Sorry, but ...
New zero day flaw: 'It can be exploited by a malicious logged-in user or malware on an already infected computer' ...
Last December's RID hijacking: 'The technique requires a hacker to obtain administrative rights on a box, and can be used to assign admin rights to other users and guests.'
So to summarise both of these techniques rely on the attacker *already being an admin on the machine.* So the game is already up, the Visigoths are already inside the gates, and the attacker could install what they like and wreak all sorts of havoc without going to the trouble of mucking about with reg keys etc.
The 1809 update; that's a monumental cockup and MS deserve all the heat they're getting for that. This, not so much.
Biting the hand that feeds IT
