Permissions, Privileges, and Access Controls in Windows and Windows Server - CVE-2020-0951

 

Permissions, Privileges, and Access Controls in Windows and Windows Server - CVE-2020-0951

Published: September 8, 2020


Vulnerability identifier: #VU46513
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2020-0951
CWE-ID: CWE-264
Exploitation vector: Local access
Exploit availability: No public exploit available
Vendor: Microsoft
Affected software:
Windows
Windows Server

Detailed vulnerability description

The vulnerability allows a local user to bypass implemented security restrictions.

The vulnerability exists in Windows Defender Application Control (WDAC), which could allow an attacker to bypass WDAC enforcement. To exploit the vulnerability, an attacker need administrator access on a local machine where PowerShell is running. The attacker could then connect to a PowerShell session and send commands to execute arbitrary code.


How to mitigate CVE-2020-0951

Install updates from vendor's website.

Sources