CVE-2019-1378: Exploiting an Access Control Privilege Escalation Vulnerability in Windows 10 Update Assistant (WUA)
Windows 10 is an incredibly feature rich Operating System (OS). In the last four years, the innovative folks at Microsoft have continued to introduce and expand functionality as well as improve and integrate security features in its flagship OS. On the second Tuesday of each month, many of us that live in the Windows 10 universe receive updates from the mothership or through derivate means; These monthly patches are typically feature OS updates, security updates, and anti-virus definition updates. In this short post we’ll discuss an alternate Windows update process, a recently discovered vulnerability, and an ‘interesting’ way to exploit it.
By Bradley Wolfenden
As compute power and malicious tools become increasingly accessible, and the profitability of a successful cyber-attack remains on the rise, cyber criminals continue to be motivated to find new and more complex ways to exploit businesses of all sizes. And as these attacks can lead to devastating results, both financially and in terms of business reputation, it’s now more important than ever to develop an effective cybersecurity strategy.
What is an effective cybersecurity strategy?