CVE-2020-1313

HIGH

Windows Update Orchestrator Service - Privilege Escalation

Title source: llm

Description

An elevation of privilege vulnerability exists when the Windows Update Orchestrator Service improperly handles file operations, aka 'Windows Update Orchestrator Service Elevation of Privilege Vulnerability'.

Exploits (2)

nomisec WORKING POC 125 stars

by irsl · poc

https://github.com/irsl/CVE-2020-1313

View Code ZIP pw:eip

metasploit WORKING POC EXCELLENT

by Imre Rad, bwatters-r7 · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/local/cve_2020_1313_system_orchestrator.rb

View Code ZIP pw:eip

References (2)

[Exploit, Third Party Advisory, VDB Entry] http://packetstormsecurity.com/files/159305/Microsoft-Windows-Update-Orchestrator-Unchecked-ScheduleWork-Call.html

[Patch, Vendor Advisory] https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1313

Scores

CVSS v3 7.8

EPSS 0.8161

EPSS Percentile 99.2%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

Status published

Products (6)

microsoft/windows_10 1903

microsoft/windows_10 1909

microsoft/windows_10 2004

microsoft/windows_server_2016 1903

microsoft/windows_server_2016 1909

microsoft/windows_server_2016 2004

Published Jun 09, 2020

Tracked Since Feb 18, 2026