SB2020051915 - Multiple privilege escalation vulnerabilities in Microsoft Windows printer driver
Published: May 19, 2020 Updated: June 10, 2020
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 4 secuirty vulnerabilities.
1) Untrusted Pointer Dereference (CVE-ID: CVE-2020-0915)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to untrusted pointer dereference within the user-mode printer driver host process splwow64.exe within the Windows Graphics Device Interface (GDI). A local user can run a specially crafted program to trigger untrusted pointer dereference and execute arbitrary code on the system with elevated privileges in the context of the current user at medium integrity level.
Successful exploitation of the vulnerability requires that attacker has the ability to execute low-privileged code on the target system.
2) Untrusted Pointer Dereference (CVE-ID: CVE-2020-0986)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to untrusted pointer dereference within the user-mode printer driver host process splwow64.exe within the Windows kernel. A local user can run a specially crafted program to trigger untrusted pointer dereference and execute arbitrary code on the system with elevated privileges in the context of the current user at medium integrity level.
Successful exploitation of the vulnerability requires that attacker has the ability to execute low-privileged code on the target system.
3) Untrusted Pointer Dereference (CVE-ID: CVE-2020-0916)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to untrusted pointer dereference within the user-mode printer driver host process splwow64.exe. A local user can run a specially crafted program to trigger untrusted pointer dereference and execute arbitrary code on the system with elevated privileges in the context of the current user at medium integrity level.
Successful exploitation of the vulnerability requires that attacker has the ability to execute low-privileged code on the target system.
4) Out-of-bounds read (CVE-ID: CVE-2020-1348)
The vulnerability allows a local attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the Windows GDI component. A local attacker can trick a victim to open a specially crafted document or visit a malicious webpage, trigger out-of-bounds read error and read contents of memory on the system.
Remediation
Install update from vendor's website.
References
- https://www.zerodayinitiative.com/advisories/ZDI-20-664/
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0915
- https://www.zerodayinitiative.com/advisories/ZDI-20-663/
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0986
- https://www.zerodayinitiative.com/advisories/ZDI-20-665/
- https://msrc.microsoft.com/update-guide/en-us/vulnerability/CVE-2020-0916
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1348