CVE-2020-1459

Name of the Vulnerable Software and Affected Versions Windows versions prior to the fixed version

Description The issue is related to an information disclosure vulnerability in ARM implementations of Windows, which is connected to the lack of protection for service data. This vulnerability can be exploited by a remote attacker to gain unauthorized access to protected information. The vulnerability exists due to speculative execution in control flow via a side-channel analysis, also known as "straight-line speculation." To exploit this, an attacker with local privileges would need to run a specially crafted application.

Recommendations For Windows versions prior to the fixed version, the security update addresses the vulnerability by bypassing the speculative execution, thus resolving the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.