3 stories
today

Disgruntled user exposes unpatched Windows zero-day exploit via Twitter

It’s always best to keep your Windows 10 system up to date with the latest updates from Microsoft, but sometimes, there are still some unpatched vulnerabilities which hackers can take advantage of. That is exactly what one disgruntled Windows user recently discovered, and decided to out Microsoft for on Twitter for (via ZDNet.)

The user who goes by the name of “Sandbox Escaper” disclosed the vulnerability which permits any software running on your PC to gain system privileges. It is actually a local exploit and involves a security flaw in the Microsoft Windows task scheduler and Advanced Local Procedure Call. Sandbox Escaper noted the local exploit on GitHub, including a proof-of-concept. It has since been verified by US-CERT, which notes that the exploit code works on 64-bit Windows 10 and Windows Server 2016 systems.

There’s currently no known solution for the exploit, but Microsoft has acknowledged the issue. In a statement to The Register, the company explained that they will “proactively update impacted devices as soon as possible.” This could likely mean that we can see a fix in time for the next September Patch Tuesday updates, so best keep tuned for more.

Further reading: , , ,