CVE-2020-0750: 
vulnerability analysis and mitigation

An elevation of privilege vulnerability identified as CVE-2020-0750 was discovered in the Connected Devices Platform Service of Microsoft Windows. The vulnerability was disclosed on February 11, 2020, and affects how the service handles objects in memory. This vulnerability is distinct from related issues CVE-2020-0740, CVE-2020-0741, CVE-2020-0742, CVE-2020-0743, and CVE-2020-0749. The affected systems include multiple versions of Windows 10 (1607, 1709, 1803, 1809, 1903, 1909) and Windows Server 2016 (NVD).

The vulnerability has been assigned a CVSS v3.1 base score of 7.8 (HIGH) with the following vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. This indicates that the vulnerability requires local access, low attack complexity, low privileges, and no user interaction, while potentially impacting confidentiality, integrity, and availability at high levels. Under CVSS v2.0, it received a base score of 4.6 (MEDIUM) with the vector: (AV:L/AC:L/Au:N/C:P/I:P/A:P) (NVD).

The vulnerability could allow an attacker to gain elevated privileges on affected systems through exploitation of the Connected Devices Platform Service's memory handling mechanism. A successful exploit could result in high impacts on system confidentiality, integrity, and availability (NVD).

Microsoft has released security updates to address this vulnerability. Users should apply the appropriate patches through the Microsoft security advisory (Microsoft Advisory).