Microsoft has launched a brand new model of the Home windows 10 Replace Assistant to be able to repair an area privilege escalation vulnerability. Whereas there is no such thing as a imminent menace, the one technique to repair this vulnerability is to uninstall this system or obtain the most recent model.
The Home windows 10 Replace Assistant is a Microsoft program that helps you obtain and improve to the most recent model of Home windows 10. On older variations of Home windows, it could additionally intermittently present you small alerts that immediate you to put in the most recent Home windows 10 characteristic replace.
In earlier variations of the Home windows 10 Replace Assistant for model 1903, a vulnerability existed that might enable attackers to raise their permissions and execute instructions they need to not usually be capable to.
The Home windows 10 Replace Assistant vulnerability
With the October 2019 Patch Tuesday safety fixes, Microsoft launched a safety bulletin for an area privilege escalation vulnerability (CVE-2019-1378) in Home windows 10 Replace Assistant that was found by safety researcher Jimmy Bayne.
This vulnerability may enable an attacker to raise their permissions to be able to run a program with SYSTEM privileges, which primarily lets them carry out any motion they need in Home windows.
A day later, on October ninth, Microsoft launched an up to date Home windows 10 Replace Assistant that fixes the vulnerability.
In a dialog with BleepingComputer, Bayne felt that that this vulnerability isn’t a significant concern and may solely be used beneath particular circumstances.
“The WUA discovering isn’t what I’d contemplate a really sensible LPE. Elevation may be achieved by hijacking a element of the replace course of, which permits an attacker to execute a payload as SYSTEM. It’s a very opportunistic state of affairs that has to happen in the course of the replace course of. So the earlier launch of WUA for Win 10 1903 is weak, however it doesn’t imply that Home windows machines up to date with the earlier model of WUA have a persistent vulnerability.”
When discussing the way it could possibly be used, Bayne instructed us that essentially the most life like use case could be for an APT actor who has persistent and long run entry to a machine.
“Essentially the most life like use case offered is an APT kind of actor that has an extended dwell time in a community may doubtlessly reap the benefits of this if different avenues are exhausted.”
With that mentioned, Bayne does really feel that customers ought to all the time be working the most recent model of software program, particularly if older variations have a recognized vulnerability. Due to this fact, it’s advised that customers uninstall the present Home windows 10 Replace Assistant and obtain and set up the most recent model if essential.
What it’s best to do to repair the vulnerability
What many customers have no idea is that the Home windows 10 Replace Assistant (WUA) isn’t a standalone program and can truly set up itself into Home windows within the C:Home windows10Improve folder.
WUA is both put in on a pc manually by downloading this system from Microsoft or it’s put in as a part of the KB4023814 replace.
To examine whether it is put in, you possibly can both examine if the KB4023814 replace is put in or see if there may be an uninstall entry for WUA within the Apps & options management panel as proven beneath.
As a way to repair this vulnerability, customers have to both take away the Home windows 10 Replace Assistant or obtain the most recent model from Microsoft,which now comprises and up to date and stuck model, and set up it.
For most individuals, it’s simpler to only take away this system and set up the most recent model when you find yourself trying to improve to a brand new model of Home windows 10 and are having issues.
If the Home windows 10 Replace Assistant entry is listed within the Uninstall Packages, you possibly can uninstall it from there.
No matter the way it was put in, you possibly can all the time take away the Home windows 10 Replace Assistant by opening a command immediate after which typing the next command and urgent Enter in your keyboard.
C:Home windows10UpgradeWindows10UpgraderApp.exe /ForceUninstall
After urgent enter, you may be proven a UAC immediate asking if you wish to enable this app to make adjustments. It is best to click on on the Sure button at this immediate.
When working the command, it won’t show any output, and simply deliver you again to a different immediate. Now you can shut the command immediate home windows.
To verify that the Home windows 10 Replace Assistant has been eliminated, you possibly can examine if the C:Home windows10improve or C:WindowsUpdateassistant folders exist. If they don’t, then it has been fully eliminated.
If both of these two folders nonetheless exist, now you can delete them.
Should you can not take away these folders for some motive, you possibly can launch Activity Supervisor and finish the UpdateAssistant.exe and the Home windows10UpgraderApp.exe processes if they’re working. As soon as terminated, now you can attempt to delete the folders once more.
Now that the Home windows 10 Replace Assistant has been eliminated, Home windows will not be affected by the vulnerability.