CVE-2020-1592

EUVD-2020-12463

11.09.2020, 17:15

<p>An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory.</p>
<p>To exploit this vulnerability, an authenticated attacker could run a specially crafted application. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system.</p>
<p>The update addresses the vulnerability by correcting how the Windows kernel initializes objects in memory.</p>

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	4.4 MEDIUM	LOCAL	LOW	LOW	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
microsoft	CNA	4.4 MEDIUM				CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C

Base Score

CVSS 3.x

EPSS Score

Percentile: 59%

Affected Products (NVD)

Vendor	Product	Version
microsoft	windows_server_2019	-

𝑥

= Vulnerable software versions

Windows Releases

Platform

Version

Windows 10

1803 (arm64, x64, x86)	KB4577032
1809 (arm64, x64, x86)	KB4570333
1903 (arm64, x64, x86)	KB4574727
1909 (arm64, x64, x86)	KB4574727
2004 (arm64, x64, x86)	KB4571756

Windows Server

1903 Server Core	KB4574727
1909 Server Core	KB4574727
2004 Server Core	KB4571756

Windows Server 2019

Server Core	KB4570333
Standard	KB4570333

Common Weakness Enumeration

CWE-665 - Improper Initialization
The software does not initialize or incorrectly initializes a resource, which might leave the resource in an unexpected state when it is accessed or used.

References

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1592