CVE-2020-0638
HIGH KEV RANSOMWAREWindows 10 1709-1909 and Windows Server 1803-2019 - Elevation of Privilege via Update Notification Manager
Title source: llmExploitation Summary
CVE-2020-0638 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added May 23, 2022, with confirmed use in ransomware campaigns.
Description
An elevation of privilege vulnerability exists in the way the Update Notification Manager handles files.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Update Notification Manager Elevation of Privilege Vulnerability'.
References (2)
Core 2
Core References
Patch, Vendor Advisory x_refsource_misc
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0638
US Government Resource
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-0638
Scores
CVSS v3
7.8
EPSS
0.0148
EPSS Percentile
81.5%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
active
Automatable
no
Technical Impact
total
Details
CISA KEV
2022-05-23
VulnCheck KEV
2022-03-24
InTheWild.io
2022-03-24
ENISA EUVD
EUVD-2020-2132
Ransomware Use
Confirmed
CWE
CWE-59
Status
published
Products (9)
microsoft/windows_10_1709
(2 CPE variants)
microsoft/windows_10_1803
(2 CPE variants)
microsoft/windows_10_1809
(3 CPE variants)
microsoft/windows_10_1903
(3 CPE variants)
microsoft/windows_10_1909
(3 CPE variants)
microsoft/windows_server_1803
microsoft/windows_server_1903
microsoft/windows_server_1909
microsoft/windows_server_2019
Published
Jan 14, 2020
KEV Added
May 23, 2022
Tracked Since
Feb 18, 2026