CVE-2020-1491

Name of the Vulnerable Software and Affected Versions: Windows Function Discovery Service (affected versions not specified)

Description: The issue is related to errors in privilege management within the Windows Function Discovery Service, allowing an attacker to potentially elevate their privileges. To exploit this, a locally authenticated attacker could run a specially crafted application, enabling them to execute code with elevated permissions. The vulnerability is addressed by ensuring the Windows Function Discovery Service properly handles objects in memory.

Recommendations: For the Windows Function Discovery Service, ensure the security update is applied to address the vulnerability by properly handling objects in memory. As a temporary workaround, consider restricting access to the Windows Function Discovery Service until the security update is applied.