There exist two bypasses to the patch microsoft released. The first, CVE-2020-1337 was presented at blackhat.com. The second is based on file junctions and is explained here: https://blog.hiveminds.es/en/posts/cve-2020/1337_my_two_cents/ There should be a patch out for the new. new. patch. But the junction may yet be a zero day, though it requires reboots and maintained access.”]

