KB4565489: Windows 10 Version 1803 July 2020 Security Update - Nessus
High Plugin ID: 138455This page contains detailed information about the KB4565489: Windows 10 Version 1803 July 2020 Security Update Nessus plugin including available exploits and PoCs found on GitHub, in Metasploit or Exploit-DB for verifying of this vulnerability.
Plugin Overview
ID: 138455
Name: KB4565489: Windows 10 Version 1803 July 2020 Security Update
Filename: smb_nt_ms20_jul_4565489.nasl
Vulnerability Published: 2020-07-14
This Plugin Published: 2020-07-14
Last Modification Time: 2021-11-30
Plugin Version: 1.12
Plugin Type: local
Plugin Family: Windows : Microsoft Bulletins
Dependencies:
ms_bulletin_checks_possible.nasl, smb_check_rollup.nasl, smb_hotfixes.nasl
Required KB Items [?]: SMB/MS_Bulletin_Checks/Possible
Vulnerability Information
Severity: High
Vulnerability Published: 2020-07-14
Patch Published: 2020-07-14
CVE [?]: CVE-2020-1085, CVE-2020-1147, CVE-2020-1249, CVE-2020-1267, CVE-2020-1333, CVE-2020-1336, CVE-2020-1344, CVE-2020-1346, CVE-2020-1347, CVE-2020-1351, CVE-2020-1352, CVE-2020-1353, CVE-2020-1354, CVE-2020-1357, CVE-2020-1358, CVE-2020-1359, CVE-2020-1360, CVE-2020-1361, CVE-2020-1362, CVE-2020-1363, CVE-2020-1364, CVE-2020-1365, CVE-2020-1366, CVE-2020-1368, CVE-2020-1369, CVE-2020-1370, CVE-2020-1371, CVE-2020-1372, CVE-2020-1373, CVE-2020-1374, CVE-2020-1375, CVE-2020-1384, CVE-2020-1385, CVE-2020-1386, CVE-2020-1387, CVE-2020-1388, CVE-2020-1389, CVE-2020-1390, CVE-2020-1392, CVE-2020-1393, CVE-2020-1394, CVE-2020-1395, CVE-2020-1396, CVE-2020-1397, CVE-2020-1398, CVE-2020-1399, CVE-2020-1400, CVE-2020-1401, CVE-2020-1402, CVE-2020-1403, CVE-2020-1404, CVE-2020-1406, CVE-2020-1407, CVE-2020-1408, CVE-2020-1409, CVE-2020-1410, CVE-2020-1411, CVE-2020-1412, CVE-2020-1413, CVE-2020-1414, CVE-2020-1415, CVE-2020-1418, CVE-2020-1419, CVE-2020-1420, CVE-2020-1421, CVE-2020-1422, CVE-2020-1424, CVE-2020-1426, CVE-2020-1427, CVE-2020-1428, CVE-2020-1429, CVE-2020-1430, CVE-2020-1431, CVE-2020-1432, CVE-2020-1433, CVE-2020-1434, CVE-2020-1435, CVE-2020-1436, CVE-2020-1437, CVE-2020-1438, CVE-2020-1462, CVE-2020-1463, CVE-2020-1468
CPE [?]: cpe:/a:microsoft:edge, cpe:/o:microsoft:windows
Exploited by Malware: True
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 4565489. It is, therefore, affected by multiple vulnerabilities :
- An elevation of privilege vulnerability exists when the Windows System Events Broker improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges. (CVE-2020-1357)
- An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1411)
- An elevation of privilege vulnerability exists when the Windows Diagnostics Execution Service fails to properly sanitize input, leading to an unsecure library-loading behavior. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1418)
- An elevation of privilege vulnerability exists when the Windows USO Core Worker improperly handles memory. (CVE-2020-1352)
- An elevation of privilege vulnerability exists when the Windows Modules Installer improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges. (CVE-2020-1346)
- An elevation of privilege vulnerability exists when Windows improperly handles COM object creation. An attacker who successfully exploited the vulnerability could run arbitrary code with elevated privileges. (CVE-2020-1375)
- A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage. The security update addresses the vulnerability by correcting how DirectWrite handles objects in memory. (CVE-2020-1409)
- An elevation of privilege vulnerability exists when the Windows AppX Deployment Extensions improperly performs privilege management, resulting in access to system files. (CVE-2020-1431)
- An elevation of privilege vulnerability exists when the Windows Profile Service improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges. (CVE-2020-1360)
- An elevation of privilege vulnerability exists when Windows Mobile Device Management (MDM) Diagnostics improperly handles objects in memory. An attacker who successfully exploited this vulnerability could bypass access restrictions to delete files. (CVE-2020-1372)
- An elevation of privilege vulnerability exists when the Windows Picker Platform improperly handles memory. (CVE-2020-1363)
- An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC). An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1396)
- A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2020-1403)
- A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server. An attacker who successfully exploited this vulnerability could execute arbitrary code on the computer of the connecting client. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1374)
- A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted fonts. For all systems except Windows 10, an attacker who successfully exploited the vulnerability could execute code remotely. For systems running Windows 10, an attacker who successfully exploited the vulnerability could execute code in an AppContainer sandbox context with limited privileges and capabilities. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. There are multiple ways an attacker could exploit the vulnerability: (CVE-2020-1436)
- An elevation of privilege vulnerability exists in the way that the Credential Enrollment Manager service handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1368)
- An elevation of privilege vulnerability exists in the way that the Windows Network List Service handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1406)
- An information disclosure vulnerability exists when the Windows Graphics component improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. An authenticated attacker could exploit this vulnerability by running a specially crafted application. The update addresses the vulnerability by correcting how the Windows Graphics Component handles objects in memory. (CVE-2020-1351)
