Security Features in Windows Server and Windows

#VU28879 Security Features in Windows Server and Windows

Published: 2020-06-09

Vulnerability identifier: #VU28879

Vulnerability risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-1259

CWE-ID: CWE-254

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Windows Server
Operating systems & Components / Operating system
Windows
Operating systems & Components / Operating system

Vendor: Microsoft

Description

This vulnerability allows a remote attacker to bypass security rescritions feature.

The vulnerability exists due to the Windows Host Guardian Service improperly handles hashes recorded and logged. A remote authenticated attacker can change existing event log types to a type the parsers do not interpret and append their own hash without triggering an alert.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Windows Server: 2016 - 2019 2004

Windows: 10 - 10 2004

External links
http://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1259

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Security Feature bypass in Microsoft Windows Host Guardian Service