CVE-2020-0728: 
vulnerability analysis and mitigation

CVE-2020-0728 is an information disclosure vulnerability in the Windows Modules Installer Service that was disclosed on February 11, 2020. The vulnerability exists when the Windows Modules Installer Service improperly discloses file information through the TrustedInstaller service's COM service called Sxs Store Class (Bugtraq, Full Disclosure).

The vulnerability stems from the ISxsStore interface, which provides methods to install/uninstall assemblies via application manifests files into the WinSxS store. These API methods were intended to be restricted to users with administrative privileges, but due to improper implementation of the authorization logic, they were exposed to any user on the system. The vulnerability has a CVSS score of 5.0 (AV:L/AC:L/Au:N/C:C/I:N/A:N) (Rapid7).

The vulnerability allows source files referenced by the manifest to be abused via junction points, enabling an attacker to make the service create copies of arbitrary files in the context of NT_AUTHORITY\SYSTEM. While the wcp framework behind processing the manifest files is complex and features various 'installers', the accessible interface appears to be limited to 'primitive installers' (Full Disclosure).

Microsoft released security patches for this vulnerability on February 11, 2020. The fixes are available through various KB updates including KB4532691, KB4532693, KB4537762, KB4537764, and KB4537789 for different versions of Windows 10 and Windows Server (Rapid7).