CVE-2020-0938: 
vulnerability analysis and mitigation

A remote code execution vulnerability (CVE-2020-0938) exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles a specially-crafted multi-master font - Adobe Type 1 PostScript format. The vulnerability was disclosed in April 2020 and affects multiple versions of Microsoft Windows. For all systems except Windows 10, an attacker who successfully exploited the vulnerability could execute code remotely (NVD).

The vulnerability has been assigned a CVSS v3.1 base score of 7.8 (HIGH) with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. The vulnerability is classified as an Out-of-bounds Write (CWE-787) issue. The CVSS v2.0 base score is 6.8 (MEDIUM) with vector (AV:N/AC:M/Au:N/C:P/I:P/A:P) (NVD).

If successfully exploited, this vulnerability could allow an attacker to execute arbitrary code remotely on affected systems, potentially gaining the same privileges as the local user. The vulnerability affects multiple versions of Windows, including Windows 10, Windows 7 SP1, Windows 8.1, and various Windows Server versions (NVD).

Microsoft has released security updates to address this vulnerability. Users are advised to apply the appropriate patches based on their Windows version. The updates are available through various KB articles including KB4549949, KB4549951, KB4550922, KB4550927, KB4550929, KB4550930, KB4550970, and KB4550971 (Rapid7).