CVE-2020-1122

Published: Sep 11, 2020Modified: Feb 23, 2026

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD (Secondary)

Description

An elevation of privilege vulnerability exists when the Windows Language Pack Installer improperly handles file operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The update addresses the vulnerability by correcting the way the Windows Language Pack Installer handles file operations.

Affected (9)

Products: Microsoft: Windows 10, Windows Server 2016, Windows Server 2019

3 products

Configuration A

9 vulnerable

Vulnerable Software	Affected Versions
Microsoft Windows 10	Version 1803
Microsoft Windows 10	Version 1809
Microsoft Windows 10	Version 1903
Microsoft Windows 10	Version 1909
Microsoft Windows 10	Version 2004
Microsoft Windows Server 2016	Version 1903
Microsoft Windows Server 2016	Version 1909
Microsoft Windows Server 2016	Version 2004
Microsoft Windows Server 2019	All versions

Related CWEs

CWE-754

Improper Check for Unusual or Exceptional Conditions

The product does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the product.

References (2)

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1122

Source: secure@microsoft.com

PatchVendor Advisory

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1122

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.