- An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage. The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory. (CVE-2020-1468)
- An elevation of privilege vulnerability exists when the Windows Event Logging Service improperly handles memory. (CVE-2020-1365, CVE-2020-1371)
- An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2020-1389, CVE-2020-1419)
- An elevation of privilege vulnerability exists when the Windows Print Workflow Service improperly handles objects in memory. An attacker who successfully exploited this vulnerability could gain elevated privileges and break out of the AppContainer sandbox. (CVE-2020-1366)
- An elevation of privilege vulnerability exists in the way that the Windows WalletService handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1344, CVE-2020-1362, CVE-2020-1369)
- An elevation of privilege vulnerability exists when the Windows ActiveX Installer Service improperly handles memory. (CVE-2020-1402)
- An elevation of privilege vulnerability exists in the way that the Windows Geolocation Framework handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1394)
- An information vulnerability exists when Windows Connected User Experiences and Telemetry Service improperly discloses file information. Successful exploitation of the vulnerability could allow the attacker to read any file on the file system. (CVE-2020-1386)
- This security update corrects a denial of service in the Local Security Authority Subsystem Service (LSASS) caused when an authenticated attacker sends a specially crafted authentication request. A remote attacker who successfully exploited this vulnerability could cause a denial of service on the target system's LSASS service, which triggers an automatic reboot of the system. The security update addresses the vulnerability by changing the way that LSASS handles specially crafted authentication requests. (CVE-2020-1267)
- An elevation of privilege vulnerability exists when the Windows Delivery Optimization service improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1392)
- A remote code execution vulnerability exists when Windows Address Book (WAB) improperly processes vcard files. (CVE-2020-1410)
- An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The update addresses the vulnerability by correcting the way the Windows Runtime handles objects in memory. (CVE-2020-1249, CVE-2020-1353, CVE-2020-1370, CVE-2020-1399, CVE-2020-1404, CVE-2020-1413, CVE-2020-1414, CVE-2020-1415, CVE-2020-1422)
- An elevation of privilege vulnerability exists when the Windows UPnP Device Host improperly handles memory. (CVE-2020-1354, CVE-2020-1430)
- An elevation of privilege vulnerability exists when the Windows Update Stack fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1424)
- An elevation of privilege vulnerability exists in the way that the SharedStream Library handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1463)
- An elevation of privilege vulnerability exists when Group Policy Services Policy Processing improperly handle reparse points. An attacker who successfully exploited this vulnerability could overwrite a targeted file that would normally require elevated permissions. (CVE-2020-1333)
- An elevation of privilege vulnerability exists in the way the Windows Push Notification Service handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could then install programs; view, change or delete data. (CVE-2020-1387)
- A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited the vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1408)
- An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1336)
- An elevation of privilege vulnerability exists when the Windows Storage Services improperly handle file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges. (CVE-2020-1347)
- A denial of service vulnerability exists in the way that the WalletService handles files. An attacker who successfully exploited the vulnerability could corrupt system files. (CVE-2020-1364)
- An information disclosure vulnerability exists when Skype for Business is accessed via Internet Explorer. An attacker who exploited the vulnerability could cause the user to place a call without additional consent, leading to information disclosure of the user profile. For the vulnerability to be exploited, a user must click a specially crafted URL that prompts the Skype app. (CVE-2020-1432)
- An elevation of privilege vulnerability exists in the way that the Windows Network Location Awareness Service handles objects in memory. An attacker who successfully exploited the vulnerability could allow an application with limited privileges on an affected system to execute code at a medium integrity level. (CVE-2020-1437)
- An elevation of privilege vulnerability exists when the Windows Diagnostics Hub Standard Collector Service fails to properly sanitize input, leading to an unsecure library-loading behavior. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1393)
- A remote code execution vulnerability exists in .NET Framework, Microsoft SharePoint, and Visual Studio when the software fails to check the source markup of XML file input. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the process responsible for deserialization of the XML content. (CVE-2020-1147)
- An elevation of privilege vulnerability exists in the way that the Windows Network Connections Service handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1373, CVE-2020-1390, CVE-2020-1427, CVE-2020-1428, CVE-2020-1438)
- An elevation of privilege vulnerability exists when the Windows Cryptography Next Generation (CNG) Key Isolation service improperly handles memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. (CVE-2020-1359, CVE-2020-1384)
- An information disclosure vulnerability exists when the Windows Resource Policy component improperly handles memory. (CVE-2020-1358)
- An elevation of privilege vulnerability exists in the way that the Windows Speech Brokered API handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1395)
