The vulnerability of the Microsoft Internet Information Server (IIS) server allows for unauthorized access by attackers, enabling them to escalate their privileges. This vulnerability is related to the Windows Background Intelligent Transfer Service (BITS), which operates on Windows operating systems.

🗓️ 30 Jun 2020 00:00:00Reported by FSTEC of Russia — Information Security Threat DatabaseType

bdu_fstec

bdu_fstec🔗 bdu.fstec.ru👁 3 Views

Internet Information Services vulnerability enables remote access and privilege escalation via Background Intelligent Transfer Service.

Reporter	Title	Published	Views	Family All 43
Information Security Automation	Microsoft Patch Tuesday June 2020: The Bleeding Ghost of SMB	23 Jun 202001:31	–	avleonov
CNVD	Microsoft Windows Background Intelligent Transfer Service Elevation of Privilege Vulnerability	10 Jun 202000:00	–	cnvd
CVE	CVE-2020-1255	9 Jun 202019:43	–	cve
Cvelist	CVE-2020-1255	9 Jun 202019:43	–	cvelist
Microsoft KB	June 9, 2020—KB4561602 (OS Build 16299.1932)	9 Jun 202007:00	–	mskb
Microsoft KB	June 9, 2020—KB4561612 (Monthly Rollup)	9 Jun 202007:00	–	mskb
Microsoft KB	June 9, 2020—KB4561616 (OS Build 14393.3750)	9 Jun 202007:00	–	mskb
Microsoft KB	June 9, 2020—KB4561643 (Monthly Rollup)	9 Jun 202007:00	–	mskb
Microsoft KB	June 9, 2020—KB4561645 (Security-only update)	9 Jun 202007:00	–	mskb
Microsoft KB	June 9, 2020—KB4561649 (OS Build 10240.18608)	9 Jun 202007:00	–	mskb

Source	Link
portal	www.portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1255
nvd	www.nvd.nist.gov/vuln/detail/CVE-2020-1255
web	www.web.nvd.nist.gov/view/vuln/detail

30 Jun 2020 00:00Current

7.5High risk

Vulners AI Score7.5

CVSS 38.8

CVSS 29

EPSS0.03366

Internet Information Services Background Intelligent Transfer Service remote privilege escalation file operation errors Windows operating systems