Is CVE-2020-1170 known to be exploited?

3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Microsoft Forefront Endpoint Protection

CVE-2020-1170

An elevation of privilege vulnerability exists in Windows Defender that leads arbitrary file deletion on the system.To exploit the vulnerability, an attacker would first have to log on to the system, aka 'Microsoft Windows Defender Elevati…

EPSS: 0.002 (36.0th percentile) — read the EPSS interpretation.

Affected products

Microsoft Forefront Endpoint Protection — versions 2010
Microsoft Security Essentials — versions unspecified
Microsoft System Center — versions Endpoint Protection, 2012 R2 Endpoint Protection, 2012 Endpoint Protection
Microsoft Windows Defender On 10 For 32-bit Systems — versions unspecified
Microsoft Windows Defender On 10 For X64-based Systems — versions unspecified
Microsoft Windows Defender On 10 Version 1607 For 32-bit Systems — versions unspecified
Microsoft Windows Defender On 10 Version 1607 For X64-based Systems — versions unspecified
Microsoft Windows Defender On 10 Version 1709 For 32-bit Systems — versions unspecified
Microsoft Windows Defender On 10 Version 1709 For Arm64-based Systems — versions unspecified
Microsoft Windows Defender On 10 Version 1709 For X64-based Systems — versions unspecified

Public proof-of-concept exploits

References

portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1170 (x_refsource_MISC)
packetstormsecurity.com/files/160919/Cloud-Filter-Arbitrary-File-Creation-Privi… (x_refsource_MISC)

Frequently asked questions

What is CVE-2020-1170?: CVE-2020-1170 is a vulnerability in Microsoft Forefront Endpoint Protection. Published 2020-06-09.
Is CVE-2020-1170 known to be exploited?: 3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.