Lucene search
HistoryApr 15, 2020 - 3:15 p.m.
CVE-2020-1002
cve-2020-1002
elevation privilege
mpsigstub.exe
file deletion
microsoft defender
6.6 Medium
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:N/I:C/A:C
7.1 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
7.1 High
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
9.5%
An elevation of privilege vulnerability exists when the MpSigStub.exe for Defender allows file deletion in arbitrary locations.To exploit the vulnerability, an attacker would first have to log on to the system, aka ‘Microsoft Defender Elevation of Privilege Vulnerability’.
Affected configurations
Node
microsoftforefront_endpoint_protection
ORmicrosoftsystem_center_configuration_manager
ORmicrosoftsystem_center_configuration_manager
ORmicrosoftsystem_center_configuration_manager
ORmicrosoftsecurity_essentials
ORmicrosoftwindows_defender_on_windows_10_1909 for 32-bit systemsMatchunspecified
ORmicrosoftwindows_defender_on_windows_10_1909 for x64-based systemsMatchunspecified
ORmicrosoftwindows_defender_on_windows_10_1909 for arm64-based systemsMatchunspecified
ORmicrosoftwindows_defender_on_windows_server,_version_1909Matchunspecified
ORmicrosoftwindows_defender_on_windows_10_1803 for 32-bit systemsMatchunspecified
ORmicrosoftwindows_defender_on_windows_10_1803 for x64-based systemsMatchunspecified
ORmicrosoftwindows_defender_on_windows_server,_1803 (server core installation)Matchunspecified
ORmicrosoftwindows_defender_on_windows_10_1803 for arm64-based systemsMatchunspecified
ORmicrosoftwindows_defender_on_windows_10_1809 for 32-bit systemsMatchunspecified
ORmicrosoftwindows_defender_on_windows_10_1809 for x64-based systemsMatchunspecified
ORmicrosoftwindows_defender_on_windows_10_1809 for arm64-based systemsMatchunspecified
ORmicrosoftwindows_defender_on_windows_server_2019Matchunspecified
ORmicrosoftwindows_server_2019
ORmicrosoftwindows_defender_on_windows_10_1709 for 32-bit systemsMatchunspecified
ORmicrosoftwindows_defender_on_windows_10_1709 for x64-based systemsMatchunspecified
ORmicrosoftwindows_defender_on_windows_10_1709 for arm64-based systemsMatchunspecified
ORmicrosoftwindows_defender_on_windows_10_1903 for 32-bit systemsMatchunspecified
ORmicrosoftwindows_defender_on_windows_10_1903 for x64-based systemsMatchunspecified
ORmicrosoftwindows_defender_on_windows_10_1903 for arm64-based systemsMatchunspecified
ORmicrosoftwindows_defender_on_windows_server,_version_1903Matchunspecified
ORmicrosoftwindows_defender
ORmicrosoftwindows_defender
ORmicrosoftwindows_defender_on_windows_10_1607 for 32-bit systemsMatchunspecified
ORmicrosoftwindows_defender_on_windows_10_1607 for x64-based systemsMatchunspecified
ORmicrosoftwindows_defender_on_windows_server_2016Matchunspecified
ORmicrosoftwindows_server_2016
ORmicrosoftwindows_defender
ORmicrosoftwindows_defender
ORmicrosoftwindows_8.1
ORmicrosoftwindows_8.1
ORmicrosoftwindows_defender_on_windows_rt_8.1Matchunspecified
ORmicrosoftwindows_server_2008
ORmicrosoftwindows_server_2008
ORmicrosoftwindows_server_2008
ORmicrosoftwindows_server_2008
ORmicrosoftwindows_server_2008
ORmicrosoftwindows_server_2008
ORmicrosoftwindows_defender_on_windows_server_2012Matchunspecified
ORmicrosoftwindows_defender_on_windows_server_2012Matchunspecified
ORmicrosoftwindows_defender_on_windows_server_2012_r2Matchunspecified
ORmicrosoftwindows_defender_on_windows_server_2012_r2Matchunspecified
| Vendor | Product | Version | CPE |
|---|---|---|---|
| microsoft | forefront_endpoint_protection | * | cpe:2.3:a:microsoft:forefront_endpoint_protection:*:*:*:*:*:*:*:* |
| microsoft | system_center_configuration_manager | * | cpe:2.3:a:microsoft:system_center_configuration_manager:*:*:*:*:*:*:*:* |
| microsoft | system_center_configuration_manager | * | cpe:2.3:a:microsoft:system_center_configuration_manager:*:*:*:*:*:*:*:* |
| microsoft | system_center_configuration_manager | * | cpe:2.3:a:microsoft:system_center_configuration_manager:*:*:*:*:*:*:*:* |
| microsoft | security_essentials | * | cpe:2.3:a:microsoft:security_essentials:*:*:*:*:*:*:*:* |
| microsoft | windows_defender_on_windows_10_1909 for 32-bit systems | unspecified | cpe:2.3:o:microsoft:windows_defender_on_windows_10_1909 for 32-bit systems:unspecified:*:*:*:*:*:*:* |
| microsoft | windows_defender_on_windows_10_1909 for x64-based systems | unspecified | cpe:2.3:o:microsoft:windows_defender_on_windows_10_1909 for x64-based systems:unspecified:*:*:*:*:*:*:* |
| microsoft | windows_defender_on_windows_10_1909 for arm64-based systems | unspecified | cpe:2.3:o:microsoft:windows_defender_on_windows_10_1909 for arm64-based systems:unspecified:*:*:*:*:*:*:* |
| microsoft | windows_defender_on_windows_server,_version_1909 | unspecified | cpe:2.3:o:microsoft:windows_defender_on_windows_server,_version_1909:unspecified:*:*:*:*:*:*:* |
| microsoft | windows_defender_on_windows_10_1803 for 32-bit systems | unspecified | cpe:2.3:o:microsoft:windows_defender_on_windows_10_1803 for 32-bit systems:unspecified:*:*:*:*:*:*:* |
CNA Affected
[
{
"product": "Microsoft Forefront Endpoint Protection",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2010"
}
]
},
{
"product": "Microsoft System Center",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Endpoint Protection"
},
{
"status": "affected",
"version": "2012 R2 Endpoint Protection"
