Vulnerability Details CVE-2020-16908
<p>An elevation of privilege vulnerability exists in Windows Setup in the way it handles directories.</p>
<p>A locally authenticated attacker could run arbitrary code with elevated system privileges. After successfully exploiting the vulnerability, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.</p>
<p>The security update addresses the vulnerability by ensuring Windows Setup properly handles directories.</p>
Exploit prediction scoring system (EPSS) score
EPSS Score 0.007
EPSS Ranking 71.4%
CVSS Severity
CVSS v3 Score 7.8
CVSS v2 Score 7.2
References
Products affected by CVE-2020-16908
-
cpe:2.3:o:microsoft:windows_10:1803
-
cpe:2.3:o:microsoft:windows_10:1809
-
cpe:2.3:o:microsoft:windows_10:1903
-
cpe:2.3:o:microsoft:windows_10:1909
-
cpe:2.3:o:microsoft:windows_10:2004