CVE-2019-1378 Windows 10 Update Assistant Vulnerability

    CVE-2019-1378 Windows 10 Update Assistant Vulnerability

    CVE-2019-1378 Windows 10 Update Assistant Vulnerability

    Elevation of Privilege Security Vulnerability

    Posted: 10 Oct 2019

    Security Vulnerability

    Published: 10/08/2019 | Last Updated : 10/09/2019
    MITRE CVE-2019-1378


    An elevation of privilege vulnerability exists in Windows 10 Update Assistant in the way it handles permissions.

    A locally authenticated attacker could run arbitrary code with elevated system privileges. After successfully exploiting the vulnerability, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

    The security update addresses the vulnerability by ensuring the Windows 10 Update Assistant properly handles permissions.

    Exploitability Assessment

    The following table provides an exploitability assessment for this vulnerability at the time of original publication.

    Publicly Disclosed Exploited Latest Software Release Older Software Release Denial of Service
    No No 2 - Exploitation Less Likely 4 - Not affected Not Applicable

    Security Updates

    To determine the support life cycle for your software version or edition, see the Microsoft Support Lifecycle.

    Product Platform Article Download Impact Severity Supersedence
    Windows Update Assistant 4023814 Security Update Elevation of Privilege Important

    Mitigations

    Microsoft has not identified any mitigating factors for this vulnerability.

    Workarounds

    Microsoft has not identified any workarounds for this vulnerability.

    FAQ

    1. What is the Windows Update Assistant, and where and how do I get the update?

    More information about Windows 10 Update Assistant is available here.

    If in the past after being directed to the Download Windows 10 page you clicked Update Now and then SAVED the WindowsUpdate9252 installer executable file to your machine, you need to do the following:

    1. Delete the WindowsUpdate9252 installer file.
    2. On the Download Windows 10 page, click Update Now to get the updated installer, and follow the instructions to either Run or Save the installer.

    If you previously RAN the WindowsUpdate9252 installer executable file, see the following FAQs:
    **2. How do I determine if I have Update Assistant installed?

    1. Launch Windows Settings and click Apps.
    2. Look for Windows 10 Update Assistant under Apps and Features.

    3. I have the Update Assistant installed. How do I uninstall it?

    1. Click Windows 10 Update Installer.
    2. Click Uninstall.
    3. When the dialog box appears to confirm the uninstall action, click Uninstall to continue the process.
    4. When the uninstallation process is complete, you can also delete the folder %windir%\UpdateAssistant or C:\Windows\UpdateAssistant from your device to remove the Update Assistant files, if any.

    Acknowledgements

    Jimmy Bayne (@bohops)

    See acknowledgements for more information.

    Disclaimer

    The information provided in the Microsoft Knowledge Base is provided "as is" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.

    Revisions

    Version Date Description
    1.0 10/08/2019 Information published.
    2.0 10/09/2019 The security update for Windows Update Assistant is now available. See the Security Updates table for more information.

    Source: https://portal.msrc.microsoft.com/en.../CVE-2019-1378
    Brink's Avatar Posted By: Brink
    10 Oct 2019


  1. Posts : 61,918
    64-bit Windows 11 Pro for Workstations
       #1
      My Computers


  2. Posts : 2,491
    Windows Insider Fast Ring LatestKUuuntu 20.10
       #2
      My Computers


 

  Related Discussions
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd
All times are GMT -5. The time now is 12:13.
Find Us




Windows 10 Forums