What is the severity of CVE-2020-1272?

CVE-2020-1272 has a CVSS score indicating a high severity due to its potential for elevation of privileges.

How do I fix CVE-2020-1272?

To fix CVE-2020-1272, ensure you apply the latest security updates provided by Microsoft for the affected Windows versions.

Who is affected by CVE-2020-1272?

CVE-2020-1272 affects multiple versions of Microsoft Windows including Windows 7, Windows 8.1, and various Windows 10 builds.

What kind of attacks can exploit CVE-2020-1272?

An attacker can exploit CVE-2020-1272 to execute arbitrary code with elevated system privileges on an affected system.

Is CVE-2020-1272 a remote vulnerability?

No, CVE-2020-1272 is a local vulnerability, which requires local authentication to exploit.

Vulnerability/
CVE-2020-1272

high

7.8

9/6/2020

4/8/2024

CVE-2020-1272

First published: Tue Jun 09 2020(Updated: )

An elevation of privilege vulnerability exists in the Windows Installer when the Windows Installer fails to properly sanitize input leading to an insecure library loading behavior.A locally authenticated attacker could run arbitrary code with elevated system privileges, aka 'Windows Installer Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1277, CVE-2020-1302, CVE-2020-1312.

Credit: secure@microsoft.com

Affected Software	Affected Version	How to fix
Windows 10
Windows 10
Windows 10	=1607
Windows 10	=1709
Windows 10	=1809
Windows 10	=1903
Windows 10	=1909
Windows 10	=2004
Microsoft Windows 7	=sp1
Microsoft Windows 7	=sp1
Microsoft Windows
Microsoft Windows
Microsoft Windows RT
Microsoft Windows Server	=sp2
Microsoft Windows Server	=sp2
Microsoft Windows Server	=sp2
Microsoft Windows Server	=r2-sp1
Microsoft Windows Server	=r2-sp1
Microsoft Windows Server
Microsoft Windows Server	=r2
Microsoft Windows Server 2016
Microsoft Windows Server 2016	=1803
Microsoft Windows Server 2016	=1903
Microsoft Windows Server 2016	=1909
Microsoft Windows Server 2016	=2004
Microsoft Windows Server 2019

Remedy

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1272

Never miss a vulnerability like this again

Reference Links

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1272

Frequently Asked Questions

What is the severity of CVE-2020-1272?
CVE-2020-1272 has a CVSS score indicating a high severity due to its potential for elevation of privileges.
How do I fix CVE-2020-1272?
To fix CVE-2020-1272, ensure you apply the latest security updates provided by Microsoft for the affected Windows versions.
Who is affected by CVE-2020-1272?
CVE-2020-1272 affects multiple versions of Microsoft Windows including Windows 7, Windows 8.1, and various Windows 10 builds.
What kind of attacks can exploit CVE-2020-1272?
An attacker can exploit CVE-2020-1272 to execute arbitrary code with elevated system privileges on an affected system.
Is CVE-2020-1272 a remote vulnerability?
No, CVE-2020-1272 is a local vulnerability, which requires local authentication to exploit.

agent/type
agent/severity
agent/author
agent/references
agent/remedy
agent/description
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/event
agent/first-publish-date
agent/source
agent/softwarecombine
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/microsoft
canonical/windows 10
version/windows 10/1607
version/windows 10/1709
version/windows 10/1809
version/windows 10/1903
version/windows 10/1909
version/windows 10/2004
canonical/microsoft windows 7
version/microsoft windows 7/sp1
canonical/microsoft windows
canonical/microsoft windows rt
canonical/microsoft windows server
version/microsoft windows server/sp2
version/microsoft windows server/r2-sp1
version/microsoft windows server/r2
canonical/microsoft windows server 2016
version/microsoft windows server 2016/1803
version/microsoft windows server 2016/1903
version/microsoft windows server 2016/1909
version/microsoft windows server 2016/2004
canonical/microsoft windows server 2019