Description Preview
Overview
This vulnerability affects the Windows kernel-mode driver (Win32k) and stems from improper handling of objects in memory. An attacker who successfully exploits this vulnerability could run arbitrary code in kernel mode, allowing them to install programs, view, change, or delete data, or create new accounts with full user rights. To exploit this vulnerability, an attacker would first need to log on to the system, then run a specially crafted application designed to exploit the vulnerability and take control of an affected system.
The vulnerability impacts various Windows operating systems and requires local access to exploit. The severity is heightened because it allows privilege escalation from a standard user account to system-level privileges, effectively bypassing security restrictions.
Remediation
To address this vulnerability, Microsoft has released security updates. Organizations and users should apply the appropriate security patches from the May 2020 security update. The following remediation steps are recommended:
- Apply the security update provided by Microsoft through Windows Update or Microsoft Update Catalog.
- Ensure systems are configured to automatically apply security updates or implement a regular patching schedule.
- Implement the principle of least privilege for user accounts to minimize the impact of potential exploits.
- Consider implementing application control solutions to prevent unauthorized applications from running.
- Keep all Windows systems up to date with the latest security patches.
For systems that cannot be immediately patched, consider implementing additional security controls to restrict access to affected systems and monitor for suspicious activities.
References
- Microsoft Security Advisory: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1143
- Microsoft Security Update Guide: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-1143
- Microsoft May 2020 Security Updates: https://msrc.microsoft.com/update-guide/releaseNote/2020-May
Industry ExposureMost to leastThis section illustrates the prevalence of a specific Common Vulnerabilities and Exposures (CVE) across various industries based on customer reports. The ranking displays industries from the most to least affected by this particular vulnerability, offering valuable insight into where this CVE has been most frequently observed. This information can help organizations within these sectors prioritize their security efforts, understand their relative risk exposure compared to their peers, and focus remediation strategies where they are most needed. By understanding the industry-specific impact, organizations can make more informed decisions regarding patching, resource allocation, and overall risk management related to this CVE.
- ManufacturingManufacturing
- Health Care & Social AssistanceHealth Care & Social Assistance
- Public AdministrationPublic Administration
- Educational ServicesEducational Services
- Finance and InsuranceFinance and Insurance
- Transportation & WarehousingTransportation & Warehousing
- Retail TradeRetail Trade
- UtilitiesUtilities
- Other Services (except Public Administration)Other Services (except Public Administration)
- Professional, Scientific, & Technical ServicesProfessional, Scientific, & Technical Services
- InformationInformation
- Arts, Entertainment & RecreationArts, Entertainment & Recreation
- Management of Companies & EnterprisesManagement of Companies & Enterprises
- Accommodation & Food ServicesAccommodation & Food Services
- ConstructionConstruction
- Agriculture, Forestry Fishing & HuntingAgriculture, Forestry Fishing & Hunting
- MiningMining
- Real Estate Rental & LeasingReal Estate Rental & Leasing
- Wholesale TradeWholesale Trade
- Administrative, Support, Waste Management & Remediation ServicesAdministrative, Support, Waste Management & Remediation Services
