Login Sign Up

CVE-2020-1119

5.5 MEDIUM

📋 TL;DR

CVE-2020-1119 is an information disclosure vulnerability in Windows StartTileData.dll that could allow an attacker to read sensitive memory contents. This affects Windows systems where an attacker has local access and can run a crafted application. The vulnerability could provide information useful for further system compromise.

💻 Affected Systems

Products:
  • Microsoft Windows
Versions: Windows 10, Windows Server 2016, Windows Server 2019
Operating Systems: Windows
Default Config Vulnerable: ⚠️ Yes
Notes: Affects systems with the vulnerable StartTileData.dll component. Requires local user access to exploit.

📦 What is this software?

Windows 10 by Microsoft

View all CVEs affecting Windows 10 →

Windows 10 by Microsoft

View all CVEs affecting Windows 10 →

Windows 10 by Microsoft

View all CVEs affecting Windows 10 →

Windows Server 2016 by Microsoft

View all CVEs affecting Windows Server 2016 →

Windows Server 2016 by Microsoft

View all CVEs affecting Windows Server 2016 →

Windows Server 2016 by Microsoft

View all CVEs affecting Windows Server 2016 →

⚠️ Risk & Real-World Impact

🔴

Worst Case

An attacker with local access could read sensitive memory contents, potentially obtaining credentials, encryption keys, or other sensitive data that could lead to full system compromise.

🟠

Likely Case

Local information disclosure that could aid in privilege escalation or lateral movement within a compromised environment.

🟢

If Mitigated

Minimal impact with proper access controls preventing unauthorized local execution.

🌐 Internet-Facing: LOW - Requires local access and execution, not directly exploitable over network.
🏢 Internal Only: MEDIUM - Requires local access, but could be exploited by malicious insiders or attackers who have already gained initial access.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Requires local access and ability to execute specially crafted code. No known public exploits as of analysis.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: May 2020 security updates

Vendor Advisory: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1119

Restart Required: Yes

Instructions:

1. Apply May 2020 Windows security updates. 2. For Windows 10: KB4556799. 3. For Windows Server 2016/2019: corresponding security updates. 4. Restart system after installation.

🔧 Temporary Workarounds

Restrict local user privileges

windows

Limit local user accounts to prevent execution of unauthorized applications

🧯 If You Can't Patch

  • Implement strict access controls to prevent unauthorized local execution
  • Monitor for suspicious local process execution and memory access patterns

🔍 How to Verify

Check if Vulnerable:

Check Windows Update history for May 2020 security updates or verify StartTileData.dll version

Check Version:

wmic qfe list | findstr "KB4556799" or systeminfo | findstr "KB"

Verify Fix Applied:

Verify May 2020 security updates are installed via Windows Update or check system version

📡 Detection & Monitoring

Log Indicators:

  • Unusual process creation events, suspicious DLL loading patterns

Network Indicators:

  • Not applicable - local vulnerability

SIEM Query:

Process creation events with unusual parent-child relationships or DLL loading from non-standard locations

📊 Metadata

CVE ID: CVE-2020-1119
CVSS v3 Score: 5.5 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Published: September 11, 2020
Last Updated: February 23, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON