HTTP: Microsoft Windows Win32k Kernel Driver CVE-2020-16907 Privilege Escalation
This signature detects attempts to exploit a known vulnerability against Microsoft Windows Win32k Kernel Driver. A successful attack can lead to elevation of privilege and arbitrary code execution.
Extended Description
An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system. The update addresses this vulnerability by correcting how the Windows kernel-mode driver handles objects in memory.
Affected Products
Microsoft windows_server_2019
References
CVE: CVE-2020-16907
Short Name
HTTP:STC:DL:CVE-2020-16907-PE
Severity
Major
Recommended
True
Recommended Action
Drop
Category
HTTP
Keywords
CVE-2020-16907 Driver Escalation Kernel Microsoft Privilege Win32k Windows
Release Date
09/30/2020
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3665
False Positive
Unknown
Vendors
Microsoft
CVSS Score
7.2