Lucene search

MicrosoftMS:CVE-2020-1123

HistoryMay 12, 2020 - 7:00 a.m.

Connected User Experiences and Telemetry Service Denial of Service Vulnerability

2020-05-1207:00:00

Microsoft

msrc.microsoft.com

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:N/A:P

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS

Percentile

9.5%

JSON

A denial of service vulnerability exists when Connected User Experiences and Telemetry Service improperly handles file operations. An attacker who successfully exploited this vulnerability could cause a system to stop responding.

To exploit the vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability.

The security update addresses the vulnerability by correcting how the Connected User Experiences and Telemetry Service handles file operations.

Affected configurations

Vulners

Node

microsoftwindows_server\,_1803_\(server_core_installation\)Range<2020-May

microsoftwindows_server_2016Range<2020-May

microsoftwindows_defender_on_windows_10_1607_for_x64-based_systemsRange<2020-May

microsoftwindows_defender_on_windows_10_1607_for_32-bit_systemsRange<2020-May

microsoftwindows_10_1903_for_x64-based_systemsRange<2020-May

microsoftwindows_10_2004_for_32-bit_systemsRange<2020-May

microsoftwindows_server\,_version_1903Range<2020-May

microsoftwindows_10_1903_for_arm64-based_systemsRange<2020-May

microsoftwindows_10_1903_for_x64-based_systemsRange<2020-May

microsoftwindows_10_1903_for_32-bit_systemsRange<2020-May

microsoftwindows_10_1709_for_arm64-based_systemsRange<2020-May

microsoftwindows_10_1709_for_x64-based_systemsRange<2020-May

microsoftwindows_10_1709_for_32-bit_systemsRange<2020-May

microsoftwindows_server\,_version_1909Range<2020-May

microsoftwindows_10_1909_for_arm64-based_systemsRange<2020-May

microsoftwindows_10_1909_for_x64-based_systemsRange<2020-May

microsoftwindows_10_1909_for_32-bit_systemsRange<2020-May

microsoftwindows_server\,_1803_\(server_core_installation\)Range<2020-May

microsoftwindows_server_2019Range<2020-May

microsoftwindows_10_1809_for_arm64-based_systemsRange<2020-May

microsoftwindows_10_1809_for_x64-based_systemsRange<2020-May

microsoftwindows_10_1809_for_32-bit_systemsRange<2020-May

microsoftwindows_10_1803_for_arm64-based_systemsRange<2020-May

microsoftwindows_server\,_1803_\(server_core_installation\)Range<2020-May

microsoftwindows_10_1803_for_x64-based_systemsRange<2020-May

microsoftwindows_10_1803_for_32-bit_systemsRange<2020-May

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:N/A:P

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS

Percentile

9.5%

JSON

Related for MS:CVE-2020-1123