Security information for Hitachi Disk Array Systems

Security Information ID

Hitachi-sec-2020-305

Vulnerability description

CVE-2018-12126 | Microarchitectural Store Buffer Data Sampling
CVE-2018-12127 | Microarchitectural Load Port Data Sampling
CVE-2018-12130 | Microarchitectural Fill Buffer Data Sampling
CVE-2019-11091 | Microarchitectural Data Sampling Uncacheable Memory
CVE-2020-3757 | February 2020 Adobe Flash Security Update
CVE-2020-0655 | Remote Desktop Services Remote Code Execution Vulnerability
CVE-2020-0657 | Windows Common Log File System Driver Elevation of Privilege Vulnerability
CVE-2020-0658 | Windows Common Log File System Driver Information Disclosure Vulnerability
CVE-2020-0659 | Windows Data Sharing Service Elevation of Privilege Vulnerability
CVE-2020-0660 | Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability
CVE-2020-0661 | Windows Hyper-V Denial of Service Vulnerability
CVE-2020-0662 | Windows Remote Code Execution Vulnerability
CVE-2020-0663 | Microsoft Edge Elevation of Privilege Vulnerability
CVE-2020-0665 | Active Directory Elevation of Privilege Vulnerability
CVE-2020-0666 | Windows Search Indexer Elevation of Privilege Vulnerability
CVE-2020-0667 | Windows Search Indexer Elevation of Privilege Vulnerability
CVE-2020-0668 | Windows Kernel Elevation of Privilege Vulnerability
CVE-2020-0669 | Windows Kernel Elevation of Privilege Vulnerability
CVE-2020-0670 | Windows Kernel Elevation of Privilege Vulnerability
CVE-2020-0671 | Windows Kernel Elevation of Privilege Vulnerability
CVE-2020-0672 | Windows Kernel Elevation of Privilege Vulnerability
CVE-2020-0673 | Scripting Engine Memory Corruption Vulnerability
CVE-2020-0674 | Scripting Engine Memory Corruption Vulnerability
CVE-2020-0675 | Windows Key Isolation Service Information Disclosure Vulnerability
CVE-2020-0676 | Windows Key Isolation Service Information Disclosure Vulnerability
CVE-2020-0677 | Windows Key Isolation Service Information Disclosure Vulnerability
CVE-2020-0678 | Windows Error Reporting Manager Elevation of Privilege Vulnerability
CVE-2020-0679 | Windows Function Discovery Service Elevation of Privilege Vulnerability
CVE-2020-0680 | Windows Function Discovery Service Elevation of Privilege Vulnerability
CVE-2020-0681 | Remote Desktop Client Remote Code Execution Vulnerability
CVE-2020-0682 | Windows Function Discovery Service Elevation of Privilege Vulnerability
CVE-2020-0683 | Windows Installer Elevation of Privilege Vulnerability
CVE-2020-0685 | Windows COM Server Elevation of Privilege Vulnerability
CVE-2020-0686 | Windows Installer Elevation of Privilege Vulnerability
CVE-2020-0691 | Win32k Elevation of Privilege Vulnerability
CVE-2020-0698 | Windows Information Disclosure Vulnerability
CVE-2020-0701 | Windows Client License Service Elevation of Privilege Vulnerability
CVE-2020-0703 | Windows Backup Service Elevation of Privilege Vulnerability
CVE-2020-0704 | Windows Wireless Network Manager Elevation of Privilege Vulnerability
CVE-2020-0705 | Windows Network Driver Interface Specification (NDIS) Information Disclosure Vulnerability
CVE-2020-0706 | Microsoft Browser Information Disclosure Vulnerability
CVE-2020-0707 | Windows IME Elevation of Privilege Vulnerability
CVE-2020-0708 | Windows Imaging Library Remote Code Execution Vulnerability
CVE-2020-0709 | DirectX Elevation of Privilege Vulnerability
CVE-2020-0710 | Scripting Engine Memory Corruption Vulnerability
CVE-2020-0711 | Scripting Engine Memory Corruption Vulnerability
CVE-2020-0712 | Scripting Engine Memory Corruption Vulnerability
CVE-2020-0713 | Scripting Engine Memory Corruption Vulnerability
CVE-2020-0714 | DirectX Information Disclosure Vulnerability
CVE-2020-0715 | Windows Graphics Component Elevation of Privilege Vulnerability
CVE-2020-0716 | Win32k Information Disclosure Vulnerability
CVE-2020-0717 | Win32k Information Disclosure Vulnerability
CVE-2020-0719 | Win32k Elevation of Privilege Vulnerability
