Windows Diagnostics Hub Elevation of Privilege Vulnerability - CVE-2020-1418
An elevation of privilege vulnerability exists when the Windows Diagnostics Execution Service fails to properly sanitize input leading to an unsecure library-loading behavior. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges. An attacker could then install programs; view change or delete data; or create new accounts with full user rights. To exploit this vulnerability an attacker would have to log on to an affected system and run a specially crafted application. The security update addresses the vulnerability by correcting how the Windows Diagnostics Execution Service sanitizes input to help preclude unintended elevated system privileges.
- Microsoft Windows 10
- Microsoft Windows Server 2019