CVE-2020-0675: 
vulnerability analysis and mitigation

An information disclosure vulnerability (CVE-2020-0675) exists in the Cryptography Next Generation (CNG) service of Windows Key Isolation Service when it fails to properly handle objects in memory. The vulnerability was disclosed in February 2020 and affects multiple versions of Microsoft Windows operating systems (NVD).

The vulnerability has been assigned a CVSS v3.1 Base Score of 5.5 (MEDIUM) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N. This indicates local access is required, with low attack complexity and privilege requirements, no user interaction needed, and the scope is unchanged. The impact is limited to high confidentiality breach with no impact on integrity or availability (NVD).

The vulnerability could allow an attacker to obtain sensitive information from the affected system's memory. The impact is specifically focused on information disclosure, with no direct impact on system integrity or availability (CVE).

Microsoft has addressed the vulnerability by releasing a security update that corrects how the CNG service handles objects in memory. Users are advised to apply the security update to affected systems (CVE).