Zero-Day Code Announcing Vulnerability in Windows 10

SandboxEscaper, one of the known security researchers of the internet, shared a Windows 10 zero-day vulnerability on GitHub.

Although LPE vulnerabilities cannot be used directly to enter systems, they can be used by hackers who have entered the system once, to expand their domains in the later stages of the attack. People who take advantage of these vulnerabilities can access the system administrator location and take control of the entire device.

55c80c57df3f36ccc0353e182be97848b4a8485a

According to the description made on GitHub, the new vulnerability appears in the Windows Task Scheduler process. An attacker runs a damaged job file, and the error in that file opens up DACL (discretionary access control list) permissions for a particular file. When this vulnerability is used, hackers’ low-level user profiles gain administrative access permissions and provide control over the entire system.

Zero-day has been tested and confirmed to be usable on Windows 10 32-bit systems so far. There is no test yet on Windows 10 64-bit version and the result has been announced.

Zero-day theoretically works with all versions of Windows with a little tweaking, including older versions such as Windows XP and Server 2003. These systems also need to be tested.

SandboxEscaper has previously shared zero-day vulnerabilities before warning Microsoft of the bugs. One of these vulnerabilities was actively exploited by malware.

Microsoft fixes such vulnerabilities with patches released within 1 or 2 months after they are discovered. The next Microsoft patch will arrive on June 11th.

Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *