CVE-2020-1283: Windows Denial of Service Vulnerability

Overview

Severity

Medium (CVSS 5.5)

CVSS Vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C

Category

Denial of Service

Exploit Status

Not Exploited

Exploitation Likelihood

Less Likely

Patch Tuesday

2020-Jun

Released

2020-06-09

Last Updated

2020-06-15

EPSS Score

28.23% (percentile: 96.5%)

Description

A denial of service vulnerability exists when Windows improperly handles objects in memory. An attacker who successfully exploited the vulnerability could cause a target system to stop responding. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application or to convince a user to open a specific file on a network share. The vulnerability would not allow an attacker to execute code or to elevate user rights directly, but it could be used to cause a target system to stop responding. The update addresses the vulnerability by correcting how Windows handles objects in memory.

Detection & Weaponization (1 sources)

Maturity: Exploit

• GitHub PoC: 1 repositories

Affected Products (28)

Windows

• Windows 10 Version 1803 for 32-bit Systems
• Windows 10 Version 1803 for x64-based Systems
• Windows Server, version 1803 (Server Core Installation)
• Windows 10 Version 1803 for ARM64-based Systems
• Windows 10 Version 1809 for 32-bit Systems
• Windows 10 Version 1809 for x64-based Systems
• Windows 10 Version 1809 for ARM64-based Systems
• Windows Server 2019
• Windows Server 2019 (Server Core installation)
• Windows 10 Version 1909 for 32-bit Systems
• Windows 10 Version 1909 for x64-based Systems
• Windows 10 Version 1909 for ARM64-based Systems
• Windows Server, version 1909 (Server Core installation)
• Windows 10 Version 1709 for 32-bit Systems
• Windows 10 Version 1709 for x64-based Systems
• Windows 10 Version 1709 for ARM64-based Systems
• Windows 10 Version 1903 for 32-bit Systems
• Windows 10 Version 1903 for x64-based Systems
• Windows 10 Version 1903 for ARM64-based Systems
• Windows Server, version 1903 (Server Core installation)
• Windows 10 Version 1607 for 32-bit Systems
• Windows 10 Version 1607 for x64-based Systems
• Windows Server 2016
• Windows Server 2016 (Server Core installation)
• Windows 10 Version 2004 for 32-bit Systems
• Windows 10 Version 2004 for x64-based Systems
• Windows 10 Version 2004 for ARM64-based Systems
• Windows Server, version 2004 (Server Core installation)

Security Updates (6)

• 4561621
• 4561608
• 4560960
• 4561602
• 4561616
• 4557957

Acknowledgments

Ilias Dimopoulos of <a href="https://labs.redyops.com/">RedyOps Research Labs</a>, Gábor Selján (<a href="https://twitter.com/GaborSeljan">@GaborSeljan</a>), Zhiniang Peng (<a href="https://twitter.com/edwardzpeng">@edwardzpeng</a>) of Qihoo 360 Core security & Jiadong Lu

Revision History

• 2020-06-09: Information published.
• 2020-06-15: Added acknowledgements. This is an informational change only.