CVE-2020-1510

moderate-risk
Published 2020-08-17

An information disclosure vulnerability exists when the win32k component improperly provides kernel information. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The security update addresses the vulnerability by correcting how win32k handles objects in memory.

Do I need to act?

!
14.2% chance of exploitation in next 30 days
EPSS score — higher than 86% of all CVEs
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
5
CVSS 5.5/10 Medium
LOCAL / LOW complexity

Affected Products (8)

Affected Vendors

Microsoft

References (2)

Patch https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1510
Patch https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1510
44
/ 100
moderate-risk
Severity 18/34 · Moderate
Exploitability 12/34 · Low
Exposure 14/34 · Moderate