vulnerability
Microsoft Windows: CVE-2020-0686: Windows Installer Elevation of Privilege Vulnerability
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 7 | (AV:L/AC:L/Au:N/C:C/I:C/A:C) | Feb 11, 2020 | Feb 11, 2020 | Sep 5, 2025 |
Severity
7
CVSS
(AV:L/AC:L/Au:N/C:C/I:C/A:C)
Published
Feb 11, 2020
Added
Feb 11, 2020
Modified
Sep 5, 2025
Description
An elevation of privilege vulnerability exists in the Windows Installer when MSI packages process symbolic links, aka 'Windows Installer Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0683.
Solutions
microsoft-windows-windows_10-1507-kb4537776microsoft-windows-windows_10-1607-kb4537764microsoft-windows-windows_10-1709-kb4537789microsoft-windows-windows_10-1803-kb4537762microsoft-windows-windows_10-1809-kb4532691microsoft-windows-windows_10-1903-kb4532693microsoft-windows-windows_10-1909-kb4532693microsoft-windows-windows_server_2012-kb4537794microsoft-windows-windows_server_2012_r2-kb4537803microsoft-windows-windows_server_2016-1607-kb4537764microsoft-windows-windows_server_2019-1809-kb4532691msft-kb4532693-a9b1a21b-4d78-4445-a122-0920a6bed52amsft-kb4532693-bb723d9d-43f9-41c3-ac36-25a6146ee6e3msft-kb4537794-568a5fd6-48c6-43f9-9ba0-2623e21003a0msft-kb4537794-8ae8ed3e-0077-405b-8f55-4f7c6a13238cmsft-kb4537803-14ae1eab-47ad-4f74-82ee-b2f75e6a258emsft-kb4537803-abdc886d-fd3f-4006-9344-8497d4e85cbdmsft-kb4537813-0f1f9882-3aa6-475a-b747-8de1ee20d2c6msft-kb4537813-28d6394a-628c-4b44-8459-3ef74f1060b3msft-kb4537813-99f4c6b4-59e7-494c-a789-7f7520726158msft-kb4537813-a272e1e6-dfa1-4185-a6d1-df6be8d8e8e8msft-kb4537813-da53c71d-c10b-4d52-bc6e-b47bf735d0d9msft-kb4537822-4bdea811-188e-44d5-b156-6edcd91d3d71msft-kb4537822-7eebe13a-a154-4538-be6c-46a00afb5860
References
- CVE-2020-0686
- https://attackerkb.com/topics/CVE-2020-0686
- CWE-269
- https://support.microsoft.com/help/4532691
- https://support.microsoft.com/help/4532693
- https://support.microsoft.com/help/4537762
- https://support.microsoft.com/help/4537764
- https://support.microsoft.com/help/4537776
- https://support.microsoft.com/help/4537789
- https://support.microsoft.com/help/4537794
- https://support.microsoft.com/help/4537803
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.