Microsoft Windows Hello Privilege Assignment Vulnerability Allowing Local Tampering

A vulnerability has been identified in Windows Hello, related to incorrect privilege assignment. This flaw allows an unauthorized attacker to perform tampering actions locally. The issue affects multiple Windows 10 and Windows 11 versions, as well as Windows Server 2016, 2019, 2022, and 2025. The vulnerability arises from improper management of privileges, which could potentially be exploited to manipulate certain functionalities or settings.

Impact

Exploitation of this vulnerability could lead to unauthorized local tampering, allowing attackers to modify or interfere with system processes or data.

Remediation

Users can apply the security update for this vulnerability, which is available through the Microsoft Update Catalog. Specific update details can be found in the Microsoft Knowledge Base articles linked in the 'Security Update Guide'.