CVE-2020-0806: 
vulnerability analysis and mitigation

An elevation of privilege vulnerability exists in Windows Error Reporting (WER) when WER handles and executes files, identified as CVE-2020-0806. This vulnerability affects multiple versions of Microsoft Windows operating systems. The vulnerability was disclosed in March 2020 and is unique from CVE-2020-0772 (MITRE, NVD).

The vulnerability has been assigned a CVSS v3.1 base score of 7.8 (HIGH) with the following vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. This indicates that the vulnerability requires local access, low attack complexity, low privileges, and no user interaction to exploit. The vulnerability can lead to complete compromise of confidentiality, integrity, and availability of the target system (NVD).

If successfully exploited, this vulnerability could allow an attacker to gain elevated privileges on the affected system. The attacker could then install programs; view, change, or delete data; or create new accounts with full user rights (MITRE).

Microsoft has released security updates to address this vulnerability. Users should apply the appropriate security update for their version of Windows. The vulnerability is fixed by correcting how Windows Error Reporting handles and executes files (MITRE).