vulnerability
Microsoft Windows: CVE-2020-1368: Windows Credential Enrollment Manager Service Elevation of Privilege Vulnerability
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:L/AC:L/Au:N/C:P/I:P/A:P) | Jul 14, 2020 | Jul 14, 2020 | Sep 5, 2025 |
Severity
5
CVSS
(AV:L/AC:L/Au:N/C:P/I:P/A:P)
Published
Jul 14, 2020
Added
Jul 14, 2020
Modified
Sep 5, 2025
Description
An elevation of privilege vulnerability exists in the way that the Credential Enrollment Manager service handles objects in memory, aka 'Windows Credential Enrollment Manager Service Elevation of Privilege Vulnerability'.
Solutions
microsoft-windows-windows_10-1507-kb4565513microsoft-windows-windows_10-1607-kb4565511microsoft-windows-windows_10-1709-kb4565508microsoft-windows-windows_10-1803-kb4565489microsoft-windows-windows_10-1809-kb4558998microsoft-windows-windows_10-1903-kb4565483microsoft-windows-windows_10-1909-kb4565483microsoft-windows-windows_10-2004-kb4565503microsoft-windows-windows_server_2012_r2-kb4565540microsoft-windows-windows_server_2016-1607-kb4565511microsoft-windows-windows_server_2019-1809-kb4558998msft-kb4565483-3953c76a-16d0-4028-977a-0a5108a8c373msft-kb4565483-b3f51921-6afd-4c38-8092-51c1be956806msft-kb4565503-9f4ad806-f4a9-4868-b9a2-900b0a123d96msft-kb4565535-111aa627-8dcf-4b02-80bf-d9c15c7c6d15msft-kb4565535-d9dde094-c8da-4c41-93bf-de9b0b58c9a1msft-kb4565535-f965746a-43c8-4b7d-a0f1-d663818deda3msft-kb4565540-16d7b82b-31ae-4b66-82b4-10ecf2a2980dmsft-kb4565540-84942b6a-22e3-45d8-952e-3476d7483b60
References
- CVE-2020-1368
- https://attackerkb.com/topics/CVE-2020-1368
- https://support.microsoft.com/help/4558998
- https://support.microsoft.com/help/4565483
- https://support.microsoft.com/help/4565489
- https://support.microsoft.com/help/4565503
- https://support.microsoft.com/help/4565508
- https://support.microsoft.com/help/4565511
- https://support.microsoft.com/help/4565513
- https://support.microsoft.com/help/4565540
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.