Zero-day vulnerability uncovered on Windows

Zero-day vulnerability uncovered on Windows

Zero-day vulnerability uncovered on Windows 

2018 has been filled with hardware exploits and OS updates, most of which are related to Spectre, Meltdown or other side-channel hardware attacks. So far, Microsoft has stayed on top of the onslaught of Spectre, but now the company has been caught with its pants down as a new zero-day vulnerability comes to light.  

This vulnerability can allow local users to gain elevated system privileges. The vulnerability was uncovered by Twitter user @SandboxEscaper, who uploaded proof of concept code onto GitHub and expressed dissatisfaction towards Microsoft’s bug/vulnerability submission process. 

So far, CERT/CC has analysed the vulnerability and has confirmed its functionality on Windows 10 64-bit and Windows Server 2016, stating that other Windows versions could be affected using modified versions of the now publically available proof of concept code. 

Below is an overview and description of the exploit from CERT/CC;

 

     Overview

Microsoft Windows task scheduler contains a local privilege escalation vulnerability in the Advanced Local Procedure Call (ALPC) interface, which can allow a local user to obtain SYSTEM privileges.

Description

Microsoft Windows task scheduler contains a vulnerability in the handling of ALPC, which can allow a local user to gain SYSTEM privileges. We have confirmed that the public exploit code works on 64-bit Windows 10 and Windows Server 2016 systems. Compatibility with other Windows versions may be possible with modification of the publicly-available exploit source code.

Impact

A local user may be able to gain elevated (SYSTEM) privileges.

Solution

The CERT/CC is currently unaware of a practical solution to this problem.

 

 When The Register contacted Microsoft, the company stated that they would “proactively update impacted devices as soon as possible”. The company expected to release an update sometime during their Patch Tuesday schedule. 
    

Zero-day vulnerability uncovered on Windows  

Microsoft’s statement is extremely unclear, as patch Tuesday could refer to any Tuesday in the coming month, potentially leaving PCs vulnerable in the meantime. Even so, the public reveal of the vulnerability will no doubt speed up Microsoft’s efforts to address the issue, and perhaps convince the company to streamline their bug submission program to prevent future zero-day bug reveals. 

You can join the discussion on Windows 10 getting hit by a Zero-day vulnerability on the OC3D Forums

Uh-oh! It looks like you're using an ad blocker.

OC3D relies on ads to provide free content and sustain our operations. By white listing us on your ad blocker, you help support us and ensure we can continue offering valuable content without any cost to you. We only run our own hand picked ads from Industry brands like MSI, BeQuiet, Sapphire and PC-Specialist - meaning they are all relevent to the content you are reading.

We truly appreciate your understanding and support. Thank you for considering whitelisting OC3D