CVE-2020-0981

Опубликовано: 14 апр. 2020

Источник: msrc

CVSS3: 6.3

EPSS Низкий

Описание

Windows Token Security Feature Bypass Vulnerability

A security feature bypass vulnerability exists when Windows fails to properly handle token relationships.

An attacker who successfully exploited the vulnerability could allow an application with a certain integrity level to execute code at a different integrity level, leading to a sandbox escape.

The update addresses the vulnerability by correcting how Windows handles token relationships

Обновления

Продукт	Статья	Обновление
Windows 10 Version 1903 for 32-bit Systems	4549951	Security Update
Windows 10 Version 1903 for x64-based Systems	4549951	Security Update
Windows 10 Version 1903 for ARM64-based Systems	4549951	Security Update
Windows Server, version 1903 (Server Core installation)	4549951	Security Update
Windows 10 Version 1909 for 32-bit Systems	4549951	Security Update
Windows 10 Version 1909 for x64-based Systems	4549951	Security Update
Windows 10 Version 1909 for ARM64-based Systems	4549951	Security Update
Windows Server, version 1909 (Server Core installation)	4549951	Security Update

Показывать по

Возможность эксплуатации

Publicly Disclosed

Exploited

Latest Software Release

Exploitation Less Likely

Older Software Release

Exploitation Less Likely

DOS

N/A

EPSS

Процентиль: 33%

0.00126

Низкий

6.3 Medium

CVSS3

Связанные уязвимости

CVE-2020-0981

CVSS3: 8.8

nvd

больше 5 лет назад

A security feature bypass vulnerability exists when Windows fails to properly handle token relationships.An attacker who successfully exploited the vulnerability could allow an application with a certain integrity level to execute code at a different integrity level, leading to a sandbox escape.The update addresses the vulnerability by correcting how Windows handles token relationships, aka 'Windows Token Security Feature Bypass Vulnerability'.

GHSA-93vj-6w32-x9gc

github

больше 3 лет назад

BDU:2020-02210