},
{
"status": "affected",
"version": "2012 Endpoint Protection"
}
]
},
{
"product": "Microsoft Security Essentials",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows Defender on Windows 10 Version 1909 for 32-bit Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows Defender on Windows 10 Version 1909 for x64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows Defender on Windows 10 Version 1909 for ARM64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows Defender on Windows Server, version 1909 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows Defender on Windows 10 Version 1803 for 32-bit Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows Defender on Windows 10 Version 1803 for x64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows Defender on Windows Server, version 1803 (Server Core Installation)",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows Defender on Windows 10 Version 1803 for ARM64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows Defender on Windows 10 Version 1809 for 32-bit Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows Defender on Windows 10 Version 1809 for x64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows Defender on Windows 10 Version 1809 for ARM64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows Defender on Windows Server 2019",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows Defender on Windows Server 2019 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows Defender on Windows 10 Version 1709 for 32-bit Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows Defender on Windows 10 Version 1709 for x64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows Defender on Windows 10 Version 1709 for ARM64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows Defender on Windows 10 Version 1903 for 32-bit Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows Defender on Windows 10 Version 1903 for x64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows Defender on Windows 10 Version 1903 for ARM64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows Defender on Windows Server, version 1903 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows Defender on Windows 10 for 32-bit Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows Defender on Windows 10 for x64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows Defender on Windows 10 Version 1607 for 32-bit Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows Defender on Windows 10 Version 1607 for x64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows Defender on Windows Server 2016",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows Defender on Windows Server 2016 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows Defender on Windows 7 for 32-bit Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Service Pack 1"
}
]
},
{
"product": "Windows Defender on Windows 7 for x64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Service Pack 1"
}
]
},
{
"product": "Windows Defender on Windows 8.1 for 32-bit systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows Defender on Windows 8.1 for x64-based systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows Defender on Windows RT 8.1",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows Defender on Windows Server 2008 for 32-bit Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Service Pack 2"
}
]
},
{
"product": "Windows Defender on Windows Server 2008 for 32-bit Systems (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Service Pack 2"
}
]
},
{
"product": "Windows Defender on Windows Server 2008 for Itanium-Based Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Service Pack 2"
}
]
},
{
"product": "Windows Defender on Windows Server 2008 R2 for Itanium-Based Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Service Pack 1"
}
]
},
{
"product": "Windows Defender on Windows Server 2008 R2 for x64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Service Pack 1"
}
]
},
{
"product": "Windows Defender on Windows Server 2008 R2 for x64-based Systems (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Service Pack 1"
}
]
},
{
"product": "Windows Defender on Windows Server 2012",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows Defender on Windows Server 2012 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows Defender on Windows Server 2012 R2",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows Defender on Windows Server 2012 R2 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
}
]Related
openvas
openvas
Microsoft Defender Elevation of Privilege Vulnerability (Apr 2020)
2020-04-15 00:00:00
mscve
mscve
Microsoft Defender Elevation of Privilege Vulnerability
2020-04-14 07:00:00
prion
prion
Privilege escalation
2020-04-15 15:15:00
cvelist
cvelist
CVE-2020-1002
2020-04-15 15:13:20
nvd
nvd
CVE-2020-1002
2020-04-15 15:15:20
nessus
nessus
Security Updates for Microsoft Defender (April 2020)
2020-04-17 00:00:00
kaspersky
kaspersky
KLA11747 Multiple vulnerabilities in Mycrosoft System Center
2020-04-14 00:00:00
avleonov
avleonov
6.6 Medium
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:N/I:C/A:C
7.1 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
7.1 High
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
9.5%
Related for CVE-2020-1002