#Microsoft Intune

**How could an attacker exploit this vulnerability?** To exploit this vulnerability, an attacker requires access to a rooted target device and must disable certain components of the Intune Mobile Application Manager which do not fully impact availability. An attacker could then gain access to sensitive files based on the targeted device's privileges but does not provide the ability to alter data.

**According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?** Exploitation of the vulnerability requires a user to modify a custom compliance script on the device after it is written to temporary storage and before execution of the script finishes.

**What security feature could be bypassed by this vulnerability?** An attacker could potentially bypass the Intune policy file save location.

*Are there any pre-requisites for this vulnerability to be exploited in Intune Management Extension?* This vulnerability only exists when Intune Management Extension is enabled as managed installer. Enabling IME as managed installer requires local administrator privileges. *What should I do to protect myself from this vulnerability?* No action is required. As soon as the client connects to the service, it automatically receives a message to update.