CVE-2020-1313 : An elevation of privilege vulnerability exists when the Windows Update Orchestra

An elevation of privilege vulnerability exists when the Windows Update Orchestrator Service improperly handles file operations, aka 'Windows Update Orchestrator Service Elevation of Privilege Vulnerability'.

Published 2020-06-09 20:15:21

Updated 2022-04-28 19:33:00

Source Microsoft Corporation

View at NVD, CVE.org

Vulnerability category: Gain privilege

Products affected by CVE-2020-1313

Microsoft » Windows 10 » Version: 1903
cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows 10 » Version: 1909
cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows 10 » Version: 2004
cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows Server 2016 » Version: 1903
cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows Server 2016 » Version: 1909
cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows Server 2016 » Version: 2004
cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2020-1313

EPSS FAQ

90.52%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 100 %

Percentile, the proportion of vulnerabilities that are scored at or less

Metasploit modules for CVE-2020-1313

Windows Update Orchestrator unchecked ScheduleWork call

Disclosure Date: 2019-11-04

First seen: 2020-09-25

exploit/windows/local/cve_2020_1313_system_orchestrator

This exploit uses access to the UniversalOrchestrator ScheduleWork API call which does not verify the caller's token before scheduling a job to be run as SYSTEM. You cannot schedule something in a given time, so the payload will execute as system sometime in

More information

CVSS scores for CVE-2020-1313

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
6.8	MEDIUM	AV:N/AC:M/Au:N/C:P/I:P/A:P	8.6	6.4	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial
7.8	HIGH	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	1.8	5.9	NIST
Attack Vector: Local Attack Complexity: Low Privileges Required: None User Interaction: Required Scope: Unchanged Confidentiality: High Integrity: High Availability: High

References for CVE-2020-1313

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1313

CVE-2020-1313 | Windows Update Orchestrator Service Elevation of Privilege Vulnerability
Patch;Vendor Advisory
http://packetstormsecurity.com/files/159305/Microsoft-Windows-Update-Orchestrator-Unchecked-ScheduleWork-Call.html

Microsoft Windows Update Orchestrator Unchecked ScheduleWork Call ≈ Packet Storm
Exploit;Third Party Advisory;VDB Entry

Jump to

Vulnerability Details : CVE-2020-1313

Products affected by CVE-2020-1313

Exploit prediction scoring system (EPSS) score for CVE-2020-1313

Metasploit modules for CVE-2020-1313

Windows Update Orchestrator unchecked ScheduleWork call

CVSS scores for CVE-2020-1313

References for CVE-2020-1313