Severity Rating: High

Platform Affected
·         Windows 7 for 32-bit and x64-based SP 1
·         Windows 8.1 for 32-bit and x64-based systems
·         Windows RT 8.1
·         Windows 10 for 32-bit and x64-based Systems
·         Windows 10 Version 1607 for 32-bit and x64-based Systems
·         Windows 10 Version 1709 for 32-bit, x64-based and ARM64-based
Systems
·         Windows 10 Version 1803 for 32-bit, x64-based and ARM64-based
Systems
·         Windows 10 Version 1809 for 32-bit, x64-based and ARM64-based
Systems
·         Windows 10 Version 1903 for 32-bit, x64-based and ARM64-based
Systems
·         Windows 10 Version 1909 for 32-bit, x64-based and ARM64-based
Systems
·         Windows 10 Version 2004 for 32-bit, x64-based and ARM64-based
Systems
·         Windows Server 2008 for 32-bit SP 2 and 32-bit SP 2 (Server Core
installation)
·         Windows Server 2008 for Itanium-Based SP 2
·         Windows Server 2008 R2 for Itanium-Based SP 1
·         Windows Server 2008 R2 for x64-based SP 1 and x64-based SP 1
(Server Core installation)
·         Windows Server 2012 and 2012 (Server Core installation)
·         Windows Server 2012 R2 and 2012 R2 (Server Core installation)
·         Windows Server 2016 and 2016 (Server Core installation)
·         Windows Server 2019 and 2019 (Server Core installation)
·         Windows Server, version 1803, 1903, 1909 and 2004 (Server Core
Installation)

Overview
A Remote Code Execution vulnerability has been reported in Microsoft
Windows which could allow a remote attacker to trigger a remote code
execution on target system.

Description
This vulnerability exists in Microsoft Windows due to improper handling of
cabinet files. A remote attacker could exploit this vulnerability by
specially crafting a malicious cabinet file and convince the user to open
this cabinet file or spoof a network printer and trick a user into
installing a malicious cabinet file disguised as a printer driver.

Successful exploitation of this vulnerability could allow a remote attacker
to trigger a remote code execution on the target system.

Solution
Apply appropriate patches as mentioned in Microsoft Security Bulletin:

Vendor Information
Microsoft

References
Microsoft

CVE Name
CVE-2020-1300

About Cert Advisory

We have created this blog to provide latest security advisory from the india cert for the security vulnerability, threats, attacks and patching required to mitigate any kind of cyber attacks.

View all posts [..]

Related Posts

© Copyright 2020. Designed By Templateify

© Copyright 2020. Ud64

Scroll to Top