Update Assistant vulnerability in Windows 10

Μια ευπάθεια στον Update of δίνει τη δυνατότητα σε κακόβουλους χρήστες, να τρέξουν with SYSTEM privileges.

The elevation of privilege is documented in CVE-2019-1378, where Microsoft explains that an attacker can create an account with full user rights, eventually gaining access to install malware to take control of s.Update Assistant

"There is a privilege vulnerability in Windows 10 Update Assistant in the way it manages permissions", says Microsoft.

“A locally authenticated attacker could run malicious code with elevated system privileges. After successfully exploiting the vulnerability, an attacker could install prethem, view, change, or delete data, create new accounts with full user rights.”

Το ελάττωμα ανακαλύφθηκε και αναφέρθηκε στη Microsoft από τον Jimmy Bayne και υπάρχει στον Windows 10 Update Assistant ανεξάρτητα από την των Windows 10 που έχετε εγκατεστημένη.

As reported on Bleepingcomputer, some computers start running the Windows 10 Update Assistant after the of update KB4023814. However, this update is only for devices running Windows 10 version 1803 (April 2018 Update) or later and is supposed to prepare the "ground" for upgrading to Windows 10 to the 1903 version (May 2019 Update).

On the other hand, devices running Update Assistant on Windows 10 on the 1903 version are also vulnerable to attacks if the update was installed manually.

Microsoft has already released a new version of Update Assistant to resolve the vulnerability and recommends all users to install it as soon as possible. The only way to fix the flaw is not to install this new version, at least until the patch is included in some update rollup. Of course you should uninstall the older version:

Microsoft reports that the defect was not publicly disclosed and thus no (yet) exploit has been released. However, you need to update your system.

iGuRu.gr The Best Technology Site in Greecefgns

Subscribe to Blog by Email

Subscribe to this blog and receive notifications of new posts by email.

Written by giorgos

George still wonders what he's doing here ...

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).