CVE-2020-0770: 
vulnerability analysis and mitigation

An elevation of privilege vulnerability (CVE-2020-0770) was identified in the Windows ActiveX Installer Service. The vulnerability was disclosed on March 12, 2020, affecting multiple versions of Microsoft Windows operating systems. This vulnerability is distinct from CVE-2020-0773 and CVE-2020-0860 (NVD).

The vulnerability exists due to improper memory handling in the Windows ActiveX Installer Service. It has been assigned a CVSS v3.1 base score of 7.8 (HIGH) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, indicating local access requirements with low attack complexity (NVD).

If successfully exploited, this vulnerability could allow an attacker to elevate their privileges on the affected system, potentially gaining the same rights as the local user. Users with administrative privileges would be more severely impacted than those with restricted access (Rapid7).

Microsoft has released security updates to address this vulnerability across multiple affected Windows versions, including Windows 10, Windows Server 2016, Windows Server 2019, and other supported versions. Users are advised to apply the appropriate security updates to mitigate this vulnerability (Rapid7).