\u00e9ralement activ\u00e9 sur les\ncontr\u00f4leurs de domaines *Active Directory*, l\u0027attaquant est alors\ncapable de compromettre les contr\u00f4leurs de domaines *Active Directory*\ndu syst\u00e8me d\u0027information.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans Microsoft Domain Name System (DNS) Server",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2020-1350 du 14 juillet 2020",
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1350"
    },
    {
      "published_at": null,
      "title": "Avis CERT-FR CERTFR-2020-AVI-429 du 15 juillet 2020",
      "url": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2020-AVI-429"
    }
  ]
}

CNVD-2020-40487

Vulnerability from cnvd - Published: 2020-07-16

Title

Microsoft Windows Server DNS Server远程代码执行漏洞

Description

Microsoft Windows Server是美国微软（Microsoft）公司的一套服务器操作系统。Windows DNS Server是其中的一个DNS（域名系统）服务器。 Microsoft Windows Server DNS Server存在远程代码执行漏洞。攻击者可利用漏洞在本地系统帐户的上下文中运行任意代码。

Severity

高

Patch Name

Microsoft Windows Server DNS Server远程代码执行漏洞的补丁

Patch Description

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://portal.msrc.microsoft.com/zh-CN/security-guidance/advisory/CVE-2020-1350

Reference

https://portal.msrc.microsoft.com/zh-CN/security-guidance/advisory/CVE-2020-1350

Impacted products

Name
['Microsoft Windows Server 2008 R2 SP1', 'Microsoft Windows Windows Server 2012', 'Microsoft Windows Server 2012 R2', 'Microsoft Windows Server 2016', 'Microsoft Windows Server 2008 SP2', 'Microsoft Windows Server 2019', 'Microsoft Windows Server 2016 1903', 'Microsoft Windows Server 2016 1909', 'Microsoft Windows Server 2016 2004']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2020-1350"
    }
  },
  "description": "Microsoft Windows Server\u662f\u7f8e\u56fd\u5fae\u8f6f\uff08Microsoft\uff09\u516c\u53f8\u7684\u4e00\u5957\u670d\u52a1\u5668\u64cd\u4f5c\u7cfb\u7edf\u3002Windows DNS Server\u662f\u5176\u4e2d\u7684\u4e00\u4e2aDNS\uff08\u57df\u540d\u7cfb\u7edf\uff09\u670d\u52a1\u5668\u3002\n\nMicrosoft Windows Server DNS Server\u5b58\u5728\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u6f0f\u6d1e\u5728\u672c\u5730\u7cfb\u7edf\u5e10\u6237\u7684\u4e0a\u4e0b\u6587\u4e2d\u8fd0\u884c\u4efb\u610f\u4ee3\u7801\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://portal.msrc.microsoft.com/zh-CN/security-guidance/advisory/CVE-2020-1350",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2020-40487",
  "openTime": "2020-07-16",
  "patchDescription": "Microsoft Windows Server\u662f\u7f8e\u56fd\u5fae\u8f6f\uff08Microsoft\uff09\u516c\u53f8\u7684\u4e00\u5957\u670d\u52a1\u5668\u64cd\u4f5c\u7cfb\u7edf\u3002Windows DNS Server\u662f\u5176\u4e2d\u7684\u4e00\u4e2aDNS\uff08\u57df\u540d\u7cfb\u7edf\uff09\u670d\u52a1\u5668\u3002\r\n\r\nMicrosoft Windows Server DNS Server\u5b58\u5728\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u6f0f\u6d1e\u5728\u672c\u5730\u7cfb\u7edf\u5e10\u6237\u7684\u4e0a\u4e0b\u6587\u4e2d\u8fd0\u884c\u4efb\u610f\u4ee3\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Microsoft Windows Server DNS Server\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Microsoft Windows Server 2008 R2 SP1",
      "Microsoft Windows Windows Server 2012",
      "Microsoft Windows Server 2012 R2",
      "Microsoft Windows Server 2016",
      "Microsoft Windows Server 2008 SP2",
      "Microsoft Windows Server 2019",
      "Microsoft Windows Server 2016 1903",
      "Microsoft Windows Server 2016 1909",
      "Microsoft Windows Server 2016 2004"
    ]
  },
  "referenceLink": "https://portal.msrc.microsoft.com/zh-CN/security-guidance/advisory/CVE-2020-1350",
  "serverity": "\u9ad8",
  "submitTime": "2020-07-15",
  "title": "Microsoft Windows Server DNS Server\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e"
}

FKIE_CVE-2020-1350

Vulnerability from fkie_nvd - Published: 2020-07-14 23:15 - Updated: 2025-10-29 13:55

Severity ?

10.0 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
10.0 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Summary

A remote code execution vulnerability exists in Windows Domain Name System servers when they fail to properly handle requests, aka 'Windows DNS Server Remote Code Execution Vulnerability'.

References

URL	Tags
secure@microsoft.com	http://packetstormsecurity.com/files/158484/SIGRed-Windows-DNS-Denial-Of-Service.html	Third Party Advisory, VDB Entry
secure@microsoft.com	https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1350	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://packetstormsecurity.com/files/158484/SIGRed-Windows-DNS-Denial-Of-Service.html	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1350	Patch, Vendor Advisory
134c704f-9b21-4f2e-91b3-4a467353bcc0	https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-1350	US Government Resource

Impacted products

Vendor	Product	Version
microsoft	windows_server_2008	-
microsoft	windows_server_2008	r2
microsoft	windows_server_2012	-
microsoft	windows_server_2012	r2
microsoft	windows_server_2016	-
microsoft	windows_server_2019	-

JSON

To clipboard

{
  "cisaActionDue": "2020-07-24",
  "cisaExploitAdd": "2021-11-03",
  "cisaRequiredAction": "Apply updates per vendor instructions.",
  "cisaVulnerabilityName": "Microsoft Windows DNS Server Remote Code Execution Vulnerability",
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "5F422A8C-2C4E-42C8-B420-E0728037E15C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
              "matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB79EE26-FC32-417D-A49C-A1A63165A968",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A remote code execution vulnerability exists in Windows Domain Name System servers when they fail to properly handle requests, aka \u0027Windows DNS Server Remote Code Execution Vulnerability\u0027."
    },
    {
      "lang": "es",
      "value": "Se presenta una vulnerabilidad de ejecuci\u00f3n de c\u00f3digo remota en los servidores de Windows Domain Name System cuando presentan un fallo al manejar apropiadamente las peticiones, tambi\u00e9n se conoce como \"Windows DNS Server Remote Code Execution Vulnerability\""
    }
  ],
  "id": "CVE-2020-1350",
  "lastModified": "2025-10-29T13:55:36.067",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 10.0,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 6.0,
        "source": "nvd@nist.gov",
        "type": "Primary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 10.0,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 6.0,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2020-07-14T23:15:13.087",
  "references": [
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/158484/SIGRed-Windows-DNS-Denial-Of-Service.html"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1350"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/158484/SIGRed-Windows-DNS-Denial-Of-Service.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1350"
    },
    {
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "tags": [
        "US Government Resource"
      ],
      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-1350"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2020-1350 (GCVE-0-2020-1350)

CISA Known Exploited Vulnerability

Data from the CISA Known Exploited Vulnerabilities Catalog

Solution

Solution

Solution

Solution

Solution

Contournement provisoire

Solution

Contournement provisoire

Tags

Sightings

Nomenclature