Vulnerabilities > CVE-2020-1471 - Unspecified vulnerability in Microsoft products

CVSS 7.3 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

LOW

Availability impact

NONE

local

low complexity

microsoft

NVD

Published: 2020-09-11

Updated: 2023-12-31

Summary

An elevation of privilege vulnerability exists when Microsoft Windows CloudExperienceHost fails to check COM objects. An attacker who successfully exploited the vulnerability could gain elevated privileges on a targeted system. To exploit the vulnerability, an attacker would have to log on to an affected system and run a specially crafted script or application. The security update addresses the vulnerability by checking COM objects.

Vulnerable Configurations

Part	Description	Count
OS	Microsoft Microsoft Windows 10 1607 Microsoft Windows 10 - Microsoft Windows 10 1709 Microsoft Windows 10 1803 Microsoft Windows 10 1809 Microsoft Windows 10 1903 Microsoft Windows 10 1909 Microsoft Windows 10 2004 Microsoft Windows Server 2016 - Microsoft Windows Server 2019 -	10

References

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1471