CVE-2020-0771: 
vulnerability analysis and mitigation

An elevation of privilege vulnerability (CVE-2020-0771) exists when the Windows CSC Service improperly handles memory. This vulnerability was disclosed in March 2020 and affects multiple versions of Microsoft Windows operating systems. The vulnerability is unique from CVE-2020-0769 and requires an attacker to first gain execution on the victim system (NVD).

The vulnerability has been assigned a CVSS v3.1 base score of 7.8 (HIGH) with the following vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. This indicates that the vulnerability requires local access, low attack complexity, low privileges, and no user interaction, while potentially impacting confidentiality, integrity, and availability at high levels (NVD).

If successfully exploited, an attacker could gain elevated privileges on the affected system. The attacker would gain the same user rights as the local user, with users having administrative rights being more severely impacted than those with fewer system privileges (NVD).

Microsoft has released security updates to address this vulnerability. The patches are available through the Microsoft security update program and affect multiple versions of Windows including Windows 10, Windows Server 2016, Windows Server 2019, and other supported versions (MITRE).