A security feature bypass vulnerability exists in Surface Hub when prompting for credentials. Successful exploitation of the vulnerability could allow an attacker to access settings which are restricted to Administrators. To exploit the vulnerability, an attacker would need to have physical access to a Surface Hub. The update addresses the vulnerability by correcting how credentials are validated when accessing restricted settings.