CVE-2020-17037: 
vulnerability analysis and mitigation

Windows WalletService Elevation of Privilege Vulnerability (CVE-2020-17037) was identified and disclosed in November 2020. This vulnerability affects multiple versions of Microsoft Windows 10, including versions 1709, 1803, 1809, 1903, 1909, 2004, and 20H2 (NVD).

The vulnerability has received a CVSS v3.1 base score of 7.8 (High) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, indicating local access required, low attack complexity, low privileges required, no user interaction needed, and high impact on confidentiality, integrity, and availability. Under CVSS v2.0, it received a base score of 7.2 with vector (AV:L/AC:L/Au:N/C:C/I:C/A:C) (NVD).

This elevation of privilege vulnerability in the Windows WalletService could allow an attacker to gain elevated system privileges. A successful exploit could result in complete compromise of confidentiality, integrity, and availability of the affected system (NVD).

Microsoft has released security updates to address this vulnerability. The fixes are available through various KB updates including KB4586781, KB4586785, KB4586786, KB4586787, KB4586793, and KB4586830 for different versions of Windows 10 (Rapid7).