An elevation of privilege vulnerability exists in OpenSSH for Windows when it does not properly restrict access to configuration settings. An attacker who successfully exploited this vulnerability could replace the shell with a malicious binary.To exploit this vulnerability, an authenticated attacker would need to modify the OpenSSH for Windows configuration on a vulnerable system. The attacker would then need to convince a user to connect to the vulnerable OpenSSH for Windows server.The update addresses the vulnerability by restricting access to OpenSSH for Windows configuration settings.