CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-42297 – Windows 10 Update Assistant Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2021-42297
24 Nov 2021 — Windows 10 Update Assistant Elevation of Privilege Vulnerability Una Vulnerabilidad de Elevación de Privilegios del Asistente de Actualización de Windows 10. Este CVE ID es diferente de CVE-2021-43211 This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability. The specific flaw exists within Windows Update Assistant. By creating a symbolic link, an attacker can abuse the Update Assistant to delet... • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-42297 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2021-43211 – Windows 10 Update Assistant Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2021-43211
27 Oct 2021 — Windows 10 Update Assistant Elevation of Privilege Vulnerability Una Vulnerabilidad de Elevación de Privilegios en el Asistente de Actualización de Windows 10. Este CVE ID es diferente de CVE-2021-42297 This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within Windows Update Assistant. By c... • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-43211 • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-36945 – Windows 10 Update Assistant Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2021-36945
11 Aug 2021 — Windows 10 Update Assistant Elevation of Privilege Vulnerability Una Vulnerabilidad de Elevación de Privilegios en Windows 10 Update Assistant This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within Windows Update Assistant. The issue results from incorrect permissions set on a directory.... • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-36945 • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-1378
https://notcve.org/view.php?id=CVE-2019-1378
10 Oct 2019 — An elevation of privilege vulnerability exists in Windows 10 Update Assistant in the way it handles permissions.A locally authenticated attacker could run arbitrary code with elevated system privileges, aka 'Windows 10 Update Assistant Elevation of Privilege Vulnerability'. Se presenta una vulnerabilidad de elevación de privilegios en Windows 10 Update Assistant en la manera en que maneja los permisos. Un atacante autenticado localmente podría ejecutar código arbitrario con privilegios elevados del sistema,... • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1378 • CWE-732: Incorrect Permission Assignment for Critical Resource •