CVE-2020-0841: 
vulnerability analysis and mitigation

An elevation of privilege vulnerability (CVE-2020-0841) was identified in Microsoft Windows when the operating system improperly handles hard links. This vulnerability was disclosed on March 12, 2020, and affects multiple versions of Windows including Windows 10, Windows Server 2016, and Windows Server 2019 (NVD, CVE).

The vulnerability has been assigned a CVSS v3.1 base score of 7.8 (HIGH) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, indicating local access is required with low attack complexity. The CVSS v2.0 base score is 7.2 with the vector (AV:L/AC:L/Au:N/C:C/I:C/A:C) (NVD).

If successfully exploited, this vulnerability could allow an attacker to gain elevated privileges on affected systems. The attacker could potentially gain the same user rights as the local user, with users having administrative rights being more severely impacted than those with restricted user rights (Rapid7).

Microsoft has released security updates to address this vulnerability. The patches are available through Windows Update and Microsoft's security advisory. The updates correct how Windows handles hard link processing (MSRC).