CVE-2020-16910 — Improper Preservation of Permissions in Microsoft Windows 10 Version 1507

CWE-281 — Improper Preservation of Permissions4 documents4 sources

Severity

5.5MEDIUMNVD

CNA6.2

EPSS

4.0%

top 11.49%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Windows 10 Version 1507 Microsoft Windows 10 Version 1607 Microsoft Windows 10 Version 1709 +12 more

Timeline

PublishedOct 16

Latest updateMay 24

Description

A security feature bypass vulnerability exists when Microsoft Windows fails to handle file creation permissions, which could allow an attacker to create files in a protected Unified Extensible Firmware Interface (UEFI) location. To exploit this vulnerability, an attacker could run a specially crafted application to bypass Unified Extensible Firmware Interface (UEFI) variable security in Windows. The security update addresses the vulnerability by correcting security feature behavior to enforce pe…

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages16 packages

▶CVEListV5microsoft/windows_server_201610.0.0 — publication

▶CVEListV5microsoft/windows_server_201910.0.0 — publication

▶CVEListV5microsoft/windows_10_version_150710.0.0 — publication

▶CVEListV5microsoft/windows_10_version_160710.0.0 — publication

▶CVEListV5microsoft/windows_10_version_170910.0.0 — publication

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-5vfg-hf4p-8hcf: A security feature bypass vulnerability exists when Microsoft Windows fails to handle file creation permissions, which could allow an attacker to crea↗2022-05-24

▶

CVEList

Windows Security Feature Bypass Vulnerability↗2020-10-16

▶

📋Vendor Advisories

Microsoft

Windows Security Feature Bypass Vulnerability↗2020-10-13

▶