CVE-2020-1122

EUVD-2020-12009

11.09.2020, 17:15

<p>An elevation of privilege vulnerability exists when the Windows Language Pack Installer improperly handles file operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context.</p>
<p>An attacker could exploit this vulnerability by running a specially crafted application on the victim system.</p>
<p>The update addresses the vulnerability by correcting the way the Windows Language Pack Installer handles file operations.</p>

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	5.5 MEDIUM	LOCAL	LOW	LOW	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
microsoft	CNA	5.5 MEDIUM				CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C

Base Score

CVSS 3.x

EPSS Score

Percentile: 62%

Affected Products (NVD)

Vendor	Product	Version
microsoft	windows_server_2019	-

𝑥

= Vulnerable software versions

Windows Releases

Platform

Version

Windows 10

1803 (arm64, x64, x86)	KB4577032
1809 (arm64, x64, x86)	KB4570333
1903 (arm64, x64, x86)	KB4574727
1909 (arm64, x64, x86)	KB4574727
2004 (arm64, x64, x86)	KB4571756

Windows Server

1903 Server Core	KB4574727
1909 Server Core	KB4574727
2004 Server Core	KB4571756

Windows Server 2019

Server Core	KB4570333
Standard	KB4570333

Common Weakness Enumeration

CWE-754 - Improper Check for Unusual or Exceptional Conditions
The software does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the software.

References

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1122