Main Vulnerability Database Vulnerabilities #VU48876

Security Features in Windows and Windows Server - CVE-2020-17099

Published: December 8, 2020

Vulnerability identifier: #VU48876

CSH Severity: Low

CVSSv4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2020-17099

CWE-ID: CWE-254

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
Windows
Windows Server

Software vendor:
Microsoft

Description

The vulnerability allows a local attacker to bypass security features.

The vulnerability exists due to undisclosed issue in Windows Lock Screen. An attacker with physical access can perform actions that would allow them to execute code from the Windows lock screen in the context of the active user session.

Remediation

Install updates from vendor's website.

External links

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17099

Security Features in Windows and Windows Server - CVE-2020-17099

Description

Remediation

External links

Please verify you're human