CVE-2020-1122 — Improper Check for Unusual or Exceptional Conditions in Microsoft Windows 10 Version 1803

CWE-754 — Improper Check for Unusual or Exceptional Conditions4 documents4 sources

Severity

7.8HIGHNVD

CNA5.5

EPSS

0.4%

top 37.02%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Windows 10 Version 1803 Microsoft Windows 10 Version 1809 Microsoft Windows 10 Version 1903 FOR 32-bit Systems +8 more

Timeline

PublishedSep 11

Latest updateMay 24

Description

An elevation of privilege vulnerability exists when the Windows Language Pack Installer improperly handles file operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The update addresses the vulnerability by correcting the way the Windows Language Pack Installer handles file operations.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages11 packages

▶CVEListV5microsoft/windows_10_version_1903_for_32-bit_systems10.0.0 — publication

▶CVEListV5microsoft/windows_10_version_1903_for_x64-based_systems10.0.0 — publication

▶CVEListV5microsoft/windows_10_version_1903_for_arm64-based_systems10.0.0 — publication

▶CVEListV5microsoft/windows_server_201910.0.0 — publication

▶CVEListV5microsoft/windows_10_version_180310.0.0 — publication

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-72rh-rg2h-2726: An elevation of privilege vulnerability exists when the Windows Language Pack Installer improperly handles file operations, aka 'Windows Language Pack↗2022-05-24

▶

CVEList

Windows Language Pack Installer Elevation of Privilege Vulnerability↗2020-09-11

▶

📋Vendor Advisories

Microsoft

Windows Language Pack Installer Elevation of Privilege Vulnerability↗2020-09-08

▶