[German]With the latest June 2020 security updates, Microsoft has fixed also a so-called Privilege Escalation bugs that was in the components of Windows 10 for privacy and telemetry.
I've seen it before, but I became aware of it again via subsequent tweets. Here is such a tweet.
Microsoft fixes privilege escalation bug in Windows 10 privacy and telemetry components
— Catalin Cimpanu (@campuscodi) June 15, 2020
Fortinet security researchers who discovered it go into the details in this blog post. The vulnerability in Windows 10 has been detected in Jan 2020 and has been described and fixed by Microsoft (see CVE-2020-1296). The vulnerability affects Windows 10 version 1809 and above and Windows Server version 1903 and above.
It also affects Windows Server 2019 and Windows 10 version 2004. The researchers write about a Privilege Escalation & User-Privacy Settings Violation problem and assign it a high importance.
The attack is demonstrated in the above video. Admins and users should install the patches provided by Microsoft to fix the vulnerabilities.
Cookies helps to fund this blog: Cookie settings