CVE-2020-1532

EUVD-2020-12406
<p>An elevation of privilege vulnerability exists when the Windows InstallService improperly handles memory.</p>
<p>To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.</p>
<p>The security update addresses the vulnerability by correcting how the Windows InstallService handles memory.</p>
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
microsoftCNA
7.8 HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 58%
Windows Releases
Platform
Version
Windows 10
1903 (arm64, x64, x86)
KB4574727
1909 (arm64, x64, x86)
KB4574727
2004 (arm64, x64, x86)
KB4571756
Windows Server
1903 Server Core
KB4574727
1909 Server Core
KB4574727
2004 Server Core
KB4571756
References
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1532
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1532