CVE-2021-42297 – Windows 10 Update Assistant Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2021-42297
Windows 10 Update Assistant Elevation of Privilege Vulnerability Una Vulnerabilidad de Elevación de Privilegios del Asistente de Actualización de Windows 10. Este CVE ID es diferente de CVE-2021-43211 This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability. The specific flaw exists within Windows Update Assistant. By creating a symbolic link, an attacker can abuse the Update Assistant to delete a folder. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-42297 https://www.zerodayinitiative.com/advisories/ZDI-21-1334 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVE-2021-43211 – Windows 10 Update Assistant Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2021-43211
Windows 10 Update Assistant Elevation of Privilege Vulnerability Una Vulnerabilidad de Elevación de Privilegios en el Asistente de Actualización de Windows 10. Este CVE ID es diferente de CVE-2021-42297 This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within Windows Update Assistant. By creating a directory junction, an attacker can abuse Windows Update Assistant to delete a file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of Administrator. • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-43211 • CWE-269: Improper Privilege Management •
CVE-2021-36945 – Windows 10 Update Assistant Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2021-36945
Windows 10 Update Assistant Elevation of Privilege Vulnerability Una Vulnerabilidad de Elevación de Privilegios en Windows 10 Update Assistant This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within Windows Update Assistant. The issue results from incorrect permissions set on a directory. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of Administrator. • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-36945 • CWE-269: Improper Privilege Management •
CVE-2019-1378
https://notcve.org/view.php?id=CVE-2019-1378
An elevation of privilege vulnerability exists in Windows 10 Update Assistant in the way it handles permissions.A locally authenticated attacker could run arbitrary code with elevated system privileges, aka 'Windows 10 Update Assistant Elevation of Privilege Vulnerability'. Se presenta una vulnerabilidad de elevación de privilegios en Windows 10 Update Assistant en la manera en que maneja los permisos. Un atacante autenticado localmente podría ejecutar código arbitrario con privilegios elevados del sistema, también se conoce como "Windows 10 Update Assistant Elevation of Privilege Vulnerability". • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1378 • CWE-732: Incorrect Permission Assignment for Critical Resource •