CVE-2020-1379

Q: What is the severity of CVE-2020-1379?

CVE-2020-1379 has a CVSS score of 5.5 (MEDIUM). CVE-2020-1379 is a memory corruption vulnerability in Windows Media Foundation that allows attackers to execute arbitrary code with user privileges. It affects Windows systems and can be exploited through malicious documents or webpages. Users who open untrusted files or visit malicious sites are at risk.

5.5 MEDIUM

📋 TL;DR

CVE-2020-1379 is a memory corruption vulnerability in Windows Media Foundation that allows attackers to execute arbitrary code with user privileges. It affects Windows systems and can be exploited through malicious documents or webpages. Users who open untrusted files or visit malicious sites are at risk.

💻 Affected Systems

Products:

Windows Media Foundation

Versions: Windows 10 versions 1903, 1909, 2004; Windows Server 2019, 2016

Operating Systems: Windows 10, Windows Server 2019, Windows Server 2016

Default Config Vulnerable: ⚠️ Yes

Notes: Systems with Windows Media Foundation enabled (default on most Windows installations) are vulnerable.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise with attacker gaining administrative privileges, installing malware, stealing data, and creating persistent backdoors.

🟠

Likely Case

Limited user-level compromise on individual workstations, potentially leading to data theft, ransomware deployment, or lateral movement within a network.

🟢

If Mitigated

No impact if systems are fully patched and users follow security best practices regarding untrusted content.

🌐 Internet-Facing: MEDIUM - Requires user interaction with malicious content, but web-based delivery makes exploitation possible from external sources.

🏢 Internal Only: MEDIUM - Internal users could be targeted via phishing or compromised internal websites.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires user interaction (opening malicious file or visiting malicious site). No public exploit code was available at disclosure.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: July 2020 security updates (KB4565483 for Windows 10 2004, KB4565503 for 1909, etc.)

Vendor Advisory: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1379

Restart Required: Yes

Instructions:

1. Apply July 2020 Windows security updates via Windows Update. 2. For enterprise: Deploy through WSUS or SCCM. 3. Verify installation in Windows Update history.

🔧 Temporary Workarounds

Disable Windows Media Foundation

windows

Disables the vulnerable component but may break media functionality

dism /online /disable-feature /featurename:WindowsMediaPlayer
dism /online /disable-feature /featurename:MediaPlayback

Restrict file types

windows

Block execution of suspicious media files via Group Policy

🧯 If You Can't Patch

Implement application whitelisting to prevent unauthorized program execution
Use network segmentation to isolate vulnerable systems and restrict internet access

🔍 How to Verify

Check if Vulnerable:

Check if July 2020 security updates are installed via 'winver' or Windows Update history

Check Version:

wmic qfe list | findstr KB4565483

Verify Fix Applied:

Verify KB4565483 (or equivalent for your version) is installed in Windows Update history

📡 Detection & Monitoring

Log Indicators:

Windows Event Logs showing media foundation crashes (Event ID 1000)
Unexpected process creation from media-related executables

Network Indicators:

Outbound connections from media processes to suspicious IPs
Downloads of unusual media file types

SIEM Query:

EventID=1000 AND Source="Application Error" AND ProcessName="*mf*.exe"

📊 Metadata

CVE ID: CVE-2020-1379

CVSS v3 Score: 5.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-787

Published: August 17, 2020

Last Updated: February 23, 2026

🔗 References

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1379 Patch,Vendor Advisory
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1379 Patch,Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Windows 10 by Microsoft

Windows 10 by Microsoft

Windows 10 by Microsoft

Windows 10 by Microsoft

Windows 10 by Microsoft

Windows 10 by Microsoft

Windows 10 by Microsoft

Windows 10 by Microsoft

Windows 7 by Microsoft

Windows 8.1 by Microsoft

Windows Rt 8.1 by Microsoft

Windows Server 2008 by Microsoft

Windows Server 2008 by Microsoft

Windows Server 2012 by Microsoft

Windows Server 2012 by Microsoft

Windows Server 2016 by Microsoft

Windows Server 2016 by Microsoft

Windows Server 2016 by Microsoft

Windows Server 2016 by Microsoft

Windows Server 2019 by Microsoft

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Disable Windows Media Foundation

Restrict file types

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities