CVE-2020-16895
HIGHMicrosoft Windows 10 - Improper Exception Handling
Title source: ruleDescription
<p>An elevation of privilege vulnerability exists when Windows Error Reporting manager improperly handles a process crash. An attacker who successfully exploited this vulnerability could delete a targeted file leading to an elevated status.</p> <p>To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system.</p> <p>The security update addresses the vulnerability by correcting how Windows Error Reporting manager handles process crashes.</p>
Scores
CVSS v3
7.8
EPSS
0.0055
EPSS Percentile
67.6%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Classification
CWE
CWE-755
Status
published
Affected Products (9)
microsoft/windows_10
microsoft/windows_10
microsoft/windows_10
microsoft/windows_10
microsoft/windows_10
microsoft/windows_server_2016
microsoft/windows_server_2016
microsoft/windows_server_2016
microsoft/windows_server_2019
Timeline
Published
Oct 16, 2020
Tracked Since
Feb 18, 2026