CVE-2020-1034

MEDIUM

Windows Kernel - Privilege Escalation

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2020-1034. PoCs published by yardenshafir, GeorgiiFirsov.

AI-analyzed exploit summary This repository contains a privilege escalation PoC for CVE-2020-1034, targeting Windows 10 2004. The exploit manipulates ETW (Event Tracing for Windows) to modify token privileges, enabling local privilege escalation.

Description

<p>An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.</p> <p>To exploit the vulnerability, a locally authenticated attacker could run a specially crafted application.</p> <p>The security update addresses the vulnerability by ensuring the Windows Kernel properly handles objects in memory.</p>

Exploits (2)

nomisec WORKING POC 126 stars
by yardenshafir · poc
https://github.com/yardenshafir/CVE-2020-1034

This repository contains a privilege escalation PoC for CVE-2020-1034, targeting Windows 10 2004. The exploit manipulates ETW (Event Tracing for Windows) to modify token privileges, enabling local privilege escalation.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Complex
Reliability
Reliable
Target: Windows 10 2004 (build 19041.488)
Auth required
Prerequisites: Local access to an unpatched Windows 10 2004 system · Ability to execute code with low privileges
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC 1 stars
by GeorgiiFirsov · poc
https://github.com/GeorgiiFirsov/CVE-2020-1034

This repository contains a working exploit for CVE-2020-1034, a Windows Kernel Elevation of Privilege vulnerability. The exploit manipulates token privileges via ETW notifications to escalate privileges and spawn a command prompt with elevated permissions.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Complex
Reliability
Reliable
Target: Windows Kernel (versions affected by CVE-2020-1034)
Auth required
Prerequisites: Local access to a vulnerable Windows system · Ability to execute code with sufficient permissions to interact with ETW and token manipulation
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1
Core References

Scores

CVSS v3 6.8
EPSS 0.0432
EPSS Percentile 90.0%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

Details

Status published
Products (17)
microsoft/windows_10
microsoft/windows_10 1607
microsoft/windows_10 1709
microsoft/windows_10 1803
microsoft/windows_10 1809
microsoft/windows_10 1903
microsoft/windows_10 1909
microsoft/windows_10 2004
microsoft/windows_8.1
microsoft/windows_rt_8.1
... and 7 more
Published Sep 11, 2020
Tracked Since Feb 18, 2026