CVE-2020-0821: 
vulnerability analysis and mitigation

An information disclosure vulnerability (CVE-2020-0821) was identified in the Windows kernel when it improperly handles objects in memory. The vulnerability was disclosed on April 14, 2020, and affects multiple versions of Microsoft Windows including Windows 10, Windows Server 2012, Windows Server 2016, and Windows Server 2019 (NVD, CVE).

The specific flaw exists within the KERNELBASE.dll module. When parsing the Resource Directory Entry field of a Portable Executable format file, the process does not properly validate user-supplied data, which can result in a read past the end of an allocated buffer. The vulnerability has been assigned a CVSS v3.1 base score of 5.5 (Medium) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N (ZDI, NVD).

This vulnerability allows local attackers to disclose sensitive information on affected installations of Microsoft Windows. The attacker can leverage this vulnerability in conjunction with other vulnerabilities to execute code in the context of the current process (ZDI).

Microsoft has released security updates to address this vulnerability. Multiple KB updates are available for affected systems including KB4550929, KB4550927, KB4550922, KB4549949, and KB4549951 (Rapid7).