A security feature bypass vulnerability exists when Windows fails to properly handle token relationships.An attacker who successfully…
microsoft·CWE-863·Published 2020-04-15
A security feature bypass vulnerability exists when Windows fails to properly handle token relationships.An attacker who successfully exploited the vulnerability could allow an application with a certain integrity level to execute code at a different integrity level, leading to a sandbox escape.The update addresses the vulnerability by correcting how Windows handles token relationships, aka 'Windows Token Security Feature Bypass Vulnerability'.
A security feature bypass vulnerability exists when Windows fails to properly handle token relationships.An attacker who successfully exploited the vulnerability could allow an application with a certain integrity level to execute code at a different integrity level, leading to a sandbox escape.The update addresses the vulnerability by correcting how Windows handles token relationships, aka 'Windows Token Security Feature Bypass Vulnerability'.
Hay una vulnerabilidad de omisión de la característica de seguridad cuando Windows da un fallo al no manejar apropiadamente las relaciones de token. Un atacante que explotara con éxito la vulnerabilidad podría permitir que una aplicación con un determinado nivel de integridad ejecute código con un nivel de integridad diferente, conllevando a un escape del sandbox. La actualización aborda la vulnerabilidad al corregir la manera en que Windows maneja las relaciones de token, también se conoce como "Windows Token Security Feature Bypass Vulnerability".
| Version | Type | Source | Base | Exp | Impact | Vector |
|---|---|---|---|---|---|---|
| 2.0 | Primary | NVD | 4.6 | 3.9 | 6.4 | AV:L/AC:L/Au:N/C:P/I:P/A:P |
| 3.1 | Primary | NVD | 8.8 | 2.0 | 6.0 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H |