⚠ Actively exploited in ransomware campaigns

This vulnerability is on the CISA Known Exploited Vulnerabilities list and has been used in known ransomware attacks. CISA required action: Apply updates per vendor instructions.. Due date: 2022-06-13.

CVE-2020-0638 — Link Following in Microsoft Windows

CWE-59 — Link Following CWE-269 — Improper Privilege Management9 documents8 sources

Severity

7.8HIGHNVD

EPSS

1.5%

top 18.98%

CISA KEV

KEVRansomware

Added 2022-05-23

Due 2022-06-13

Exploit

Exploited in wild

Active exploitation observed

Affected products

Microsoft Windows Microsoft Windows 10 Version 1903 FOR 32-bit Systems Microsoft Windows 10 Version 1903 FOR Arm64-based Systems +5 more

Timeline

PublishedJan 14

KEV addedMay 23

Latest updateMay 24

KEV dueJun 13

CISA Required Action: Apply updates per vendor instructions.

Description

An elevation of privilege vulnerability exists in the way the Update Notification Manager handles files.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Update Notification Manager Elevation of Privilege Vulnerability'.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages8 packages

▶CVEListV5microsoft/windows_10_version_1903_for_32-bit_systemsunspecified

▶CVEListV5microsoft/windows_10_version_1909_for_32-bit_systemsunspecified

▶CVEListV5microsoft/windows_10_version_1903_for_x64-based_systemsunspecified

▶CVEListV5microsoft/windows_10_version_1909_for_x64-based_systemsunspecified

▶CVEListV5microsoft/windows_10_version_1903_for_arm64-based_systemsunspecified

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-53p9-m4mr-wp8x: An elevation of privilege vulnerability exists in the way the Update Notification Manager handles files↗2022-05-24

▶

CVEList

CVE-2020-0638: An elevation of privilege vulnerability exists in the way the Update Notification Manager handles files↗2020-01-14

▶

VulnCheck

Microsoft Update Notification Manager Privilege Escalation Vulnerability↗2020

▶

📋Vendor Advisories

CISA

Microsoft Update Notification Manager Privilege Escalation Vulnerability↗2022-05-23

▶

Microsoft

Update Notification Manager Elevation of Privilege Vulnerability↗2020-01-14

▶

🕵️Threat Intelligence

Tenable

ContiLeaks: Chats Reveal Over 30 Vulnerabilities Used by Conti Ransomware – How Tenable Can Help↗2022-03-24

▶

Talos

Microsoft Patch Tuesday — Jan. 2020: Vulnerability disclosures and Snort coverage↗2020-01-14

▶

Talos

Microsoft Patch Tuesday — Jan. 2020: Vulnerability disclosures and Snort coverage↗2020-01-14

▶