Description
<p>An elevation of privilege vulnerability exists in Windows Setup in the way it handles directories.</p> <p>A locally authenticated attacker could run arbitrary code with elevated system privileges. After successfully exploiting the vulnerability, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.</p> <p>The security update addresses the vulnerability by ensuring Windows Setup properly handles directories.</p>
CVSS breakdown
CVSS 3.1
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
E
Physical
RL
O
RC
Changed
Affected products
- Microsoft / Windows 10 Version 1803N/A – N/A
- Microsoft / Windows 10 Version 1809N/A – N/A
- Microsoft / Windows 10 Version 1903 for 32-bit SystemsN/A – N/A
- Microsoft / Windows 10 Version 1903 for ARM64-based SystemsN/A – N/A
- Microsoft / Windows 10 Version 1903 for x64-based SystemsN/A – N/A
- Microsoft / Windows 10 Version 1909N/A – N/A
- Microsoft / Windows 10 Version 2004N/A – N/A