Microsoft released the patch on Tuesday with security fixes, and details of this localprivilege escalation vulnerability CVE 2019 1378 in Windows 10 Update Assistant. Jimmy Bayne discovered it. The vulnerability was available in version 1903, which allowed an attacker to do anything with system privileges. An elevation of privilege vulnerability exists in Windows 10 Update Assistant in the way it handles permissions. A locally authenticated attacker could run arbitrary code with elevated...

Read the full article at The Windows Club