CVE-2020-0677: 
vulnerability analysis and mitigation

An information disclosure vulnerability exists in the Cryptography Next Generation (CNG) service of Windows Key Isolation Service when it fails to properly handle objects in memory. The vulnerability was disclosed on February 11, 2020, and affects Windows systems. To exploit this vulnerability, an attacker would need to log on to an affected system and run a specially crafted application (CVE Details).

The vulnerability is related to improper memory handling in the Windows Key Isolation Service's Cryptography Next Generation (CNG) service. The issue specifically involves how the service handles objects in memory, which could lead to information disclosure. This vulnerability has been assigned unique identification from similar vulnerabilities CVE-2020-0675, CVE-2020-0676, CVE-2020-0748, CVE-2020-0755, and CVE-2020-0756 (NVD).

The vulnerability could allow an authenticated attacker to obtain sensitive information from the affected system's memory. This information disclosure could potentially compromise the security of the cryptographic operations performed by the CNG service (CVE Details).

Microsoft has released a security update to address this vulnerability by correcting how the service handles objects in memory (CVE Details).