CVE-2020-16877: Windows Elevation of Privilege Vulnerability

Overview

Severity

High (CVSS 7.1)

CVSS Vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:P/RL:O/RC:C

Category

Elevation of Privilege

Exploit Status

Not Exploited

Exploitation Likelihood

Less Likely

Patch Tuesday

2020-Oct

Released

2020-10-13

EPSS Score

0.38% (percentile: 59.3%)

Description

An elevation of privilege vulnerability exists when Microsoft Windows improperly handles reparse points. An attacker who successfully exploited this vulnerability could overwrite or delete a targeted file that would normally require elevated permissions. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and overwrite or delete files. The security update addresses the vulnerability by correcting how Windows handles reparse points.

Affected Products (12)

Other

• 11712
• 11713
• 11714
• 11715
• 11644
• 11645
• 11646
• 11647
• 11766
• 11767
• 11768
• 11769

Security Updates (2)

• 4577671
• 4579311

Acknowledgments

Donato Ferrante of IOActive

Revision History

• 2020-10-13: Information published.