Windows Host Guardian Service Security Feature Bypass Vulnerability - CVE-2020-1259
A security feature bypass vulnerability exists when Windows Host Guardian Service improperly handles hashes recorded and logged. An attacker who successfully exploited the vulnerability could tamper with the log file. In an attack scenario an attacker can change existing event log types to a type the parsers do not interpret allowing an attacker to append their own hash without triggering an alert. The update addresses the vulnerability by correcting how Windows Host Guardian Service handles logging of the measured boot hash.
- Microsoft Windows Server 2019
- Microsoft Windows Server 2016
- Microsoft Windows 10