CVE-2020-1543 : Security Advisory and Response
Learn about CVE-2020-1543, an elevation of privilege vulnerability in the Windows Backup Engine identified by Microsoft. Find out impacts, affected systems, mitigation steps, and patch details.
Windows Backup Engine Elevation of Privilege Vulnerability identified by Microsoft on August 11, 2020.
Understanding CVE-2020-1543
An elevation of privilege vulnerability exists in the Windows Backup Engine due to improper memory handling.
What is CVE-2020-1543?
- Vulnerability Type: Elevation of Privilege
- CVE ID: CVE-2020-1543
- Published Date: August 17, 2020
- Severity: High
The Impact of CVE-2020-1543
This vulnerability allows an attacker to elevate privileges by exploiting the Windows Backup Engine's memory handling.
Technical Details of CVE-2020-1543
Details of the technical aspects of the vulnerability are outlined below:
Vulnerability Description
The Windows Backup Engine vulnerability arises from improper memory management.
Affected Systems and Versions
Systems impacted by CVE-2020-1543 include:
- Windows 7, 8.1
- Windows 10 Versions 1507, 1607, 1709, 1803, 1809, 1903, 1909, 2004
Exploitation Mechanism
To exploit, attackers need execution on the system to run a specially crafted application that raises privileges.
Mitigation and Prevention
Protect systems from CVE-2020-1543 using appropriate steps:
Immediate Steps to Take
- Apply security updates promptly.
- Monitor system for any unauthorized access.
Long-Term Security Practices
- Implement the principle of least privilege.
- Regularly review and update security configurations.
- Conduct security training for staff on safe computing practices.
- Use strong passwords and authentication methods.
Patching and Updates
- Microsoft has released a security update addressing the vulnerability.