CVE-2020-1336

CWE-269Improper Privilege Management4 documents4 sources
Severity
7.8HIGH
EPSS
0.3%
top 47.99%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
24
Microsoft Windows 10 Version 1607Microsoft Windows 10 Version 1709Microsoft Windows 10 Version 1709 FOR 32-bit Systems+21 more
Timeline
PublishedJul 14
Latest updateMay 24

Description

An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. To exploit the vulnerability, a locally authenticated attacker could run a specially crafted application. The security update addresses the vulnerability by ensuring the Windows Kernel properly handles objects in memory.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages25 packages

CVEListV5microsoft/windows_server_201610.0.0publication
CVEListV5microsoft/windows_server_201910.0.0publication
CVEListV5microsoft/windows_10_version_160710.0.0publication
CVEListV5microsoft/windows_10_version_170910.0.0publication
CVEListV5microsoft/windows_10_version_180310.0.0publication

Patches

Patch: portal.msrc.microsoft.comPatch: portal.msrc.microsoft.com

🔴Vulnerability Details

2
GHSA
GHSA-vcff-c3pp-m363: An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory, aka 'Windows Kernel Elevation of Privileg2022-05-24
CVEList
Windows Kernel Elevation of Privilege Vulnerability2020-07-14

📋Vendor Advisories

1
Microsoft
Windows Kernel Elevation of Privilege Vulnerability2020-07-14
CVE-2020-1336 (HIGH CVSS 7.8) | An elevation of privilege vulnerabi | cvebase.io