This article presents the current status of vulnerabilities affecting Windows 7 and Windows Server 2008 R2 after their end of support on January 14, 2020, as well as the current status of our micropatches issued for these vulnerabilities. Note that in order for us to issue a micropatch for a vulnerability, we must consider it high-risk and have a test case ("POC", proof-of-concept) at hand to be able to reproduce and analyze the issue. Accordingly, only vulnerabilities currently eligible for micropatching are included in the table.
The table below will be continually updated with status changes (e.g., if a vulnerability becomes exploited, if our risk assessment changes, when we issue a micropatch) and new eligible vulnerabilities as we become aware of them either through Microsoft's documentation or other sources (e.g., a vulnerability getting published or privately reported to us).
For any questions please contact support@0patch.com.
| CVE ID | Title | Public | RCE | Exploited | Comment | 0patch status |
| CVE-2020-0674 | Scripting Engine Memory Corruption Vulnerability | yes | yes | yes | Found exploited in the wild in limited attacks; vendor initially provided a workaround; we created a micropatch to implement the same workaround without side effects; |
Micropatch issued on 2/19/2020 for Windows 7 / Server 2008 R2, and previous "temporary workaround" micropatch (402) revoked for these platforms Micropatch issued on 2/21/2020 for Windows 10 v1903/v1909 and previous "temporary workaround" micropatch (407) revoked for these platforms Note: this micropatch modifies the behavior of JScript function sort such that calling it with a callback function will behave as if it was called without one (i.e., sort will always perform a string-based sort). We assess this will affect a small number of applications, and not in a critical way. ("Temporary workaround" micropatches 403, 404, 405, 407 remain in place for other platforms.) |
| CVE-2020-0729 | LNK Remote Code Execution Vulnerability | yes | yes | no | User must be tricked into opening a folder under attacker's control (e.g., from a remote share or a USB key). Stuxnet exploited a similar vulnerability. | Micropatch issued on 4/3/2020 for Windows 7 and Server 2008 R2 |
| CVE-2020-0938, CVE-2020-1020 | Type 1 Font Parsing Remote Code Execution Vulnerability | no | yes | yes | Initially a 0day, fixed by Microsoft with April 2020 updates. | Micropatch issued on 3/27/2020 for Windows 7 and Server 2008 R2 - this micropatch prevents the processing of Type 1 PostScript fonts |
| CVE-2020-0683 | Windows Installer Elevation of Privilege Vulnerability | yes | no | no | POC published by researcher | Micropatch issued on 3/12/2020 for Windows 7 and Server 2008 R2 |
| CVE-2020-0881 | GDI+ Remote Code Execution Vulnerability | no | yes | no | POC obtained | Micropatch issued on 3/19/2020 for Windows 7 and Server 2008 R2 |
| CVE-2020-0687 | Microsoft Graphics Remote Code Execution Vulnerability | no | yes | no | POC provided by security researcher | Micropatch issued on 4/22/2020 for Windows 7 and Server 2008 R2 |
| CVE-2020-0668 | Windows Service Tracing Elevation of Privilege Vulnerability | yes | no | no | POC published by researcher | Micropatch issued on 3/20/2020 for Windows 7 and Server 2008 R2 |
| CVE-2020-1048 | Print Spooler Elevation of Privilege ("PrintDemon") | yes | no | no | POC published by researcher | Micropatch issued on 5/20/2020 for Windows 7 and Server 2008 R2 |
| CVE-2020-1015 | User-Mode Power Service Memory Corruption | yes | no | no | POC published by researcher | Micropatch issued on 5/27/2020 for Windows 7 and Server 2008 R2 |
| CVE-2020-0686 | Windows Installer Elevation of Privilege Vulnerability | yes | no | no | POC published by researcher | We determined that in order to exploit this issue, a vulnerable application which places critical files in attacker-writable folders must already be installed by administrator. We therefore do not consider this issue to significantly increase the (already present) risk caused by that application. |
| CVE-2020-0787 | Windows Background Intelligent Transfer Service Elevation of Privilege Vulnerability | yes | no | no | POC published by researcher | Analysis underway |
| CVE-2020-0673 | Scripting Engine Memory Corruption Vulnerability | no | yes | no | Likely related to CVE-2020-0674 | Trying to obtain a POC; meanwhile, our workaround micropatches for CVE-2020-0674 should prevent this vulnerability from being exploited |
| CVE-2020-0655 | Remote Desktop Services Remote Code Execution Vulnerability | no | yes | no | To exploit this vulnerability, an attacker must already have compromised a system running Remote Desktop Services, and then wait for a victim system to connect to Remote Desktop Services. | Trying to obtain a POC |
| CVE-2020-0662 | Windows Remote Code Execution Vulnerability | no | yes | no | To exploit the vulnerability, an attacker who has a domain user account could create a specially crafted request, causing Windows to execute arbitrary code with elevated permissions. | Trying to obtain a POC |
| CVE-2020-0681 | Remote Desktop Client Remote Code Execution Vulnerability | no | yes | no | User must connect to a malicious or compromised server with Remote Desktop Client, in the former case having to confirm a security warning about an invalid server certificate | Trying to obtain a POC |
| CVE-2020-0708 | Windows Imaging Library Remote Code Execution Vulnerability | no | yes | no | To exploit this vulnerability, an attacker would have to coerce a victim to open a specially crafted file. | Trying to obtain a POC |
| CVE-2020-0734 | Remote Desktop Client Remote Code Execution Vulnerability | no | yes | no | User must connect to a malicious or compromised server with Remote Desktop Client, in the former case having to confirm a security warning about an invalid server certificate | Trying to obtain a POC |
| CVE-2020-0738 | Media Foundation Memory Corruption Vulnerability | no | yes | no | Exploit confirmed against a sample app; exploitation against actual applications questionable | Analysis underway, developing a POC |
| CVE-2020-0883 | GDI+ Remote Code Execution Vulnerability | no | yes | no | To exploit this vulnerability, an attacker would have to convince a victim to open a specially crafted file. | Trying to obtain a POC |
| CVE-2020-0847 | VBScript Remote Code Execution Vulnerability | no | yes | no | To exploit this vulnerability, an attacker would have to convince a victim to visit a malicious web page with Internet Explorer or open a specially crafted file. | Trying to obtain a POC |
| CVE-2020-0768 | Scripting Engine Memory Corruption Vulnerability | no | yes | no | To exploit this vulnerability, an attacker would have to convince a victim to visit a malicious web page with Internet Explorer or open a specially crafted file. | Trying to obtain a POC |
| CVE-2020-0824 | Internet Explorer Memory Corruption Vulnerability | no | yes | no | To exploit this vulnerability, an attacker would have to convince a victim to visit a malicious web page with Internet Explorer | Trying to obtain a POC |
| CVE-2020-0684 | LNK Remote Code Execution Vulnerability | no | yes | no | User must be tricked into opening a folder under attacker's control (e.g., from a remote share or a USB key) | Trying to obtain a POC |
0 Comments