IRONSMITHINTEL
MEDIUMCVSS4.2
|
Actively Exploited
|CISA KEV|CVE-2020-0878|Auth: none — unauthenticated|Reboot: required|Manual only

KB4570333: Windows Server Security Update (September 2020)

Microsoft Edge and Internet Explorer contain a memory corruption vulnerability that allows attackers to execute code in the context of the current user.

Published Sep 11, 2020 · Updated May 16, 2026
Why patchRisk explained in plain English
Worst-case scenarioIf unpatched

A remote attacker, without authentication, can achieve full data confidentiality loss, partial data tampering. CISA has confirmed use of this vulnerability in known ransomware campaigns — treat as high priority for remediation. Federal agencies are required to remediate by 2022-05-03 under CISA BOD 22-01.

How the attack worksNo clicks needed

This is a Out-of-bounds Write (CWE-787) vulnerability in Microsoft Edge and Internet Explorer. <p>A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory. The vulnerability could corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, the attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.</p> <p>An attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft browsers, and then convince a user to view the website. The attacker could also take advantage of compromised websites, or websites that accept or host user-provided content or advertisements, by adding specially crafted content that could exploit the vulnerability. In all cases, however, an attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically via an enticement in email or instant message, or by getting them to open an email attachment.</p> <p>The security update addresses the vulnerability by modifying how Microsoft browsers handle objects in memory.</p> Exploitation requires remote network access, higher attack complexity, no authentication required, and user interaction required.

📧

Phishing link

🖼

Malicious file

🔓

Server compromised

Am I affected?Quick check

Probably yes if any of these apply:

IT Security
Running internet explorer: 11, 9; edge: -; chakracore: -
Fixed inKB4570333, KB4571756, KB4574727, KB4577010, KB4577015, KB4577032, KB4577038, KB4577041, KB4577049, KB4577051, KB4577064, KB4577066 (applies to 59 product versions)
Real-world incidentsWhat we've seen

CISA confirms this CVE has been used in known ransomware campaigns. Added to the KEV catalog on 2021-11-03; federal agencies required to remediate by 2022-05-03.

How to patch

Manual download

For air-gapped servers or out-of-band deployment. Microsoft Update Catalog returns every OS-version variant of this update.

↗ Microsoft Update CatalogKB4570333

Manual remediation steps

Apply the Microsoft Security Update

Microsoft has released an official security update that fixes this vulnerability.

Required KB Updates

    1
    KB4570333 — https://support.microsoft.com/help/4570333
    1
    KB4571756 — https://support.microsoft.com/help/4571756
    1
    KB4574727 — https://support.microsoft.com/help/4574727
    1
    KB4577010 — https://support.microsoft.com/help/4577010
    1
    KB4577015 — https://support.microsoft.com/help/4577015
    1
    KB4577032 — https://support.microsoft.com/help/4577032
    1
    KB4577038 — https://support.microsoft.com/help/4577038
    1
    KB4577041 — https://support.microsoft.com/help/4577041
    1
    KB4577049 — https://support.microsoft.com/help/4577049
    1
    KB4577051 — https://support.microsoft.com/help/4577051
    1
    KB4577064 — https://support.microsoft.com/help/4577064
    1
    KB4577066 — https://support.microsoft.com/help/4577066

Supersedes: KB4565349, KB4565351, KB4566782, KB4571687, KB4571692, KB4571694, KB4571703, KB4571709, KB4571729, KB4571730, KB4571736, KB4571741

Affected Products

    1
    ChakraCore
    1
    Internet Explorer 11 on Windows 10 Version 1607 for 32-bit Systems
    1
    Internet Explorer 11 on Windows 10 Version 1607 for x64-based Systems
    1
    Internet Explorer 11 on Windows 10 Version 1709 for 32-bit Systems
    1
    Internet Explorer 11 on Windows 10 Version 1709 for ARM64-based Systems
    1
    Internet Explorer 11 on Windows 10 Version 1709 for x64-based Systems
    1
    Internet Explorer 11 on Windows 10 Version 1803 for 32-bit Systems
    1
    Internet Explorer 11 on Windows 10 Version 1803 for ARM64-based Systems
    1
    Internet Explorer 11 on Windows 10 Version 1803 for x64-based Systems
    1
    Internet Explorer 11 on Windows 10 Version 1809 for 32-bit Systems
    1
    Internet Explorer 11 on Windows 10 Version 1809 for ARM64-based Systems
    1
    Internet Explorer 11 on Windows 10 Version 1809 for x64-based Systems
    1
    Internet Explorer 11 on Windows 10 Version 1903 for 32-bit Systems
    1
    Internet Explorer 11 on Windows 10 Version 1903 for ARM64-based Systems
    1
    Internet Explorer 11 on Windows 10 Version 1903 for x64-based Systems
    1
    Internet Explorer 11 on Windows 10 Version 1909 for 32-bit Systems
    1
    Internet Explorer 11 on Windows 10 Version 1909 for ARM64-based Systems
    1
    Internet Explorer 11 on Windows 10 Version 1909 for x64-based Systems
    1
    Internet Explorer 11 on Windows 10 Version 2004 for 32-bit Systems
    1
    Internet Explorer 11 on Windows 10 Version 2004 for ARM64-based Systems
    1
    (…39 more product versions)

Installation Methods

Windows Update (recommended)

1
Settings → Windows Update → Check for updates
2
The security update is offered if your system is in scope
3
Restart when prompted (may or may not be required for this update)

Microsoft Update Catalog (manual download)

1
Open https://catalog.update.microsoft.com
2
Search for KB4570333
3
Download the package matching your OS architecture and Windows build
4
Run the .msu installer with administrator privileges
5
Restart when prompted

WSUS / SCCM / Intune

Approve KB4570333 for the affected products in your update management console.

Microsoft Download Center Links

    1
    https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4570333
    1
    https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4571756
    1
    https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4574727
    1
    https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4577010
    1
    https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4577015
    1
    (…8 more)

Verification

Confirm the update is installed:

Get-HotFix | Where-Object { $_.HotFixID -in @('KB4570333','KB4571756','KB4574727','KB4577010','KB4577015','KB4577032','KB4577038','KB4577041','KB4577049','KB4577051','KB4577064','KB4577066') }

References

    1
    Microsoft Security Response Center: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0878
    1
    KB article: https://support.microsoft.com/help/4570333
    1
    KB article: https://support.microsoft.com/help/4571756
    1
    KB article: https://support.microsoft.com/help/4574727
    1
    NVD entry: https://nvd.nist.gov/vuln/detail/CVE-2020-0878
    1
    CISA KEV: https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-0878

Discovery Credit

HAO LI of VenusTech ADLab

PowerShell automationComing soon

No tested PowerShell script for this entry yet. We’re prioritising automation based on user demand.

References

CVE-2020-0878MSRC AdvisoryNVDKBKB4570333