CVE-2020-0988: 
vulnerability analysis and mitigation

CVE-2020-0988 is a remote code execution vulnerability in the Windows Jet Database Engine that was disclosed on April 14, 2020. The vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. This vulnerability affects multiple versions of Microsoft Windows including Windows 10, Windows Server 2012, Windows Server 2016, and Windows Server 2019 (NVD, CVE).

The vulnerability has been assigned a CVSS v3.1 base score of 7.8 (High) with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. The vulnerability requires user interaction and local access, but no privileges are needed for exploitation. The vulnerability is unique from several other Jet Database Engine vulnerabilities (CVE-2020-0889, CVE-2020-0953, CVE-2020-0959, CVE-2020-0960, CVE-2020-0992, CVE-2020-0994, CVE-2020-0995, CVE-2020-0999, CVE-2020-1008) (NVD).

If successfully exploited, this vulnerability could allow an attacker to execute arbitrary code with the same privileges as the current user. If the current user has administrative privileges, the attacker could take control of the affected system, install programs, view, change, or delete data, or create new accounts with full user rights (Rapid7).

Microsoft has released security updates to address this vulnerability. Users should apply the appropriate patches (KB4549949, KB4549951, KB4550922, KB4550927, KB4550929, KB4550930, KB4550970, KB4550971) for their specific version of Windows (Rapid7).