CVE-2020-1013 — Improper Privilege Management in Microsoft Windows 10 Version 1507

CWE-269 — Improper Privilege Management5 documents5 sources

Severity

8.1HIGHNVD

CNA7.5

EPSS

32.2%

top 3.17%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Windows 10 Version 1507 Microsoft Windows 10 Version 1607 Microsoft Windows 10 Version 1709 +20 more

Timeline

PublishedSep 11

Latest updateMay 24

Description

An elevation of privilege vulnerability exists when Microsoft Windows processes group policy updates. An attacker who successfully exploited this vulnerability could potentially escalate permissions or perform additional privileged actions on the target machine. To exploit this vulnerability, an attacker would need to launch a man-in-the-middle (MiTM) attack against the traffic passing between a domain controller and the target machine. An attacker could then create a group policy to grant admin…

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.2 | Impact: 5.9

Affected Packages23 packages

▶CVEListV5microsoft/windows_76.1.0 — publication

▶CVEListV5microsoft/windows_8.16.3.0 — publication

▶CVEListV5microsoft/windows_server_20126.2.0 — publication

▶CVEListV5microsoft/windows_server_201610.0.0 — publication

▶CVEListV5microsoft/windows_server_201910.0.0 — publication

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-vjjj-cvhp-gg8p: An elevation of privilege vulnerability exists when Microsoft Windows processes group policy updates, aka 'Group Policy Elevation of Privilege Vulnera↗2022-05-24

▶

CVEList

Group Policy Elevation of Privilege Vulnerability↗2020-09-11

▶

📋Vendor Advisories

Microsoft

Group Policy Elevation of Privilege Vulnerability↗2020-09-08

▶

💬Community

Bugzilla

CVE-2020-13999 libemf: Integer overflow which could result in denial of service↗2020-06-23

▶