2020 windows patch

[xinali]

2020 windows patch

2020年windows补丁追踪，每个月我会检查每一个被修复的漏洞，只保留能找到对应漏洞披露信息的漏洞和可以使用fuzz工具测试的漏洞，其他全部删除，每月更新

6月patch

Windows Error Reporting Elevation of Privilege Vulnerability 关注一下错误报告	CVE-2020-1234	Yuki Chen of Qihoo 360 Vulcan Team working with 360 BugCloud Abdelhamid Naceri (halov)
Windows Kernel Elevation of Privilege Vulnerability追踪一下作者，该作者貌似发现了很多类似的洞	CVE-2020-1237	Walied Assar
Windows Kernel Security Feature Bypass Vulnerability 跟上一个内核漏洞一样	CVE-2020-1241	Walied Assar
上面的两个洞都是作者自己构造函数进行利用的，但是其中很多函数，现实中没法搜到相关代码，很难有效挖掘
Windows Background Intelligent Transfer Service Elevation of Privilege Vulnerability bits 文件上传漏洞	CVE-2020-1255	Yuki Chen of Qihoo 360 Vulcan Team working with 360 BugCloud Jarvis_1oop of Pinduoduo Security Research Lab
Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability 同样是文件操作造成的提权	CVE-2020-1257	Yuki Chen of Qihoo 360 Vulcan Team working with 360 BugCloud
Windows Host Guardian Service Security Feature Bypass Vulnerability 谷歌人员发现的，搜搜漏洞详情	CVE-2020-1259	Eric Chiang of Google
Windows Error Reporting Information Disclosure Vulnerability同上	CVE-2020-1261	Yuki Chen of Qihoo 360 Vulcan Team working with 360 BugCloud
Windows Error Reporting Information Disclosure Vulnerability. 该类型的作者https://twitter.com/galdeleon/status/1225676354684772352?s=21	CVE-2020-1263	Gal De Leon of Palo Alto Networks
Windows Kernel Elevation of Privilege Vulnerability https://github.com/afang5472/CVE-2020-0753-and-CVE-2020-0754 作者的漏洞延伸，这个是错误报告漏洞	CVE-2020-1264	Zhiniang Peng (@edwardzpeng) of Qihoo 360 Core security and Fangming Gu (@afang5472)
Windows Denial of Service Vulnerability 作者的twitter给出了详细的说明	CVE-2020-1283	Ilias Dimopoulos of RedyOps Research Labs Gábor Selján (@GaborSeljan) Zhiniang Peng (@edwardzpeng) of Qihoo 360 Core security & Jiadong Lu
Windows Remote Code Execution Vulnerability cabinet文件解析	CVE-2020-1300	Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab

5月patch

Microsoft Edge PDF Remote Code Execution Vulnerability pdf解析	CVE-2020-1096	kdot working with Trend Micro's Zero Day Initiative yangkang(@dnpushme) of qihoo 360 core security
Windows CSRSS Information Disclosure Vulnerability 搜索一下，该模块漏洞	CVE-2020-1116	Walied Assar (@waleedassar)
Microsoft Color Management Remote Code Execution Vulnerability 搜搜	CVE-2020-1117	Dhanesh Kizhakkinan of FireEye Inc

4月patch

Adobe Font Manager Library Remote Code Execution Vulnerability 测试	CVE-2020-0938	Liubenjin and Zhiyi Zhang from Codesafe Team of Legendsec at Qi'anxin Group Google: Project Zero and Threat Analysis Group
Microsoft Windows Codecs Library Remote Code Execution Vulnerability 又有一个codecs这个洞，我测试没有测试出好的结果	CVE-2020-0965	Wayne Low of Fortinet’s FortiGuard Labs
Adobe Font Manager Library Remote Code Execution Vulnerability font漏洞，不知道能不能fuzz出来	CVE-2020-1020	Google: Project Zero and Threat Analysis Group