⚠ Actively exploited in ransomware campaigns

This vulnerability is on the CISA Known Exploited Vulnerabilities list and has been used in known ransomware attacks. CISA required action: Apply updates per vendor instructions.. Due date: 2022-07-28.

CVE-2020-0787 — Link Following in Microsoft Windows

CWE-59 — Link Following CWE-269 — Improper Privilege Management24 documents13 sources

Severity

7.8HIGHNVD

EPSS

59.9%

top 1.73%

CISA KEV

KEVRansomware

Added 2022-01-28

Due 2022-07-28

Exploit

Exploited in wild

Active exploitation observed

Affected products

Microsoft Windows Microsoft Windows 10 Version 1903 FOR 32-bit Systems Microsoft Windows 10 Version 1903 FOR Arm64-based Systems +7 more

Timeline

PublishedMar 12

KEV addedJan 28

KEV dueJul 28

Latest updateSep 6

CISA Required Action: Apply updates per vendor instructions.

Description

An elevation of privilege vulnerability exists when the Windows Background Intelligent Transfer Service (BITS) improperly handles symbolic links, aka 'Windows Background Intelligent Transfer Service Elevation of Privilege Vulnerability'.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages9 packages

▶CVEListV5microsoft/windows_10_version_1903_for_32-bit_systemsunspecified

▶CVEListV5microsoft/windows_10_version_1909_for_32-bit_systemsunspecified

▶CVEListV5microsoft/windows18 versions+17

▶NVDmicrosoft/windowsr2

▶CVEListV5microsoft/windows_server17 versions+16

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-2ffp-p9mj-92cf: An elevation of privilege vulnerability exists when the Windows Background Intelligent Transfer Service (BITS) improperly handles symbolic links, aka↗2022-05-24

▶

CVEList

CVE-2020-0787: An elevation of privilege vulnerability exists when the Windows Background Intelligent Transfer Service (BITS) improperly handles symbolic links, aka↗2020-03-12

▶

VulnCheck

Microsoft Windows Background Intelligent Transfer Service (BITS) Improper Privilege Management Vulnerability↗2020

▶

💥Exploits & PoCs

Metasploit

Background Intelligent Transfer Service Arbitrary File Move Privilege Elevation Vulnerability↗

▶

📋Vendor Advisories

CISA

Microsoft Windows Background Intelligent Transfer Service (BITS) Improper Privilege Management Vulnerability↗2022-01-28

▶

Microsoft

Windows Background Intelligent Transfer Service Elevation of Privilege Vulnerability↗2020-03-10

▶

🕵️Threat Intelligence

Tenable

Cybersecurity Snapshot: RansomHub Group Triggers CISA Warning, While FBI Says North Korean Hackers Are Targeting Crypto Orgs↗2024-09-06

▶

Tenable

Cybersecurity Snapshot: 6 Things That Matter Right Now↗2022-08-19

▶

Tenable

Analyzing the Vulnerabilities Associated with the Top Malware Strains of 2021↗2022-08-04

▶

Unit42

Why Are My Junctions Not Followed? Exploring Windows Redirection Trust Mitigation↗2022-06-14

▶

Unit42

Why Are My Junctions Not Followed? Exploring Windows Redirection Trust Mitigation↗2022-06-14

▶

📄Research Papers

CTF

AdventOfCyber2 / Day12↗

▶

External resources

NVD MITRE CISA KEV

Affected products10

Microsoft Windowsv10 Version 1607 for 32-bit Systemsv10 Version 1607 for x64-based Systemsv10 Version 1709 for 32-bit Systems+15 more

Microsoft Windows 10 Version 1903 FOR 32-bit Systemsvunspecified

Microsoft Windows 10 Version 1903 FOR Arm64-based Systemsvunspecified

Microsoft Windows 10 Version 1903 FOR X64-based Systemsvunspecified

Microsoft Windows 10 Version 1909 FOR 32-bit Systemsvunspecified

Microsoft Windows 10 Version 1909 FOR Arm64-based Systemsvunspecified

Microsoft Windows 10 Version 1909 FOR X64-based Systemsvunspecified

Microsoft Windows Serverv2008 R2 for Itanium-Based Systems Service Pack 1v2008 R2 for x64-based Systems Service Pack 1v2008 R2 for x64-based Systems Service Pack 1 (Core installation)+14 more

Microsoft Windows Server 2008vr2

Microsoft Windows Server 2012vr2

Disclosure

PublishedMar 12, 2020

KEV addedJan 28, 2022

KEV dueJul 28, 2022

Latest updateSep 6, 2024