CVE-2020-0999: 
vulnerability analysis and mitigation

A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, identified as CVE-2020-0999. This vulnerability was disclosed on April 15, 2020, affecting various versions of Microsoft Windows operating systems. The vulnerability is part of a series of similar issues, being unique from CVE-2020-0889, CVE-2020-0953, CVE-2020-0959, CVE-2020-0960, CVE-2020-0988, CVE-2020-0992, CVE-2020-0994, CVE-2020-0995, and CVE-2020-1008 (NVD, CVE).

The vulnerability has been assigned a CVSS v3.1 base score of 7.8 (High) with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. Under CVSS v2.0, it received a base score of 9.3 (High) with the vector (AV:N/AC:M/Au:N/C:C/I:C/A:C). The vulnerability affects the Windows Jet Database Engine's memory handling mechanisms (NVD).

If successfully exploited, this vulnerability could allow an attacker to execute arbitrary code on the affected system, potentially gaining the same user rights as the current user. If the current user has administrative privileges, the attacker could take complete control of the affected system (NVD).

Microsoft has released security updates to address this vulnerability. Users should apply the appropriate patches through Windows Update or download and install them manually from the Microsoft Security Update Guide (MSRC).