Windows zero-day flaw and PoC unveiled via Twitter

A Windows zero-day local privilege escalation flaw and a Proof-of-Concept exploit for it have been revealed on Monday by someone who goes by SandboxEscaper on Twitter.

Windows zero-day local privilege escalation

The user in question deleted the account soon after, but not before sharp-eyed security researchers were able to follow the link to the GitHub repository hosting the PoC exploit.

Will Dormann, a vulnerability analyst at the CERT/CC, tested the exploit and confirmed that it “works well in a fully-patched 64-bit Windows 10 system.”

About the vulnerability

He also prepared a vulnerability note detailing the flaw: a local privilege escalation vulnerability in the Advanced Local Procedure Call (ALPC) interface used by the Microsoft Windows task scheduler, the exploitation of which can allow a local user to obtain SYSTEM privileges on the target computer.

“The CERT/CC is currently unaware of a practical solution to this problem,” he wrote, and later remarked on Twitter that he’s currently unaware of any workarounds.

UK-based security architect Kevin Beaumont also confirmed the exploit works.

The vulnerability has yet to receive a CVE number but has bee awarded a CVSS score that puts it in the “medium” risk category.

According to The Register, a Microsoft spokesperson acknowledged the existence of the vulnerability and said the company will “proactively update impacted advices as soon as possible”.

UPDATE (August 28, 11:07 PDT): The researcher who dropped the flaw and PoC is back on Twitter. Some additional details on the issue can be found in this thread.

Share this
You are reading

Windows zero-day flaw and PoC unveiled via Twitter