CVE-2020-0638
CVE-2020-0638
In short
A flaw in Windows Update Notification Manager allows an attacker who already has access to your computer to gain higher-level permissions and control more of the system. This is dangerous because it lets limited accounts become administrators.
Technical detail
An elevation of privilege vulnerability in the Update Notification Manager's file handling mechanism allows a locally authenticated attacker to escalate privileges. The vulnerability requires initial code execution on the target system; successful exploitation grants attacker ability to execute code with elevated SYSTEM or administrator context.
Summary generated and translated by AI from the official description.
An elevation of privilege vulnerability exists in the way the Update Notification Manager handles files.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Update Notification Manager Elevation of Privilege Vulnerability'.
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected products
Microsoft · WindowsMicrosoft · Windows 10 Version 1903 for 32-bit SystemsMicrosoft · Windows 10 Version 1903 for ARM64-based SystemsMicrosoft · Windows 10 Version 1903 for x64-based SystemsMicrosoft · Windows 10 Version 1909 for 32-bit SystemsMicrosoft · Windows 10 Version 1909 for ARM64-based SystemsMicrosoft · Windows 10 Version 1909 for x64-based SystemsMicrosoft · Windows ServerMicrosoft · Windows Server, version 1903 (Server Core installation)Microsoft · Windows Server, version 1909 (Server Core installation)Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →