CVE-2020-0678: 
vulnerability analysis and mitigation

An elevation of privilege vulnerability was identified in Windows Error Reporting manager, tracked as CVE-2020-0678. The vulnerability stems from improper handling of hard links in the Windows Error Reporting Manager system. This vulnerability was disclosed in February 2020 and affects Windows operating systems (NVD, MITRE).

The vulnerability is classified as an elevation of privilege issue that occurs when the Windows Error Reporting manager fails to properly handle hard links. Based on the CVSS scoring system, it received a CVSS 3.0 score of 10 (Critical), with metrics indicating full exploit maturity (E:F), high impact (I:H), network vector (AV:N), official fix available (RL:O), confirmed (RC:C), low attack complexity (AC:L), changed scope (S:C), no privileges required (PR:N), high availability impact (A:H), no user interaction (UI:N), and high confidentiality impact (C:H) (ManageEngine).

The vulnerability could allow an attacker to gain elevated privileges on affected systems. Given the CVSS metrics, successful exploitation could result in high impacts on confidentiality, integrity, and availability of the affected systems (ManageEngine).

Microsoft has released security updates to address this vulnerability. The fix is included in security update KB4537810 (ManageEngine).