LIFARS Insights: CVE impacting Windows

Windows 10 WallPaper -Privilege Escalation Vulnerability in Microsoft Windows Task Scheduler

Microsoft releases Software fixes to address various Common Vulnerabilities and Exposures (CVE) as a catalog of security threats, at regular intervals. These patches address vulnerabilities that are impacting large to small numbers of users, but at the same time might also introduce more vulnerabilities to the system. Standard ID allotted to such exposures allow security administrators to access technical information about a specific threat.

Initial attacks due to such vulnerabilities have brought a huge loss to Windows along with chariness amongst the users. One of the well-known attacks was the WannaCry ransomware attack in 2017, which targeted users of the Microsoft Operating system and exploited SMB (Server message block) server vulnerability CVE-2017-0144, infecting over 200,000 computers and causing billions of dollars in total damages.

CVE Report on Windows

As per the CVEdetail report, there are a total of 1111 vulnerabilities on Windows 10, which is the latest operating system by Microsoft and considered to be the safest option delivering comprehensive, built-in and ongoing security protections. Vulnerability trend for windows 10 shows a gradual increase over the period of time, i.e. from 57 vulnerabilities in 2015 to 357 in 2019, making a total of 1111 over the span of five years. Below are the CVE details for windows 10 to date.

Critical Risks232
High Risk270
Medium risk352
Low risk257


Multiple areas of vulnerabilities on windows include DoS, Code execution, Overflow, Memory corruption, SQL injections, XSS, Directory traversal, HTTP response splitting, Bypass something, Gain Information, and Gain privileges. Amongst all the vulnerabilities listed for windows 10, a highly vulnerable area was discovered as Code execution (with a total of 285 vulnerabilities reported) and Gaining information (with a total of 289 vulnerabilities reported) contributing 26% and 27% to the Vulnerable areas.

Similarly, on monitoring the data for all the Windows Operating systems, it is observed that maximum vulnerabilities are under Execution of Code area, contributing 30% of total vulnerabilities and the second most vulnerable area has been Overflow, contributing to 19% of vulnerabilities and counting 2026 of reported vulnerabilities.

Discussion on Latest CVE for Windows

  • CVE-2020-0601

This Common Vulnerability and Exposure reported under 2020-0601 was a security Vulnerability on Windows CryptoAPI Spoofing. This vulnerability gave a pathway to an attacker to sign a malicious executable code using a spoofed code-signing certificate appearing to be from a legitimate source. This patch was released on 14th January, filling the loophole for windows users.

  • CVE-2020-0796

This Patch was released on 11th March, 2020 to address the remote code execution vulnerability. Microsoft updated ADV200005 to include CVE-2020-0796 and released patches for affected Windows systems.

Microsoft published in regards to this Vulnerability “Microsoft is aware of remote code execution vulnerability in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests. An attacker who successfully exploited the vulnerability could gain the ability to execute code on the target SMB Server or SMB Client.”

Recommendations for Windows Users

It is highly recommended to update your windows on regular intervals for installation of the latest patches. Every patch covers a certain set of vulnerabilities which are usually unknown to users and hackers as well.

Hence ignorance towards windows update might lead the user to become a victim of an attack which has already been sheltered by the software team. There are many pre-authentication vulnerabilities and do not require user interaction, i.e. the vulnerability is “Wormable”, similar to the WannaCry Ransomware. It is highly likely that malicious actors might write an exploit for such vulnerabilities and incorporate it into their malware to attack the systems exposed. Thus, updating the operating system on regular intervals or setting up the Auto-update will protect the system from such exposures.