- An information disclosure vulnerability exists when Windows Error Reporting improperly handles file operations. (CVE-2020-1420)
- A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code on a target system. (CVE-2020-1412)
- An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. An authenticated attacker could exploit this vulnerability by running a specially crafted application. The update addresses the vulnerability by correcting how the Windows kernel handles objects in memory. (CVE-2020-1426)
- An information disclosure vulnerability exists when Microsoft Edge PDF Reader improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2020-1433)
- A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory. (CVE-2020-1400, CVE-2020-1401, CVE-2020-1407)
- An elevation of privilege vulnerability exists when Windows Error Reporting manager improperly handles a process crash. An attacker who successfully exploited this vulnerability could delete a targeted file leading to an elevated status. (CVE-2020-1429)
- An elevation of privilege vulnerability exists in the way that the psmsrv.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1388)
- An elevation of privilege vulnerability exists in the way that the Windows Credential Picker handles objects in memory. An attacker who successfully exploited the vulnerability could allow an application with limited privileges on an affected system to execute code at a medium integrity level. (CVE-2020-1385)
- A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. (CVE-2020-1421)
- An information disclosure vulnerability exists in Windows when the Windows Imaging Component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user's system. There are multiple ways an attacker could exploit this vulnerability: (CVE-2020-1397)
- A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1435)
- An elevation of privilege vulnerability exists in the way that the Windows Function Discovery Service handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1085)
- An information disclosure vulnerability exists in the way that the WalletService handles memory. (CVE-2020-1361)
- An elevation of privilege vulnerability exists in the way that the Windows Sync Host Service handles objects in memory. An attacker who successfully exploited the vulnerability could allow an application with limited privileges on an affected system to execute code at a medium integrity level. (CVE-2020-1434)
- An information disclosure vulnerability exists when Skype for Business is accessed via Microsoft Edge (EdgeHTML-based). An attacker who exploited the vulnerability could cause the user to place a call without additional consent, leading to information disclosure of the user profile. For the vulnerability to be exploited, a user must click a specially crafted URL that prompts the Skype app. (CVE-2020-1462)
- An elevation of privilege vulnerability exists when Windows Lockscreen fails to properly handle Ease of Access dialog. An attacker who successfully exploited the vulnerability could execute commands with elevated permissions. The security update addresses the vulnerability by ensuring that the Ease of Access dialog is handled properly. (CVE-2020-1398)
Solution
Apply Cumulative Update KB4565489.
Public Exploits
Target Network Port(s): 139, 445
Target Asset(s): Host/patch_management_checks
Exploit Available: True (Metasploit Framework, Exploit-DB, GitHub)
Exploit Ease: Exploits are available
Here's the list of publicly known exploits and PoCs for verifying the KB4565489: Windows 10 Version 1803 July 2020 Security Update vulnerability:
- Metasploit: exploit/windows/http/sharepoint_data_deserialization
[SharePoint DataSet / DataTable Deserialization] - Exploit-DB: exploits/aspx/webapps/48747.py
[EDB-48747: Microsoft SharePoint Server 2019 - Remote Code Execution] - Exploit-DB: exploits/aspx/webapps/50151.py
[EDB-50151: Microsoft SharePoint Server 2019 - Remote Code Execution (2)] - GitHub: https://github.com/H0j3n/EzpzSharepoint
[CVE-2020-1147] - GitHub: https://github.com/amcai/myscan
[CVE-2020-1147] - GitHub: https://github.com/michael101096/cs2020_msels
[CVE-2020-1147] - GitHub: https://github.com/pwntester/ysoserial.net
[CVE-2020-1147] - GitHub: https://github.com/ycdxsb/WindowsPrivilegeEscalation
[CVE-2020-1344] - GitHub: https://github.com/xinali/articles
[CVE-2020-1351] - GitHub: https://github.com/Al1ex/WindowsElevation
[CVE-2020-1362] - GitHub: https://github.com/Ascotbe/Kernelhub
[CVE-2020-1362] - GitHub: https://github.com/Mr-xn/Penetration_Testing_POC
[CVE-2020-1362] - GitHub: https://github.com/ycdxsb/WindowsPrivilegeEscalation
[CVE-2020-1362] - GitHub: https://github.com/ycdxsb/WindowsPrivilegeEscalation
[CVE-2020-1369] - GitHub: https://github.com/bollwarm/SecToolSet
[CVE-2020-1398] - GitHub: https://github.com/Q4n/CVE-2020-1362
[CVE-2020-1362: Writeup of CVE-2020-1362]
Before running any exploit against any system, make sure you are authorized by the owner of the target system(s) to perform such activity. In any other case, this would be considered as an illegal activity.
WARNING: Beware of using unverified exploits from sources such as GitHub or Exploit-DB. These exploits and PoCs could contain malware. For more information, see how to use exploits safely.
Risk Information
CVSS Score Source [?]: CVE-2020-1435
CVSS V2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:H/RL:OF/RC:C
CVSS Base Score: | 9.3 (High) |
Impact Subscore: | 10.0 |
Exploitability Subscore: | 8.6 |
CVSS Temporal Score: | 8.1 (High) |
CVSS Environmental Score: | NA (None) |
Modified Impact Subscore: | NA |
Overall CVSS Score: | 8.1 (High) |
CVSS Base Score: | 8.8 (High) |
Impact Subscore: | 5.9 |
Exploitability Subscore: | 2.8 |
CVSS Temporal Score: | 8.4 (High) |
CVSS Environmental Score: | NA (None) |
Modified Impact Subscore: | NA |
Overall CVSS Score: | 8.4 (High) |
STIG Risk Rating: High
Go back to menu.
