CVE-2020-1152Improper Privilege Management in Microsoft Windows 10 Version 1507

CWE-269Improper Privilege Management4 documents4 sources
Severity
7.8HIGHNVD
CNA5.8
EPSS
0.2%
top 59.54%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
18
Microsoft Windows 10 Version 1507Microsoft Windows 10 Version 1607Microsoft Windows 10 Version 1709+15 more
Timeline
PublishedSep 11
Latest updateMay 24

Description

An elevation of privilege vulnerability exists when Windows improperly handles calls to Win32k.sys. An attacker who successfully exploited the vulnerability could gain elevated privileges on a targeted system. To exploit the vulnerability, an attacker would have to log on to an affected system and run a specially crafted script or application. The update addresses the vulnerability by correcting how Windows handles calls to Win32k.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages19 packages

CVEListV5microsoft/windows_8.16.3.0publication

Patches

Patch: portal.msrc.microsoft.comPatch: portal.msrc.microsoft.com

🔴Vulnerability Details

2
GHSA
GHSA-5qpm-64j6-5684: An elevation of privilege vulnerability exists when Windows improperly handles calls to Win32k2022-05-24
CVEList
Windows Win32k Elevation of Privilege Vulnerability2020-09-11

📋Vendor Advisories

1
Microsoft
Windows Win32k Elevation of Privilege Vulnerability2020-09-08
CVE-2020-1152 — Improper Privilege Management | cvebase