CVE-2020-1209 — Improper Privilege Management in Microsoft Windows 10 Version 1903 FOR 32-bit Systems

CWE-269 — Improper Privilege Management CWE-354 — Improper Validation of Integrity Check Value CWE-346 — Origin Validation Error5 documents4 sources

Severity

7.8HIGHNVD

EPSS

12.1%

top 6.15%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Windows 10 Version 1903 FOR 32-bit Systems Microsoft Windows 10 Version 1903 FOR Arm64-based Systems Microsoft Windows 10 Version 1903 FOR X64-based Systems +20 more

Timeline

PublishedJun 9

Latest updateMay 24

Description

An elevation of privilege vulnerability exists in the way that the Windows Network List Service handles objects in memory, aka 'Windows Network List Service Elevation of Privilege Vulnerability'.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages23 packages

▶NVDmicrosoft/windows1903, 1909, 2004+2

▶NVDmicrosoft/windows_101903, 1909, 2004+2

▶msrcmsrc/windows_server_version_1903

▶msrcmsrc/windows_server_version_1909

▶msrcmsrc/windows_server_version_2004

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-93xj-548f-7wr6: An elevation of privilege vulnerability exists in the way that the Windows Network List Service handles objects in memory, aka 'Windows Network List S↗2022-05-24

▶

📋Vendor Advisories

Red Hat

kernel: not verifying TKIP MIC of fragmented frames↗2021-05-11

▶

Red Hat

kernel: accepting plaintext data frames in protected networks↗2021-05-11

▶

Microsoft

Windows Network List Service Elevation of Privilege Vulnerability↗2020-06-09

▶