Security Bug in Windows 10 Update Assistant Leaves the Door Open to Hackers
A security vulnerability in Microsoft’s Windows 10 Update Assistant makes it possible for an attacker to execute code with SYSTEM privileges.
The elevation of privilege flaw is documented in CVE-2019-1378, with Microsoft explaining that an attacker can end up being able to create an account with full user rights, eventually obtaining access to drop additional payloads and take control of the device.
“An elevation of privilege vulnerability exists in Windows 10 Update Assistant in the way it handles permissions,” Microsoft says.
“A locally authenticated attacker could run arbitrary code with elevated system privileges. After successfully exploiting the vulnerability, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.”
The flaw was discovered and reported to Microsoft by <a href="https://twitter.com/bohops"… (read more)