Published: 12/03/2020 Updated: 16/03/2020
CVSS v2 Base Score: 2.1 | Impact Score: 2.9 | Exploitability Score: 3.9
Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Summary

Microsoft Windows could allow a local authenticated malicious user to obtain sensitive information, caused by a flaw in the Windows Connected User Experiences and Telemetry Service. By persuading a victim to open specially-crafted content, a remote attacker could exploit this vulnerability to obtain sensitive information and then use this information to launch further attacks against the affected system.

Vulnerability Trend

Affected Products

Vendor Product Versions
MicrosoftWindows 101903, 1909
MicrosoftWindows Server 20161903, 1909

Github Repositories

Microsoft Windows DiagTrack 'UtcApi_DownloadLatestSettings' Arbitrary File Read

Recent Articles

Microsoft Patch Tuesday – March 2020
Symantec Threat Intelligence Blog • Preethi Koroth • 11 Mar 2020

This month the vendor has patched 115 vulnerabilities, 25 of which are rated Critical.

Posted: 11 Mar, 202028 Min ReadThreat Intelligence SubscribeMicrosoft Patch Tuesday – March 2020This month the vendor has patched 115 vulnerabilities, 25 of which are rated Critical.As always, customers are advised to follow these security best practices:

Install vendor patches as soon as they are available.
Run all software with the least privileges required while still maintaining functionality.
Avoid handlin...