Windows 10 Update Assistant
CVE-2019-1378
HIGH
Severity by source
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
An elevation of privilege vulnerability exists in Windows 10 Update Assistant in the way it handles permissions.A locally authenticated attacker could run arbitrary code with elevated system privileges, aka 'Windows 10 Update Assistant Elevation of Privilege Vulnerability'.
AnalysisAI
An elevation of privilege vulnerability exists in Windows 10 Update Assistant in the way it handles permissions.A locally authenticated attacker could run arbitrary code with elevated system. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.
Technical ContextAI
This vulnerability is classified as Incorrect Permission Assignment (CWE-732), which allows attackers to access resources due to misconfigured permissions. An elevation of privilege vulnerability exists in Windows 10 Update Assistant in the way it handles permissions.A locally authenticated attacker could run arbitrary code with elevated system privileges, aka 'Windows 10 Update Assistant Elevation of Privilege Vulnerability'. Affected products include: Microsoft Windows 10 Update Assistant.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Review and restrict file/resource permissions, apply principle of least privilege.
More in Windows 10 Update Assistant
View allWindows 10 Update Assistant Elevation of Privilege Vulnerability. Rated medium severity (CVSS 5.0), this vulnerability i
Windows 10 Update Assistant Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.3), this vulnerability is
Windows 10 Update Assistant Elevation of Privilege Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability i
Share
External POC / Exploit Code
Leaving vuln.today