Windows Diagnostics Hub Elevation of Privilege Vulnerability

2020-07-14T07:00:00
ID MS:CVE-2020-1418
Type mscve
Reporter Microsoft
Modified 2020-07-14T07:00:00

Description

An elevation of privilege vulnerability exists when the Windows Diagnostics Execution Service fails to properly sanitize input, leading to an unsecure library-loading behavior. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application.

The security update addresses the vulnerability by correcting how the Windows Diagnostics Execution Service sanitizes input, to help preclude unintended elevated system privileges.