CVE-2019-1378: Exploiting an Access Control Privilege Escalation Vulnerability in Windows 10 Update Assistant (WUA)


Windows 10 is an incredibly feature rich Operating System (OS).  In the last four years, the innovative folks at Microsoft have continued to introduce and expand functionality as well as improve and integrate security features in its flagship OS.  On the second Tuesday of each month, many of us that live in the Windows 10 universe receive updates from the mothership or through derivate means;  These monthly patches are typically feature OS updates, security updates, and anti-virus definition updates.  In this short post we’ll discuss an alternate Windows update process, a recently discovered vulnerability, and an ‘interesting’ way to exploit it.

[Continue reading at]

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s