Advisory Details

This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

The specific flaw exists within Windows Update Assistant. By creating a directory junction, an attacker can abuse Windows Update Assistant to delete a file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of Administrator.

This vulnerability is being disclosed publicly without a patch in accordance with the ZDI 120 day deadline.

06/04/21 - ZDI reported the vulnerabilities to the vendor
06/04/21 - The vendor confirmed receipt of the report
06/09/21 - The vendor requested technical clarification
06/14/21 - ZDI provided additional evidence
06/15/21 - The vendor requested technical clarification
06/18/21 - ZDI provided additional evidence
10/14/21 - The vendor communicated that the issue will not be fixed before 11/16/21
10/19/21 - ZDI notified the vendor of the intention to publish the report as 0-day advisory on 10/27/21

-- Mitigation:
Given the nature of the vulnerability the only salient mitigation strategy is to restrict interaction with the application.

• 2021-06-04 - Vulnerability reported to vendor
• 2021-10-27 - Coordinated public release of advisory