CVE-2020-0720 | Win32k Elevation of Privilege Vulnerability
CVE-2020-0721 | Win32k Elevation of Privilege Vulnerability
CVE-2020-0722 | Win32k Elevation of Privilege Vulnerability
CVE-2020-0723 | Win32k Elevation of Privilege Vulnerability
CVE-2020-0724 | Win32k Elevation of Privilege Vulnerability
CVE-2020-0725 | Win32k Elevation of Privilege Vulnerability
CVE-2020-0726 | Win32k Elevation of Privilege Vulnerability
CVE-2020-0727 | Connected User Experiences and Telemetry Service Elevation of Privilege Vulnerability
CVE-2020-0728 | Windows Modules Installer Service Information Disclosure Vulnerability
CVE-2020-0729 | LNK Remote Code Execution Vulnerability
CVE-2020-0730 | Windows User Profile Service Elevation of Privilege Vulnerability
CVE-2020-0731 | Win32k Elevation of Privilege Vulnerability
CVE-2020-0732 | DirectX Elevation of Privilege Vulnerability
CVE-2020-0734 | Remote Desktop Client Remote Code Execution Vulnerability
CVE-2020-0735 | Windows Search Indexer Elevation of Privilege Vulnerability
CVE-2020-0736 | Windows Kernel Information Disclosure Vulnerability
CVE-2020-0737 | Windows Elevation of Privilege Vulnerability
CVE-2020-0738 | Media Foundation Memory Corruption Vulnerability
CVE-2020-0739 | Windows Elevation of Privilege Vulnerability
CVE-2020-0740 | Connected Devices Platform Service Elevation of Privilege Vulnerability
CVE-2020-0741 | Connected Devices Platform Service Elevation of Privilege Vulnerability
CVE-2020-0742 | Connected Devices Platform Service Elevation of Privilege Vulnerability
CVE-2020-0743 | Connected Devices Platform Service Elevation of Privilege Vulnerability
CVE-2020-0744 | Windows GDI Information Disclosure Vulnerability
CVE-2020-0745 | Windows Graphics Component Elevation of Privilege Vulnerability
CVE-2020-0746 | Microsoft Graphics Components Information Disclosure Vulnerability
CVE-2020-0747 | Windows Data Sharing Service Elevation of Privilege Vulnerability
CVE-2020-0748 | Windows Key Isolation Service Information Disclosure Vulnerability
CVE-2020-0749 | Connected Devices Platform Service Elevation of Privilege Vulnerability
CVE-2020-0750 | Connected Devices Platform Service Elevation of Privilege Vulnerability
CVE-2020-0752 | Windows Search Indexer Elevation of Privilege Vulnerability
CVE-2020-0753 | Windows Error Reporting Elevation of Privilege Vulnerability
CVE-2020-0754 | Windows Error Reporting Elevation of Privilege Vulnerability
CVE-2020-0755 | Windows Key Isolation Service Information Disclosure Vulnerability
CVE-2020-0756 | Windows Key Isolation Service Information Disclosure Vulnerability
CVE-2020-0757 | Windows SSH Elevation of Privilege Vulnerability
CVE-2020-0767 | Scripting Engine Memory Corruption Vulnerability

Affected products

The following table shows the affected products.

The following products are not affected by the vulnerabilities:

• Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900
• Hitachi Virtual Storage Platform F350, F370, F700, F900
• Hitachi Virtual Storage Platform G100, G200, G400, G600, G800
• Hitachi Virtual Storage Platform F400, F600, F800
• Hitachi Virtual Storage Platform N400, N600, N800
• Hitachi Universal Storage Platform V
• Hitachi Universal Storage Platform VM
• Hitachi Unified Storage 100
• Hitachi Adaptable Modular Storage
• Hitachi Workgroup Modular Storage
• Hitachi Simple Modular Storage
• Hitachi Virtual Storage Platform
• Hitachi Virtual Storage Platform VP9500

• page top

Action to be taken

Software update.

Please contact your authorized service representative for details on any corrective actions such as software updates and the schedule for their release.

• page top

References

Please refer to the Security Update Guide (Microsoft) about the vulnerabilities.

• https://portal.msrc.microsoft.com/en-US/security-guidance

• page top

Revision history

• March 19, 2020: This security information page is published.