CVE-2020-0911: 
vulnerability analysis and mitigation

An elevation of privilege vulnerability (CVE-2020-0911) was discovered in Windows Modules Installer that improperly handles objects in memory. The vulnerability was disclosed in September 2020 and affects multiple versions of Microsoft Windows operating systems, including Windows 10, Windows 7, Windows 8.1, Windows RT 8.1, and various Windows Server versions (CVE Mitre).

The vulnerability has been assigned a CVSS v3.1 base score with the following vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, indicating local access requirements with low attack complexity. The vulnerability is classified under CWE-269, and affects the Windows Modules Installer component's memory handling functionality (NVD).

If successfully exploited, this vulnerability allows an attacker to run arbitrary code in an elevated context, potentially gaining elevated privileges on the affected system. The vulnerability could lead to complete system compromise in terms of confidentiality, integrity, and availability (Rapid7).

Microsoft has released security updates to address this vulnerability by correcting how the Windows Modules Installer handles objects in memory. Multiple patches have been issued for different affected versions of Windows, including KB4577049, KB4577015, KB4577041, KB4577032, KB4570333, KB4574727, KB4571756, and others (Rapid7).