First published: Fri Sep 11 2020(Updated: )
<p>An elevation of privilege vulnerability exists in the way that the Wininit.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.</p> <p>There are multiple ways an attacker could exploit the vulnerability:</p> <ul> <li><p>In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit this vulnerability and then convince a user to view the website. An attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically by getting them to click a link in an email message or in an Instant Messenger message that takes users to the attacker's website, or by opening an attachment sent through email.</p> </li> <li><p>In a file sharing attack scenario, an attacker could provide a specially crafted document file that is designed to exploit this vulnerability, and then convince a user to open the document file.</p> </li> </ul> <p>The security update addresses the vulnerability by ensuring the Wininit.dll properly handles objects in memory.</p>
Credit: secure@microsoft.com secure@microsoft.com
Affected Software | Affected Version | How to fix |
---|---|---|
All of | ||
=11 | ||
Any of | ||
=1709 | ||
=1803 | ||
=1809 | ||
=1903 | ||
=1909 | ||
=2004 | ||
Microsoft Internet Explorer | =11 | |
Microsoft Windows 10 | =1709 | |
Microsoft Windows 10 | =1803 | |
Microsoft Windows 10 | =1809 | |
Microsoft Windows 10 | =1903 | |
Microsoft Windows 10 | =1909 | |
Microsoft Windows 10 | =2004 | |
Microsoft Windows Server 2019 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-1506 is an elevation of privilege vulnerability in the Windows Start-Up Application.
CVE-2020-1506 has a severity score of 8.8 (high).
Internet Explorer 11 and certain versions of Windows 10 and Windows Server 2019 are affected by CVE-2020-1506.
Apply the latest security updates and patches provided by Microsoft to fix CVE-2020-1506.
You can refer to the Microsoft Security Guidance Advisory, available at: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1506