CVE-2020-0657: 
vulnerability analysis and mitigation

An elevation of privilege vulnerability (CVE-2020-0657) was discovered in the Windows Common Log File System (CLFS) driver, disclosed in February 2020. The vulnerability exists when the CLFS driver improperly handles objects in memory. This vulnerability affects multiple versions of Microsoft Windows, including Windows 10, Windows 8.1, and Windows 7 SP1 (NVD).

The vulnerability has been assigned a CVSS v3.1 base score of 7.8 (HIGH) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. The vulnerability requires local access and low privileges to exploit, but can result in high impacts to confidentiality, integrity, and availability (NVD).

If successfully exploited, this vulnerability could allow an attacker to gain elevated privileges on affected systems. The attacker could then install programs, view, change, or delete data, or create new accounts with full user rights (Talos).

Microsoft released security updates to address this vulnerability as part of the February 2020 Patch Tuesday updates. Users and administrators are advised to apply the security updates immediately to protect their systems (Lansweeper).