Medium
An elevation of privilege vulnerability exists in Windows 10 Update Assistant in the way it handles permissions.
A locally authenticated attacker could run arbitrary code with elevated system privileges. After successfully exploiting the vulnerability, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
Privilege access
Microsoft
Windows 10 Update Assistant
Please see vendor’s advisory for the list of patches and more details
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1378