CVE-2020-0958: 
vulnerability analysis and mitigation

CVE-2020-0958 is an elevation of privilege vulnerability that exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. The vulnerability was disclosed and published on April 15, 2020, affecting various versions of Microsoft Windows including Windows 10, Windows 8.1, and Windows 7 SP1 (NVD).

The vulnerability has been assigned a CVSS v3.1 base score of 7.8 (HIGH) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. Under CVSS v2.0, it received a base score of 7.2 (HIGH) with the vector (AV:L/AC:L/Au:N/C:C/I:C/A:C). The vulnerability requires local access and low attack complexity to exploit (NVD).

If successfully exploited, this vulnerability could allow an attacker to execute arbitrary code in kernel mode, potentially gaining elevated privileges on the affected system. This would enable the attacker to install programs, view, change, or delete data, and create new accounts with full user rights (Talos).

Microsoft has released security updates to address this vulnerability as part of their April 2020 Patch Tuesday updates. Users are advised to apply the security updates to affected systems to mitigate this vulnerability (NVD).