NVD disclosure day
CVE-2020-0688
Halo Surface Signal: 5 out of 5 — more likely to be public-facing.
A vulnerability in Microsoft Exchange Server allows for remote code execution due to improper memory object handling. This can lead to unauthorized system control and potential data breaches, posing a business risk to affected organizations. Exploitation requires network access and an authenticated user.
CVE-2020-0683
Halo Surface Signal: 1 out of 5 — much less likely to be public-facing.
An elevation of privilege vulnerability exists in Windows Installer when processing symbolic links. This could allow an attacker with local access to bypass restrictions and modify files, increasing business risk.
CVE-2020-0674
Halo Surface Signal: 3 out of 5 — possibly public-facing.
A scripting engine memory corruption vulnerability in Internet Explorer can allow attackers to execute code. This impacts organizations using the browser, posing a risk of unauthorized access and operational disruption. Exploitation requires user interaction with a malicious website.
CVE-2020-0618
Halo Surface Signal: 3 out of 5 — possibly public-facing.
A vulnerability in Microsoft SQL Server Reporting Services allows attackers to execute code by incorrectly handling page requests. This could affect data confidentiality, integrity, and service availability, posing a business risk.