Windows Modules Installer Elevation of Privilege Vulnerability

CVE-2020-1346

Security Vulnerability

Released: Jul 14, 2020

Assigning CNA: Microsoft

CVE.org link: CVE-2020-1346

Executive Summary

An elevation of privilege vulnerability exists when the Windows Modules Installer improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges.

To exploit the vulnerability, an attacker would first need code execution on a victim system. An attacker could then run a specially crafted application.

The security update addresses the vulnerability by ensuring the Windows Modules Installer properly handles file operations.

Exploitability

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Publicly disclosed: No
Exploited: No
Exploitability assessment: Exploitation Less Likely

FAQ

What updates do I need to install to be protected from this vulnerability?

To be protected from this vulnerability, customers need to install the July 2020 Servicing Stack Updates (SSUs) listed in the Security Updates table.

Do I need to install the Servicing Stack Updates and the July Security Updates in any particular order?

SSUs should always be installed before any new update for Windows, including the latest cumulative update (LCU), Monthly Rollup, or Security Update.

Acknowledgements

Security Updates

To determine the support lifecycle for your software, see the Microsoft Support Lifecycle.

Release date Descending

Release date

Product

Platform

Impact

Max Severity

Article

Download

Build Number

Disclaimer

The information provided in the Microsoft Knowledge Base is provided "as is" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.

Revisions

version

revisionDate

description

1.0

Jul 14, 2020

Information published.

How satisfied are you with the MSRC Security Update Guide?