Microsoft fixes elevation of privileges safety vulnerability in Home windows Setup


Unbeknownst to Home windows 10 customers till now, a safety vulnerability existed in Home windows Setup, the method with runs when putting in Characteristic Updates for the working system.

The vulnerability (CVE-2020-16908) made it potential for a domestically authenticated attacker to run arbitrary code with elevated system privileges. This flaw might be exploited to put in software program, create new person accounts, or intervene with knowledge.

See additionally:

The vulnerability was present in the best way Home windows Setup handles directories, and Microsoft says that it impacts model 1803, 1809, 1903, 1909 and 2004 of Home windows 10. The corporate assures customers that techniques are solely susceptible to assault in the course of the means of upgrading to a brand new Characteristic Replace, and at no different time. Now that Characteristic Replace bundles have been refreshed with the patched Setup binaries, nonetheless, the vulnerability “not exists”.

Saying some particulars of the safety flaw now that it has been mounted, Microsoft explains:

This vulnerability solely exists in Home windows 10 Setup, which runs quickly any time a buyer upgrades from a earlier model of Home windows 10 to a more moderen model (for instance, from Home windows 10 Model 1909 to Home windows 10 Model 2004). A tool is susceptible solely whereas upgrading to a more moderen model of Home windows. At every other time, the machine just isn’t susceptible.

Providing recommendation to anybody utilizing a administration instrument to replace Home windows, the corporate additionally says:

If you’re utilizing WSUS or MEM ConfigMgr or one other third-party administration instrument, please sync the most recent characteristic replace bundles and approve these for deployment. If you’re utilizing Home windows media, as relevant to your system, please obtain the most recent refreshed media from VLSC or Visible Studio Subscriptions (previously MSDN), or obtain the most recent relevant Setup Dynamic Replace (DU) bundle and patch your present media.

You possibly can obtain the most recent Setup DU packages from the Microsoft Replace Catalog web site. Please observe the directions within the following article to find out about how you can apply a Setup DU bundle to your present media. Update remaining media files.

The newest Setup DU Packages could be discovered right here:

Picture credit score: ArbyDarby / Shutterstock


Please enter your comment!
Please enter your name here