Security information for Hitachi Disk Array Systems

Security Information ID

Hitachi-sec-2020-312

Vulnerability description

CVE-2020-1085 | Windows Function Discovery Service Elevation of Privilege Vulnerability
CVE-2020-1147 | .NET Framework, SharePoint Server, and Visual Studio Remote Code Execution Vulnerability
CVE-2020-1249 | Windows Runtime Elevation of Privilege Vulnerability
CVE-2020-1267 | Local Security Authority Subsystem Service Denial of Service Vulnerability
CVE-2020-1330 | Windows Mobile Device Management Diagnostics Information Disclosure Vulnerability
CVE-2020-1333 | Group Policy Services Policy Processing Elevation of Privilege Vulnerability
CVE-2020-1336 | Windows Kernel Elevation of Privilege Vulnerability
CVE-2020-1344 | Windows Wallet Service Elevation of Privilege Vulnerability
CVE-2020-1346 | Windows Modules Installer Elevation of Privilege Vulnerability
CVE-2020-1347 | Windows Storage Services Elevation of Privilege Vulnerability
CVE-2020-1351 | Microsoft Graphics Component Information Disclosure Vulnerability
CVE-2020-1352 | Windows USO Core Worker Elevation of Privilege Vulnerability
CVE-2020-1353 | Windows Runtime Elevation of Privilege Vulnerability
CVE-2020-1354 | Windows UPnP Device Host Elevation of Privilege Vulnerability
CVE-2020-1357 | Windows System Events Broker Elevation of Privilege Vulnerability
CVE-2020-1358 | Windows Resource Policy Information Disclosure Vulnerability
CVE-2020-1359 | Windows CNG Key Isolation Service Elevation of Privilege Vulnerability
CVE-2020-1360 | Windows Profile Service Elevation of Privilege Vulnerability
CVE-2020-1361 | Windows Wallet Service Information Disclosure Vulnerability
CVE-2020-1362 | Windows Wallet Service Elevation of Privilege Vulnerability
CVE-2020-1363 | Windows Picker Platform Elevation of Privilege Vulnerability
CVE-2020-1364 | Windows Wallet Service Denial of Service Vulnerability
CVE-2020-1365 | Windows Event Logging Service Elevation of Privilege Vulnerability
CVE-2020-1366 | Windows Print Workflow Service Elevation of Privilege Vulnerability
CVE-2020-1367 | Windows Kernel Information Disclosure Vulnerability
CVE-2020-1368 | Windows Credential Enrollment Manager Service Elevation of Privilege Vulnerability
CVE-2020-1369 | Windows Wallet Service Elevation of Privilege Vulnerability
CVE-2020-1370 | Windows Runtime Elevation of Privilege Vulnerability
CVE-2020-1371 | Windows Event Logging Service Elevation of Privilege Vulnerability
CVE-2020-1372 | Windows Mobile Device Management Diagnostics Elevation of Privilege Vulnerability
CVE-2020-1373 | Windows Network Connections Service Elevation of Privilege Vulnerability
CVE-2020-1374 | Remote Desktop Client Remote Code Execution Vulnerability
CVE-2020-1375 | Windows COM Server Elevation of Privilege Vulnerability
CVE-2020-1384 | Windows CNG Key Isolation Service Elevation of Privilege Vulnerability
CVE-2020-1385 | Windows Credential Picker Elevation of Privilege Vulnerability
CVE-2020-1386 | Connected User Experiences and Telemetry Service Information Disclosure Vulnerability
CVE-2020-1387 | Windows Push Notification Service Elevation of Privilege Vulnerability
CVE-2020-1388 | Windows Elevation of Privilege Vulnerability
CVE-2020-1389 | Windows Kernel Information Disclosure Vulnerability
CVE-2020-1390 | Windows Network Connections Service Elevation of Privilege Vulnerability
CVE-2020-1392 | Windows Elevation of Privilege Vulnerability
CVE-2020-1393 | Windows Diagnostics Hub Elevation of Privilege Vulnerability
CVE-2020-1394 | Windows Elevation of Privilege Vulnerability
CVE-2020-1395 | Windows Elevation of Privilege Vulnerability
CVE-2020-1396 | Windows ALPC Elevation of Privilege Vulnerability
CVE-2020-1397 | Windows Imaging Component Information Disclosure Vulnerability
CVE-2020-1398 | Windows Lockscreen Elevation of Privilege Vulnerability
CVE-2020-1399 | Windows Runtime Elevation of Privilege Vulnerability
CVE-2020-1400 | Jet Database Engine Remote Code Execution Vulnerability
