CVE-2020-0899: 
Visual Studio 2022 vulnerability analysis and mitigation

An elevation of privilege vulnerability (CVE-2020-0899) exists when Microsoft Visual Studio updater service improperly handles file permissions. The vulnerability was disclosed in April 2020 and affects multiple versions of Microsoft Visual Studio, including Visual Studio 2017 Version 15.9, Visual Studio 2019 Version 16.0, Visual Studio 2019 Version 16.4, and Visual Studio 2019 version 16.5 (QUALYS).

The vulnerability has a CVSS base score of 5.5 MEDIUM (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N) and CVSS 2.0 base score of 3.6 LOW (AV:L/AC:L/Au:N/C:N/I:P/A:P). The vulnerability specifically relates to how the Visual Studio updater service handles file permissions, which could allow an attacker to perform privileged actions (NVD).

If successfully exploited, this vulnerability could allow an attacker to overwrite arbitrary file content in the security context of the local system. This means an attacker could potentially modify files with elevated permissions, leading to privilege escalation on the affected system (QUALYS).

Microsoft has released security updates to address this vulnerability. Users are advised to update their Visual Studio installations to the latest version through the official Microsoft update channels (QUALYS).