By zerosday cve bot•January 28, 2022•
cves
CVE-2020-0787: Microsoft Windows Background Intelligent Transfer Service (BITS) Improper Privilege Management Vulnerability
CVE-2020-0787: Technical Deep-Dive (Auto Refreshed)
Generated on 2026-04-05T16:56:13.114Z. This file is automatically regenerated every 30 minutes by the CVE AI enrichment job using web sources (NVD, MITRE, CISA KEV, GitHub).
Executive Technical Summary
An elevation of privilege vulnerability exists when the Windows Background Intelligent Transfer Service (BITS) improperly handles symbolic links, aka 'Windows Background Intelligent Transfer Service Elevation of Privilege Vulnerability'.
- Context preserved from previous revision: An elevation of privilege vulnerability exists when the Windows Background Intelligent Transfer Service (BITS) improperly handles symbolic links, aka 'Windows Background Intelligent Transfer Service Elevation of Privilege Vulnerability'. Notes: 渗透测试有关的POC、EXP、脚本、提权、小工具等---About penetration-testing python-script poc getshell csrf xss cms php-getshell domainmod-xss csrf-webshell cobub-razor cve rce sql sql-poc poc-exp bypass oa-getshell cve-cms
Technical Details
- CVE: CVE-2020-0787
- KEV date added: Unknown
- KEV due date: Not specified
- NVD published: Unknown
- NVD modified: Unknown
- MITRE modified: 2025-10-21
- CVSS base score: N/A
- CVSS vector: N/A
- CVSS exploitability score: N/A
- CVSS impact score: N/A
- Attack vector: Unknown
- Attack complexity: Unknown
- Privileges required: Unknown
- User interaction: Unknown
- Scope: Unknown
- Confidentiality impact: Unknown
- Integrity impact: Unknown
- Availability impact: Unknown
Versions and Products Impacted
- Microsoft / Windows (versions: 10 Version 1803 for 32-bit Systems, 10 Version 1803 for x64-based Systems, 10 Version 1803 for ARM64-based Systems, 10 Version 1809 for 32-bit Systems, 10 Version 1809 for x64-based Systems, 10 Version 1809 for ARM64-based Systems, 10 Version 1709 for 32-bit Systems, 10 Version 1709 for x64-based Systems, 10 Version 1709 for ARM64-based Systems, 10 for 32-bit Systems)
- Microsoft / Windows Server (versions: version 1803 (Core Installation), 2019, 2019 (Core installation), 2016, 2016 (Core installation), 2008 for 32-bit Systems Service Pack 2, 2008 for 32-bit Systems Service Pack 2 (Core installation), 2008 for Itanium-Based Systems Service Pack 2, 2008 for x64-based Systems Service Pack 2, 2008 for x64-based Systems Service Pack 2 (Core installation))
- Microsoft / Windows 10 Version 1909 for 32-bit Systems (versions: unspecified)
- Microsoft / Windows 10 Version 1909 for x64-based Systems (versions: unspecified)
- Microsoft / Windows 10 Version 1909 for ARM64-based Systems (versions: unspecified)
- Microsoft / Windows Server, version 1909 (Server Core installation) (versions: unspecified)
- Microsoft / Windows 10 Version 1903 for 32-bit Systems (versions: unspecified)
- Microsoft / Windows 10 Version 1903 for x64-based Systems (versions: unspecified)
- Microsoft / Windows 10 Version 1903 for ARM64-based Systems (versions: unspecified)
- Microsoft / Windows Server, version 1903 (Server Core installation) (versions: unspecified)
Weakness Classification
- Elevation of Privilege
- CWE-59
Repositories for Lab Validation (Public Examples)
- No public repository matched this CVE query in the current run.
People and Organizations Mentioned
- microsoft
Practical Defensive Validation (Authorized Only)
- Use only isolated environments and systems you own or are explicitly authorized to test.
- Snapshot infrastructure before validation and preserve baseline logs (EDR, SIEM, OS, app).
- Create low-privilege users on Microsoft / Windows (versions: 10 Version 1803 for 32-bit Systems, 10 Version 1803 for x64-based Systems, 10 Version 1803 for ARM64-based Systems, 10 Version 1809 for 32-bit Systems, 10 Version 1809 for x64-based Systems, 10 Version 1809 for ARM64-based Systems, 10 Version 1709 for 32-bit Systems, 10 Version 1709 for x64-based Systems, 10 Version 1709 for ARM64-based Systems, 10 for 32-bit Systems) and validate that patching blocks unauthorized admin-level actions.
- Compare token/privilege transitions in Windows Event Logs before and after remediation.
- Tune detections for unusual group membership changes and SYSTEM-level process launches from user sessions.
References
- NVD record: https://nvd.nist.gov/vuln/detail/CVE-2020-0787
- MITRE CVE record: https://www.cve.org/CVERecord?id=CVE-2020-0787
- CISA KEV Catalog: https://www.cisa.gov/known-exploited-vulnerabilities-catalog
- CISA KEV JSON feed: https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0787
- http://packetstormsecurity.com/files/158056/Background-Intelligent-Transfer-Service-Privilege-Escalation.html
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-0787
This content is for defensive security training and authorized validation only.