CVE-2020-12122 – This vulnerability in Max Secure Max Spyware De... (How to Fix)

Q: What is the severity of CVE-2020-12122?

CVE-2020-12122 has a CVSS score of 7.8 (HIGH). This vulnerability in Max Secure Max Spyware Detector allows local users to send malicious input via IOCtl 0x2200019 to the MaxProc64.sys driver, causing a denial of service (BSOD) or potentially other impacts due to improper input validation. It affects users of Max Secure Max Spyware Detector 1.0.0.044 and potentially other Max Secure products that include the vulnerable driver.

📋 TL;DR

This vulnerability in Max Secure Max Spyware Detector allows local users to send malicious input via IOCtl 0x2200019 to the MaxProc64.sys driver, causing a denial of service (BSOD) or potentially other impacts due to improper input validation. It affects users of Max Secure Max Spyware Detector 1.0.0.044 and potentially other Max Secure products that include the vulnerable driver.

💻 Affected Systems

Products:

Max Secure Max Spyware Detector
Other Max Secure products that include MaxProc64.sys

Versions: 1.0.0.044 (specifically mentioned), potentially earlier versions

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: The vulnerability exists in the kernel driver MaxProc64.sys which is installed by default with the software.

📦 What is this software?

Max Spyware Detector by Maxpcsecure

View all CVEs affecting Max Spyware Detector →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Local privilege escalation leading to full system compromise, arbitrary code execution in kernel context, or persistent denial of service.

🟠

Likely Case

Local denial of service (BSOD) causing system instability and potential data loss from unsaved work.

🟢

If Mitigated

Limited to denial of service with proper user access controls preventing unauthorized local access.

🌐 Internet-Facing: LOW - This is a local kernel driver vulnerability requiring local system access.

🏢 Internal Only: HIGH - Malicious insiders or compromised accounts with local access can exploit this to crash systems or potentially gain elevated privileges.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Public exploit code is available on GitHub, making exploitation straightforward for attackers with local access.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: https://www.maxpcsecure.com/spywaredetector.htm

Restart Required: Yes

Instructions:

1. Check vendor website for updated version. 2. Uninstall vulnerable version. 3. Install patched version if available. 4. Restart system.

🔧 Temporary Workarounds

Remove vulnerable driver

windows

Uninstall Max Secure Max Spyware Detector to remove the vulnerable MaxProc64.sys driver

Control Panel > Programs and Features > Uninstall Max Secure Max Spyware Detector

Restrict driver access

windows

Use Windows security policies to restrict access to the vulnerable driver

sc stop MaxProc64
sc config MaxProc64 start= disabled

🧯 If You Can't Patch

Implement strict local access controls to prevent unauthorized users from running code on affected systems
Monitor for unexpected system crashes or BSOD events that could indicate exploitation attempts

🔍 How to Verify

Check if Vulnerable:

Check if MaxProc64.sys driver exists in system32\drivers and verify software version is 1.0.0.044 or earlier

Check Version:

Check installed programs in Control Panel or examine file properties of MaxProc64.sys

Verify Fix Applied:

Verify MaxProc64.sys driver is removed or software is updated to a version later than 1.0.0.044

📡 Detection & Monitoring

Log Indicators:

System crash logs (BSOD) with references to MaxProc64.sys
Unexpected driver load events
Failed IOCtl operations

Network Indicators:

None - this is a local vulnerability

SIEM Query:

EventID=41 OR (Source="System" AND EventID=1001) AND "MaxProc64" OR DriverName="MaxProc64.sys"

📊 Metadata

CVE ID: CVE-2020-12122

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-20

Published: February 5, 2021

Last Updated: November 21, 2024

🔗 References

https://github.com/FULLSHADE/Kernel-exploits Product
https://github.com/FULLSHADE/Kernel-exploits/tree/master/MaxProc64.sys Exploit,Third Party Advisory
https://www.maxpcsecure.com/spywaredetector.htm Product
https://github.com/FULLSHADE/Kernel-exploits Product
https://github.com/FULLSHADE/Kernel-exploits/tree/master/MaxProc64.sys Exploit,Third Party Advisory
https://www.maxpcsecure.com/spywaredetector.htm Product

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-12122, you might also want to check these: