CVE-2020-1477

Q: What is the severity of CVE-2020-1477?

CVE-2020-1477 has a CVSS score of 7.0 (HIGH). CVE-2020-1477 is a memory corruption vulnerability in Windows Media Foundation that allows attackers to execute arbitrary code with user privileges. It affects Windows systems and can be exploited through malicious documents or webpages. Users who open untrusted files or browse untrusted websites are at risk.

7.0 HIGH

📋 TL;DR

CVE-2020-1477 is a memory corruption vulnerability in Windows Media Foundation that allows attackers to execute arbitrary code with user privileges. It affects Windows systems and can be exploited through malicious documents or webpages. Users who open untrusted files or browse untrusted websites are at risk.

💻 Affected Systems

Products:

Windows Media Foundation

Versions: Windows 10 versions 1903, 1909, 2004; Windows Server 2019, 2016

Operating Systems: Windows 10, Windows Server 2016, Windows Server 2019

Default Config Vulnerable: ⚠️ Yes

Notes: Systems with Windows Media Foundation enabled (default on most Windows installations) are vulnerable.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise with attacker gaining administrative privileges, installing malware, stealing data, and creating persistent backdoors.

🟠

Likely Case

Attacker gains user-level access to execute code, potentially leading to data theft, ransomware deployment, or lateral movement within the network.

🟢

If Mitigated

Limited impact with proper patching and security controls; exploitation attempts blocked by security software.

🌐 Internet-Facing: MEDIUM - Requires user interaction (opening malicious content) but can be delivered via web or email.

🏢 Internal Only: MEDIUM - Internal users could be targeted via phishing or malicious internal documents.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires user interaction (opening malicious file or visiting malicious site). No public exploit code was available at disclosure.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: August 2020 security updates (KB4565351 for Windows 10 2004, etc.)

Vendor Advisory: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1477

Restart Required: Yes

Instructions:

1. Apply August 2020 Windows security updates via Windows Update. 2. For enterprise: Deploy through WSUS or SCCM. 3. Verify update installation with systeminfo command.

🔧 Temporary Workarounds

Disable Windows Media Foundation

windows

Disables the vulnerable component but may break media functionality

dism /online /disable-feature /featurename:WindowsMediaPlayer
dism /online /disable-feature /featurename:MediaPlayback

Application Control Policies

windows

Restrict execution of untrusted media files via AppLocker or Windows Defender Application Control

🧯 If You Can't Patch

Implement application whitelisting to block execution of untrusted media files
Use network segmentation to isolate vulnerable systems and restrict internet access

🔍 How to Verify

Check if Vulnerable:

Check Windows version and if August 2020 security updates are installed via systeminfo or Get-Hotfix in PowerShell

Check Version:

systeminfo | findstr /B /C:"OS Name" /C:"OS Version"

Verify Fix Applied:

Verify KB4565351 (or relevant August 2020 update) is installed using: wmic qfe list | findstr KB4565351

📡 Detection & Monitoring

Log Indicators:

Windows Event Logs: Application crashes in wmplayer.exe or related media processes
Security logs: Unexpected process creation from media files

Network Indicators:

Unusual outbound connections from media applications
Downloads of suspicious media files

SIEM Query:

EventID=1000 OR EventID=1001 AND SourceName='Application Error' AND ProcessName LIKE '%wmplayer%' OR '%mf%'

📊 Metadata

CVE ID: CVE-2020-1477

CVSS v3 Score: 7.0 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-787

Published: August 17, 2020

Last Updated: February 23, 2026

🔗 References

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1477 Patch,Vendor Advisory
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1477 Patch,Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Windows 10 by Microsoft

Windows 10 by Microsoft

Windows 10 by Microsoft

Windows 10 by Microsoft

Windows 10 by Microsoft

Windows 10 by Microsoft

Windows 10 by Microsoft

Windows 10 by Microsoft

Windows 7 by Microsoft

Windows 8.1 by Microsoft

Windows Rt 8.1 by Microsoft

Windows Server 2008 by Microsoft

Windows Server 2008 by Microsoft

Windows Server 2012 by Microsoft

Windows Server 2012 by Microsoft

Windows Server 2016 by Microsoft

Windows Server 2016 by Microsoft

Windows Server 2016 by Microsoft

Windows Server 2016 by Microsoft

Windows Server 2019 by Microsoft

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Disable Windows Media Foundation

Application Control Policies

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities