The Windows May 2019 update is rolling out, and has some really welcome changes and features. Recently, the researcher “SandboxEscaper” has discovered a “zero-day vulnerability” in the update.
SandboxEscaper published his findings with the code on GitHub, along with a demo video of the exploit.
What is this vulnerability?
A “zero-day” vulnerability is a software weakness that occurs the same day a vulnerability is discovered.
This vulnerability that has been discovered allows administrator access to your computer using LPE (local privilege escalation) as an exploit. SandboxEscaper has said that this could allow access to your entire computer. This exploit combined with other attacks could create huge breaches in your computer!
It is unknown when Microsoft will release a patch to fix this vulnerability. Right now, it is best to avoid updating.