Back to board Open MSRC
MSRC compact vulnerability detail

CVE-2020-1386 · Connected User Experiences and Telemetry Service Information Disclosure Vulnerability

An information vulnerability exists when Windows Connected User Experiences and Telemetry Service improperly discloses file information. Successful exploitation of the vulnerability could allow the attacker to read any file on the file system. To exploit the vulnerability, an attacker would have to log onto an affected system and run a specially crafted application. The update addresses the vulnerability by changing the way Windows Connected User Experiences and Telemetry Service discloses file information.

Severity
n/a
Impact
n/a
CVSS
n/a base · n/a temporal
Release
2020-07-14
Signals
Microsoft Windows Unknown impact Exploited: No Publicly disclosed: No Exploitability: Exploitation Less Likely
CWE
No CWE data published.
Patch Diff
Loading module diff metadata...
Resolved binary override
Use this when the MSRC module name cannot be mapped automatically or the resolved binary looks wrong.
Old version New version
Description
An information vulnerability exists when Windows Connected User Experiences and Telemetry Service improperly discloses file information. Successful exploitation of the vulnerability could allow the attacker to read any file on the file system. To exploit the vulnerability, an attacker would have to log onto an affected system and run a specially crafted application. The update addresses the vulnerability by changing the way Windows Connected User Experiences and Telemetry Service discloses file information.
FAQ / Articles
FAQ
What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is unauthorized file system access - reading from the file system.