Description
<p>An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context.</p> <p>In a local attack scenario, an attacker could exploit this vulnerability by running a specially crafted application to take control over the affected system.</p> <p>The update addresses the vulnerability by correcting the way in which the Microsoft Graphics Component handles objects in memory and preventing unintended elevation from user mode.</p>
CVSS breakdown
CVSS 3.1
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
E
Physical
RL
O
RC
Changed
Affected products
- Microsoft / Windows 101903 – 1903
- Microsoft / Windows 101709 – 1709
- Microsoft / windows_10_1607
- Microsoft / windows_10_1607
- Microsoft / windows_10_1803
- Microsoft / windows_10_1803
- Microsoft / windows_10_1809
- Microsoft / windows_10_1809
- Microsoft / windows_10_1809
- Microsoft / windows_10_1909
- Microsoft / windows_10_1909
- Microsoft / Windows 8.1
- Microsoft / Windows 8.1
- Microsoft / windows_rt_8.1
- Microsoft / windows_server_1903
- Microsoft / windows_server_1909
- Microsoft / windows_server_2004
- Microsoft / Windows Server 2012
- Microsoft / Windows Server 2012 R2
- Microsoft / Windows Server 2016
- Microsoft / Windows Server 2019