CVE-2020-3427— Microsoft Windows 安全漏洞

Duo Authentication for Windows Logon and RDP Privilege Escalation Vulnerability

The Windows Logon installer prior to 4.1.2 did not properly validate file installation paths. This allows an attacker with local user privileges to coerce the installer to write to arbitrary privileged directories. If successful, an attacker can manipulate files used by Windows Logon, cause Denial of Service (DoS) by deleting file(s), or replace system files to potentially achieve elevation of privileges. Note that this can only exploitable during new installations while the installer is running and is not exploitable once installation is finished. Versions 4.1.2 of Windows Logon addresses this issue.

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N

不充分权限或特权的处理不恰当

Microsoft Windows 安全漏洞

Microsoft Windows是美国微软（Microsoft）公司的一种桌面操作系统。 Duo Authentication Windows Logon 和 RDP implementation存在安全漏洞，该漏洞源于在实现的双重身份验证中存在特权升级漏洞。本地攻击者可利用该漏洞覆盖特权目录中的文件。

N/A

N/A