News, tips, advice, support for Windows, Office, PCs & more. Tech help. No bull. We're community supported by donations from our Plus Members, and proud of it
Home icon Home icon Home icon Email icon RSS icon
  • Windows Setup Elevation of Privilege Vulnerability

    Posted on Alex5723 Comment on the AskWoody Lounge

    Home Forums Code Red – Security/Privacy advisories Windows Setup Elevation of Privilege Vulnerability

    • This topic has 1 reply, 1 voice, and was last updated 1 month ago.
    Viewing 2 reply threads
    • Author
      Posts
      • #2305339 Reply
        Alex5723
        AskWoody Plus

        An elevation of privilege vulnerability exists in Windows Setup in the way it handles directories.

        A locally authenticated attacker could run arbitrary code with elevated system privileges. After successfully exploiting the vulnerability, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

        The security update addresses the vulnerability by ensuring Windows Setup properly handles directories.

        https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16908

      • #2305365 Reply
        Alex5723
        AskWoody Plus

        PS. The bug only happens on Windows 10 upgrades, not clean installs.

      • #2305423 Reply
        anonymous
        Guest

        PPS:

        How do I know if I’m protected from this vulnerability?

        As of this date, all in-support Feature Update bundles have been refreshed with the patched Setup binaries, so this vulnerability no longer exists.

        If you are using WSUS or MEM ConfigMgr or another third-party management tool, please sync the latest feature update bundles and approve those for deployment. If you are using Windows media, as applicable to your system, please download the latest refreshed media from VLSC or Visual Studio Subscriptions (formerly MSDN), or download the latest applicable Setup Dynamic Update (DU) package and patch your existing media.

        https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-16908#ID0EKIAC

    Viewing 2 reply threads

    Please follow the -Lounge Rules- no personal attacks, no swearing, and politics/religion are relegated to the Rants forum.

    Reply To: Windows Setup Elevation of Privilege Vulnerability

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.