Skip to main content

Microsoft fixes elevation of privileges security vulnerability in Windows Setup

posted onOctober 18, 2020
by l33tdawg
Beta News
Credit: Beta News

Unbeknownst to Windows 10 users until now, a security vulnerability existed in Windows Setup, the process with runs when installing Feature Updates for the operating system.

The vulnerability (CVE-2020-16908) made it possible for a locally authenticated attacker to run arbitrary code with elevated system privileges. This flaw could be exploited to install software, create new user accounts, or interfere with data.

The vulnerability was found in the way Windows Setup handles directories, and Microsoft says that it affects version 1803, 1809, 1903, 1909 and 2004 of Windows 10. The company assures users that systems are only vulnerable to attack during the process of upgrading to a new Feature Update, and at no other time. Now that Feature Update bundles have been refreshed with the patched Setup binaries, however, the vulnerability "no longer exists".

Source

Tags

Microsoft Security

You May Also Like

Recent News

Friday, November 8th

Friday, November 1st

Tuesday, July 9th

Wednesday, July 3rd

Friday, June 28th

Thursday, June 27th

Thursday, June 13th

Wednesday, June 12th

Tuesday, June 11th

Friday, June 7th