Main Vulnerability Database Vulnerabilities #VU46513

#VU46513 Permissions, Privileges, and Access Controls in Windows and Windows Server - CVE-2020-0951

Published: September 8, 2020

Vulnerability identifier: #VU46513

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2020-0951

CWE-ID: CWE-264

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
Windows
Windows Server

Software vendor:
Microsoft

Description

The vulnerability allows a local user to bypass implemented security restrictions.

The vulnerability exists in Windows Defender Application Control (WDAC), which could allow an attacker to bypass WDAC enforcement. To exploit the vulnerability, an attacker need administrator access on a local machine where PowerShell is running. The attacker could then connect to a PowerShell session and send commands to execute arbitrary code.

Remediation

Install updates from vendor's website.

External links

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0951