CVE-2020-1163: 
Microsoft System Center Endpoint Protection vulnerability analysis and mitigation

An elevation of privilege vulnerability exists in Windows Defender that leads to arbitrary file deletion on the system. The vulnerability, identified as CVE-2020-1163, was disclosed in June 2020. The issue affects Microsoft Windows Defender and related security products across multiple Windows versions (NVD).

The vulnerability is characterized by an integer overflow condition in the TextMaker document parsing functionality. When processing record type 0x002a, the application performs a multiplication of a 32-bit length value with 0x23c, which can result in an integer overflow. This overflow leads to a smaller allocation size than expected, subsequently causing a heap-based buffer overflow during data writing operations. The vulnerability received a CVSS v3.1 Base Score of 7.8 (HIGH) with vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H (NVD).

The successful exploitation of this vulnerability could allow an authenticated attacker to elevate privileges on the affected system. The vulnerability enables arbitrary file deletion capabilities and potential code execution with the privileges of the application (NVD).

Microsoft has released security updates to address this vulnerability. Users should ensure their Windows Defender and related security products are updated to version 4.18.2005.1 or later. For systems without internet access, manual updates can be applied using the MpCmdRun.exe utility (Microsoft QA).