CVE-2020-1122: 
vulnerability analysis and mitigation

An elevation of privilege vulnerability exists in the Windows Language Pack Installer when it improperly handles file operations, identified as CVE-2020-1122. The vulnerability was discovered and reported by Microsoft Corporation in November 2019. The affected systems include multiple versions of Windows 10 (1803, 1809, 1903, 1909, 2004) and Windows Server 2016 (NVD CVE).

The vulnerability is classified under CWE-754 (Improper Check for Unusual or Exceptional Conditions). It received a CVSS v3.1 base score of 7.8 (HIGH) from NIST with vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, while Microsoft assessed it with a CVSS score of 5.5 (MEDIUM) with vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N (NVD CVE).

When successfully exploited, this vulnerability allows an attacker to run processes in an elevated context, potentially gaining higher privileges on the affected system. The local attack vector requires the attacker to have the ability to run a specially crafted application on the target system (CVE Details).

Microsoft has addressed this vulnerability by correcting the way the Windows Language Pack Installer handles file operations. The fix is available through Windows Update and should be applied to affected systems (CVE Details).