CVE-2020-0942: 
vulnerability analysis and mitigation

An elevation of privilege vulnerability identified as CVE-2020-0942 exists in the Connected User Experiences and Telemetry Service of Microsoft Windows when it improperly handles file operations. This vulnerability was assigned on November 4, 2019, and was publicly disclosed on April 15, 2020. The vulnerability affects multiple versions of Microsoft Windows 10 and Windows Server 2016 (NVD, CVE).

The vulnerability has been assigned a CVSS v3.1 base score of 7.1 (HIGH) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H. The attack requires local access (AV:L) with low attack complexity (AC:L) and low privileges (PR:L). No user interaction (UI:N) is required, and the scope is unchanged (S:U). The impact includes high integrity (I:H) and high availability (A:H) but no confidentiality impact (C:N) (NVD).

If successfully exploited, this vulnerability could allow an attacker to gain elevated privileges on the affected system. The vulnerability specifically impacts the integrity and availability of the system, with potential for high-severity consequences in both areas (NVD).

Microsoft has released security updates to address this vulnerability. Users should apply the appropriate patches through the Microsoft security advisory (Microsoft Advisory).