A Windows zero-day local privilege escalation flaw and a Proof-of-Concept exploit for it have been revealed on Monday by someone who goes by SandboxEscaper on Twitter.

 

The user in question deleted the account soon after, but not before sharp-eyed security researchers were able to follow the link to the GitHub repository hosting the PoC exploit.

Will Dormann, a vulnerability analyst at the CERT/CC, tested the exploit and confirmed that it “works well in a fully-patched 64-bit Windows 10 system.”

About the vulnerability

He also prepared a vulnerability note detailing the flaw: a local privilege escalation vulnerability in the Advanced Local Procedure Call (ALPC) interface used by the Microsoft Windows task scheduler, the exploitation of which can allow a local user to obtain SYSTEM privileges on the target computer.

“The CERT/CC is currently unaware of a practical solution to this problem,” he wrote, and later remarked on Twitter that he’s currently unaware of any workarounds.

UK-based security architect Kevin Beaumont also confirmed the exploit works.

The vulnerability has yet to receive a CVE number but has bee awarded a CVSS score that puts it in the “medium” risk category.

According to The Register, a Microsoft spokesperson acknowledged the existence of the vulnerability and said the company will “proactively update impacted advices as soon as possible”.

Leave a Reply

Your email address will not be published. Required fields are marked *