CVE-2020-0781: 
vulnerability analysis and mitigation

An elevation of privilege vulnerability exists when the Windows Universal Plug and Play (UPnP) service improperly handles objects in memory, identified as CVE-2020-0781. This vulnerability was disclosed in March 2020 and affects various versions of Microsoft Windows operating systems. The vulnerability is also known as 'Windows UPnP Service Elevation of Privilege Vulnerability' and is distinct from CVE-2020-0783 (NVD, MITRE).

The vulnerability has been assigned a CVSS v3.1 Base Score of 7.8 (HIGH) with the following vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. This indicates that the vulnerability requires local access, low attack complexity, low privileges, and no user interaction. The impact potential is high across confidentiality, integrity, and availability (NVD).

If successfully exploited, an attacker could gain elevated privileges on the affected system, potentially obtaining the same user rights as the local user. Users with administrative rights could be more severely impacted compared to those with limited user rights (NVD).

Microsoft has released security updates to address this vulnerability. The security update corrects how the Windows UPnP service handles objects in memory (MITRE).