Windows Zero-Day Vulnerability Comes With PoC on GitHub

A new zero-day vulnerability was recently made public following a Tweet from @SandboxEscaper, who claimed to be frustrated with Microsoft and, apparently, their bug submission process.

The tweet included a link to the proof-of-concept for the alleged zero-day vulnerability on GitHub, prompting security researchers to download and test @SandboxEscaper’s claims.

Following an assessment by CERT/CC vulnerability analyst Phil Dormann, the bug was verified and confirmed to be working on a fully-patched 64-bit Windows 10 machine, enabling attackers to gain admin privileges if exploited.

It’s unclear if the zero-day would work on all Microsoft supported Windows versions, including 32-bit ones, but it’s definitely cause for concern, since the PoC is publicly available and can easily be weaponized by threat actors.

I’ve confirmed that this works well in a fully-patched 64-bit Windows 10 system.
LPE right to SYSTEM!

— Will Dormann (@wdormann) August 27, 2018

While the zero-day does require some specific conditions for execution – an attacker needs the victim to download and execute a tainted application for the vulnerability to be exploited, an attack vector that is not uncommon, especially with APTs (Advanced Persistent Threats) and spearphishing.

“Microsoft Windows task scheduler contains a local privilege escalation vulnerability in the Advanced Local Procedure Call (ALPC) interface, which can allow a local user to obtain SYSTEM privileges,” reads the CERT/CC advisory. “The CERT/CC is currently unaware of a practical solution to this problem.”

While it’s uncertain whether Microsoft had been previously notified by @SandboxEscaper regarding the zero-day, the tweet does suggest that an interaction with Microsoft caused some friction.

Following the incident, a Microsoft spokesperson claims the company will “proactively update impacted devices as soon as possible,” potentially during a Patch Tuesday release.

Read the original article here

You may also like


Get in Touch

Hi there, thanks for stopping by. If you need help with anything, just fill in the form below.
Alternatively, you can call us on 02392 984 730