FortiClient VulnerabilityMicrosoft DirectWrite CVE-2020-1409 Remote Code Execution Vulnerability
Description
A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage. The security update addresses the vulnerability by correcting how DirectWrite handles objects in memory.
Affected Applications
Windows RT 8.1
Windows Server version 2004 (Server Core installation)
Windows Server version 1903 (Server Core installation)
Windows Server 2016
Microsoft Office 2019 for Mac
Windows Server 2012
Windows 8
Windows 7
Windows 10
Windows Server 2008
Microsoft Office 2016 for Mac
Windows Server version 1909 (Server Core installation)
Windows Server 2019
CVE References
CVE-2020-1409Other References
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-1409| ID | 64249 |
| Created | Jul 14, 2020 |
| Description Updated |
Dec 21, 2023 |
| Risk |
|
| Coverage | FortiClient |
| OS | Windows |
| Vendor | Microsoft |
| Patch | auto |
| Application | Windows RT 8.1 , Windows Server version 2004 (Server Core installation) , Windows Server version 1903 (Server Core installation) , Windows Server 2016 , Microsoft Office 2019 for Mac , Windows Server 2012 , Windows 8 , Windows 7 , Windows 10 , Windows Server 2008 , Microsoft Office 2016 for Mac , Windows Server version 1909 (Server Core installation) , Windows Server 2019 |