CVE-2020-1020: 
vulnerability analysis and mitigation

A remote code execution vulnerability (CVE-2020-1020) exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles a specially-crafted multi-master font - Adobe Type 1 PostScript format. The vulnerability was disclosed on April 15, 2020, and affects multiple versions of Windows operating systems. For all systems except Windows 10, an attacker who successfully exploited the vulnerability could execute code remotely (CVE-MITRE, NVD).

The vulnerability has been assigned a CVSS v3 Base Score of 8.8 (High), with an Impact Score of 5.9 and Exploitability Score of 2.8. The attack vector is network-based, with low attack complexity, requiring no privileges but necessitating user interaction. The scope is unchanged, with high impact on confidentiality, integrity, and availability (Rapid7).

The vulnerability allows attackers to execute arbitrary code remotely on affected systems through the Windows Adobe Type Manager Library. The impact is particularly severe for systems other than Windows 10, where successful exploitation could lead to complete system compromise, affecting the confidentiality, integrity, and availability of the target system (CVE-MITRE).

Microsoft has released security updates to address this vulnerability across multiple Windows versions. Updates are available for Windows 10 (various versions), Windows Server 2016, Windows Server 2019, and other affected systems. Users are strongly advised to apply the appropriate security patches (Rapid7).