CVE-2020-1038

Q: What is the severity of CVE-2020-1038?

CVE-2020-1038 has a CVSS score of 5.5 (MEDIUM). CVE-2020-1038 is a denial of service vulnerability in Windows Routing Utilities where improper memory handling allows an authenticated attacker to crash the system. It affects Windows systems with vulnerable routing components. The vulnerability requires local access and specially crafted applications to trigger.

5.5 MEDIUM

Denial of Service

📋 TL;DR

CVE-2020-1038 is a denial of service vulnerability in Windows Routing Utilities where improper memory handling allows an authenticated attacker to crash the system. It affects Windows systems with vulnerable routing components. The vulnerability requires local access and specially crafted applications to trigger.

💻 Affected Systems

Products:

Windows Routing Utilities

Versions: Windows 10 versions 1903, 1909, and Windows Server 2019 (1903, 1909)

Operating Systems: Windows 10, Windows Server 2019

Default Config Vulnerable: ⚠️ Yes

Notes: Affects systems with routing components enabled. Requires authenticated user access to exploit.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system freeze or crash requiring hard reboot, disrupting all services on the affected Windows machine.

🟠

Likely Case

Temporary service disruption affecting routing functionality until system recovery or reboot.

🟢

If Mitigated

Minimal impact with proper patch management and limited user privileges preventing execution of malicious applications.

🌐 Internet-Facing: LOW - Requires authenticated access and local execution, not directly exploitable over network.

🏢 Internal Only: MEDIUM - Internal users with standard privileges could potentially exploit if they can run applications on vulnerable systems.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires authenticated user to run specially crafted application. No known public exploits as of advisory publication.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Security updates from June 2020 (KB4560960 for 1903/1909)

Vendor Advisory: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1038

Restart Required: Yes

Instructions:

1. Apply Windows Update from June 2020 or later. 2. Install security update KB4560960 for affected versions. 3. Restart system to complete installation.

🔧 Temporary Workarounds

Restrict user privileges

windows

Limit standard user ability to run arbitrary applications through application control policies

Disable unnecessary routing services

windows

Turn off Windows routing utilities if not required for system functionality

sc config RemoteAccess start= disabled
sc stop RemoteAccess

🧯 If You Can't Patch

Implement strict application whitelisting to prevent unauthorized program execution
Segment network to limit potential impact and monitor for unusual routing service behavior

🔍 How to Verify

Check if Vulnerable:

Check Windows version and installed updates. Vulnerable if running Windows 10 1903/1909 or Server 2019 without June 2020 security updates.

Check Version:

winver

Verify Fix Applied:

Verify KB4560960 or later security update is installed via 'wmic qfe list' or Settings > Update & Security > View update history

📡 Detection & Monitoring

Log Indicators:

Event ID 1000 application crashes related to routing utilities
System freeze events in system logs
Unexpected routing service restarts

Network Indicators:

Sudden loss of routing functionality
Unusual routing table changes before crash

SIEM Query:

EventID=1000 AND Source="Application Error" AND (ProcessName="*routing*" OR ApplicationName="*routing*")

📊 Metadata

CVE ID: CVE-2020-1038

CVSS v3 Score: 5.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Published: September 11, 2020

Last Updated: February 23, 2026

🔗 References

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1038 Patch,Vendor Advisory
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1038 Patch,Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Windows 10 by Microsoft

Windows 10 by Microsoft

Windows 10 by Microsoft

Windows 10 by Microsoft

Windows 10 by Microsoft

Windows 10 by Microsoft

Windows 10 by Microsoft

Windows 10 by Microsoft

Windows 7 by Microsoft

Windows 8.1 by Microsoft

Windows Rt 8.1 by Microsoft

Windows Server 2008 by Microsoft

Windows Server 2008 by Microsoft

Windows Server 2012 by Microsoft

Windows Server 2012 by Microsoft

Windows Server 2016 by Microsoft

Windows Server 2016 by Microsoft

Windows Server 2016 by Microsoft

Windows Server 2016 by Microsoft

Windows Server 2019 by Microsoft

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Restrict user privileges

Disable unnecessary routing services

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export