Today’s VERT Alert addresses Microsoft’s October 2020 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-909 on Wednesday, October 14th.In-The-Wild & Disclosed CVEsCVE-2020-16938This CVE describes an information disclosure in the Windows kernel that could allow a local attacker to disclose information. Specifically, the vulnerability would allow read access to kernel space memory from a user mode process.Microsoft has rated this as a 2 (Exploitation Less Likely) on the latest software release on the Exploitability Index.CVE-2020-16885A vulnerability exists in the Windows Storage VSP Driver that would allow a local attacker with the ability to execute code to elevate their privileges via a flaw in the driver’s handling of file operations.Microsoft has rated this as a 2 (Exploitation Less Likely) on the latest software release on the Exploitability Index.CVE-2020-16901This CVE describes an information disclosure in the Windows kernel that could allow a local attacker to disclose information. Specifically, the vulnerability would allow read access to kernel space memory from a user mode process.Microsoft has rated this as a 2 (Exploitation Less Likely) on the latest software release on the Exploitability Index.CVE-2020-16908A flaw in Windows Setup’ ..
Support the originator by clicking the read the rest link below.
