By exploiting the WDAC security bypass vulnerability tracked as CVE-2020-0951, threat actors can execute PowerShell commands that would otherwise be blocked when WDAC is enabled.