New Search

Windows Diagnostics Hub Elevation of Privilege Vulnerability - CVE-2020-1418

oval:org.cisecurity:def:8040

An elevation of privilege vulnerability exists when the Windows Diagnostics Execution Service fails to properly sanitize input leading to an unsecure library-loading behavior. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges. An attacker could then install programs; view change or delete data; or create new accounts with full user rights. To exploit this vulnerability an attacker would have to log on to an affected system and run a specially crafted application. The security update addresses the vulnerability by correcting how the Windows Diagnostics Execution Service sanitizes input to help preclude unintended elevated system privileges.

Family:
windows
Status:
ACCEPTED
Platform(s):
  • Microsoft Windows 10
  • Microsoft Windows Server 2019
Class:
vulnerability
Reference(s):
  • CVE-2020-1418
  • MSRC-CVE-2020-1418
  • KB4565508
  • KB4565489
  • KB4558998
  • KB4565483
Product(s):