A security feature bypass vulnerability exists when a Windows Projected Filesystem improperly handles file redirections. An attacker who successfully exploited this vulnerability could delete a targeted file they would not have permissions to. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability. The security update addresses the vulnerability by correcting how Windows Projected Filesystem handle file redirections.
Jonas Lykkegård, Zhiniang Peng <a href="https://twitter.com/edwardzpeng">(@edwardzpeng)</a> and Fangming Gu <a href="https://twitter.com/afang5472">(@afang5472)</a>, 0xfff