A security researcher showed how DLL injection can be used by ransomware to bypass the Controlled folder Access feature. Microsoft did not feel that this was a vulnerability that warranted a bounty or that requires a patch. Ransomware does not need an escalation of privileges to encrypt a victim’s computer, but a malware can use other exploits or exploits to execute. Microsoft’s response to researcher Soya Aoyama: “If I am interpreting your findings correctly
Source: security