CVE-2020-0863

An information vulnerability exists when Windows Connected User Experiences and Telemetry Service improperly discloses file information, aka ‘Connected User Experiences and Telemetry Service Information Disclosure Vulnerability’.

Recent assessments:

bwatters-r7 at December 21, 2020 10:03pm UTC reported:

CVE-2020-0863 is an arbitrary file read vulnerability. During the course of execution, the Diagnostic Tracking service in Windows reads a set of configuration files from a user-controlled directory, and copies them to a directory readable to everyone. While it is not possible to change the location of the write, using an oplock and file junctions, an attacker can manipulate the source file, causing the service to copy a file from a privileged area to a location readable by everyone.
More information is available here: <https://itm4n.github.io/cve-2020-0863-windows-diagtrack-info-disclo/&gt;

Assessed Attacker Value: 3
Assessed Attacker Value: 3Assessed Attacker Value: 4