Main Vulnerability Database SB2020011449

SB2020011449 - Security restrictions bypass in Microsoft Windows

Published: January 14, 2020

Security Bulletin ID SB2020011449

CSH Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact Information disclosure

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 vulnerability.

1) Protection Mechanism Failure (CVE-ID: CVE-2020-0644)

CWE-ID: CWE-693 - Protection Mechanism Failure

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a local user to bypass implemented security restrictions.

The vulnerability exists due to Microsoft Windows implements predictable memory section names. An attacker can use this vulnerability along with another issue to bypass implemented security restrictions and elevate privileges on the system.

Remediation

Install update from vendor's website.

References

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0644