CVE-2020-1401 | Jet Database Engine Remote Code Execution Vulnerability
CVE-2020-1402 | Windows ActiveX Installer Service Elevation of Privilege Vulnerability
CVE-2020-1403 | VBScript Remote Code Execution Vulnerability
CVE-2020-1404 | Windows Runtime Elevation of Privilege Vulnerability
CVE-2020-1405 | Windows Mobile Device Management Diagnostics Elevation of Privilege Vulnerability
CVE-2020-1406 | Windows Network List Service Elevation of Privilege Vulnerability
CVE-2020-1407 | Jet Database Engine Remote Code Execution Vulnerability
CVE-2020-1408 | Microsoft Graphics Remote Code Execution Vulnerability
CVE-2020-1409 | Direct Write Remote Code Execution Vulnerability
CVE-2020-1410 | Windows Address Book Remote Code Execution Vulnerability
CVE-2020-1411 | Windows Kernel Elevation of Privilege Vulnerability
CVE-2020-1412 | Microsoft Graphics Components Remote Code Execution Vulnerability
CVE-2020-1413 | Windows Runtime Elevation of Privilege Vulnerability
CVE-2020-1414 | Windows Runtime Elevation of Privilege Vulnerability
CVE-2020-1415 | Windows Runtime Elevation of Privilege Vulnerability
CVE-2020-1418 | Windows Diagnostics Hub Elevation of Privilege Vulnerability
CVE-2020-1419 | Windows Kernel Information Disclosure Vulnerability
CVE-2020-1420 | Windows Error Reporting Information Disclosure Vulnerability
CVE-2020-1421 | LNK Remote Code Execution Vulnerability
CVE-2020-1422 | Windows Runtime Elevation of Privilege Vulnerability
CVE-2020-1424 | Windows Update Stack Elevation of Privilege Vulnerability
CVE-2020-1426 | Windows Kernel Information Disclosure Vulnerability
CVE-2020-1427 | Windows Network Connections Service Elevation of Privilege Vulnerability
CVE-2020-1428 | Windows Network Connections Service Elevation of Privilege Vulnerability
CVE-2020-1429 | Windows Error Reporting Manager Elevation of Privilege Vulnerability
CVE-2020-1430 | Windows UPnP Device Host Elevation of Privilege Vulnerability
CVE-2020-1431 | Windows AppX Deployment Extensions Elevation of Privilege Vulnerability
CVE-2020-1432 | Skype for Business via Internet Explorer Information Disclosure Vulnerability
CVE-2020-1433 | Microsoft Edge PDF Information Disclosure Vulnerability
CVE-2020-1434 | Windows Sync Host Service Elevation of Privilege Vulnerability
CVE-2020-1435 | GDI+ Remote Code Execution Vulnerability
CVE-2020-1436 | Windows Font Library Remote Code Execution Vulnerability
CVE-2020-1437 | Windows Network Location Awareness Service Elevation of Privilege Vulnerability
CVE-2020-1438 | Windows Network Connections Service Elevation of Privilege Vulnerability
CVE-2020-1461 | Microsoft Defender Elevation of Privilege Vulnerability
CVE-2020-1463 | Windows Shared Stream Library Elevation of Privilege Vulnerability
CVE-2020-1468 | Windows GDI Information Disclosure Vulnerability

Affected products

The following table shows the affected products.

The following products are not affected by the vulnerabilities:

• Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900
• Hitachi Virtual Storage Platform F350, F370, F700, F900
• Hitachi Virtual Storage Platform G100, G200, G400, G600, G800
• Hitachi Virtual Storage Platform F400, F600, F800
• Hitachi Virtual Storage Platform N400, N600, N800
• Hitachi Universal Storage Platform V
• Hitachi Universal Storage Platform VM 
• Hitachi Unified Storage 100, Hitachi Adaptable Modular Storage
• Hitachi Workgroup Modular Storage, Hitachi Simple Modular Storage
• Hitachi Virtual Storage Platform, Hitachi Virtual Storage Platform VP9500

• page top

Action to be taken

Software update.

Please contact your authorized service representative for details on any corrective actions such as software updates and the schedule for their release.

• page top

References

Please refer to the Security Update Guide (Microsoft) about the vulnerabilities.

• https://portal.msrc.microsoft.com/en-US/security-guidance

• page top

Revision history

• August 6, 2020: This security information page is published.