PT-2019-3645 · Microsoft · Windows 10 Update Assistant

Publicado

2019-10-08

Atualizado

2020-08-24

CVE-2019-1378

CVSS v2.0

7.2

Alta

Vetor

AV:L/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Windows 10 Update Assistant (affected versions not specified)

Description An issue exists in the way Windows 10 Update Assistant handles permissions, allowing a locally authenticated attacker to run arbitrary code with elevated system privileges. This could potentially lead to exploitation, enabling an attacker to execute code with higher privileges than intended.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Improper Privilege Management

Incorrect Permission

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-269CWE-732

Identificadores relacionados

BDU:2019-03860

CVE-2019-1378

Produtos afetados

Windows 10 Update Assistant

PT-2019-3645 · Microsoft · Windows 10 Update Assistant

CVE-2019-1378

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 3