The
Microsoft June 2020 Patch Tuesday consisted of 129 security fixes for critical and important vulnerabilities. Of these, an "Important" and equally ironic vulnerability, tracked as CVE-2020-1296, concerns privilege escalation in the Windows Diagnostics & Feedback settings app: the annoying privacy setting screen is shown to users when setting up or upgrading Windows.
Discovered by security researcher Kushal Arvind Shah of
FortiGuard Labs, the vulnerability exists because of how privacy settings are applied across different user accounts, in a broken and inconsistent manner.
"The root cause for this vulnerability is the lack of Privacy Settings Segregation and the incorrect handling of Windows Diagnostic Data feedback in memory across all users on the Windows 10 platform," said Shah.
What this means is, when initially installing and configuring Windows 10, the Administrator is presented with a "Diagnostics & Feedback" options screen. From this screen, the administrator can set whether full diagnostic data is sent to Microsoft for analysis, or a basic level of information, in the event of crashes or other anomalies being detected.
