CVE-2020-1480 : What You Need to Know

A Windows GDI Elevation of Privilege Vulnerability was published by Microsoft on August 11, 2020.

Understanding CVE-2020-1480

What is CVE-2020-1480?

An elevation of privilege vulnerability in the Windows Graphics Device Interface (GDI) allows attackers to run arbitrary code in kernel mode, potentially leading to unauthorized system access.

The Impact of CVE-2020-1480

The vulnerability enables attackers to install programs, manipulate data, or create accounts with full user rights upon successful exploitation.

Technical Details of CVE-2020-1480

Vulnerability Description

The flaw arises from the mishandling of objects in memory by GDI, which facilitates user-mode privilege escalation.

Affected Systems and Versions

Windows 10 Version 2004
Windows Server version 2004
Windows 10 Version 1803
Windows 10 Version 1809
Windows Server 2019
Windows Server 2019 (Server Core installation)
Windows 10 Version 1909
Windows Server, version 1909 (Server Core installation)
Windows 10 Version 1709 for 32-bit Systems
Windows 10 Version 1709
Windows 10 Version 1903 for 32-bit Systems
Windows 10 Version 1903 for x64-based Systems
Windows 10 Version 1903 for ARM64-based Systems
Windows Server, version 1903 (Server Core installation)

Exploitation Mechanism

To exploit, an attacker must log into the system and run a crafted application to gain control of the affected system.

Mitigation and Prevention

Immediate Steps to Take

Apply the security update released by Microsoft to address the vulnerability.
Monitor for any signs of unauthorized access or system manipulation.

Long-Term Security Practices

Regularly update systems with the latest security patches and updates.
Implement strong account management practices to limit privileges.

Patching and Updates

Microsoft has provided an update to correct how GDI handles memory objects and prevent unintended privilege elevation instances.