CVE-2020-0917Improper Privilege Management in Microsoft Windows

CWE-269Improper Privilege Management7 documents6 sources
Severity
6.8MEDIUMNVD
EPSS
1.2%
top 21.01%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
Microsoft WindowsMicrosoft Windows 10 Version 1903 FOR X64-based SystemsMicrosoft Windows 10 Version 1909 FOR X64-based Systems+3 more
Timeline
PublishedApr 15
Latest updateMay 24

Description

An elevation of privilege vulnerability exists when Windows Hyper-V on a host server fails to properly handle objects in memory, aka 'Windows Hyper-V Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0918.

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.9 | Impact: 5.9

Affected Packages6 packages

CVEListV5microsoft/windows_server2019, 2019 (Core installation)+1
CVEListV5microsoft/windows10 Version 1809 for x64-based Systems
NVDmicrosoft/windows1903, 1909+1
NVDmicrosoft/windows_101809, 1903, 1909+2

Patches

Patch: portal.msrc.microsoft.comPatch: portal.msrc.microsoft.com

🔴Vulnerability Details

2
GHSA
GHSA-2qrm-vwv9-87jm: An elevation of privilege vulnerability exists when Windows Hyper-V on a host server fails to properly handle objects in memory, aka 'Windows Hyper-V2022-05-24
CVEList
CVE-2020-0917: An elevation of privilege vulnerability exists when Windows Hyper-V on a host server fails to properly handle objects in memory, aka 'Windows Hyper-V2020-04-15

📋Vendor Advisories

1
Microsoft
Windows Hyper-V Elevation of Privilege Vulnerability2020-04-14

🕵️Threat Intelligence

3
Tenable
Microsoft’s April 2020 Patch Tuesday Addresses 113 CVEs Including Adobe Type Manager Library Zero-Day Flaws (CVE-2020-0938, CVE-2020-1020)2020-04-14
Talos
Microsoft Patch Tuesday — April 2020: Vulnerability disclosures and Snort coverage2020-04-14
Talos
Microsoft Patch Tuesday — April 2020: Vulnerability disclosures and Snort coverage2020-04-14
CVE-2020-0917 — Improper Privilege Management | cvebase