Tuesday, January 26, 10:55
Home security Update Assistant vulnerability in Windows 10

Update Assistant vulnerability in Windows 10

A vulnerability in Windows 10 Update Assistant enables malicious users to run code with SYSTEM permissions.

The elevation of privilege is documented in CVE-2019-1378, where Microsoft explains that an attacker can create a full user account by eventually gaining access to install malware to take control of the device.Update Assistant

"There is a privilege vulnerability in Windows 10 Update Assistant in the way it manages permissions", says Microsoft.

“A locally certified intruder could run malicious code with increased system privileges. After successfully exploiting the vulnerability, the attacker could install programs, view, change, or delete data, create new accounts with full user rights. "

The bug was discovered and reported to Microsoft by Jimmy Bayne and is available in Windows 10 Update Assistant regardless of the version of Windows 10 you have installed.

As mentioned in Bleepingcomputer, some computers start running Windows 10 Update Assistant after the KB4023814 update is installed. However, this update is only for devices running Windows 10 in the 1803 version (April 2018 Update) or later and is supposed to prepare the "ground" for upgrading to Windows 10 to the 1903 version (May 2019 Update).

On the other hand, devices running Update Assistant on Windows 10 on the 1903 version are also vulnerable to attacks if the update was installed manually.

Microsoft has already released a new version of Update Assistant to resolve the vulnerability and recommends all users to install it as soon as possible. The only way to fix the bug is to manually install this new version, at least until the patch is included in some bug fixes. Of course you should uninstall the older version:

Microsoft reports that the defect was not publicly disclosed and thus no (yet) exploit has been released. However, you need to update your system.

LEAVE ANSWER

Please enter your comment!
Please enter your name here

SecNews
SecNewshttps://www.secnews.gr
In a world without fences and walls, who needs Gates and Windows

LIVE NEWS

Apple Watch Series 7: Will have blood glucose monitoring

According to ETNews, the Apple Watch Series 7 will include the ability to monitor blood glucose through an optical sensor.

Google: North Korean hackers target security researchers via social media

Google has released a report revealing that North Korean hackers are targeting security researchers through social media who are involved in ...

Twitter: Fights misinformation with "Birdwatch"

Twitter unveiled a new feature that aims to step up its efforts to combat misinformation, with the help ...

Netherlands: COVID-19 patient data was sold illegally

Two suspects have been arrested by Dutch police for allegedly selling COVID-19 patient data by Dutch health ministry systems.

Apple: Attention! Keep iPhone away from your pacemaker!

If you have an iPhone, then you may be interested in the following warning. Apple informed its customers that the iPhones may interfere ...
00:02:40

COVID-19 vaccines: Ways to protect supply chains

The development of vaccines for COVID-19 in such a short period of time has created many challenges and these are not only related to ...
00:02:17

How do insurance companies "enhance" ransomware attacks?

Ransomware attacks have increased significantly, with experts warning that their victims should not pay ransom to hackers ....

Russia: "US may be planning retaliation for SolarWinds hack"!

The Russian government warns the country's organizations about possible cyber attacks that the US may carry out, as "retaliation" for the hack ...

iPhone: How to see which apps have access to your contacts

Some iPhone privacy issues go deeper than accessing your contacts list, which exposes your contacts to ...

COVID-19: Google makes vaccination clinics available

Google CEO Sundar Pichai said Monday that the company will make its facilities available to become clinics ...