CVE-2020-0616: Microsoft Windows Denial of Service Vulnerability

Overview

Severity: Medium (CVSS 5.5)
CVSS Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
Category: Denial of Service
Exploit Status: Not Exploited
Exploitation Likelihood: Less Likely
Patch Tuesday: 2020-Jan
Released: 2020-01-14
EPSS Score: 0.70% (percentile: 71.9%)

Description

A denial of service vulnerability exists when Windows improperly handles hard links. An attacker who successfully exploited the vulnerability could cause a target system to stop responding. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The vulnerability would allow an attacker to overwrite system files. The update addresses the vulnerability by correcting ACLs to system files.

Affected Products (13)

Windows

Windows 10 Version 1809 for 32-bit Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 1809 for ARM64-based Systems
Windows Server 2019
Windows Server 2019 (Server Core installation)
Windows 10 Version 1903 for 32-bit Systems
Windows 10 Version 1903 for x64-based Systems
Windows 10 Version 1903 for ARM64-based Systems
Windows Server, version 1903 (Server Core installation)
Windows 10 Version 1909 for 32-bit Systems
Windows 10 Version 1909 for x64-based Systems
Windows 10 Version 1909 for ARM64-based Systems
Windows Server, version 1909 (Server Core installation)

Security Updates (2)

Acknowledgments

Jeong Oh Kyea(@kkokkokye) of THEORI working with <a href="https://www.zerodayinitiative.com/">Trend Micro's Zero Day Initiative</a>, <a href="https://twitter.com/edwardzpeng">Zhiniang Peng</a> of Qihoo 360 Core security & <a href="https://twitter.com/afang5472">Fangming Gu</a>, Zhiniang Peng (<a href="https://twitter.com/edwardzpeng">@edwardzpeng</a>) of Qihoo 360 Core security & Xuefeng Li, <a href="https://twitter.com/edwardzpeng">Zhiniang Peng</a> of Qihoo 360 Core security and Jiadong Lu

Revision History

2020-01-14: Information published.