Plugin Source
This is the smb_nt_ms20_jul_4565489.nasl nessus plugin source code. This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from the Microsoft Security Updates API. The text
# itself is copyright (C) Microsoft Corporation.
#
include('compat.inc');
if (description)
{
script_id(138455);
script_version("1.12");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/11/30");
script_cve_id(
"CVE-2020-1085",
"CVE-2020-1147",
"CVE-2020-1249",
"CVE-2020-1267",
"CVE-2020-1333",
"CVE-2020-1336",
"CVE-2020-1344",
"CVE-2020-1346",
"CVE-2020-1347",
"CVE-2020-1351",
"CVE-2020-1352",
"CVE-2020-1353",
"CVE-2020-1354",
"CVE-2020-1357",
"CVE-2020-1358",
"CVE-2020-1359",
"CVE-2020-1360",
"CVE-2020-1361",
"CVE-2020-1362",
"CVE-2020-1363",
"CVE-2020-1364",
"CVE-2020-1365",
"CVE-2020-1366",
"CVE-2020-1368",
"CVE-2020-1369",
"CVE-2020-1370",
"CVE-2020-1371",
"CVE-2020-1372",
"CVE-2020-1373",
"CVE-2020-1374",
"CVE-2020-1375",
"CVE-2020-1384",
"CVE-2020-1385",
"CVE-2020-1386",
"CVE-2020-1387",
"CVE-2020-1388",
"CVE-2020-1389",
"CVE-2020-1390",
"CVE-2020-1392",
"CVE-2020-1393",
"CVE-2020-1394",
"CVE-2020-1395",
"CVE-2020-1396",
"CVE-2020-1397",
"CVE-2020-1398",
"CVE-2020-1399",
"CVE-2020-1400",
"CVE-2020-1401",
"CVE-2020-1402",
"CVE-2020-1403",
"CVE-2020-1404",
"CVE-2020-1406",
"CVE-2020-1407",
"CVE-2020-1408",
"CVE-2020-1409",
"CVE-2020-1410",
"CVE-2020-1411",
"CVE-2020-1412",
"CVE-2020-1413",
"CVE-2020-1414",
"CVE-2020-1415",
"CVE-2020-1418",
"CVE-2020-1419",
"CVE-2020-1420",
"CVE-2020-1421",
"CVE-2020-1422",
"CVE-2020-1424",
"CVE-2020-1426",
"CVE-2020-1427",
"CVE-2020-1428",
"CVE-2020-1429",
"CVE-2020-1430",
"CVE-2020-1431",
"CVE-2020-1432",
"CVE-2020-1433",
"CVE-2020-1434",
"CVE-2020-1435",
"CVE-2020-1436",
"CVE-2020-1437",
"CVE-2020-1438",
"CVE-2020-1462",
"CVE-2020-1463",
"CVE-2020-1468"
);
script_xref(name:"MSKB", value:"4565489");
script_xref(name:"MSFT", value:"MS20-4565489");
script_xref(name:"IAVA", value:"2020-A-0300-S");
script_xref(name:"IAVA", value:"2020-A-0302-S");
script_xref(name:"IAVA", value:"2020-A-0313-S");
script_xref(name:"CISA-KNOWN-EXPLOITED", value:"2022/05/03");
script_name(english:"KB4565489: Windows 10 Version 1803 July 2020 Security Update");
script_set_attribute(attribute:"synopsis", value:
"The remote Windows host is affected by multiple vulnerabilities.");
script_set_attribute(attribute:"description", value:
"The remote Windows host is missing security update 4565489. It is,
therefore, affected by multiple vulnerabilities :
- An elevation of privilege vulnerability exists when the
Windows System Events Broker improperly handles file
operations. An attacker who successfully exploited this
vulnerability could gain elevated privileges.
(CVE-2020-1357)
- An elevation of privilege vulnerability exists when the
Windows kernel fails to properly handle objects in
memory. An attacker who successfully exploited this
vulnerability could run arbitrary code in kernel mode.
An attacker could then install programs; view, change,
or delete data; or create new accounts with full user
rights. (CVE-2020-1411)
- An elevation of privilege vulnerability exists when the
Windows Diagnostics Execution Service fails to properly
sanitize input, leading to an unsecure library-loading
behavior. An attacker who successfully exploited this
vulnerability could run arbitrary code with elevated
system privileges. An attacker could then install
programs; view, change, or delete data; or create new
accounts with full user rights. (CVE-2020-1418)
- An elevation of privilege vulnerability exists when the
Windows USO Core Worker improperly handles memory.
(CVE-2020-1352)
- An elevation of privilege vulnerability exists when the
Windows Modules Installer improperly handles file
operations. An attacker who successfully exploited this
vulnerability could gain elevated privileges.
(CVE-2020-1346)
- An elevation of privilege vulnerability exists when
Windows improperly handles COM object creation. An
attacker who successfully exploited the vulnerability
could run arbitrary code with elevated privileges.
