A pair of vulnerabilities in the ProtonVPN and NordVPN VPN clients have been uncovered. They allow attackers to execute code as an administrator on targeted Microsoft Windows machines. The vulnerabilities are related to a critical bug previously discovered by VerSprite in April 2018: CVE-2018-10169. Both clients released patches in April, but Cisco Talos found a way to bypass that patch, leading to the new vulnerability reports. Both vendors have issued patches for the new CVEs; both have issued updates.
Source: https://threatpost.com/protonvpn-nordvpn-flaws-open-door-to-privilege-escalation/137332/