According to the researchers, the vulnerability arises from how Windows 10 S validates the identity of high-privilege components.
Turns out .NET is not one of these well behaved COM implementations.
Forshaw says, Its not an issue which can be exploited remotely, nor is it a privilege escalation.
The vulnerability was first reported by Google to Microsoft on January 19 this year.
In February, Microsoft confirmed that it would fix the flaw by Aprils Patch deadline.
However, the company couldnt complete the fix on Aprils Patch Tuesday.
source: www.techworm.net
