Rapid7 Vulnerability & Exploit Database

Microsoft CVE-2020-1112: Windows Background Intelligent Transfer Service Elevation of Privilege Vulnerability

Free InsightVM Trial No Credit Card Necessary

Watch Demo See how it all works

Back to Search

Microsoft CVE-2020-1112: Windows Background Intelligent Transfer Service Elevation of Privilege Vulnerability

Severity

CVSS

(AV:N/AC:L/Au:S/C:C/I:C/A:C)

Published

05/12/2020

Created

05/13/2020

Added

06/09/2020

Modified

11/18/2021

Description

An elevation of privilege vulnerability exists when the Windows Background Intelligent Transfer Service (BITS) IIS module improperly handles uploaded content. An attacker who successfully exploited this vulnerability could upload restricted file types to an IIS-hosted folder. To exploit this vulnerability, an attacker would require permissions to upload files via BITS. An attacker could then submit a specially crafted request to upload a file. The security update addresses the vulnerability by correcting how Windows BITS validates file names.

Solution(s)

msft-kb4551853-1d25cfb0-31f1-48b4-ac45-99d819a32ab7
msft-kb4551853-cce9dd88-2595-4168-a0ae-814612863f2b
msft-kb4551853-d8c58f30-4d7d-4aff-9e93-6ff2ae128f13
msft-kb4556799-0f2d06b0-3738-472e-8275-991c5394c2f1
msft-kb4556799-2e69bf96-184c-46b9-8937-306e23bdb930
msft-kb4556799-7f570c23-239e-430c-b403-391861eae9a3
msft-kb4556799-80497d7a-0a69-4f9e-805d-a8fa302967a6
msft-kb4556799-92289747-4a2a-48fa-9fa7-307f2f5dbcaf
msft-kb4556799-94cb3319-c037-4529-8187-81eaa6eaa6cd
msft-kb4556807-667b6b79-dad1-4ca7-9e1b-316c1ab3b620
msft-kb4556807-cc1b2352-a313-434e-97d9-4d5af44ebe22
msft-kb4556812-5bb8e7e7-a95f-4bb7-b741-1060639b133d
msft-kb4556812-9210cc51-b6e2-4474-999e-1b1a1de3d6dd
msft-kb4556813-74a79eb6-46b3-4013-a548-1c6eb7b716c4
msft-kb4556813-c1e8e102-1514-4e96-92fa-7175ddced36f
msft-kb4556813-dd423833-a95c-426e-8eb1-8105e698d2c2
msft-kb4556826-94eb3f6f-5f0d-47b5-ae9e-e54868948f5e
msft-kb4556826-ef24f377-fa00-4a2f-9e3c-b1b284b77d0d
msft-kb4556843-18ba7a1f-f3d5-4939-83fa-64f96dd1eeef
msft-kb4556843-9814f135-936f-4ad1-aed5-17b04b171ad3
msft-kb4556843-a42409fa-d080-4ad0-87a2-e8f2720c3106
msft-kb4556843-f8a7bc32-9e4e-487d-84fa-6a54b2bf9b18
msft-kb4556843-f9c55547-ccbd-43a7-879f-ba43e8f87a26
msft-kb4556852-b1ad1cae-3e60-45f4-807e-20d602effdc7
msft-kb4556852-bafbf596-126b-428b-83ba-d33145682d3f
msft-kb4556852-db559421-c2a0-4db9-8f01-d0095d20dd9f
msft-kb4556853-07792524-02fb-46c4-9236-53e7d03fa3cf
msft-kb4556853-e37bb647-80a1-4ec3-8908-fbe83547cafe
msft-kb4556853-fed44027-6e0b-43e8-a358-788e4b27879f
msft-kb4556854-66f02eb5-75fc-44ac-abbd-33c423b2eb72
msft-kb4556854-ee5e91bb-be4b-4cde-af59-81477f953897

References

https://attackerkb.com/topics/cve-2020-1112
CVE - 2020-1112
4551853
4556799
4556807
4556812
4556813
4556826
4556836
4556840
4556843
4556846
4556852
4556853
4556854
4556860

Advanced vulnerability management analytics and reporting.

Key Features

Free InsightVM Trial View All Features

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;

Rapid7 Vulnerability & Exploit Database

Microsoft CVE-2020-1112: Windows Background Intelligent Transfer Service Elevation of Privilege Vulnerability

Microsoft CVE-2020-1112: Windows Background Intelligent Transfer Service Elevation of Privilege Vulnerability

Description

Solution(s)

References

Success! Thank you for submission. We will be in touch shortly.

Oops! There was a problem in submission. Please try again.

Submit your information and we will get in touch with you.