Main Vulnerability Database SB2020120837

SB2020120837 - Security Features in Microsoft Windows Lock Screen

Published: December 8, 2020

Security Bulletin ID SB2020120837

CSH Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Physical access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 vulnerability.

1) Security Features (CVE-ID: CVE-2020-17099)

CWE-ID: CWE-254 - Security Features

CVSSv4: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a local attacker to bypass security features.

The vulnerability exists due to undisclosed issue in Windows Lock Screen. An attacker with physical access can perform actions that would allow them to execute code from the Windows lock screen in the context of the active user session.

Remediation

Install update from vendor's website.

References

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17099