CVE-2020-0685: 
vulnerability analysis and mitigation

CVE-2020-0685 is a Windows COM Server Elevation of Privilege Vulnerability that was disclosed on February 11, 2020. The vulnerability exists when Windows improperly handles COM object creation, affecting various versions of Windows operating systems (NVD, CVE Mitre).

The vulnerability has been assigned a CVSS severity score of 7.0, indicating a high severity level. The attack vector is local (AV:L), with low attack complexity (AC:L), requiring no authentication (Au:N), and potentially impacting confidentiality, integrity, and availability completely (C:C/I:C/A:C) (Rapid7).

This elevation of privilege vulnerability could allow an attacker to gain elevated system privileges when Windows improperly handles COM object creation. A successful exploit could enable an attacker to execute code with elevated permissions (NVD).

Microsoft has released security updates to address this vulnerability. The patches are available through various KB updates including KB4537789 for Windows 10 version 1709, KB4537762 for version 1803, KB4532691 for version 1809, KB4532693 for versions 1903 and 1909, and KB4532691 for Windows Server 2019 (Rapid7).