Security information for Hitachi Disk Array Systems

Security Information ID

Hitachi-sec-2020-316

Vulnerability description

CVE-2020-1599   | Windows Spoofing Vulnerability
CVE-2020-16997 | Remote Desktop Protocol Server Information Disclosure Vulnerability
CVE-2020-16998 | DirectX Elevation of Privilege Vulnerability
CVE-2020-16999 | Windows Wallet Service Information Disclosure Vulnerability
CVE-2020-17000 | Remote Desktop Protocol Client Information Disclosure Vulnerability
CVE-2020-17001 | Windows Print Spooler Elevation of Privilege Vulnerability
CVE-2020-17004 | Windows Graphics Component Information Disclosure Vulnerability
CVE-2020-17007 | Windows Error Reporting Elevation of Privilege Vulnerability
CVE-2020-17011 | Windows Port Class Library Elevation of Privilege Vulnerability
CVE-2020-17013 | Win32k Information Disclosure Vulnerability
CVE-2020-17014 | Windows Print Spooler Elevation of Privilege Vulnerability
CVE-2020-17024 | Windows Client Side Rendering Print Provider Elevation of Privilege Vulnerability
CVE-2020-17025 | Windows Remote Access Elevation of Privilege Vulnerability
CVE-2020-17026 | Windows Remote Access Elevation of Privilege Vulnerability
CVE-2020-17027 | Windows Remote Access Elevation of Privilege Vulnerability
CVE-2020-17028 | Windows Remote Access Elevation of Privilege Vulnerability
CVE-2020-17029 | Windows Canonical Display Driver Information Disclosure Vulnerability
CVE-2020-17030 | Windows MSCTF Server Information Disclosure Vulnerability
CVE-2020-17031 | Windows Remote Access Elevation of Privilege Vulnerability
CVE-2020-17032 | Windows Remote Access Elevation of Privilege Vulnerability
CVE-2020-17033 | Windows Remote Access Elevation of Privilege Vulnerability
CVE-2020-17034 | Windows Remote Access Elevation of Privilege Vulnerability
CVE-2020-17035 | Windows Kernel Elevation of Privilege Vulnerability
CVE-2020-17036 | Windows Function Discovery SSDP Provider Information Disclosure Vulnerability
CVE-2020-17037 | Windows Wallet Service Elevation of Privilege Vulnerability
CVE-2020-17038 | Win32k Elevation of Privilege Vulnerability
CVE-2020-17041 | Windows Print Configuration Elevation of Privilege Vulnerability
CVE-2020-17042 | Windows Print Spooler Remote Code Execution Vulnerability
CVE-2020-17043 | Windows Remote Access Elevation of Privilege Vulnerability
CVE-2020-17044 | Windows Remote Access Elevation of Privilege Vulnerability
CVE-2020-17045 | Windows Kernel Stream Information Disclosure Vulnerability
CVE-2020-17046 | Windows Error Reporting Denial of Service Vulnerability
CVE-2020-17047 | Windows Network File System Denial of Service Vulnerability
CVE-2020-17048 | Chakra Scripting Engine Memory Corruption Vulnerability
CVE-2020-17052 | Scripting Engine Memory Corruption Vulnerability
CVE-2020-17053 | Internet Explorer Memory Corruption Vulnerability
CVE-2020-17054 | Chakra Scripting Engine Memory Corruption Vulnerability
CVE-2020-17055 | Windows Remote Access Elevation of Privilege Vulnerability
CVE-2020-17056 | Windows Network File System Information Disclosure Vulnerability
CVE-2020-17057 | Windows Win32k Elevation of Privilege Vulnerability
CVE-2020-17058 | Microsoft Browser Memory Corruption Vulnerability
CVE-2020-17068 | Windows GDI+ Remote Code Execution Vulnerability
CVE-2020-17069 | Windows NDIS Information Disclosure Vulnerability
CVE-2020-17070 | Windows Update Medic Service Elevation of Privilege Vulnerability
CVE-2020-17071 | Windows Delivery Optimization Information Disclosure Vulnerability
CVE-2020-17075 | Windows USO Core Worker Elevation of Privilege Vulnerability
CVE-2020-17077 | Windows Update Stack Elevation of Privilege Vulnerability
CVE-2020-17087 | Windows Kernel Local Elevation of Privilege Vulnerability
CVE-2020-17088 | Windows Common Log File System Driver Elevation of Privilege Vulnerability
CVE-2020-17090 | Microsoft Defender for Endpoint Security Feature Bypass Vulnerability
CVE-2020-17113 | Windows Camera Codec Information Disclosure Vulnerabilityy

Affected products

The following table shows the affected products.

The following products are not affected by the vulnerabilities:

• Hitachi Virtual Storage Platform E990
• Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900
• Hitachi Virtual Storage Platform F350, F370, F700, F900
• Hitachi Virtual Storage Platform G100, G200, G400, G600, G800
• Hitachi Virtual Storage Platform F400, F600, F800
• Hitachi Virtual Storage Platform N400, N600, N800
• Hitachi Universal Storage Platform V
• Hitachi Universal Storage Platform VM
• Hitachi Unified Storage 100
• Hitachi Adaptable Modular Storage
• Hitachi Workgroup Modular Storage
• Hitachi Simple Modular Storage
• Hitachi Virtual Storage Platform
• Hitachi Virtual Storage Platform VP9500

• page top

Action to be taken

Software update.

Please contact your authorized service representative for details on any corrective actions such as software updates and the schedule for their release.

• page top

References

Please refer to the Security Update Guide (Microsoft) about the vulnerabilities.

• https://portal.msrc.microsoft.com/en-US/security-guidance

• page top

Revision history

• December 16, 2020: This security information page is published.