A Windows zero-day local privilege escalation flaw and a Proof-of-Concept exploit for it have been revealed on Monday by someone who goes by SandboxEscaper on Twitter.
The user in question deleted the account soon after, but not before sharp-eyed security researchers were able to follow the link to the GitHub repository hosting the PoC exploit.
Will Dormann, a vulnerability analyst at the CERT/CC, tested the exploit and confirmed that it “works well in a fully-patched 64-bit Windows 10 system.”
About the vulnerability
He also prepared a vulnerability note detailing the flaw: a local privilege escalation vulnerability in the Advanced Local Procedure Call (ALPC) interface used by the Microsoft Windows task scheduler, the exploitation of which can allow a local user to obtain SYSTEM privileges on the target computer.
“The CERT/CC is currently unaware of a practical solution to this problem,” he wrote, and later remarked on Twitter that he’s currently unaware of any workarounds.
UK-based security architect Kevin Beaumont also confirmed the exploit works.
The vulnerability has yet to receive a CVE number but has bee awarded a CVSS score that puts it in the “medium” risk category.
According to The Register, a Microsoft spokesperson acknowledged the existence of the vulnerability and said the company will “proactively update impacted advices as soon as possible”.
UPDATE (August 28, 11:07 PDT): The researcher who dropped the flaw and PoC is back on Twitter. Some additional details on the issue can be found in this thread.