CVE-2020-0676: 
vulnerability analysis and mitigation

An information disclosure vulnerability (CVE-2020-0676) exists in the Cryptography Next Generation (CNG) service of Windows when it fails to properly handle objects in memory. The vulnerability was disclosed on February 11, 2020, affecting multiple versions of Microsoft Windows including Windows 10, Windows 8.1, and Windows 7 SP1 (NVD Database).

The vulnerability has been assigned a CVSS v3.1 base score of 5.5 (Medium) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N. This indicates that the vulnerability requires local access, low attack complexity, low privileges, and no user interaction. The vulnerability can lead to high confidentiality impact but has no impact on integrity or availability (NVD Database).

If successfully exploited, this vulnerability could allow an attacker to obtain sensitive information from the affected system's memory. The vulnerability specifically affects the Windows Key Isolation Service, potentially exposing cryptographic-related information (CVE Database).

Microsoft has released a security update that addresses the vulnerability by correcting how the CNG service handles objects in memory. Users are advised to apply the security update to affected systems (CVE Database).