CVE-2020-1571

Summary

An elevation of privilege vulnerability exists in Windows Setup in the way it handles permissions. A locally authenticated attacker could run arbitrary code with elevated system privileges. After successfully exploiting the vulnerability, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. The security update addresses the vulnerability by ensuring Windows Setup properly handles permissions.

Affected Software

VendorProductVersion RangeStatus
MicrosoftWindows 10 Version 2004N/Aaffected
MicrosoftWindows 10 Version 1803N/Aaffected
MicrosoftWindows 10 Version 1809N/Aaffected
MicrosoftWindows 10 Version 1909N/Aaffected
MicrosoftWindows 10 Version 1903 for 32-bit SystemsN/Aaffected
MicrosoftWindows 10 Version 1903 for x64-based SystemsN/Aaffected
MicrosoftWindows 10 Version 1903 for ARM64-based SystemsN/Aaffected

Weaknesses

  • Elevation of Privilege

ADP Enrichment

CVE Program Container

Additional References

References