CVE-2020-0621 — Insufficient Session Expiration in Microsoft Windows

CWE-613 — Insufficient Session Expiration6 documents5 sources

Severity

4.4MEDIUMNVD

EPSS

0.2%

top 59.95%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Windows Microsoft Windows Server Microsoft Windows 10 +1 more

Timeline

PublishedJan 14

Latest updateMay 24

Description

A security feature bypass vulnerability exists in Windows 10 when third party filters are called during a password update, aka 'Windows Security Feature Bypass Vulnerability'.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:NExploitability: 0.8 | Impact: 3.6

Affected Packages4 packages

▶CVEListV5microsoft/windows9 versions+8

▶NVDmicrosoft/windows1803

▶NVDmicrosoft/windows_101709, 1803, 1809+2

▶CVEListV5microsoft/windows_server2019, 2019 (Core installation), version 1803 (Core Installation)+2

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-hg3w-x3pv-cqqc: A security feature bypass vulnerability exists in Windows 10 when third party filters are called during a password update, aka 'Windows Security Featu↗2022-05-24

▶

CVEList

CVE-2020-0621: A security feature bypass vulnerability exists in Windows 10 when third party filters are called during a password update, aka 'Windows Security Featu↗2020-01-14

▶

📋Vendor Advisories

Microsoft

Windows Security Feature Bypass Vulnerability↗2020-01-14

▶

🕵️Threat Intelligence

Talos

Microsoft Patch Tuesday — Jan. 2020: Vulnerability disclosures and Snort coverage↗2020-01-14

▶

Talos

Microsoft Patch Tuesday — Jan. 2020: Vulnerability disclosures and Snort coverage↗2020-01-14

▶