CVE-2020-16877

EUVD-2020-8835

16.10.2020, 23:15

<p>An elevation of privilege vulnerability exists when Microsoft Windows improperly handles reparse points. An attacker who successfully exploited this vulnerability could overwrite or delete a targeted file that would normally require elevated permissions.</p>
<p>To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and overwrite or delete files.</p>
<p>The security update addresses the vulnerability by correcting how Windows handles reparse points.</p>

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	7.1 HIGH	LOCAL	LOW	LOW	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
microsoft	CNA	7.1 HIGH				CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:P/RL:O/RC:C

Awaiting analysis

This vulnerability is currently awaiting analysis.

Base Score

CVSS 3.x

EPSS Score

Percentile: 58%

Windows Releases

Platform

Version

Windows 10

1903 (arm64, x64, x86)	KB4577671
1909 (arm64, x64, x86)	KB4577671
2004 (arm64, x64, x86)	KB4579311

Windows Server

1903 Server Core	KB4577671
1909 Server Core	KB4577671
2004 Server Core	KB4579311

References

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16877