CVE-2020-0981

Name of the Vulnerable Software and Affected Versions Windows versions prior to the fixed version

Description The issue is related to the incorrect neutralization of special elements in output used by an incoming component, specifically the NtFilterToken ParentTokenId in Microsoft Windows. This could allow an attacker to elevate their privileges. The vulnerability exists when Windows fails to properly handle token relationships, potentially leading to a sandbox escape. An application with a certain integrity level could execute code at a different integrity level. The vulnerability can be exploited to escape the Chrome sandbox in Windows by utilizing the Windows access token management mechanism.

Recommendations For Windows versions prior to the fixed version, update to the latest version that includes the security patch to address the vulnerability by correcting how Windows handles token relationships. As a temporary workaround, consider restricting access to sensitive components and modules to minimize the risk of exploitation until a patch is available.