CVE-2020-0810: 
vulnerability analysis and mitigation

An elevation of privilege vulnerability (CVE-2020-0810) exists when the Diagnostics Hub Standard Collector or the Visual Studio Standard Collector allows file creation in arbitrary locations. The vulnerability was disclosed on March 10, 2020, affecting Microsoft Visual Studio and Windows systems. This vulnerability requires an attacker to first log into the system before exploitation (MITRE, NVD).

The vulnerability has been assigned a CVSS v3.1 base score of 7.8 (HIGH) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. The vulnerability stems from improper handling of file operations by the Diagnostics Hub Standard Collector service, allowing file creation in arbitrary locations on the system (NVD).

If successfully exploited, an attacker could run a specially crafted application that could take control of an affected system, gaining the same privileges as the local user. Users with administrative rights would be more severely impacted than those with limited user rights (MITRE).

Microsoft has released security updates to address this vulnerability by preventing the Diagnostics Hub Standard Collector and Visual Studio Standard Collector from creating files in arbitrary locations. For Visual Studio 2015 Update 3, users must have both Visual Studio 2015 Update 3 and the Cumulative Servicing Release KB 3165756 installed before applying the security update (Microsoft Support).