cve-2020-1241
Vulnerability from cvelistv5
Published
2020-06-09 19:43
Modified
2024-08-04 06:31
Severity ?
EPSS score ?
Summary
A security feature bypass vulnerability exists when Windows Kernel fails to properly sanitize certain parameters.To exploit the vulnerability, a locally-authenticated attacker could attempt to run a specially crafted application on a targeted system.The update addresses the vulnerability by correcting how Windows Kernel handles parameter sanitization., aka 'Windows Kernel Security Feature Bypass Vulnerability'.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1241 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1241 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Windows |
Version: 10 Version 1803 for 32-bit Systems Version: 10 Version 1803 for x64-based Systems Version: 10 Version 1809 for 32-bit Systems Version: 10 Version 1809 for x64-based Systems Version: 10 Version 1709 for 32-bit Systems Version: 10 Version 1709 for x64-based Systems Version: 10 Version 1607 for 32-bit Systems Version: 10 Version 1607 for x64-based Systems |
|||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T06:31:59.631Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1241", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Windows", vendor: "Microsoft", versions: [ { status: "affected", version: "10 Version 1803 for 32-bit Systems", }, { status: "affected", version: "10 Version 1803 for x64-based Systems", }, { status: "affected", version: "10 Version 1809 for 32-bit Systems", }, { status: "affected", version: "10 Version 1809 for x64-based Systems", }, { status: "affected", version: "10 Version 1709 for 32-bit Systems", }, { status: "affected", version: "10 Version 1709 for x64-based Systems", }, { status: "affected", version: "10 Version 1607 for 32-bit Systems", }, { status: "affected", version: "10 Version 1607 for x64-based Systems", }, ], }, { product: "Windows Server", vendor: "Microsoft", versions: [ { status: "affected", version: "version 1803 (Core Installation)", }, { status: "affected", version: "2019", }, { status: "affected", version: "2019 (Core installation)", }, { status: "affected", version: "2016", }, { status: "affected", version: "2016 (Core installation)", }, ], }, { product: "Windows 10 Version 1909 for 32-bit Systems", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Windows 10 Version 1909 for x64-based Systems", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Windows Server, version 1909 (Server Core installation)", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Windows 10 Version 1903 for 32-bit Systems", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Windows 10 Version 1903 for x64-based Systems", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Windows Server, version 1903 (Server Core installation)", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Windows Server, version 2004 (Server Core installation)", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Windows 10 Version 2004 for 32-bit Systems", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Windows 10 Version 2004 for x64-based Systems", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, ], descriptions: [ { lang: "en", value: "A security feature bypass vulnerability exists when Windows Kernel fails to properly sanitize certain parameters.To exploit the vulnerability, a locally-authenticated attacker could attempt to run a specially crafted application on a targeted system.The update addresses the vulnerability by correcting how Windows Kernel handles parameter sanitization., aka 'Windows Kernel Security Feature Bypass Vulnerability'.", }, ], problemTypes: [ { descriptions: [ { description: "Security Feature Bypass", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-06-09T19:43:36", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1241", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2020-1241", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Windows", version: { version_data: [ { version_value: "10 Version 1803 for 32-bit Systems", }, { version_value: "10 Version 1803 for x64-based Systems", }, { version_value: "10 Version 1809 for 32-bit Systems", }, { version_value: "10 Version 1809 for x64-based Systems", }, { version_value: "10 Version 1709 for 32-bit Systems", }, { version_value: "10 Version 1709 for x64-based Systems", }, { version_value: "10 Version 1607 for 32-bit Systems", }, { version_value: "10 Version 1607 for x64-based Systems", }, ], }, }, { product_name: "Windows Server", version: { version_data: [ { version_value: "version 1803 (Core Installation)", }, { version_value: "2019", }, { version_value: "2019 (Core installation)", }, { version_value: "2016", }, { version_value: "2016 (Core installation)", }, ], }, }, { product_name: "Windows 10 Version 1909 for 32-bit Systems", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Windows 10 Version 1909 for x64-based Systems", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Windows Server, version 1909 (Server Core installation)", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Windows 10 Version 1903 for 32-bit Systems", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Windows 10 Version 1903 for x64-based Systems", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Windows Server, version 1903 (Server Core installation)", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Windows Server, version 2004 (Server Core installation)", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Windows 10 Version 2004 for 32-bit Systems", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Windows 10 Version 2004 for x64-based Systems", version: { version_data: [ { version_value: "", }, ], }, }, ], }, vendor_name: "Microsoft", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A security feature bypass vulnerability exists when Windows Kernel fails to properly sanitize certain parameters.To exploit the vulnerability, a locally-authenticated attacker could attempt to run a specially crafted application on a targeted system.The update addresses the vulnerability by correcting how Windows Kernel handles parameter sanitization., aka 'Windows Kernel Security Feature Bypass Vulnerability'.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Security Feature Bypass", }, ], }, ], }, references: { reference_data: [ { name: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1241", refsource: "MISC", url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1241", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2020-1241", datePublished: "2020-06-09T19:43:36", dateReserved: "2019-11-04T00:00:00", dateUpdated: "2024-08-04T06:31:59.631Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", "vulnerability-lookup:meta": { nvd: "{\"cve\":{\"id\":\"CVE-2020-1241\",\"sourceIdentifier\":\"secure@microsoft.com\",\"published\":\"2020-06-09T20:15:16.177\",\"lastModified\":\"2024-11-21T05:10:03.537\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A security feature bypass vulnerability exists when Windows Kernel fails to properly sanitize certain parameters.To exploit the vulnerability, a locally-authenticated attacker could attempt to run a specially crafted application on a targeted system.The update addresses the vulnerability by correcting how Windows Kernel handles parameter sanitization., aka 'Windows Kernel Security Feature Bypass Vulnerability'.\"},{\"lang\":\"es\",\"value\":\"Se presenta una vulnerabilidad de omisión de la característica de seguridad cuando el kernel de Windows presenta un fallo al sanear apropiadamente determinados parámetros. Para explotar la vulnerabilidad, un atacante autenticado localmente podría intentar ejecutar una aplicación especialmente diseñada en un sistema de destino. La actualización aborda la vulnerabilidad al corregir cómo el kernel de Windows maneja el saneamiento de los parámetros., también se conoce como \\\"Windows Kernel Security Feature Bypass Vulnerability\\\"\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:P\",\"baseScore\":6.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E01A4CCA-4C43-46E0-90E6-3E4DBFBACD64\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"83B14968-3985-43C3-ACE5-8307196EFAE3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7CB85C75-4D35-480E-843D-60579EC75FCB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6B8F3DD2-A145-4AF1-8545-CC42892DA3D1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3FB5CDAE-C713-4D9D-9D6A-2C2E8924A4BB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E9273B95-20ED-4547-B0A8-95AD15B30372\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AAE74AF3-C559-4645-A6C0-25C3D647AAC8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2016:1803:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CAACE735-003E-4ACB-A82E-C0CF97D7F013\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5B921FDB-8E7D-427E-82BE-4432585080CF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C253A63F-03AB-41CB-A03A-B2674DEA98AA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0B60D940-80C7-49F0-8F4E-3F99AC15FA82\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DB79EE26-FC32-417D-A49C-A1A63165A968\"}]}]}],\"references\":[{\"url\":\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1241\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1241\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]}]}}", }, }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
Title of the comment
Description of the comment
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.