OpenSSH for Windows Elevation of Privilege Vulnerability - CVE-2020-1292
An elevation of privilege vulnerability exists in OpenSSH for Windows when it does not properly restrict access to configuration settings. An attacker who successfully exploited this vulnerability could replace the shell with a malicious binary. To exploit this vulnerability an authenticated attacker would need to modify the OpenSSH for Windows configuration on a vulnerable system. The attacker would then need to convince a user to connect to the vulnerable OpenSSH for Windows server. The update addresses the vulnerability by restricting access to OpenSSH for Windows configuration settings.
- Microsoft Windows Server 2019
- Microsoft Windows 10