Published: 17/08/2020 Updated: 19/01/2024

CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9

CVSS v3 Base Score: 7.3 | Impact Score: 5.9 | Exploitability Score: 1.3

VMScore: 642

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

An elevation of privilege vulnerability exists in Windows Setup in the way it handles permissions. A locally authenticated attacker could run arbitrary code with elevated system privileges. After successfully exploiting the vulnerability, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. The security update addresses the vulnerability by ensuring Windows Setup properly handles permissions.

Vulnerable Product	Search on Vulmon	Subscribe to Product
microsoft windows 10 1803
microsoft windows 10 1809
microsoft windows 10 1903
microsoft windows 10 1909
microsoft windows 10 2004

CVE-2020-1571 Windows Setup Elevation of Privileges Bypass 0day UPDATE: Microsoft has patched the bug in october 2020 patch and the following CVE was assigned CVE-2020-16908 Summary: Let's check out what did Microsoft about this vulnerability An elevation of privilege vulnerability exists in Windows Setup in the way it handles permissions A locally authenticated attacker

Weaponizing for Arbitrary Files/Directories Delete bugs to Get NT AUTHORITY\SYSTEM

Delete2SYSTEM Weaponizing for Arbitrary Files/Directories Delete bugs to Get NT AUTHORITY\SYSTEM Short Description: I just combined @jonasLyk's technique secretclub/2020/04/23/directory-deletion-shellhtml and one of technique from this article 0x00secorg/t/windows-defender-av-zero-day-vulnerability/22258 which using windows media player (service and fold

CWE-276 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1571 https://nvd.nist.gov https://github.com/eduardoacdias/Windows-Setup-EoP https://github.com/sailay1996/delete2SYSTEM

CVE-2020-1571

Vulnerability Summary

Vulnerability Trend

Github Repositories

References

Vulmon Search

About

Products

Connect