The Windows 10 update wizard is an open door to hackers

[Inkriql]

Researchers have discovered a vulnerability in the Windows 10 update wizard that allows attackers to gain system privileges.

This failure in the Windows 10 update wizard already recognized by Microsoft itself, makes it possible for an attacker to end up creating an account with full user rights, thereby obtaining access to take control of the device, and even delete or install what that you want

“A locally authenticated attacker could execute arbitrary code with elevated system privileges. After successfully exploiting the vulnerability, an attacker could install programs, view, change or delete data, or create new accounts with full user rights, ”explains Microsoft.

In case you don't know what the Windows 10 update wizard is, it is a pop-up window that guides you through the whole process of updating a version of Windows 10. In principle, those users with Windows 10 version 1803, which is April of 2018, they are the ones with the highest risk since they are guided by the assistant until the most recent update of May 2019.

That does not mean that if you have the Windows update May 10, 2019 you are safe, since the computers are also vulnerable to attacks as long as this update tool has been previously installed manually.
Microsoft has already released a new version of the update wizard that no longer includes this vulnerability, so if you have been using the wizard to guide you through the installation processes, you should install it again. For the attendees that are already standard, we will have to wait to see if with the November update of Windows 10 the bug is already resolved, which is most likely.