CVE-2019-1378: EXPLOITING AN ACCESS CONTROL PRIVILEGE ESCALATION VULNERABILITY IN WINDOWS 10 UPDATE ASSISTANT (WUA)

Introduction

Windows 10 is an incredibly feature rich Operating System (OS).  In the last four years, the innovative folks at Microsoft have continued to introduce and expand functionality as well as improve and integrate security features in its flagship OS.  On the second Tuesday of each month, many of us that live in the Windows 10 universe receive updates from the mothership or through derivate means;  These monthly patches are typically feature OS updates, security updates, and anti-virus definition updates.  In this short post we’ll discuss an alternate Windows update process, a recently discovered vulnerability, and an ‘interesting’ way to exploit it.

[Continue reading at EmberCyberSecurity.com]

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s