CVE-2020-17086
published 2020-11-11CVE-2020-17086: Raw Image Extension Remote Code Execution Vulnerability
PriorityP259critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
4.26%
89.8th percentile
Raw Image Extension Remote Code Execution Vulnerability
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | raw_image_extension | < 1.0.32861.0 | 1.0.32861.0 |
| microsoft | raw_image_extension | — | — |
| msrc | raw_image_extension | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Check installed app package version; versions prior to 1.0.32861.0 of Microsoft.RawImageExtension are vulnerable ↗
- →Use PowerShell to enumerate the Raw Image Extension package and verify patched version is installed ↗
- ·Only systems with the Raw Image Extension app installed from the Microsoft Store are vulnerable; default Windows installations are not affected ↗
- ·Customers who have disabled automatic Microsoft Store updates will not receive the patch automatically and must update manually ↗
- ·Disconnected/enterprise environments (Microsoft Store for Business/Education) must obtain the update through their organizations ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vendor_msrc7.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-j78q-9grv-2694: Raw Image Extension Remote Code Execution Vulnerability This CVE ID is unique from CVE-2020-17079, CVE-2020-17082, CVE-2020-17086
ghsa_unreviewed·2022-05-24·CVSS 7.8
CVE-2020-17078 [HIGH] GHSA-j78q-9grv-2694: Raw Image Extension Remote Code Execution Vulnerability This CVE ID is unique from CVE-2020-17079, CVE-2020-17082, CVE-2020-17086
Raw Image Extension Remote Code Execution Vulnerability This CVE ID is unique from CVE-2020-17079, CVE-2020-17082, CVE-2020-17086.
GHSA
GHSA-6fj6-vxrv-q2xm: Raw Image Extension Remote Code Execution Vulnerability This CVE ID is unique from CVE-2020-17078, CVE-2020-17079, CVE-2020-17082
ghsa_unreviewed·2022-05-24·CVSS 7.8
CVE-2020-17086 [HIGH] GHSA-6fj6-vxrv-q2xm: Raw Image Extension Remote Code Execution Vulnerability This CVE ID is unique from CVE-2020-17078, CVE-2020-17079, CVE-2020-17082
Raw Image Extension Remote Code Execution Vulnerability This CVE ID is unique from CVE-2020-17078, CVE-2020-17079, CVE-2020-17082.
GHSA
GHSA-r4pr-fjhx-f9hp: Raw Image Extension Remote Code Execution Vulnerability This CVE ID is unique from CVE-2020-17078, CVE-2020-17082, CVE-2020-17086
ghsa_unreviewed·2022-05-24·CVSS 7.8
CVE-2020-17079 [HIGH] GHSA-r4pr-fjhx-f9hp: Raw Image Extension Remote Code Execution Vulnerability This CVE ID is unique from CVE-2020-17078, CVE-2020-17082, CVE-2020-17086
Raw Image Extension Remote Code Execution Vulnerability This CVE ID is unique from CVE-2020-17078, CVE-2020-17082, CVE-2020-17086.
GHSA
GHSA-q267-jq98-h563: Raw Image Extension Remote Code Execution Vulnerability This CVE ID is unique from CVE-2020-17078, CVE-2020-17079, CVE-2020-17086
ghsa_unreviewed·2022-05-24·CVSS 7.8
CVE-2020-17082 [HIGH] GHSA-q267-jq98-h563: Raw Image Extension Remote Code Execution Vulnerability This CVE ID is unique from CVE-2020-17078, CVE-2020-17079, CVE-2020-17086
Raw Image Extension Remote Code Execution Vulnerability This CVE ID is unique from CVE-2020-17078, CVE-2020-17079, CVE-2020-17086.
Microsoft
Raw Image Extension Remote Code Execution Vulnerability
vendor_msrc·2020-11-10·CVSS 7.8
CVE-2020-17086 [HIGH] Raw Image Extension Remote Code Execution Vulnerability
Raw Image Extension Remote Code Execution Vulnerability
FAQ: Is Windows vulnerable in the default configuration?
No. Only customers who have installed this app from the Microsoft Store may be vulnerable.
How do I get the updated app?
The Microsoft Store will automatically update affected customers. Alternatively, customers can get the update immediately; see here for details.
It is possible for customers to disable automatic updates for the Microsoft Store. The Microsoft Store will not automatically install this update for those customers.
My system is in a disconnected environment; is it vulnerable?
Customers using the Microsoft Store for Business and Microsoft Store for Education can get this update through their organizations.
How can I check if the update is installed?
App package ver
No detection rules found.
No public exploits indexed.
2020-11-11
Published