Rapid7 Vulnerability & Exploit Database

Microsoft CVE-2020-1310: Win32k Elevation of Privilege Vulnerability

Free InsightVM Trial No Credit Card Necessary
Watch Demo See how it all works
Back to Search

Microsoft CVE-2020-1310: Win32k Elevation of Privilege Vulnerability

Severity
7
CVSS
(AV:L/AC:L/Au:N/C:C/I:C/A:C)
Published
06/09/2020
Created
06/10/2020
Added
06/09/2020
Modified
11/18/2021

Description

An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system. The update addresses this vulnerability by correcting how the Windows kernel-mode driver handles objects in memory.

Solution(s)

  • msft-kb4560960-146e8d80-9400-4544-91a3-2c0ba3090008
  • msft-kb4560960-35eeaed4-c0c0-436f-a584-b58f31a89642
  • msft-kb4560960-84317d28-cfd1-423f-b595-42a0edfea424
  • msft-kb4560960-9d36f751-6a0e-462b-84bb-be43f3adeaba
  • msft-kb4560960-ad75f2bc-0622-4a84-a93d-bb94fe8cff13
  • msft-kb4560960-b30320db-3a33-48db-96e4-59386e6c5969
  • msft-kb4561602-0c094dcc-a16d-4601-834f-14456da2b4cd
  • msft-kb4561602-255a73f8-063c-48e7-b8f2-2a155d548e39
  • msft-kb4561608-45035942-d1b4-4c61-a5b4-863ec61192aa
  • msft-kb4561608-be65554b-cb1d-4c12-b469-e29881c33274
  • msft-kb4561608-d3f9ac63-dde5-4cda-ac6e-9c0677f2f3cc
  • msft-kb4561616-487ca926-f748-441e-ac4c-dd2a67adb5ce
  • msft-kb4561616-78260c1b-e230-4510-9201-07a392832acd
  • msft-kb4561616-c51c3c33-556f-496c-8d18-3dd0359df167
  • msft-kb4561621-98966738-ca71-4887-931e-a6acb9e707b6
  • msft-kb4561621-bdd672a3-c965-4b65-b6f9-75584e19299b
  • msft-kb4561649-07a6cd1b-c479-4166-8b4a-7a2b69658953
  • msft-kb4561649-d7b5dcea-79e1-44c3-b871-1ed6accb36c6
  • msft-kb4561673-2abed83b-4909-457d-a57c-1850ed986c83
  • msft-kb4561673-5b32eb2c-d144-4006-92b4-f64fb7b90cca
  • msft-kb4561673-912dce3d-0621-4c74-91fe-e7a5f370435b
  • msft-kb4561674-033891fc-1d72-47e7-9c01-566ae179b26b
  • msft-kb4561674-c1923421-f9dc-483e-86b2-c54b003e1a4e
  • msft-kb4561674-e8efd911-36d9-486a-8584-1630576ce0db

References

View more

insightVM

Advanced vulnerability management analytics and reporting.
Key Features
Free InsightVM Trial View All Features

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;