First published: Fri Sep 11 2020(Updated: )
<p>An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector improperly handles file operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context.</p> <p>An attacker could exploit this vulnerability by running a specially crafted application on the victim system.</p> <p>The update addresses the vulnerability by correcting the way the Diagnostics Hub Standard Collector handles file operations.</p>
Credit: secure@microsoft.com secure@microsoft.com
Affected Software | Affected Version | How to fix |
---|---|---|
=2015-update3 | ||
>=15.0<15.9.27 | ||
>=16.0<16.4.13 | ||
>=16.5<16.7.3 | ||
=1607 | ||
=1709 | ||
=1803 | ||
=1809 | ||
=1903 | ||
=1909 | ||
=2004 | ||
=1903 | ||
=1909 | ||
=2004 | ||
Microsoft Visual Studio | =2015-update3 | |
Microsoft Visual Studio 2017 | >=15.0<15.9.27 | |
Microsoft Visual Studio 2019 | >=16.0<16.4.13 | |
Microsoft Visual Studio 2019 | >=16.5<16.7.3 | |
Microsoft Windows 10 | ||
Microsoft Windows 10 | =1607 | |
Microsoft Windows 10 | =1709 | |
Microsoft Windows 10 | =1803 | |
Microsoft Windows 10 | =1809 | |
Microsoft Windows 10 | =1903 | |
Microsoft Windows 10 | =1909 | |
Microsoft Windows 10 | =2004 | |
Microsoft Windows Server 2016 | ||
Microsoft Windows Server 2016 | =1903 | |
Microsoft Windows Server 2016 | =1909 | |
Microsoft Windows Server 2016 | =2004 | |
Microsoft Windows Server 2019 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2020-1133 is high with a CVSS score of 7.8.
The affected software products include Microsoft Visual Studio 2015 Update 3, Microsoft Visual Studio 2017 (versions 15.0 to 15.9.27), Microsoft Visual Studio 2019 (versions 16.0 to 16.4.13), Microsoft Windows 10 (versions 1607 to 2004), Microsoft Windows Server 2016 (versions 1903 to 2004), and Microsoft Windows Server 2019.
CVE-2020-1133 is an elevation of privilege vulnerability that exists in the Diagnostics Hub Standard Collector, where it improperly handles file operations.
To fix CVE-2020-1133, it is recommended to apply the latest security updates provided by Microsoft for the affected software products.
You can find more information about CVE-2020-1133 on the Microsoft Security Guidance advisory page: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1133