(CVE-2020-1375)
- A remote code execution vulnerability exists in the way
that DirectWrite handles objects in memory. An attacker
who successfully exploited this vulnerability could take
control of the affected system. An attacker could then
install programs; view, change, or delete data; or
create new accounts with full user rights. There are
multiple ways an attacker could exploit the
vulnerability, such as by convincing a user to open a
specially crafted document, or by convincing a user to
visit an untrusted webpage. The security update
addresses the vulnerability by correcting how
DirectWrite handles objects in memory. (CVE-2020-1409)
- An elevation of privilege vulnerability exists when the
Windows AppX Deployment Extensions improperly performs
privilege management, resulting in access to system
files. (CVE-2020-1431)
- An elevation of privilege vulnerability exists when the
Windows Profile Service improperly handles file
operations. An attacker who successfully exploited this
vulnerability could gain elevated privileges.
(CVE-2020-1360)
- An elevation of privilege vulnerability exists when
Windows Mobile Device Management (MDM) Diagnostics
improperly handles objects in memory. An attacker who
successfully exploited this vulnerability could bypass
access restrictions to delete files. (CVE-2020-1372)
- An elevation of privilege vulnerability exists when the
Windows Picker Platform improperly handles memory.
(CVE-2020-1363)
- An elevation of privilege vulnerability exists when
Windows improperly handles calls to Advanced Local
Procedure Call (ALPC). An attacker who successfully
exploited this vulnerability could run arbitrary code in
the security context of the local system. An attacker
could then install programs; view, change, or delete
data; or create new accounts with full user rights.
(CVE-2020-1396)
- A remote code execution vulnerability exists in the way
that the VBScript engine handles objects in memory. The
vulnerability could corrupt memory in such a way that an
attacker could execute arbitrary code in the context of
the current user. An attacker who successfully exploited
the vulnerability could gain the same user rights as the
current user. (CVE-2020-1403)
- A remote code execution vulnerability exists in the
Windows Remote Desktop Client when a user connects to a
malicious server. An attacker who successfully exploited
this vulnerability could execute arbitrary code on the
computer of the connecting client. An attacker could
then install programs; view, change, or delete data; or
create new accounts with full user rights.
(CVE-2020-1374)
- A remote code execution vulnerability exists when the
Windows font library improperly handles specially
crafted fonts. For all systems except Windows 10, an
attacker who successfully exploited the vulnerability
could execute code remotely. For systems running Windows
10, an attacker who successfully exploited the
vulnerability could execute code in an AppContainer
sandbox context with limited privileges and
capabilities. An attacker could then install programs;
view, change, or delete data; or create new accounts
with full user rights. There are multiple ways an
attacker could exploit the vulnerability:
(CVE-2020-1436)
- An elevation of privilege vulnerability exists in the
way that the Credential Enrollment Manager service
handles objects in memory. An attacker who successfully
exploited the vulnerability could execute code with
elevated permissions. (CVE-2020-1368)
- An elevation of privilege vulnerability exists in the
way that the Windows Network List Service handles
objects in memory. An attacker who successfully
exploited the vulnerability could execute code with
elevated permissions. (CVE-2020-1406)
- An information disclosure vulnerability exists when the
Windows Graphics component improperly handles objects in
memory. An attacker who successfully exploited this
vulnerability could obtain information to further
compromise the users system. An authenticated attacker
could exploit this vulnerability by running a specially
crafted application. The update addresses the
vulnerability by correcting how the Windows Graphics
Component handles objects in memory. (CVE-2020-1351)
- An information disclosure vulnerability exists when the
Windows GDI component improperly discloses the contents
of its memory. An attacker who successfully exploited
the vulnerability could obtain information to further
compromise the users system. There are multiple ways an
attacker could exploit the vulnerability, such as by
convincing a user to open a specially crafted document,
or by convincing a user to visit an untrusted webpage.
The security update addresses the vulnerability by
correcting how the Windows GDI component handles objects
in memory. (CVE-2020-1468)
- An elevation of privilege vulnerability exists when the
Windows Event Logging Service improperly handles memory.
(CVE-2020-1365, CVE-2020-1371)
- An information disclosure vulnerability exists when the
Windows kernel fails to properly initialize a memory
address. An attacker who successfully exploited this
vulnerability could obtain information to further
compromise the users system. (CVE-2020-1389,
CVE-2020-1419)
- An elevation of privilege vulnerability exists when the
Windows Print Workflow Service improperly handles
objects in memory. An attacker who successfully
exploited this vulnerability could gain elevated
privileges and break out of the AppContainer sandbox.
(CVE-2020-1366)
- An elevation of privilege vulnerability exists in the
way that the Windows WalletService handles objects in
memory. An attacker who successfully exploited the
vulnerability could execute code with elevated
permissions. (CVE-2020-1344, CVE-2020-1362,
CVE-2020-1369)
- An elevation of privilege vulnerability exists when the
Windows ActiveX Installer Service improperly handles
memory. (CVE-2020-1402)
- An elevation of privilege vulnerability exists in the
way that the Windows Geolocation Framework handles
objects in memory. An attacker who successfully
exploited the vulnerability could execute code with
elevated permissions. (CVE-2020-1394)
- An information vulnerability exists when Windows
Connected User Experiences and Telemetry Service
improperly discloses file information. Successful
exploitation of the vulnerability could allow the
attacker to read any file on the file system.
