PT-2020-3204 · Microsoft · Windows Appx Deployment Extensions+1

Published

2020-07-14

Updated

2020-07-21

CVE-2020-1431

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Windows AppX Deployment Extensions (affected versions not specified)

Description An elevation of privilege issue exists due to improper privilege management by the Windows AppX Deployment Extensions, allowing access to system files. To exploit this, an authenticated attacker would need to run a specially crafted application to elevate privileges. The security update addresses the issue by correcting how AppX Deployment Extensions manages privileges.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

LPE

Improper Privilege Management

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-269

Related Identifiers

BDU:2020-03502

CVE-2020-1431

Affected Products

Windows

Windows Appx Deployment Extensions

PT-2020-3204 · Microsoft · Windows Appx Deployment Extensions+1

CVE-2020-1431

Weakness Enumeration

Related Identifiers

Affected Products

References · 7