[German]There was an Elevation of Privilege vulnerability (CVE-2020-16908) in the Windows setup process, which Microsoft has addressed as of October 13, 2020. The vulnerability has been fixed by updating the setup for Windows 10 version 1903 and 2004 (relevant for WSUS and ConfigMgr).
Advertising
Feature updates for 1903 and 2004 discarded
The colleagues of deskmodder.de had noticed the Techcommunity article Windows 10 Feature Update Downloaded status reverted to No from October 16, 2020. Microsoft informs users (of management solutions like WSUS and the ConfigMgr etc.) about a special feature after synchronizing updates released on patch Tuesday (October 13, 2020). Windows 10 feature updates for the 1903 and 2004 versions that were previously downloaded with the management solution in question will then show the status Downloaded = No under the All Windows 10 Updates node.
The reason why the old feature updates were discarded: The content for these Windows 10 feature updates has been revised to address a security issue. Due to this content revision, all previously downloaded feature updates must be downloaded again. This should be done automatically, but administrators can also download the updated packages manually.
Vulnerability CVE-2020-16908 in Setup
In the security advisory for CVE-2020-16908, Microsoft disclosed further details as of October 13, 2020. An Elevation of Privilege vulnerability has been discovered in Windows Setup. This consists in the way Setup handles directories, which could lead to an elevation of privileges.
A locally authenticated attacker could execute arbitrary code with elevated system privileges after exploiting the vulnerability. The attacker could then install programs, view, modify, or delete data, or create new accounts with full user privileges.
This vulnerability exists only in Windows 10 Setup, which is run when a customer upgrades from an earlier version of Windows 10 to a newer version (for example, from Windows 10 version 1909 to Windows 10 version 2004). A system is only vulnerable during an upgrade to a newer version of Windows. At any other time, the device is not vulnerable. So the vulnerability is hardly exploitable.
Advertising
However, Microsoft has released security updates for Windows 10 version 1803 through version 2004 that fix the vulnerability. It ensures that Windows Setup handles directories correctly. All feature update bundles supported after October 13, 2020 have been updated with the patched setup binaries, so this vulnerability no longer exists. Updated Setup Dynamic Update (DU) packages can be downloaded from the MSRT portal as needed.
Microsoft would like to point out the following: The existing feature updates for Windows 10, versions 1809 and 1909 have not been revised. New feature updates have been released for these versions to replace the previous versions and include the security fix. Because the creation/release date for these new feature updates uses the same date/time as the previous versions, in some environments the replaced feature updates expire immediately.
