CVE-2020-1034

high-risk
Published 2020-09-11

<p>An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.</p> <p>To exploit the vulnerability, a locally authenticated attacker could run a specially crafted application.</p> <p>The security update addresses the vulnerability by ensuring the Windows Kernel properly handles objects in memory.</p>

Do I need to act?

!
17.0% chance of exploitation in next 30 days
EPSS score — higher than 83% of all CVEs
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
6
CVSS 6.8/10 Medium
LOCAL / LOW complexity

Affected Products (17)

Affected Vendors

Microsoft

References (2)

Patch https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1034
Patch https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1034
54
/ 100
high-risk
Severity 22/34 · High
Exploitability 13/34 · Low
Exposure 19/34 · Moderate