An open-source vulnerability affecting a subset a of Windows users has been identified by security researchers, according to a research note published on Monday.
The researchers from Microsoft Research’s Center for Internet and Society found a remote code execution vulnerability that allowed attackers to bypass a number of security features in Windows 10.
The bug, which they dubbed “CVE-2017 thegnosis,” was first reported by security blog Gizmodo.
The security researcher, who asked to remain anonymous, described the flaw in detail in the research note.
“A local privilege escalation vulnerability exists in a component of the Windows 10 UI (User Interface).
By running an application that uses this component, an attacker can gain privileges that could allow him to execute arbitrary code in the user interface of the user account.”
The vulnerability, the researcher said, could be exploited by an attacker who obtained a copy of the UI and then modified the Windows UI.
In order to exploit the vulnerability, an affected user would need to have the app running, the vulnerability note said.
Microsoft’s advisory warns that if the app uses the Windows UWP (Universal Windows Platform) feature, the user’s application may have been vulnerable to the vulnerability.
It is also important to note that the vulnerability was discovered in Windows 8 and later versions of Windows.
The CVE-2016-0059 vulnerability, discovered in 2017, also affected a subset or the majority of Windows 7 users.
It has since been fixed.