CVE-2020-1250: Win32k Information Disclosure Vulnerability
First published: Fri Sep 11 2020(Updated: )
<p>An information disclosure vulnerability exists when the win32k component improperly provides kernel information. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system.</p> <p>To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application.</p> <p>The security update addresses the vulnerability by correcting how win32k handles objects in memory.</p>
Credit: secure@microsoft.com secure@microsoft.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| =1607 | ||
| =1709 | ||
| =1803 | ||
| =1809 | ||
| =1903 | ||
| =1909 | ||
| =2004 | ||
| =sp1 | ||
| =sp2 | ||
| =r2-sp1 | ||
| =r2 | ||
| =1903 | ||
| =1909 | ||
| =2004 | ||
| Microsoft Windows 10 | ||
| Microsoft Windows 10 | =1607 | |
| Microsoft Windows 10 | =1709 | |
| Microsoft Windows 10 | =1803 | |
| Microsoft Windows 10 | =1809 | |
| Microsoft Windows 10 | =1903 | |
| Microsoft Windows 10 | =1909 | |
| Microsoft Windows 10 | =2004 | |
| Microsoft Windows 7 | =sp1 | |
| Microsoft Windows 8.1 | ||
| Microsoft Windows RT 8.1 | ||
| Microsoft Windows Server 2008 | =sp2 | |
| Microsoft Windows Server 2008 | =r2-sp1 | |
| Microsoft Windows Server 2012 | ||
| Microsoft Windows Server 2012 | =r2 | |
| Microsoft Windows Server 2016 | ||
| Microsoft Windows Server 2016 | =1903 | |
| Microsoft Windows Server 2016 | =1909 | |
| Microsoft Windows Server 2016 | =2004 | |
| Microsoft Windows Server 2019 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2020-1250?
CVE-2020-1250 is an information disclosure vulnerability in the win32k component of Microsoft Windows.
How severe is CVE-2020-1250?
CVE-2020-1250 has a severity rating of 5.5, which is considered medium.
Which versions of Microsoft Windows are affected by CVE-2020-1250?
Microsoft Windows 10 versions 1607 through 2004, Windows 7 SP1, Windows 8.1, Windows RT 8.1, Windows Server 2008 SP2, Windows Server 2008 R2 SP1, Windows Server 2012, Windows Server 2012 R2, Windows Server 2016 versions 1903 through 2004, and Windows Server 2019 are affected by CVE-2020-1250.
What is the impact of CVE-2020-1250?
CVE-2020-1250 allows an attacker to gain access to kernel information on the affected systems, which could lead to further attacks or unauthorized access.
Is there a fix for CVE-2020-1250?
Yes, Microsoft has released security updates to address the CVE-2020-1250 vulnerability. It is recommended to install these updates as soon as possible.
- agent/first-publish-date
- agent/last-modified-date
- agent/author
- agent/softwarecombine
- agent/type
- agent/title
- agent/severity
- agent/references
- agent/remedy
- agent/description
- agent/event
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- collector/mitre-cve
- source/MITRE
- vendor/microsoft
- canonical/microsoft windows 10
- version/microsoft windows 10/1607
- version/microsoft windows 10/1709
- version/microsoft windows 10/1803
- version/microsoft windows 10/1809
- version/microsoft windows 10/1903
- version/microsoft windows 10/1909
- version/microsoft windows 10/2004
- canonical/microsoft windows 7
- version/microsoft windows 7/sp1
- canonical/microsoft windows 8.1
- canonical/microsoft windows rt 8.1
- canonical/microsoft windows server 2008
- version/microsoft windows server 2008/sp2
- version/microsoft windows server 2008/r2-sp1
- canonical/microsoft windows server 2012
- version/microsoft windows server 2012/r2
- canonical/microsoft windows server 2016
- version/microsoft windows server 2016/1903
- version/microsoft windows server 2016/1909
- version/microsoft windows server 2016/2004
- canonical/microsoft windows server 2019