CVE-2020-0860: 
vulnerability analysis and mitigation

An elevation of privilege vulnerability (CVE-2020-0860) exists when the Windows ActiveX Installer Service improperly handles memory. The vulnerability was disclosed in March 2020 and affects multiple versions of Microsoft Windows operating systems. This vulnerability is unique from CVE-2020-0770 and CVE-2020-0773 (NVD).

The vulnerability has been assigned a CVSS v3.1 base score of 7.8 (HIGH) with the following vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. This indicates that the vulnerability requires local access, low attack complexity, low privileges, and no user interaction to exploit, while potentially impacting confidentiality, integrity, and availability at a high level (NVD).

If successfully exploited, an attacker could gain elevated privileges on the affected system. The attacker would first need to gain execution on the victim system, after which they could potentially gain the same user rights as the local user. Users with administrative rights would be more severely impacted than those with restricted access (MITRE).

Microsoft has released security updates to address this vulnerability. The security update corrects how the Windows ActiveX Installer Service handles memory. Affected users should apply the appropriate security updates for their version of Windows (MITRE).