CVE-2020-0917: 
vulnerability analysis and mitigation

An elevation of privilege vulnerability (CVE-2020-0917) was discovered in Windows Hyper-V, disclosed on April 15, 2020. The vulnerability exists when Windows Hyper-V on a host server fails to properly handle objects in memory. This vulnerability affects multiple versions of Windows 10 (1809, 1903, 1909) and Windows Server (2016 versions 1903, 1909, and 2019) (NVD).

The vulnerability has been assigned a CVSS v3.1 base score of 6.8 (Medium) with the following vector: CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H. Under CVSS v2.0, it received a higher base score of 7.4 (High) with the vector: (AV:A/AC:M/Au:S/C:C/I:C/A:C). The vulnerability was part of Microsoft's April 2020 Patch Tuesday release, which addressed a total of 115 vulnerabilities (Talos).

If successfully exploited, this vulnerability could allow an attacker with elevated privileges to execute code on the affected system, potentially compromising the security of the Hyper-V host server (NVD).

Microsoft has released security updates to address this vulnerability as part of their April 2020 Patch Tuesday updates. Users are advised to apply the security updates to affected systems (Talos).