CVE-2020-1118: Microsoft Windows Transport Layer Security Denial of Service Vulnerability

Overview

Severity: High (CVSS 8.6)
CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:P/RL:O/RC:C
Category: Denial of Service
Exploit Status: Not Exploited
Exploitation Likelihood: Less Likely
Patch Tuesday: 2020-May
Released: 2020-05-12
EPSS Score: 11.29% (percentile: 93.5%)

Description

A denial of service vulnerability exists in the Windows implementation of Transport Layer Security (TLS) when it improperly handles certain key exchanges. An attacker who successfully exploited the vulnerability could cause a target system to stop responding. To exploit this vulnerability, a remote unauthenticated attacker could send a specially crafted request to a target system utilizing TLS 1.2 or lower, triggering the system to automatically reboot. The update addresses the vulnerability by changing the way TLS key exchange messages are validated.

Affected Products (20)

Windows

Windows 10 Version 1803 for 32-bit Systems
Windows 10 Version 1803 for x64-based Systems
Windows Server, version 1803 (Server Core Installation)
Windows 10 Version 1803 for ARM64-based Systems
Windows 10 Version 1809 for 32-bit Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 1809 for ARM64-based Systems
Windows Server 2019
Windows Server 2019 (Server Core installation)
Windows 10 Version 1909 for 32-bit Systems
Windows 10 Version 1909 for x64-based Systems
Windows 10 Version 1909 for ARM64-based Systems
Windows Server, version 1909 (Server Core installation)
Windows 10 Version 1709 for 32-bit Systems
Windows 10 Version 1709 for x64-based Systems
Windows 10 Version 1709 for ARM64-based Systems
Windows 10 Version 1903 for 32-bit Systems
Windows 10 Version 1903 for x64-based Systems
Windows 10 Version 1903 for ARM64-based Systems
Windows Server, version 1903 (Server Core installation)

Security Updates (4)

Revision History

2020-05-12: Information published.