This security advisory describes one low risk vulnerability.
The vulnerability allows a physical attacker to bypass security restrictions on the target system.
The weakness exists due to an error when Microsoft JScript manages COM object creation. A physical attacker can run a specially crafted application to bypass security restrictions and create arbitrary COM objects.
Install updates from vendor's website.Vulnerable software versions
Windows: 10, 10 1607, 10 1703, 10 1709, 10 1803, 10 1809
Windows Server: 1709, 1803, 2016, 2019CPE
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.