CVE-2020-1571
published 2020-08-17CVE-2020-1571: An elevation of privilege vulnerability exists in Windows Setup in the way it handles permissions. A locally authenticated attacker could run arbitrary code…
high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
An elevation of privilege vulnerability exists in Windows Setup in the way it handles permissions.
A locally authenticated attacker could run arbitrary code with elevated system privileges. After successfully exploiting the vulnerability, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
The security update addresses the vulnerability by ensuring Windows Setup properly handles permissions.
Affected
27 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10_version_1803 | — | — |
| microsoft | windows_10_version_1809 | — | — |
| microsoft | windows_10_version_1903_for_32-bit_systems | — | — |
| microsoft | windows_10_version_1903_for_arm64-based_systems | — | — |
| microsoft | windows_10_version_1903_for_x64-based_systems | — | — |
| microsoft | windows_10_version_1909 | — | — |
| microsoft | windows_10_version_2004 | — | — |
| msrc | windows_10_version_1803_for_32-bit_systems | — | — |
| msrc | windows_10_version_1803_for_arm64-based_systems | — | — |
| msrc | windows_10_version_1803_for_x64-based_systems | — | — |
| msrc | windows_10_version_1809_for_32-bit_systems | — | — |
| msrc | windows_10_version_1809_for_arm64-based_systems | — | — |
| msrc | windows_10_version_1809_for_x64-based_systems | — | — |
| msrc | windows_10_version_1903_for_32-bit_systems | — | — |
| msrc | windows_10_version_1903_for_arm64-based_systems | — | — |
| msrc | windows_10_version_1903_for_x64-based_systems | — | — |
| msrc | windows_10_version_1909_for_32-bit_systems | — | — |
| msrc | windows_10_version_1909_for_arm64-based_systems | — | — |
| msrc | windows_10_version_1909_for_x64-based_systems | — | — |
| msrc | windows_10_version_2004_for_32-bit_systems | — | — |
GHSA
GHSA-pwm8-7wmq-v7qm: An elevation of privilege vulnerability exists in Windows Setup in the way it handles permissions
ghsa_unreviewed·2022-05-24
CVE-2020-1571 [HIGH] CWE-276 GHSA-pwm8-7wmq-v7qm: An elevation of privilege vulnerability exists in Windows Setup in the way it handles permissions
An elevation of privilege vulnerability exists in Windows Setup in the way it handles permissions.A locally authenticated attacker could run arbitrary code with elevated system privileges, aka 'Windows Setup Elevation of Privilege Vulnerability'.
Microsoft
Windows Setup Elevation of Privilege Vulnerability
vendor_msrc·2020-08-11·CVSS 7.8
CVE-2020-1571 [HIGH] Windows Setup Elevation of Privilege Vulnerability
Windows Setup Elevation of Privilege Vulnerability
Description: An elevation of privilege vulnerability exists in Windows Setup in the way it handles permissions.
A locally authenticated attacker could run arbitrary code with elevated system privileges. After successfully exploiting the vulnerability, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
The security update addresses the vulnerability by ensuring Windows Setup properly handles permissions.
FAQ: There are no security updates listed for the affected versions of Windows. Where does this vulnerability exist?
This vulnerability only exists in the Windows 10 Setup, which runs temporarily any time a customer upgrades from a previous version of Windows 10 to a newer
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2020-08-17
Published