CVE-2020-0668: 
vulnerability analysis and mitigation

An elevation of privilege vulnerability (CVE-2020-0668) was discovered in the Windows Kernel, specifically in how it handles objects in memory. The vulnerability was disclosed on February 11, 2020, affecting multiple versions of Microsoft Windows including Windows 10, Windows 8.1, Windows 7, and various Windows Server versions (NVD, MSRC).

The vulnerability exists within the Tracing functionality used by the Routing and Remote Access service. The specific flaw stems from improper permissions on registry keys that control this functionality. The vulnerability has been assigned a CVSS v3.1 base score of 7.8 (HIGH) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, indicating local access requirements with low attack complexity (ZDI, NVD).

If successfully exploited, this vulnerability allows an attacker to escalate privileges and execute code in the context of SYSTEM, effectively gaining full control over the affected system. The high CVSS score reflects the severe potential impact on confidentiality, integrity, and availability of the system (ZDI).

Microsoft has released security updates to address this vulnerability. Users are advised to apply the appropriate patches through Windows Update. The fix was included in Microsoft's February 2020 security updates (MSRC).