(CVE-2020-1386)
- This security update corrects a denial of service in the
Local Security Authority Subsystem Service (LSASS)
caused when an authenticated attacker sends a specially
crafted authentication request. A remote attacker who
successfully exploited this vulnerability could cause a
denial of service on the target system's LSASS service,
which triggers an automatic reboot of the system. The
security update addresses the vulnerability by changing
the way that LSASS handles specially crafted
authentication requests. (CVE-2020-1267)
- An elevation of privilege vulnerability exists when the
Windows Delivery Optimization service improperly handles
objects in memory. An attacker who successfully
exploited this vulnerability could run arbitrary code
with elevated system privileges. An attacker could then
install programs; view, change, or delete data; or
create new accounts with full user rights.
(CVE-2020-1392)
- A remote code execution vulnerability exists when
Windows Address Book (WAB) improperly processes vcard
files. (CVE-2020-1410)
- An elevation of privilege vulnerability exists when the
Windows Runtime improperly handles objects in memory. An
attacker who successfully exploited this vulnerability
could run arbitrary code in an elevated context. An
attacker could exploit this vulnerability by running a
specially crafted application on the victim system. The
update addresses the vulnerability by correcting the way
the Windows Runtime handles objects in memory.
(CVE-2020-1249, CVE-2020-1353, CVE-2020-1370,
CVE-2020-1399, CVE-2020-1404, CVE-2020-1413,
CVE-2020-1414, CVE-2020-1415, CVE-2020-1422)
- An elevation of privilege vulnerability exists when the
Windows UPnP Device Host improperly handles memory.
(CVE-2020-1354, CVE-2020-1430)
- An elevation of privilege vulnerability exists when the
Windows Update Stack fails to properly handle objects in
memory. An attacker who successfully exploited this
vulnerability could run arbitrary code in kernel mode.
An attacker could then install programs; view, change,
or delete data; or create new accounts with full user
rights. (CVE-2020-1424)
- An elevation of privilege vulnerability exists in the
way that the SharedStream Library handles objects in
memory. An attacker who successfully exploited the
vulnerability could execute code with elevated
permissions. (CVE-2020-1463)
- An elevation of privilege vulnerability exists when
Group Policy Services Policy Processing improperly
handle reparse points. An attacker who successfully
exploited this vulnerability could overwrite a targeted
file that would normally require elevated permissions.
(CVE-2020-1333)
- An elevation of privilege vulnerability exists in the
way the Windows Push Notification Service handles
objects in memory. An attacker who successfully
exploited this vulnerability could run processes in an
elevated context. An attacker could then install
programs; view, change or delete data. (CVE-2020-1387)
- A remote code execution vulnerability exists when the
Windows font library improperly handles specially
crafted embedded fonts. An attacker who successfully
exploited the vulnerability could take control of the
affected system. An attacker could then install
programs; view, change, or delete data; or create new
accounts with full user rights. (CVE-2020-1408)
- An elevation of privilege vulnerability exists in the
way that the Windows Kernel handles objects in memory.
An attacker who successfully exploited the vulnerability
could execute code with elevated permissions.
(CVE-2020-1336)
- An elevation of privilege vulnerability exists when the
Windows Storage Services improperly handle file
operations. An attacker who successfully exploited this
vulnerability could gain elevated privileges.
(CVE-2020-1347)
- A denial of service vulnerability exists in the way that
the WalletService handles files. An attacker who
successfully exploited the vulnerability could corrupt
system files. (CVE-2020-1364)
- An information disclosure vulnerability exists when
Skype for Business is accessed via Internet Explorer. An
attacker who exploited the vulnerability could cause the
user to place a call without additional consent, leading
to information disclosure of the user profile. For the
vulnerability to be exploited, a user must click a
specially crafted URL that prompts the Skype app.
(CVE-2020-1432)
- An elevation of privilege vulnerability exists in the
way that the Windows Network Location Awareness Service
handles objects in memory. An attacker who successfully
exploited the vulnerability could allow an application
with limited privileges on an affected system to execute
code at a medium integrity level. (CVE-2020-1437)
- An elevation of privilege vulnerability exists when the
Windows Diagnostics Hub Standard Collector Service fails
to properly sanitize input, leading to an unsecure
library-loading behavior. An attacker who successfully
exploited this vulnerability could run arbitrary code
with elevated system privileges. An attacker could then
install programs; view, change, or delete data; or
create new accounts with full user rights.
