CVE-2020-16909: Windows Error Reporting Elevation of Privilege Vulnerability

Overview

Severity

High (CVSS 7.8)

CVSS Vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

Category

Elevation of Privilege

Exploit Status

Not Exploited

Exploitation Likelihood

Less Likely

Publicly Disclosed

Yes

Patch Tuesday

2020-Oct

Released

2020-10-13

EPSS Score

0.38% (percentile: 59.4%)

Description

An elevation of privilege vulnerability exists in Windows Error Reporting (WER) when WER handles and executes files. The vulnerability could allow elevation of privilege if an attacker can successfully exploit it. An attacker who successfully exploited the vulnerability could gain greater access to sensitive information and system functionality. To exploit the vulnerability, an attacker could run a specially crafted application. The security update addresses the vulnerability by correcting the way that WER handles and executes files.

Affected Products (29)

Other

• 11497
• 11498
• 11563
• 11568
• 11569
• 11570
• 11571
• 11572
• 11712
• 11713
• 11714
• 11715
• 11453
• 11454
• 11583
• 11644
• 11645
• 11646
• 11647
• 11766
• 11767
• 11768
• 11769
• 10729
• 10735
• 10852
• 10853
• 10816
• 10855

Security Updates (7)

• 4580330
• 4577668
• 4577671
• 4580328
• 4579311
• 4580327
• 4580346

Revision History

• 2020-10-13: Information published.