CVE-2020-0981

A security feature bypass vulnerability exists when Windows fails to properly handle token relationships.An attacker who successfully exploited the vulnerability could allow an application with a certain integrity level to execute code at a different integrity level, leading to a sandbox escape.The update addresses the vulnerability by correcting how Windows handles token relationships, aka 'Windows Token Security Feature Bypass Vulnerability'.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.8 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
microsoftCNA
---
---
CVEADP
---
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 12%
Common Weakness Enumeration
References
http://packetstormsecurity.com/files/157248/Microsoft-Windows-NtFilterToken-ParentTokenId-Incorrect-Setting-Privilege-Escalation.html
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0981
http://packetstormsecurity.com/files/157248/Microsoft-Windows-NtFilterToken-ParentTokenId-Incorrect-Setting-Privilege-Escalation.html
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0981