(CVE-2020-1393)
- A remote code execution vulnerability exists in .NET
Framework, Microsoft SharePoint, and Visual Studio when
the software fails to check the source markup of XML
file input. An attacker who successfully exploited the
vulnerability could run arbitrary code in the context of
the process responsible for deserialization of the XML
content. (CVE-2020-1147)
- An elevation of privilege vulnerability exists in the
way that the Windows Network Connections Service handles
objects in memory. An attacker who successfully
exploited the vulnerability could execute code with
elevated permissions. (CVE-2020-1373, CVE-2020-1390,
CVE-2020-1427, CVE-2020-1428, CVE-2020-1438)
- An elevation of privilege vulnerability exists when the
Windows Cryptography Next Generation (CNG) Key Isolation
service improperly handles memory. An attacker who
successfully exploited this vulnerability could run
processes in an elevated context. (CVE-2020-1359,
CVE-2020-1384)
- An information disclosure vulnerability exists when the
Windows Resource Policy component improperly handles
memory. (CVE-2020-1358)
- An elevation of privilege vulnerability exists in the
way that the Windows Speech Brokered API handles objects
in memory. An attacker who successfully exploited the
vulnerability could execute code with elevated
permissions. (CVE-2020-1395)
- An information disclosure vulnerability exists when
Windows Error Reporting improperly handles file
operations. (CVE-2020-1420)
- A remote code execution vulnerability exists in the way
that Microsoft Graphics Components handle objects in
memory. An attacker who successfully exploited the
vulnerability could execute arbitrary code on a target
system. (CVE-2020-1412)
- An information disclosure vulnerability exists when the
Windows kernel improperly handles objects in memory. An
attacker who successfully exploited this vulnerability
could obtain information to further compromise the users
system. An authenticated attacker could exploit this
vulnerability by running a specially crafted
application. The update addresses the vulnerability by
correcting how the Windows kernel handles objects in
memory. (CVE-2020-1426)
- An information disclosure vulnerability exists when
Microsoft Edge PDF Reader improperly handles objects in
memory. An attacker who successfully exploited the
vulnerability could obtain information to further
compromise the users system. (CVE-2020-1433)
- A remote code execution vulnerability exists when the
Windows Jet Database Engine improperly handles objects
in memory. An attacker who successfully exploited this
vulnerability could execute arbitrary code on a victim
system. An attacker could exploit this vulnerability by
enticing a victim to open a specially crafted file. The
update addresses the vulnerability by correcting the way
the Windows Jet Database Engine handles objects in
memory. (CVE-2020-1400, CVE-2020-1401, CVE-2020-1407)
- An elevation of privilege vulnerability exists when
Windows Error Reporting manager improperly handles a
process crash. An attacker who successfully exploited
this vulnerability could delete a targeted file leading
to an elevated status. (CVE-2020-1429)
- An elevation of privilege vulnerability exists in the
way that the psmsrv.dll handles objects in memory. An
attacker who successfully exploited the vulnerability
could execute code with elevated permissions.
(CVE-2020-1388)
- An elevation of privilege vulnerability exists in the
way that the Windows Credential Picker handles objects
in memory. An attacker who successfully exploited the
vulnerability could allow an application with limited
privileges on an affected system to execute code at a
medium integrity level. (CVE-2020-1385)
- A remote code execution vulnerability exists in
Microsoft Windows that could allow remote code execution
if a .LNK file is processed. An attacker who
successfully exploited this vulnerability could gain the
same user rights as the local user. (CVE-2020-1421)
- An information disclosure vulnerability exists in
Windows when the Windows Imaging Component fails to
properly handle objects in memory. An attacker who
successfully exploited this vulnerability could obtain
information to further compromise the user's system.
There are multiple ways an attacker could exploit this
vulnerability: (CVE-2020-1397)
- A remote code execution vulnerability exists in the way
that the Windows Graphics Device Interface (GDI) handles
objects in the memory. An attacker who successfully
exploited this vulnerability could take control of the
affected system. An attacker could then install
programs; view, change, or delete data; or create new
accounts with full user rights. (CVE-2020-1435)
- An elevation of privilege vulnerability exists in the
way that the Windows Function Discovery Service handles
objects in memory. An attacker who successfully
exploited the vulnerability could execute code with
elevated permissions. (CVE-2020-1085)
- An information disclosure vulnerability exists in the
way that the WalletService handles memory.
(CVE-2020-1361)
- An elevation of privilege vulnerability exists in the
way that the Windows Sync Host Service handles objects
in memory. An attacker who successfully exploited the
vulnerability could allow an application with limited
privileges on an affected system to execute code at a
medium integrity level. (CVE-2020-1434)
- An information disclosure vulnerability exists when
Skype for Business is accessed via Microsoft Edge
(EdgeHTML-based). An attacker who exploited the
vulnerability could cause the user to place a call
without additional consent, leading to information
disclosure of the user profile. For the vulnerability to
be exploited, a user must click a specially crafted URL
that prompts the Skype app. (CVE-2020-1462)
- An elevation of privilege vulnerability exists when
Windows Lockscreen fails to properly handle Ease of
Access dialog. An attacker who successfully exploited
the vulnerability could execute commands with elevated
permissions. The security update addresses the
vulnerability by ensuring that the Ease of Access dialog
is handled properly. (CVE-2020-1398)");
# https://support.microsoft.com/en-us/help/4565489/windows-10-update-kb4565489
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?e6e77e0f");
script_set_attribute(attribute:"solution", value:
"Apply Cumulative Update KB4565489.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-1435");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"exploited_by_malware", value:"true");
script_set_attribute(attribute:"metasploit_name", value:'SharePoint DataSet / DataTable Deserialization');
script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2020/07/14");
script_set_attribute(attribute:"patch_publication_date", value:"2020/07/14");
script_set_attribute(attribute:"plugin_publication_date", value:"2020/07/14");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/o:microsoft:windows");
script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:edge");
script_set_attribute(attribute:"stig_severity", value:"I");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Windows : Microsoft Bulletins");
script_copyright(english:"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("smb_check_rollup.nasl", "smb_hotfixes.nasl", "ms_bulletin_checks_possible.nasl");
script_require_keys("SMB/MS_Bulletin_Checks/Possible");
script_require_ports(139, 445, "Host/patch_management_checks");
exit(0);
}
include('smb_func.inc');
include('smb_hotfixes.inc');
include('smb_hotfixes_fcheck.inc');
include('smb_reg_query.inc');
include('install_func.inc');
get_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');
bulletin = 'MS20-07';
kbs = make_list(
'4565489'
);
if (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);
get_kb_item_or_exit('SMB/Registry/Enumerated');
get_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);
if (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);
share = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);
if (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);
if (
smb_check_rollup(os:'10',
sp:0,
os_build:'17134',
rollup_date:'07_2020',
bulletin:bulletin,
rollup_kb_list:[4565489])
)
{
replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);
hotfix_security_hole();
hotfix_check_fversion_end();
exit(0);
}
else
{
hotfix_check_fversion_end();
audit(AUDIT_HOST_NOT, hotfix_get_audit_report());
}
The latest version of this script can be found in these locations depending on your platform:
- Linux / Unix:
/opt/nessus/lib/nessus/plugins/smb_nt_ms20_jul_4565489.nasl
- Windows:
C:\ProgramData\Tenable\Nessus\nessus\plugins\smb_nt_ms20_jul_4565489.nasl
- Mac OS X:
/Library/Nessus/run/lib/nessus/plugins/smb_nt_ms20_jul_4565489.nasl
Go back to menu.
