CVE-2020-0793: 
vulnerability analysis and mitigation

An elevation of privilege vulnerability (CVE-2020-0793) exists when the Diagnostics Hub Standard Collector Service improperly handles file operations. This vulnerability was disclosed in March 2020 and affects Microsoft Visual Studio 2015 Update 3 and various Windows operating systems (NVD, Microsoft Support).

The vulnerability has been assigned a CVSS v3.1 base score of 7.8 (HIGH) with the following vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. This indicates that the vulnerability requires local access, low attack complexity, low privileges, and no user interaction to exploit, while potentially impacting confidentiality, integrity, and availability (NVD).

If successfully exploited, this vulnerability could allow an attacker to gain elevated privileges on affected systems. The attacker could then gain the same user rights as the local user, with users having administrative rights being more severely impacted than those with fewer user rights (NVD).

Microsoft has released security updates to address this vulnerability. Users of affected systems should install the security update KB4538032 for Visual Studio 2015 Update 3. The update requires both Visual Studio 2015 Update 3 and the Cumulative Servicing Release KB 3165756 to be installed as prerequisites (Microsoft Support).