Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Malware & Threats

Researcher Drops Windows 10 Zero-Day Exploit

A researcher has made public technical details, a video and proof-of-concept (PoC) exploit code for an unpatched local privilege escalation (LPE) vulnerability affecting Windows.

A researcher has made public technical details, a video and proof-of-concept (PoC) exploit code for an unpatched local privilege escalation (LPE) vulnerability affecting Windows.

The flaw, disclosed by a researcher who uses the online moniker SandboxEscaper, is related to discretionary access control lists (DACL) and the Task Scheduler, and the exploit has been confirmed to work reliably on a fully patched Windows 10 machine, including 64-bit systems.

The vulnerability allows an attacker with limited privileges to change permissions for a specified file by importing a .job file into the Task Scheduler using schtasks.

Researcher David Longenecker comments on Windows LPE zero-day

SecurityWeek has reached out to Microsoft for comment and will update this article if the company responds. Unless in-the-wild exploitation is detected, the company will likely address the flaw with Patch Tuesday updates.

This is not the first time SandboxEscaper has released the details of a Windows LPE vulnerability before informing Microsoft or giving the company time to release a patch. The expert, who is apparently frustrated (among other things) with Microsoft’s vulnerability reporting process, previously disclosed several other privilege escalation flaws, including another one related to the Task Scheduler in Windows.

One of the vulnerabilities whose details were made public last year by SandboxEscaper ended up being exploited in attacks by a threat group tracked as PowerPool.

SandboxEscaper claims to have discovered four other unpatched flaws, including three LPE issues that allow an attacker to execute arbitrary code with SYSTEM privileges and one sandbox escape.

The researcher has offered to sell exploits, but only to “non-western people” and not “for less than 60k.”

Advertisement. Scroll to continue reading.

UPDATE. Microsoft has sent SecurityWeek the following statement:

“Microsoft has a customer commitment to investigate reported security issues and we will provide updates for impacted devices as soon as possible. We urge finders to practice coordinated vulnerability disclosure to reduce the potential risk to customers.”

Related: Third-Party Patch Released for Windows Zero-Day

Related: Exploit for New Windows Zero-Day Published on Twitter

Related: Microsoft Patches Windows Zero-Day Disclosed via Twitter

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

Vulnerabilities

A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.