CVE-2020-1578

EUVD-2020-12451
An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass. An attacker who successfully exploited the vulnerability could retrieve the memory address of a kernel object.
To exploit the vulnerability, an attacker would have to log on to an affected system and run a specially crafted application.
The security update addresses the vulnerability by correcting how the Windows kernel handles memory addresses.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.7 MEDIUM
LOCAL
HIGH
LOW
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 57%
Affected Products (NVD)
VendorProductVersion
microsoftwindows_server_2019
-
𝑥
= Vulnerable software versions
Windows Releases
Platform
Version
Windows 10
1803 (arm64, x64, x86)
KB4571709
1809 (arm64, x64, x86)
KB4565349
1903 (arm64, x64, x86)
KB4565351
1909 (arm64, x64, x86)
KB4565351
2004 (arm64, x64, x86)
KB4566782
Windows Server
1903 Server Core
KB4565351
1909 Server Core
KB4565351
2004 Server Core
KB4566782
Windows Server 2019
Server Core
KB4565349
Standard
KB4565349
References
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1578
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1578