CVE-2020-14979 : Exploit Details and Defense Strategies

EVGA Precision X1 through 1.0.6 contains a vulnerability in the WinRing0.sys and WinRing0x64.sys drivers that allows local users to escalate privileges.

Understanding CVE-2020-14979

EVGA Precision X1 through 1.0.6 is affected by a privilege escalation vulnerability that enables users to gain NT AUTHORITY\SYSTEM privileges.

What is CVE-2020-14979?

The WinRing0.sys and WinRing0x64.sys drivers in EVGA Precision X1 through 1.0.6 permit local users, including low integrity processes, to read and write to arbitrary memory locations, leading to privilege escalation.

The Impact of CVE-2020-14979

This vulnerability allows any user to elevate their privileges to NT AUTHORITY\SYSTEM by mapping \Device\PhysicalMemory into the calling process.

Technical Details of CVE-2020-14979

EVGA Precision X1 through 1.0.6 is susceptible to a privilege escalation vulnerability due to the WinRing0.sys and WinRing0x64.sys drivers.

Vulnerability Description

The WinRing0.sys and WinRing0x64.sys drivers in EVGA Precision X1 through 1.0.6 enable local users to access and modify arbitrary memory locations, facilitating privilege escalation.

Affected Systems and Versions

Product: EVGA Precision X1
Versions: 1.0.6 and below

Exploitation Mechanism

The vulnerability allows local users, including low integrity processes, to read and write to arbitrary memory locations, leading to the unauthorized elevation of privileges.

Mitigation and Prevention

To address CVE-2020-14979, follow these steps:

Immediate Steps to Take

Disable or uninstall EVGA Precision X1 until a patch is available.
Monitor vendor updates for a security patch.

Long-Term Security Practices

Regularly update software and drivers to the latest versions.
Implement the principle of least privilege to restrict user access.

Patching and Updates

Apply security patches provided by EVGA for Precision X1 to mitigate the vulnerability.