1 min read

Windows Zero-Day Vulnerability Comes With PoC on GitHub

Liviu ARSENE

August 28, 2018

Promo Protect all your devices, without slowing them down.
Free 30-day trial
Windows Zero-Day Vulnerability Comes With PoC on GitHub

A new zero-day vulnerability was recently made public following a Tweet from @SandboxEscaper, who claimed to be frustrated with Microsoft and, apparently, their bug submission process.

The tweet included a link to the proof-of-concept for the alleged zero-day vulnerability on GitHub, prompting security researchers to download and test @SandboxEscaper”s claims.

Following an assessment by CERT/CC vulnerability analyst Phil Dormann, the bug was verified and confirmed to be working on a fully-patched 64-bit Windows 10 machine, enabling attackers to gain admin privileges if exploited.

It”s unclear if the zero-day would work on all Microsoft supported Windows versions, including 32-bit ones, but it”s definitely cause for concern, since the PoC is publicly available and can easily be weaponized by threat actors.

While the zero-day does require some specific conditions for execution – an attacker needs the victim to download and execute a tainted application for the vulnerability to be exploited, an attack vector that is not uncommon, especially with APTs (Advanced Persistent Threats) and spearphishing.

“Microsoft Windows task scheduler contains a local privilege escalation vulnerability in the Advanced Local Procedure Call (ALPC) interface, which can allow a local user to obtain SYSTEM privileges,” reads the CERT/CC advisory. “The CERT/CC is currently unaware of a practical solution to this problem.”

While it”s uncertain whether Microsoft had been previously notified by @SandboxEscaper regarding the zero-day, the tweet does suggest that an interaction with Microsoft caused some friction.

Following the incident, a Microsoft spokesperson claims the company will “proactively update impacted devices as soon as possible,” potentially during a Patch Tuesday release.

tags


Author


Liviu ARSENE

Liviu Arsene is the proud owner of the secret to the fountain of never-ending energy. That's what's been helping him work his everything off as a passionate tech news editor for the past few years.

View all posts

You might also like

Bookmarks


loader