CVE-2020-0808: Provisioning Runtime Elevation of Privilege Vulnerability
Overview
- Severity
- High (CVSS 7.8)
- CVSS Vector
- CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
- Category
- Elevation of Privilege
- Exploit Status
- Not Exploited
- Exploitation Likelihood
- Less Likely
- Patch Tuesday
- 2020-Mar
- Released
- 2020-03-10
- Last Updated
- 2020-03-11
- EPSS Score
- 0.37% (percentile: 58.9%)
Description
An elevation of privilege vulnerability exists in the way the Provisioning Runtime validates certain file operations. An attacker who successfully exploited the vulnerability could gain elevated privileges on a victim system.
To exploit the vulnerability, an attacker would require unprivileged code execution on a victim system.
The security update addresses the vulnerability by correctly validating file operations.
Affected Products (20)
Windows
- Windows 10 Version 1803 for 32-bit Systems
- Windows 10 Version 1803 for x64-based Systems
- Windows Server, version 1803 (Server Core Installation)
- Windows 10 Version 1803 for ARM64-based Systems
- Windows 10 Version 1809 for 32-bit Systems
- Windows 10 Version 1809 for x64-based Systems
- Windows 10 Version 1809 for ARM64-based Systems
- Windows Server 2019
- Windows Server 2019 (Server Core installation)
- Windows 10 Version 1909 for 32-bit Systems
- Windows 10 Version 1909 for x64-based Systems
- Windows 10 Version 1909 for ARM64-based Systems
- Windows Server, version 1909 (Server Core installation)
- Windows 10 Version 1709 for 32-bit Systems
- Windows 10 Version 1709 for x64-based Systems
- Windows 10 Version 1709 for ARM64-based Systems
- Windows 10 Version 1903 for 32-bit Systems
- Windows 10 Version 1903 for x64-based Systems
- Windows 10 Version 1903 for ARM64-based Systems
- Windows Server, version 1903 (Server Core installation)
Security Updates (4)
Acknowledgments
Zhiniang Peng (<a href="https://twitter.com/edwardzpeng">@edwardzpeng</a>) of Qihoo 360 Core security and Fangming Gu (<a href="https://twitter.com/afang5472">@afang5472</a>)
Revision History
- 2020-03-10: Information published.
- 2020-03-11: Updated acknowledgment.