CVE-2020-1047 : An elevation of privilege vulnerability exists when Windows Hyper-V on a host

An elevation of privilege vulnerability exists when Windows Hyper-V on a host server fails to properly handle objects in memory. An attacker who successfully exploited these vulnerabilities could gain elevated privileges on a target operating system. This vulnerability by itself does not allow arbitrary code to be run. However, this vulnerability could be used in conjunction with one or more vulnerabilities (e.g. a remote code execution vulnerability and another elevation of privilege) that could take advantage of the elevated privileges when running. The update addresses the vulnerabilities by correcting how Windows Hyper-V handles objects in memory.

Published 2020-10-16 23:15:18

Updated 2023-12-31 20:16:02

Source Microsoft Corporation

View at NVD, CVE.org

Vulnerability category: Execute codeGain privilege

Products affected by CVE-2020-1047

Microsoft » Windows 10 » Version: 1803 For X64
cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:x64:*
Matching versions
Microsoft » Windows 10 » Version: 1809 For X64
cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:x64:*
Matching versions
Microsoft » Windows 10 » Version: 1903 For X64
cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:x64:*
Matching versions
Microsoft » Windows 10 » Version: 1909 For X64
cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:x64:*
Matching versions
Microsoft » Windows 10 » Version: 2004 For X64
cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:x64:*
Matching versions
Microsoft » Windows 10 » Version: 1709 For X86
cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:x86:*
Matching versions
Microsoft » Windows Server 2016 » Version: 1903
cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows Server 2016 » Version: 1909
cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows Server 2016 » Version: 2004
cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows Server 2019 » Version: N/A
cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2020-1047

EPSS FAQ

0.74%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 71 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2020-1047

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
7.2	HIGH	AV:L/AC:L/Au:N/C:C/I:C/A:C	3.9	10.0	NIST
Access Vector: Local Access Complexity: Low Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete
7.8	HIGH	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	1.8	5.9	NIST
Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High
7.8	HIGH	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	1.8	5.9	Microsoft Corporation
Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

References for CVE-2020-1047

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1047

CVE-2020-1047 | Windows Hyper-V Elevation of Privilege Vulnerability
Patch;Vendor Advisory

Jump to

Vulnerability Details : CVE-2020-1047

Products affected by CVE-2020-1047

Exploit prediction scoring system (EPSS) score for CVE-2020-1047

CVSS scores for CVE-2020-1047

References for CVE-2020-1047