Microsoft Connected User Experiences and Telemetry Service CVE-2020-1386 Information Disclosure Vulnerability

description-logoDescription

An information vulnerability exists when Windows Connected User Experiences and Telemetry Service improperly discloses file information. Successful exploitation of the vulnerability could allow the attacker to read any file on the file system. To exploit the vulnerability, an attacker would have to log onto an affected system and run a specially crafted application. The update addresses the vulnerability by changing the way Windows Connected User Experiences and Telemetry Service discloses file information.

affected-products-logoAffected Applications

Windows 10
Windows Server version 2004 (Server Core installation)
Windows Server version 1903 (Server Core installation)
Windows Server version 1909 (Server Core installation)
Windows Server 2019

CVE References

CVE-2020-1386