CVE-2020-17003

7.8 HIGH

Remote Code Execution

📋 TL;DR

CVE-2020-17003 is a remote code execution vulnerability in Microsoft's Base3D rendering engine that allows attackers to execute arbitrary code on vulnerable systems by exploiting improper memory handling. This affects systems running Microsoft software that uses the Base3D rendering engine, potentially allowing complete system compromise.

💻 Affected Systems

Products:

• Microsoft Windows 10
• Microsoft Windows Server 2016
• Microsoft Windows Server 2019

Versions: Specific versions prior to November 2020 security updates

Operating Systems: Windows 10, Windows Server 2016, Windows Server 2019

Default Config Vulnerable: ⚠️ Yes

Notes: Requires Base3D rendering engine to be present and accessible

📦 What is this software?

3d Viewer by Microsoft

View all CVEs affecting 3d Viewer →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system takeover with administrative privileges, data theft, ransomware deployment, and persistent backdoor installation.

🟠

Likely Case

Initial foothold for lateral movement within networks, credential harvesting, and deployment of additional malware payloads.

🟢

If Mitigated

Limited impact with proper network segmentation, application whitelisting, and least privilege principles in place.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Microsoft advisory indicates exploitation is more likely but no public exploits were known at advisory publication

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: November 2020 security updates (KB4586781 for Windows 10 2004, KB4586786 for Windows Server 2019, etc.)

Vendor Advisory: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17003

Restart Required: Yes

Instructions:

1. Apply November 2020 security updates from Windows Update. 2. Restart affected systems. 3. Verify update installation via winver or systeminfo.

🔧 Temporary Workarounds

Disable Base3D rendering if not needed

windows

Disable or remove Base3D rendering engine components if not required for business operations

🧯 If You Can't Patch

• Implement network segmentation to isolate vulnerable systems
• Apply application control policies to restrict execution of untrusted code

🔍 How to Verify

Check if Vulnerable:

Copy

Check Windows Update history for November 2020 security updates or run systeminfo to check OS build number

Check Version:

Copy

systeminfo | findstr /B /C:"OS Name" /C:"OS Version"

Verify Fix Applied:

Copy

Verify KB4586781 (or equivalent for your OS version) is installed via Windows Update history or PowerShell: Get-HotFix -Id KB4586781

📡 Detection & Monitoring

Log Indicators:

• Unexpected process creation from Base3D-related processes
• Memory access violations in application logs
• Windows Event ID 4688 for new process creation

Network Indicators:

• Unusual outbound connections from systems using Base3D
• Traffic to known malicious IPs following Base3D process execution

SIEM Query:

Copy

source="windows" (event_id=4688 AND (process_name="*base3d*" OR parent_process_name="*base3d*")) OR (event_id=1000 AND faulting_module="*base3d*")

📊 Metadata

CVE ID: CVE-2020-17003

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Published: October 16, 2020

Last Updated: February 23, 2026

🔗 References

• https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17003 Patch,Vendor Advisory
• https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17003 Patch,Vendor Advisory

📤 Share & Export

Twitter LinkedIn Reddit Copy Link

📄 Export Markdown 📋 Export JSON