CVE-2020-0749: 
vulnerability analysis and mitigation

CVE-2020-0749 is an elevation of privilege vulnerability that exists in the way that the Connected Devices Platform Service handles objects in memory. This vulnerability was disclosed in February 2020 and affects various versions of Microsoft Windows 10 and Windows Server 2016. This CVE is unique from several related vulnerabilities (CVE-2020-0740, CVE-2020-0741, CVE-2020-0742, CVE-2020-0743, CVE-2020-0750) (NVD, CVE).

The vulnerability has been assigned a CVSS v3.1 base score of 7.8 (HIGH) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. Under CVSS v2.0, it received a base score of 4.6 (MEDIUM) with the vector (AV:L/AC:L/Au:N/C:P/I:P/A:P). The vulnerability specifically relates to how the Connected Devices Platform Service processes objects in memory (NVD).

If successfully exploited, this vulnerability could allow an attacker to gain elevated privileges on affected systems. The high CVSS score indicates that the vulnerability could lead to a complete compromise of confidentiality, integrity, and availability of the affected system (NVD).

Microsoft has released security updates to address this vulnerability. Users should apply the appropriate patches through Windows Update or Microsoft's security advisory (MSRC Advisory).