ioc[.]one - OSINT Cyber Threat Intelligence Database

WSUS Attacks Part 2: CVE-2020-1013 a Windows 10 Local Privilege Escalation 1-Day - GoSecure

Tags

attack-pattern:

Server - T1583.004 Server - T1584.004 Software - T1592.002 System Services - T1569 Visual Basic - T1059.005 Tool - T1588.002 Vulnerabilities - T1588.006 Connection Proxy - T1090 New Service - T1050

Show in Graph

Common Information

Type	Value
UUID	9d136624-a018-4b5a-ad80-798778a74e4d
Fingerprint	3c62b95fa9277486
Analysis status	DONE
Considered CTI value	0
Text language
Published	Sept. 8, 2020, 7:27 p.m.
Added to db	Jan. 18, 2023, 11:19 p.m.
Last updated	Nov. 18, 2024, 1:38 a.m.
Headline	WSUS Attacks Part 2: CVE-2020-1013 a Windows 10 Local Privilege Escalation 1-Day
Title	WSUS Attacks Part 2: CVE-2020-1013 a Windows 10 Local Privilege Escalation 1-Day - GoSecure
Detected Hints/Tags/Attributes	59/1/11

Source URLs

	Redirection	Url
Details	Source	https://www.gosecure.net/blog/2020/09/08/wsus-attacks-part-2-cve-2020-1013-a-windows-10-local-privilege-escalation-1-day/

URL Provider

Details	Provider	Source level domain
Details	gosecure.net	www.gosecure.net

Attributes

Details	Type	#Events	CTI	Value
Details	CVE	2		cve-2020-1013
Details	File	1		wsuspicious.exe
Details	File	12		psexec64.exe
Details	File	1		wsuspicious.txt
Details	File	3		bginfo.exe
Details	File	4		tttracer.exe
Details	File	1		c:\windows\softwaredistribution\download\install\tttracer.exe
Details	File	2127		cmd.exe
Details	File	9		eula.txt
Details	Microsoft Patch Numbers	2		KB4571756
Details	Microsoft Patch Numbers	2		KB4577041