SB2020011434 - Multiple privilege escalation vulnerabilities in Windows Search Indexer
Published: January 14, 2020
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 12 secuirty vulnerabilities.
1) Buffer overflow (CVE-ID: CVE-2020-0614)
The vulnerability allows a local user to escalate privilege so the system.
The vulnerability exists due to a boundary error in the Windows Search Indexer when handling objects in memory. A local user can create a specially crafted application, trigger memory corruption and execute arbitrary code on the target system with elevated privileges.
2) Buffer overflow (CVE-ID: CVE-2020-0613)
The vulnerability allows a local user to escalate privilege so the system.
The vulnerability exists due to a boundary error in the Windows Search Indexer when handling objects in memory. A local user can create a specially crafted application, trigger memory corruption and execute arbitrary code on the target system with elevated privileges.
3) Buffer overflow (CVE-ID: CVE-2020-0623)
The vulnerability allows a local user to escalate privilege so the system.
The vulnerability exists due to a boundary error in the Windows Search Indexer when handling objects in memory. A local user can create a specially crafted application, trigger memory corruption and execute arbitrary code on the target system with elevated privileges.
4) Buffer overflow (CVE-ID: CVE-2020-0633)
The vulnerability allows a local user to escalate privilege so the system.
The vulnerability exists due to a boundary error in the Windows Search Indexer when handling objects in memory. A local user can create a specially crafted application, trigger memory corruption and execute arbitrary code on the target system with elevated privileges.
5) Buffer overflow (CVE-ID: CVE-2020-0632)
The vulnerability allows a local user to escalate privilege so the system.
The vulnerability exists due to a boundary error in the Windows Search Indexer when handling objects in memory. A local user can create a specially crafted application, trigger memory corruption and execute arbitrary code on the target system with elevated privileges.
6) Buffer overflow (CVE-ID: CVE-2020-0631)
The vulnerability allows a local user to escalate privilege so the system.
The vulnerability exists due to a boundary error in the Windows Search Indexer when handling objects in memory. A local user can create a specially crafted application, trigger memory corruption and execute arbitrary code on the target system with elevated privileges.
7) Buffer overflow (CVE-ID: CVE-2020-0630)
The vulnerability allows a local user to escalate privilege so the system.
The vulnerability exists due to a boundary error in the Windows Search Indexer when handling objects in memory. A local user can create a specially crafted application, trigger memory corruption and execute arbitrary code on the target system with elevated privileges.
8) Buffer overflow (CVE-ID: CVE-2020-0629)
The vulnerability allows a local user to escalate privilege so the system.
The vulnerability exists due to a boundary error in the Windows Search Indexer when handling objects in memory. A local user can create a specially crafted application, trigger memory corruption and execute arbitrary code on the target system with elevated privileges.
9) Buffer overflow (CVE-ID: CVE-2020-0628)
The vulnerability allows a local user to escalate privilege so the system.
The vulnerability exists due to a boundary error in the Windows Search Indexer when handling objects in memory. A local user can create a specially crafted application, trigger memory corruption and execute arbitrary code on the target system with elevated privileges.
10) Buffer overflow (CVE-ID: CVE-2020-0627)
The vulnerability allows a local user to escalate privilege so the system.
The vulnerability exists due to a boundary error in the Windows Search Indexer when handling objects in memory. A local user can create a specially crafted application, trigger memory corruption and execute arbitrary code on the target system with elevated privileges.
11) Buffer overflow (CVE-ID: CVE-2020-0626)
The vulnerability allows a local user to escalate privilege so the system.
The vulnerability exists due to a boundary error in the Windows Search Indexer when handling objects in memory. A local user can create a specially crafted application, trigger memory corruption and execute arbitrary code on the target system with elevated privileges.
12) Buffer overflow (CVE-ID: CVE-2020-0625)
The vulnerability allows a local user to escalate privilege so the system.
The vulnerability exists due to a boundary error in the Windows Search Indexer when handling objects in memory. A local user can create a specially crafted application, trigger memory corruption and execute arbitrary code on the target system with elevated privileges.
Remediation
Install update from vendor's website.
References
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0614
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0613
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0623
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0633
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0632
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0631
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0630
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0629
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0628
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0627
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0626
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0625