Windows 10 Zero Day Discovered

Tuesday, August 28, 2018 @ 09:08 PM gHale

A Microsoft Windows 10 Zero Day ended up published on Twitter.

The Zero Day, which allows an attacker to gain system privileges, ended up disclosed in a tweet by @SandboxEscaper (the original post and the account have both been removed).

RELATED STORIES
Hackers Leverage Patched Vulnerability
Lessons Learned One Year After Triton
Black Hat: Breaking Down Safety System Attack
Black Hat: Get to Root Cause

The vulnerability exists in the task scheduler, and a successful attack requires the user to download a malicious app on a target machine.

In another tweet, CERT researcher Phil Dormann said the bug works “on a fully-patched 64-bit Windows 10 system. LPE right to SYSTEM!.”

CERT published an advisory which provides more details regarding the vulnerability, but said a patch is not yet available for Windows 10 systems.

“Microsoft Windows task scheduler contains a local privilege escalation vulnerability in the Advanced Local Procedure Call (ALPC) interface, which can allow a local user to obtain SYSTEM privileges,” the advisory said. “Microsoft Windows task scheduler contains a vulnerability in the handling of ALPC, which can allow a local user to gain SYSTEM privileges. A local user may be able to gain elevated (SYSTEM) privileges.”

Microsoft said a fix for the vulnerability may land on the next Patch Tuesday.

By the looks of things, all Windows 10 versions are affected, regardless of the level of patching, as fully up-to-date systems are said to be vulnerable as well. Older Windows releases, like Windows 7 and Windows 8.1, aren’t impacted by the issue.



Leave a Reply

You must be logged in to post a comment.