CVE-2020-16908: An elevation of privilege vulnerability exists in Windows Setup in the way it handles directories. A locally authenticated attacker could run arbitrary code…

high7.8CVSS 3.1

AVLACLPRLUINSUCHIHAH

An elevation of privilege vulnerability exists in Windows Setup in the way it handles directories. A locally authenticated attacker could run arbitrary code with elevated system privileges. After successfully exploiting the vulnerability, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. The security update addresses the vulnerability by ensuring Windows Setup properly handles directories.

Affected

27 ranges· showing 25

Vendor	Product	Version range	Fixed in
microsoft	windows_10	—	—
microsoft	windows_10	—	—
microsoft	windows_10	—	—
microsoft	windows_10	—	—
microsoft	windows_10	—	—
microsoft	windows_10_version_1803	—	—
microsoft	windows_10_version_1809	—	—
microsoft	windows_10_version_1903_for_32-bit_systems	—	—
microsoft	windows_10_version_1903_for_arm64-based_systems	—	—
microsoft	windows_10_version_1903_for_x64-based_systems	—	—
microsoft	windows_10_version_1909	—	—
microsoft	windows_10_version_2004	—	—
msrc	windows_10_version_1803_for_32-bit_systems	—	—
msrc	windows_10_version_1803_for_arm64-based_systems	—	—
msrc	windows_10_version_1803_for_x64-based_systems	—	—
msrc	windows_10_version_1809_for_32-bit_systems	—	—
msrc	windows_10_version_1809_for_arm64-based_systems	—	—
msrc	windows_10_version_1809_for_x64-based_systems	—	—
msrc	windows_10_version_1903_for_32-bit_systems	—	—
msrc	windows_10_version_1903_for_arm64-based_systems	—	—
msrc	windows_10_version_1903_for_x64-based_systems	—	—
msrc	windows_10_version_1909_for_32-bit_systems	—	—
msrc	windows_10_version_1909_for_arm64-based_systems	—	—
msrc	windows_10_version_1909_for_x64-based_systems	—	—
msrc	windows_10_version_2004_for_32-bit_systems	—	—