CVE-2020-1170

HIGH

Microsoft Windows Defender - Incorrect Permission Assignment

Title source: rule

Description

An elevation of privilege vulnerability exists in Windows Defender that leads arbitrary file deletion on the system.To exploit the vulnerability, an attacker would first have to log on to the system, aka 'Microsoft Windows Defender Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1163.

Exploits (1)

metasploit WORKING POC

by James Foreshaw, Grant Willcox · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/local/cve_2020_17136.rb

View Code ZIP pw:eip

References (2)

[Patch, Vendor Advisory] https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1170

[Exploit, Third Party Advisory, VDB Entry] http://packetstormsecurity.com/files/160919/Cloud-Filter-Arbitrary-File-Creation-Privilege-Escalation.html

Scores

CVSS v3 7.8

EPSS 0.0015

EPSS Percentile 35.9%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-732

Status published

Products (4)

microsoft/forefront_endpoint_protection_2010

microsoft/security_essentials

microsoft/system_center_endpoint_protection 2012 (2 CPE variants)

microsoft/windows_defender

Published Jun 09, 2020

Tracked Since Feb 18, 2026