#VU25152 Permissions, Privileges, and Access Controls in Windows and Windows Server - CVE-2020-0665
Vulnerability identifier: #VU25152
Vulnerability risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Green]
CVE-ID:
CWE-ID:
CWE-264
Exploitation vector: Network
Exploit availability: Yes
Vulnerable software:
Windows
Operating systems & Components /
Operating system
Windows Server
Operating systems & Components /
Operating system
Vendor: Microsoft
Description
The vulnerability allows a remote user to escalate privileges on the system.
The vulnerability exists in Active Directory Forest trust due to a default setting that lets an attacker in the trusting forest request delegation of a TGT for an identity from the trusted forest. A remote user can gain elevated privileges on the target system.
Mitigation
Install updates from vendor's website.
Vulnerable software versions
Windows: 7, 8.1 RT - 8.1, 10 1607 10.0.14393.10, 10 1709 10.0.16299.19, 10 1803 10.0.17134.48, 10 1809 10.0.17763.1, 10 1903 10.0.18362.116, 10 1909 10.0.18363.476, 10
Windows Server: 2008 R2 - 2008, 2012 R2 - 2012, 2016 10.0.14393.10, 2019 10.0.17763.1 - 2019 1909
External links
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0665
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
