Skip to main content

Windows 10 1709 CVE-2020-0638

HIGH
Improper Link Resolution Before File Access (CWE-59)
2020-01-14 secure@microsoft.com
7.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.8 HIGH
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

2
Added to CISA KEV
Jul 14, 2026 - 04:22 CISA
CVE Published
Jan 14, 2020 - 23:15 nvd
HIGH 7.8

DescriptionNVD

An elevation of privilege vulnerability exists in the way the Update Notification Manager handles files.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Update Notification Manager Elevation of Privilege Vulnerability'.

AnalysisAI

An elevation of privilege vulnerability exists in the way the Update Notification Manager handles files.To exploit this vulnerability, an attacker would first have to gain execution on the victim. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Technical ContextAI

This vulnerability is classified under CWE-59. An elevation of privilege vulnerability exists in the way the Update Notification Manager handles files.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Update Notification Manager Elevation of Privilege Vulnerability'. Affected products include: Microsoft Windows 10 1709, Microsoft Windows 10 1803, Microsoft Windows 10 1809, Microsoft Windows 10 1903, Microsoft Windows 10 1909.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2020-1054 HIGH POC
7.8 May 21

An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle o

CVE-2020-0787 HIGH POC
7.8 Mar 12

An elevation of privilege vulnerability exists when the Windows Background Intelligent Transfer Service (BITS) improperl

CVE-2019-1405 HIGH POC
7.8 Nov 12

An elevation of privilege vulnerability exists when the Windows Universal Plug and Play (UPnP) service improperly allows

CVE-2019-0841 HIGH POC
7.8 Apr 09

An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard li

CVE-2018-8453 HIGH POC
7.8 Oct 10

An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in

CVE-2018-8440 HIGH POC
7.8 Sep 13

An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (A

CVE-2018-0824 HIGH POC
8.8 May 09

A remote code execution vulnerability exists in "Microsoft COM for Windows" when it fails to properly handle serialized

CVE-2020-0601 HIGH POC
8.1 Jan 14

A spoofing vulnerability exists in the way Windows CryptoAPI (Crypt32.dll) validates Elliptic Curve Cryptography (ECC) c

CVE-2020-1464 HIGH POC
7.8 Aug 17

A spoofing vulnerability exists when Windows incorrectly validates file signatures. Rated high severity (CVSS 7.8), this

CVE-2020-1027 HIGH POC
7.8 Apr 15

An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory, aka 'Window

CVE-2020-0683 HIGH POC
7.8 Feb 11

An elevation of privilege vulnerability exists in the Windows Installer when MSI packages process symbolic links, aka 'W

CVE-2019-1069 HIGH POC
7.8 Jun 12

An elevation of privilege vulnerability exists in the way the Task Scheduler Service validates certain file operations.

Share

CVE-2020-0638 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy