Security Bug in Windows 10 Update Assistant Leaves the Door Open to Hackers

A security vulnerability in Microsoft’s Windows 10 Update Assistant makes it possible for an attacker to execute code with SYSTEM privileges.

The elevation of privilege flaw is documented in CVE-2019-1378, with Microsoft explaining that an attacker can end up being able to create an account with full user rights, eventually obtaining access to drop additional payloads and take control of the device.

“An elevation of privilege vulnerability exists in Windows 10 Update Assistant in the way it handles permissions,” Microsoft says.

“A locally authenticated attacker could run arbitrary code with elevated system privileges. After successfully exploiting the vulnerability, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.”

The flaw was discovered and reported to Microsoft by <a href="https://twitter.com/bohops"… (read more)

Source link
Remember to like our facebook and our twitter @WindowsMode for a chance to win a free Surface Pro tablet every month!

Quick Links: Upgrade To Windows 10 Free |  What Is Windows 10? | Buy Windows 10 | Download Windows 10 Wallpapers | Windows Gaming

Juniya Sankara

Juniya Sankara

I love everything to do with Microsoft Windows, and the new Windows 10 is great so far. I love to spend my time researching on how viruses and bacteria work in my personal lab. I also enjoy history and comics.