How to Run
Here is how to run the KB4565489: Windows 10 Version 1803 July 2020 Security Update as a standalone plugin via the Nessus web user interface (https://localhost:8834/):
- Click to start a New Scan.
- Select Advanced Scan.
- Navigate to the Plugins tab.
- On the top right corner click to Disable All plugins.
- On the left side table select Windows : Microsoft Bulletins plugin family.
- On the right side table select KB4565489: Windows 10 Version 1803 July 2020 Security Update plugin ID 138455.
- Specify the target on the Settings tab and click to Save the scan.
- Run the scan.
Here are a few examples of how to run the plugin in the command line. Note that the examples below demonstrate the usage on the Linux / Unix platform.
Basic usage:
/opt/nessus/bin/nasl smb_nt_ms20_jul_4565489.nasl -t <IP/HOST>
Run the plugin with audit trail message on the console:
/opt/nessus/bin/nasl -a smb_nt_ms20_jul_4565489.nasl -t <IP/HOST>
Run the plugin with trace script execution written to the console (useful for debugging):
/opt/nessus/bin/nasl -T - smb_nt_ms20_jul_4565489.nasl -t <IP/HOST>
Run the plugin with using a state file for the target and updating it (useful for running multiple plugins on the target):
/opt/nessus/bin/nasl -K /tmp/state smb_nt_ms20_jul_4565489.nasl -t <IP/HOST>
Go back to menu.
References
MSKB | Microsoft Knowledge Base: MSFT | Microsoft Security Bulletin:
- MS20-4565489
- 2020-A-0300-S, 2020-A-0302-S, 2020-A-0313-S
- https://www.tenable.com/plugins/nessus/138455
- http://www.nessus.org/u?e6e77e0f
- https://vulners.com/nessus/SMB_NT_MS20_JUL_4565489.NASL
- 145867 - CentOS 8 : .NET Core (CESA-2020:2938)
- 145908 - CentOS 8 : .NET Core 3.1 (CESA-2020:2954)
- 138660 - Oracle Linux 8 : .NET / Core (ELSA-2020-2938)
- 138661 - Oracle Linux 8 : .NET / 3.1 / Core (ELSA-2020-2954)
- 138504 - RHEL 7 : .NET Core 2.1 on Red Hat Enterprise Linux (RHSA-2020:2937)
- 138500 - RHEL 8 : .NET Core (RHSA-2020:2938)
- 138505 - RHEL 7 : .NET Core 3.1 on Red Hat Enterprise Linux (RHSA-2020:2939)
- 138609 - RHEL 8 : .NET Core 3.1 (RHSA-2020:2954)
- 138842 - RHEL 8 : .NET Core (RHSA-2020:2988)
- 138606 - RHEL 8 : .NET Core (RHSA-2020:2989)
- 138453 - KB4558998: Windows 10 Version 1809 and Windows Server 2019 July 2020 Security Update
- 138454 - KB4565483: Windows 10 Version 1903 and Windows 10 Version 1909 July 2020 Security Update
- 138456 - KB4565503: Windows 10 Version 2004 July 2020 Security Update
- 138457 - KB4565508: Windows 10 Version 1709 July 2020 Security Update
- 138458 - KB4565511: Windows 10 Version 1607 and Windows Server 2016 July 2020 Security Update
- 138459 - KB4565513: Windows 10 July 2020 Security Update
- 138460 - KB4565539: Windows 7 and Windows Server 2008 R2 July 2020 Security Update
- 138461 - KB4565529: Windows Server 2008 July 2020 Security Update
- 138462 - KB4565535: Windows Server 2012 July 2020 Security Update
- 138463 - KB4565540: Windows 8.1 and Windows Server 2012 R2 July 2020 Security Update
- 138465 - Security Update for .NET Core (July 2020)
- 138466 - Security Update for .NET Core SDK (July 2020)
- 138464 - Security Updates for Microsoft .NET Framework (July 2020)
- 138512 - Security Updates for Microsoft SharePoint Server (July 2020)
- 138473 - Security Updates for Microsoft Visual Studio Products (July 2020)
Version
This page has been produced using Nessus Professional 10.1.2 (#68) LINUX, Plugin set 202205072148.
Plugin file smb_nt_ms20_jul_4565489.nasl version 1.12. For more plugins, visit the Nessus Plugin Library.
Go back to menu.