Windows Elevation of Privilege Vulnerability in Microsoft Products
CVE-2020-1054
Key Information:
- Vendor
- Microsoft
- Status
- Vendor
- CVE Published:
- 21 May 2020
Badges
Summary
An elevation of privilege vulnerability exists in Microsoft Windows when the Windows kernel-mode driver does not properly manage objects in memory. If exploited, this vulnerability could allow an attacker to execute arbitrary code with elevated privileges, potentially compromising the security integrity of the system. This issue stems from flaws in the 'Win32k' component, and it highlights the importance of following security best practices and applying necessary updates to protect systems from potential exploitation.
CISA Reported
CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace
The CISA's recommendation is: Apply updates per vendor instructions.
Affected Version(s)
Windows 10 Version 1803 for 32-bit Systems
Windows 10 Version 1803 for x64-based Systems
Windows 10 Version 1803 for ARM64-based Systems
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
EPSS Score
80% chance of being exploited in the next 30 days.
CVSS V3.1
Timeline
- 🦅
CISA Reported
- 🟡
Public PoC available
- 👾
Exploit known to exist
Vulnerability published
Vulnerability Reserved