CVE-2020-16905 – This CVE describes a privilege escalation vulne... (How to Fix)

Q: What is the severity of CVE-2020-16905?

CVE-2020-16905 has a CVSS score of 6.8 (MEDIUM). This CVE describes a privilege escalation vulnerability in Windows Error Reporting (WER) where improper file handling could allow attackers to gain elevated system privileges. Attackers could exploit this by running specially crafted applications to access sensitive information and system functionality. This affects Windows systems with WER enabled.

📋 TL;DR

This CVE describes a privilege escalation vulnerability in Windows Error Reporting (WER) where improper file handling could allow attackers to gain elevated system privileges. Attackers could exploit this by running specially crafted applications to access sensitive information and system functionality. This affects Windows systems with WER enabled.

💻 Affected Systems

Products:

Microsoft Windows

Versions: Multiple Windows 10 and Windows Server versions prior to October 2020 patches

Operating Systems: Windows 10, Windows Server 2016, Windows Server 2019

Default Config Vulnerable: ⚠️ Yes

Notes: Windows Error Reporting is enabled by default in affected Windows versions. Specific affected builds include Windows 10 versions 1809, 1903, 1909, and 2004, and corresponding Windows Server versions.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise with administrative privileges, allowing complete control over the system, data theft, and lateral movement.

🟠

Likely Case

Local privilege escalation from standard user to SYSTEM/administrator level, enabling installation of malware, persistence mechanisms, and access to protected resources.

🟢

If Mitigated

Limited impact with proper patch management and least privilege principles in place, though still a significant local attack vector.

🌐 Internet-Facing: LOW - This is primarily a local privilege escalation requiring local access or code execution first.

🏢 Internal Only: HIGH - Once an attacker gains initial access (via phishing, malware, etc.), this vulnerability enables significant privilege escalation within the network.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires local access and ability to execute specially crafted applications. No public proof-of-concept has been disclosed as of knowledge cutoff.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: October 2020 security updates (Patch Tuesday)

Vendor Advisory: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16905

Restart Required: Yes

Instructions:

1. Apply October 2020 Windows security updates via Windows Update. 2. For enterprise environments, deploy patches through WSUS or SCCM. 3. Verify installation via Windows Update history or system information.

🔧 Temporary Workarounds

Disable Windows Error Reporting

windows

Temporarily disable WER service to prevent exploitation while patching

sc config WerSvc start= disabled
sc stop WerSvc

Configure WER via Group Policy

windows

Restrict WER functionality through Group Policy settings

🧯 If You Can't Patch

Implement strict application control policies to prevent execution of unauthorized applications
Enforce least privilege principles and segment networks to limit lateral movement

🔍 How to Verify

Check if Vulnerable:

Check Windows build number via winver command and compare against patched versions (post-October 2020 updates)

Check Version:

winver or systeminfo | findstr /B /C:"OS Name" /C:"OS Version"

Verify Fix Applied:

Verify October 2020 security updates are installed via Windows Update history or Get-Hotfix -Id KB4578974 (example KB)

📡 Detection & Monitoring

Log Indicators:

Unusual WER service activity
Suspicious process creation from WER context
Failed privilege escalation attempts in security logs

Network Indicators:

Unusual outbound connections from WER-related processes

SIEM Query:

EventID=4688 AND (NewProcessName contains "wer" OR ParentProcessName contains "wer") AND SubjectUserName != SYSTEM

📊 Metadata

CVE ID: CVE-2020-16905

CVSS v3 Score: 6.8 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L

Published: October 16, 2020

Last Updated: February 23, 2026

🔗 References

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16905 Patch,Vendor Advisory
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16905 Patch,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Windows 10 by Microsoft

Windows 10 by Microsoft

Windows 10 by Microsoft

Windows 10 by Microsoft

Windows 10 by Microsoft

Windows 10 by Microsoft

Windows 10 by Microsoft

Windows 10 by Microsoft

Windows Server 2016 by Microsoft

Windows Server 2016 by Microsoft

Windows Server 2016 by Microsoft

Windows Server 2016 by Microsoft

Windows Server 2019 by Microsoft

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Disable Windows Error Reporting

Configure WER via Group Policy

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export