CVE-2020-0951: Windows Defender Application Control Security Feature Bypass Vulnerability
First published: Fri Sep 11 2020(Updated: )
<p>A security feature bypass vulnerability exists in Windows Defender Application Control (WDAC) which could allow an attacker to bypass WDAC enforcement. An attacker who successfully exploited this vulnerability could execute PowerShell commands that would be blocked by WDAC.</p> <p>To exploit the vulnerability, an attacker need administrator access on a local machine where PowerShell is running. The attacker could then connect to a PowerShell session and send commands to execute arbitrary code.</p> <p>The update addresses the vulnerability by correcting how PowerShell commands are validated when WDAC protection is enabled.</p>
Credit: secure@microsoft.com secure@microsoft.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| >=7.0<7.0.8 | ||
| >=7.1<7.1.5 | ||
| =7.0.8 | ||
| =1607 | ||
| =1607 | ||
| =1709 | ||
| =1803 | ||
| =1809 | ||
| =1903 | ||
| =1909 | ||
| =2004 | ||
| =1903 | ||
| =1909 | ||
| =2004 | ||
| Microsoft PowerShell | >=7.0<7.0.8 | |
| Microsoft PowerShell | >=7.1<7.1.5 | |
| Microsoft PowerShell | =7.0.8 | |
| Microsoft Windows 10 | =1607 | |
| Microsoft Windows 10 | =1607 | |
| Microsoft Windows 10 | =1709 | |
| Microsoft Windows 10 | =1803 | |
| Microsoft Windows 10 | =1809 | |
| Microsoft Windows 10 | =1903 | |
| Microsoft Windows 10 | =1909 | |
| Microsoft Windows 10 | =2004 | |
| Microsoft Windows Server 2016 | ||
| Microsoft Windows Server 2016 | =1903 | |
| Microsoft Windows Server 2016 | =1909 | |
| Microsoft Windows Server 2016 | =2004 | |
| Microsoft Windows Server 2019 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2020-0951?
CVE-2020-0951 is a security feature bypass vulnerability that exists in Windows Defender Application Control (WDAC), allowing an attacker to bypass WDAC enforcement.
Which software is affected by CVE-2020-0951?
Microsoft PowerShell versions 7.0.8 and earlier, Microsoft Windows 10 versions 1607 to 2004, and Microsoft Windows Server 2016 and 2019 are affected by CVE-2020-0951.
What is the severity of CVE-2020-0951?
CVE-2020-0951 has a severity score of 6.7, which is considered high.
How can an attacker exploit CVE-2020-0951?
An attacker can exploit CVE-2020-0951 to bypass WDAC enforcement, potentially allowing them to execute malicious code or perform unauthorized actions.
Is there a fix available for CVE-2020-0951?
Yes, Microsoft has released security updates that address CVE-2020-0951. It is recommended to apply the latest updates to protect against this vulnerability.
- collector/mitre-cve
- agent/type
- agent/last-modified-date
- agent/first-publish-date
- agent/author
- agent/softwarecombine
- agent/references
- agent/severity
- agent/title
- agent/remedy
- agent/description
- agent/event
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/microsoft
- canonical/microsoft powershell
- version/microsoft powershell/7.0
- version/microsoft powershell/7.1
- version/microsoft powershell/7.0.8
- canonical/microsoft windows 10
- version/microsoft windows 10/1607
- version/microsoft windows 10/1709
- version/microsoft windows 10/1803
- version/microsoft windows 10/1809
- version/microsoft windows 10/1903
- version/microsoft windows 10/1909
- version/microsoft windows 10/2004
- canonical/microsoft windows server 2016
- version/microsoft windows server 2016/1903
- version/microsoft windows server 2016/1909
- version/microsoft windows server 2016/2004
- canonical/microsoft windows server 2019