CVE-2020-1570 – A memory corruption vulnerability in Internet E... (How to Fix)

Q: What is the severity of CVE-2020-1570?

CVE-2020-1570 has a CVSS score of 7.5 (HIGH). A memory corruption vulnerability in Internet Explorer's scripting engine allows remote code execution when users visit malicious websites or open specially crafted documents. Attackers can execute arbitrary code with the same privileges as the current user, potentially leading to full system compromise if the user has administrative rights. This affects all systems running vulnerable versions of Internet Explorer.

📋 TL;DR

A memory corruption vulnerability in Internet Explorer's scripting engine allows remote code execution when users visit malicious websites or open specially crafted documents. Attackers can execute arbitrary code with the same privileges as the current user, potentially leading to full system compromise if the user has administrative rights. This affects all systems running vulnerable versions of Internet Explorer.

💻 Affected Systems

Products:

Internet Explorer

Versions: Internet Explorer 9, 10, 11 on supported Windows versions

Operating Systems: Windows 7, Windows 8.1, Windows 10, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, Windows Server 2016, Windows Server 2019

Default Config Vulnerable: ⚠️ Yes

Notes: Systems with Internet Explorer enabled and accessible to users are vulnerable. Windows Server installations with IE disabled via Server Core or with Enhanced Security Configuration may have reduced risk.

📦 What is this software?

Internet Explorer by Microsoft

View all CVEs affecting Internet Explorer →

Internet Explorer by Microsoft

View all CVEs affecting Internet Explorer →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise with administrative privileges, allowing attackers to install malware, steal data, create backdoors, and pivot to other systems.

🟠

Likely Case

Malware installation and data theft through drive-by downloads when users visit compromised websites.

🟢

If Mitigated

Limited impact if users have restricted privileges, security software blocks malicious sites, and IE is not the default browser.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires user interaction (visiting malicious site or opening malicious document). No public exploit code was available at disclosure.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: August 2020 Security Updates for Internet Explorer

Vendor Advisory: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1570

Restart Required: Yes

Instructions:

1. Apply August 2020 Internet Explorer cumulative security update via Windows Update. 2. For enterprise deployments, deploy through WSUS or SCCM. 3. Restart affected systems after patch installation.

🔧 Temporary Workarounds

Disable Internet Explorer

windows

Remove or disable Internet Explorer as the default browser to prevent exploitation through web attacks.

Disable-WindowsOptionalFeature -Online -FeatureName Internet-Explorer-Optional-amd64

Restrict ActiveX controls

windows

Configure Internet Explorer to disable or prompt before running ActiveX controls.

Set Internet Explorer security zones to High or configure ActiveX settings via Group Policy

🧯 If You Can't Patch

Implement application whitelisting to prevent unauthorized code execution
Use Microsoft Enhanced Mitigation Experience Toolkit (EMET) or Windows Defender Exploit Guard to add memory protection

🔍 How to Verify

Check if Vulnerable:

Check if August 2020 Internet Explorer security update is installed via Windows Update history or systeminfo command.

Check Version:

reg query "HKLM\SOFTWARE\Microsoft\Internet Explorer" /v Version

Verify Fix Applied:

Verify KB4565351 (or later cumulative update) is installed and Internet Explorer version is updated.

📡 Detection & Monitoring

Log Indicators:

Internet Explorer crash logs with memory access violations
Windows Event Logs showing unexpected process creation from iexplore.exe

Network Indicators:

Unusual outbound connections from systems after visiting websites
Traffic to known malicious domains hosting exploit code

SIEM Query:

Process Creation where Parent Process contains "iexplore.exe" AND Command Line contains suspicious patterns

📊 Metadata

CVE ID: CVE-2020-1570

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-787

Published: August 17, 2020

Last Updated: February 23, 2026

🔗 References

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1570 Patch,Vendor Advisory
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1570 Patch,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-1570, you might also want to check these: