CVE-2020-16908

Summary

<p>An elevation of privilege vulnerability exists in Windows Setup in the way it handles directories.</p> <p>A locally authenticated attacker could run arbitrary code with elevated system privileges. After successfully exploiting the vulnerability, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.</p> <p>The security update addresses the vulnerability by ensuring Windows Setup properly handles directories.</p>

Affected Software

VendorProductVersion RangeStatus
MicrosoftWindows 10 Version 1803N/Aaffected
MicrosoftWindows 10 Version 1809N/Aaffected
MicrosoftWindows 10 Version 1909N/Aaffected
MicrosoftWindows 10 Version 1903 for 32-bit SystemsN/Aaffected
MicrosoftWindows 10 Version 1903 for x64-based SystemsN/Aaffected
MicrosoftWindows 10 Version 1903 for ARM64-based SystemsN/Aaffected
MicrosoftWindows 10 Version 2004N/Aaffected

Weaknesses

  • Elevation of Privilege

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References