CVE-2020-0635
published 2020-01-14CVE-2020-0635: An elevation of privilege vulnerability exists in Microsoft Windows when Windows fails to properly handle certain symbolic links, aka 'Windows Elevation of…
high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
An elevation of privilege vulnerability exists in Microsoft Windows when Windows fails to properly handle certain symbolic links, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0644.
Affected
58 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10_version_1903_for_32-bit_systems | — | — |
| microsoft | windows_10_version_1903_for_arm64-based_systems | — | — |
| microsoft | windows_10_version_1903_for_x64-based_systems | — | — |
GHSA
GHSA-g2x6-g872-cmqg: An elevation of privilege vulnerability exists in Microsoft Windows when Windows fails to properly handle certain symbolic links, aka 'Windows Elevati
ghsa_unreviewed·2022-05-24·CVSS 7.8
CVE-2020-0635 [HIGH] GHSA-g2x6-g872-cmqg: An elevation of privilege vulnerability exists in Microsoft Windows when Windows fails to properly handle certain symbolic links, aka 'Windows Elevati
An elevation of privilege vulnerability exists in Microsoft Windows when Windows fails to properly handle certain symbolic links, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0644.
GHSA
GHSA-3334-49c6-xvm9: An elevation of privilege vulnerability exists when Microsoft Windows implements predictable memory section names, aka 'Windows Elevation of Privilege
ghsa_unreviewed·2022-05-24·CVSS 7.8
CVE-2020-0644 [HIGH] CWE-269 GHSA-3334-49c6-xvm9: An elevation of privilege vulnerability exists when Microsoft Windows implements predictable memory section names, aka 'Windows Elevation of Privilege
An elevation of privilege vulnerability exists when Microsoft Windows implements predictable memory section names, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0635.
Microsoft
Windows Elevation of Privilege Vulnerability
vendor_msrc·2020-01-14·CVSS 7.8
CVE-2020-0635 [HIGH] Windows Elevation of Privilege Vulnerability
Windows Elevation of Privilege Vulnerability
Description: An elevation of privilege vulnerability exists in Microsoft Windows when Windows fails to properly handle certain symbolic links. An attacker who successfully exploited this vulnerability could potentially set certain items to run at a higher level and thereby elevate permissions.
To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system.
The update addresses this vulnerability by correcting how the Windows handles symbolic links.
Microsoft Windows: Microsoft Windows
Impact: Elevation of Privilege
Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Releas
No detection rules found.
No public exploits indexed.
Talos
Microsoft Patch Tuesday — Jan. 2020: Vulnerability disclosures and Snort coverage
blogs_talos·2020-01-14·CVSS 8.1
CVE-2020-0601 [HIGH] Microsoft Patch Tuesday — Jan. 2020: Vulnerability disclosures and Snort coverage
## Microsoft Patch Tuesday — Jan. 2020: Vulnerability disclosures and Snort coverage
By Jon Munshaw. Updated January 15th: Added an Advanced Custom Detection (ACD) signature for AMP that can be used to detect exploitation of CVE-2020-0601 by spoofing certificates masquerading as a Microsoft ECC Code Signing Certificate Authority.
Microsoft released its monthly security update today, disclosing vulnerabilities across many of its products and releasing corresponding updates. This month's Patch Tuesday covers 49 vulnerabilities, eight of which are considered critical.
This month's security update is particularly important for its disclosure of two vulnerabilities related to a core cryptographic component in all versions of Windows. CVE-2020-0601 could allow an attacker to use cryptography
Talos
Microsoft Patch Tuesday — Jan. 2020: Vulnerability disclosures and Snort coverage
blogs_talos·2020-01-14·CVSS 8.1
CVE-2020-0601 [HIGH] Microsoft Patch Tuesday — Jan. 2020: Vulnerability disclosures and Snort coverage
By Jon Munshaw.
Updated January 15th: Added an Advanced Custom Detection (ACD) signature for AMP that can be used to detect exploitation of CVE-2020-0601 by spoofing certificates masquerading as a Microsoft ECC Code Signing Certificate Authority.
Microsoft released its monthly security update today, disclosing vulnerabilities across many of its products and releasing corresponding updates. This month's Patch Tuesday covers 49 vulnerabilities, eight of which are considered critical.
This month's security update is particularly important for its disclosure of two vulnerabilities related to a core cryptographic component in all versions of Windows. CVE-2020-0601 could allow an attacker to use cryptography to sign a malicious executable, making the file appear as if it was from a trusted sou
2020-01-14
Published