Multiple cross-site scripting (XSS) bugs and an XML external entity (XXE) problem opens the door to takeover of admin desktops.
A Windows interface that allows system administrators to configure and monitor systems from an admin level has several vulnerabilities that would allow an attacker to install malicious payloads and even take over a target, privileged machine. The bugs are grouped under one umbrella (CVE-2019-0948) and are found in the Microsoft Management Console (MMC), according to Check Point researchers Eran Vaknin and Alon Boxiner,