CVE-2020-0684: 
vulnerability analysis and mitigation

A critical remote code execution vulnerability (CVE-2020-0684) was discovered in Microsoft Windows that affects the processing of .LNK files. The vulnerability was disclosed in March 2020 and received a CVSS score of 8.8, indicating its critical severity. This vulnerability affects multiple versions of Windows operating systems, including Windows 10, Windows 8.1, Windows 7, and various Windows Server versions (Bleeping Computer).

The vulnerability exists in the way Microsoft Windows processes .LNK shortcut files. When a malicious .LNK file is processed, it could allow remote code execution on the target system. The vulnerability has been assigned a CVSS base score of 8.8 with a temporal score of 7.9 (Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C) (Bleeping Computer).

If successfully exploited, an attacker could gain the same user rights as the local user. Users with administrative privileges would be more severely impacted than those with restricted user rights. The attacker could execute arbitrary code on the target system by convincing a user to open a removable drive or remote share containing a malicious .LNK file and its associated malicious binary (Bleeping Computer).

Microsoft addressed this vulnerability by releasing security updates that correct the processing of shortcut LNK references. The fix was included in various security updates (KB articles) for different Windows versions, such as KB4540693 for Windows 10 and KB4541500 for Windows 7 SP1 (Bleeping Computer).

The vulnerability was discovered and reported by Wayne Low of Fortinet's FortiGuard Labs (Bleeping Computer).