CVE-2020-1054: Win32k Elevation of Privilege Vulnerability
Overview
- Severity
- High (CVSS 7)
- CVSS Vector
- CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
- Category
- Elevation of Privilege
- Exploit Status
- Not Exploited
- Exploitation Likelihood
- More Likely
- Patch Tuesday
- 2020-May
- Released
- 2020-05-12
- Last Updated
- 2020-05-14
- EPSS Score
- 80.93% (percentile: 99.2%)
- CISA KEV
- Listed — due 2022-05-03
Description
An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system.
The update addresses this vulnerability by correcting how the Windows kernel-mode driver handles objects in memory.
Known Exploits (5)
- Microsoft Win32k Privilege Escalation Vulnerability — added 2025-04-16T03:38:02Z
- Microsoft Win32k Privilege Escalation Vulnerability — added 2020-10-28T00:48:43Z
- Microsoft Win32k Privilege Escalation Vulnerability — added 2020-08-09T05:48:10Z
- Microsoft Win32k Privilege Escalation Vulnerability — added 2020-07-25T11:56:48Z
- Microsoft Win32k Privilege Escalation Vulnerability — added 2020-06-16T23:22:15Z
Detection & Weaponization (2 sources)
Maturity: Exploit
- Metasploit modules: Microsoft Windows DrawIconEx OOB Write Local Privilege Elevation
- GitHub PoC: 4 repositories
Affected Products (41)
Windows
- Windows 10 Version 1803 for 32-bit Systems
- Windows 10 Version 1803 for x64-based Systems
- Windows Server, version 1803 (Server Core Installation)
- Windows 10 Version 1803 for ARM64-based Systems
- Windows 10 Version 1809 for 32-bit Systems
- Windows 10 Version 1809 for x64-based Systems
- Windows 10 Version 1809 for ARM64-based Systems
- Windows Server 2019
- Windows Server 2019 (Server Core installation)
- Windows 10 Version 1909 for 32-bit Systems
- Windows 10 Version 1909 for x64-based Systems
- Windows 10 Version 1909 for ARM64-based Systems
- Windows Server, version 1909 (Server Core installation)
- Windows 10 Version 1709 for 32-bit Systems
- Windows 10 Version 1709 for x64-based Systems
- Windows 10 Version 1709 for ARM64-based Systems
- Windows 10 Version 1903 for 32-bit Systems
- Windows 10 Version 1903 for x64-based Systems
- Windows 10 Version 1903 for ARM64-based Systems
- Windows Server, version 1903 (Server Core installation)
- Windows 10 for 32-bit Systems
- Windows 10 for x64-based Systems
- Windows 10 Version 1607 for 32-bit Systems
- Windows 10 Version 1607 for x64-based Systems
- Windows Server 2016
- Windows Server 2016 (Server Core installation)
- Windows 8.1 for 32-bit systems
- Windows 8.1 for x64-based systems
- Windows RT 8.1
- Windows Server 2012
- Windows Server 2012 (Server Core installation)
- Windows Server 2012 R2
- Windows Server 2012 R2 (Server Core installation)
ESU
- Windows 7 for 32-bit Systems Service Pack 1
- Windows 7 for x64-based Systems Service Pack 1
- Windows Server 2008 for 32-bit Systems Service Pack 2
- Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
- Windows Server 2008 for x64-based Systems Service Pack 2
- Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
- Windows Server 2008 R2 for x64-based Systems Service Pack 1
- Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Security Updates (14)
Acknowledgments
Netanel Ben-Simon and Yoav Alon from Check Point Research, bee13oy of Qihoo 360 Vulcan Team
Revision History
- 2020-05-12: Information published.
- 2020-05-14: Added acknowledgements. This is an informational change only.