Описание
Microsoft Windows Setup Elevation of Privilege Vulnerability
An elevation of privilege vulnerability exists in Microsoft Windows Setup when it does not properly handle privileges. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could then install programs; view, change or delete data.
To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system.
The security update addresses the vulnerability by enabling Windows Setup to properly handle user privileges.
FAQ
I am running one of the versions of Windows 10 listed in the Security Updates table. What is a Setup DU?
A Setup Dynamic Update (DU) is an update that will only be offered to your system if you are upgrading to a new version of Windows 10. The updates released for this CVE include a security update as well as improvements that will ease your installation experience as you upgrade to the new version.
How do I get the Setup DU?
Please see the applicable KB Article for information about how to get the Setup DU.
Will my system restart after applying a Setup DU?
No. You will not have to restart your system after applying a Setup DU.
Обновления
| Продукт | Статья | Обновление |
|---|---|---|
| Windows Server 2016 | ||
| Windows 10 Version 1607 for 32-bit Systems | ||
| Windows 10 Version 1607 for x64-based Systems | ||
| Windows Server 2016 (Server Core installation) | ||
| Windows 10 Version 1703 for 32-bit Systems | ||
| Windows 10 Version 1703 for x64-based Systems | ||
| Windows 10 Version 1709 for 32-bit Systems | ||
| Windows 10 Version 1709 for x64-based Systems | ||
| Windows 10 Version 1803 for 32-bit Systems | ||
| Windows 10 Version 1803 for x64-based Systems |
Показывать по
Возможность эксплуатации
Publicly Disclosed
Exploited
Latest Software Release
Older Software Release
DOS
EPSS
7.3 High
CVSS3
Связанные уязвимости
An elevation of privilege vulnerability exists in Microsoft Windows Setup when it does not properly handle privileges, aka 'Microsoft Windows Setup Elevation of Privilege Vulnerability'.
An elevation of privilege vulnerability exists in Microsoft Windows Setup when it does not properly handle privileges, aka 'Microsoft Windows Setup Elevation of Privilege Vulnerability'.
Уязвимость службы установки приложений Windows Setup операционной системы Windows, позволяющая нарушителю повысить свои привилегии
EPSS
7.3 High
CVSS3