CVE-2020-0790 : What You Need to Know
Learn about CVE-2020-0790, a local elevation of privilege vulnerability in splwow64.exe on Windows systems. Find out about affected systems, mitigation steps, and the security update provided by Microsoft.
Microsoft splwow64 Elevation of Privilege Vulnerability
Understanding CVE-2020-0790
What is CVE-2020-0790?
A local elevation of privilege vulnerability in splwow64.exe can allow an attacker to escalate privileges on an affected system from low to medium integrity.
The Impact of CVE-2020-0790
The vulnerability, when exploited, could enable arbitrary code execution on the system if combined with another vulnerability.
Technical Details of CVE-2020-0790
Vulnerability Description
- The vulnerability exists in how splwow64.exe handles certain calls.
- It does not allow arbitrary code execution by itself but can be leveraged with other vulnerabilities.
- The security update resolves the issue by ensuring proper handling of calls by splwow64.exe.
Affected Systems and Versions
- Affected Systems: Windows 7, 8.1, 10, Server 2008, 2008 R2, 2012, 2012 R2, 2016, 2019.
Exploitation Mechanism
- An attacker needs local access to exploit the vulnerability and elevate privileges.
Mitigation and Prevention
Immediate Steps to Take
- Apply the security update provided by Microsoft.
- Monitor for any suspicious activities on the systems.
Long-Term Security Practices
- Regularly update systems with the latest patches and security updates.
- Implement least privilege access controls and strong authentication mechanisms.
- Conduct regular security assessments and audits.
Patching and Updates
Microsoft has released a security update addressing the vulnerability reported in CVE-2020-0790.