Login Sign Up

CVE-2020-1567

4.2 MEDIUM
Remote Code Execution

📋 TL;DR

CVE-2020-1567 is a remote code execution vulnerability in Microsoft's MSHTML engine that allows attackers to execute arbitrary code by tricking users into editing malicious HTML files. It affects users who open specially crafted files in vulnerable versions of Windows and Microsoft applications. Successful exploitation could lead to full system compromise if the user has administrative privileges.

💻 Affected Systems

Products:
  • Microsoft Windows
  • Microsoft Office
  • Internet Explorer
  • Microsoft Edge
Versions: Windows 10 versions 1903, 1909, 2004; Windows Server 2019; Office 365 ProPlus
Operating Systems: Windows 10, Windows Server 2019
Default Config Vulnerable: ⚠️ Yes
Notes: Requires user interaction to open malicious HTML file; affects both 32-bit and 64-bit systems

📦 What is this software?

Internet Explorer by Microsoft

View all CVEs affecting Internet Explorer →

Internet Explorer by Microsoft

View all CVEs affecting Internet Explorer →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attacker gains full administrative control over the system, allowing installation of malware, data theft, and creation of new accounts with elevated privileges.

🟠

Likely Case

Attacker executes code with current user privileges, potentially leading to data exfiltration, lateral movement, or ransomware deployment.

🟢

If Mitigated

Limited impact due to user awareness training, application whitelisting, and proper patch management preventing successful exploitation.

🌐 Internet-Facing: MEDIUM
🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires social engineering to trick users into opening malicious files; no known public exploits as of last update

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: August 2020 security updates (KB4565351 for Windows 10 1903/1909, KB4566782 for Windows 10 2004)

Vendor Advisory: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1567

Restart Required: Yes

Instructions:

1. Apply August 2020 Windows security updates via Windows Update. 2. For Office 365, ensure automatic updates are enabled. 3. Restart systems after patch installation.

🔧 Temporary Workarounds

Disable MSHTML in Office

windows

Prevents Office applications from using MSHTML engine to render HTML content

Set registry key: HKCU\Software\Microsoft\Office\16.0\Common\Internet\UseOnlineContent = 0

Enable Enhanced Security Configuration

windows

Restricts Internet Explorer security settings to prevent automatic execution of scripts

Run: inetcpl.cpl > Security tab > Enable Enhanced Security Configuration

🧯 If You Can't Patch

  • Implement application whitelisting to prevent execution of unauthorized programs
  • Train users to avoid opening unexpected HTML files from untrusted sources

🔍 How to Verify

Check if Vulnerable:

Check Windows Update history for August 2020 security updates or run: wmic qfe list | findstr KB4565351

Check Version:

winver

Verify Fix Applied:

Verify system has August 2020 cumulative updates installed via Windows Update settings

📡 Detection & Monitoring

Log Indicators:

  • Windows Event Logs showing unexpected process creation from Office or browser processes
  • Security logs with suspicious file access patterns

Network Indicators:

  • Outbound connections from Office applications to unknown external IPs
  • Unusual HTTP requests from MSHTML processes

SIEM Query:

Process Creation where (ParentImage contains 'winword.exe' OR ParentImage contains 'excel.exe') AND CommandLine contains '.html' OR CommandLine contains '.htm'

📊 Metadata

CVE ID: CVE-2020-1567
CVSS v3 Score: 4.2 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N
Published: August 17, 2020
Last Updated: February 23, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON