Windows 10 1709
CVE-2020-0638
HIGH
Severity by source
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
2DescriptionNVD
An elevation of privilege vulnerability exists in the way the Update Notification Manager handles files.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Update Notification Manager Elevation of Privilege Vulnerability'.
AnalysisAI
An elevation of privilege vulnerability exists in the way the Update Notification Manager handles files.To exploit this vulnerability, an attacker would first have to gain execution on the victim. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
Technical ContextAI
This vulnerability is classified under CWE-59. An elevation of privilege vulnerability exists in the way the Update Notification Manager handles files.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Update Notification Manager Elevation of Privilege Vulnerability'. Affected products include: Microsoft Windows 10 1709, Microsoft Windows 10 1803, Microsoft Windows 10 1809, Microsoft Windows 10 1903, Microsoft Windows 10 1909.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Windows 10 1709
View allAn elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle o
An elevation of privilege vulnerability exists when the Windows Background Intelligent Transfer Service (BITS) improperl
An elevation of privilege vulnerability exists when the Windows Universal Plug and Play (UPnP) service improperly allows
An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard li
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in
An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (A
A remote code execution vulnerability exists in "Microsoft COM for Windows" when it fails to properly handle serialized
A spoofing vulnerability exists in the way Windows CryptoAPI (Crypt32.dll) validates Elliptic Curve Cryptography (ECC) c
A spoofing vulnerability exists when Windows incorrectly validates file signatures. Rated high severity (CVSS 7.8), this
An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory, aka 'Window
An elevation of privilege vulnerability exists in the Windows Installer when MSI packages process symbolic links, aka 'W
An elevation of privilege vulnerability exists in the way the Task Scheduler Service validates certain file operations.
Same weakness CWE-59 – Improper Link Resolution Before File Access
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today