Severity Rating: High
Software Affected
· ChakraCore
· Microsoft Edge (EdgeHTML-based) for
o Windows 10 for 32-bit Systems and x64-based Systems
o Windows 10 Version 1607 for 32-bit Systems and x64-based Systems
o Windows 10 Version 1709 for 32-bit Systems, ARM64-based Systems and
x64-based Systems
o Windows 10 Version 1803 for 32-bit Systems, ARM64-based Systems and
x64-based Systems
o Windows 10 Version 1809 for 32-bit Systems, ARM64-based Systems and
x64-based Systems
o Windows 10 Version 1903 for 32-bit Systems, ARM64-based Systems and
x64-based Systems
o Windows 10 Version 1909 for 32-bit Systems, ARM64-based Systems and
x64-based Systems
o Windows Server 2016
o Windows Server 2019
Overview
A vulnerability has been reported in Microsoft Scripting Engine which could
allow a remote attacker to conduct remote code execution attacks in the
context of the current user.
Description
This vulnerability exists in the Chakra scripting engine due to an error
while handling objects in memory. A remote attacker could exploit this
vulnerability to execute arbitrary code in the context of the current user.
The attacker could gain the same user rights as the current user. If the
target system is logged in by the user using administrative rights, the
attacker could completely compromise the system.
Solution
Apply appropriate patches as mentioned in Microsoft Security Guidance
Vendor Information
Microsoft
- -1073
References
Microsoft
- -1073
CVE Name
CVE-2020-1073
About Cert Advisory
We have created this blog to provide latest security advisory from the india cert for the security vulnerability, threats, attacks and patching required to mitigate any kind of cyber attacks.