Windows 10 zero-day exploit code released online

  1. Brink's Avatar
    Posts : 39,709
    64-bit Windows 10 Pro build 18917
       #1

    Windows 10 zero-day exploit code released online


    A security researcher has published today demo exploit code on GitHub for a Windows 10 zero-day vulnerability.

    The zero-day is what security researchers call a local privilege escalation (LPE).

    LPE vulnerabilities can't be used to break into systems, but hackers can use them at later stages in their attacks to elevate their access on compromised hosts from low-privileged to admin-level accounts.

    According to a description of the zero-day posted on GitHub, this vulnerability resides in the Windows Task Scheduler process.

    Attackers can run a malformed .job file that exploits a flaw in the way the Task Scheduler process changes DACL (discretionary access control list) permissions for an individual file.

    When exploited, the vulnerability can elevate a hacker's low-privileged account to admin access, which, in turn, grants the intruder access over the entire system.

    The zero-day has only been tested and confirmed to work on Windows 10 32-bit systems.

    However, ZDNet was told today that, in theory, the zero-day should also work, with some fine-tuning, on all Windows versions -- going back to XP and Server 2003 -- although this might require some testing and further confirmation over the coming days.

    A demo of the proof-of-concept exploit code is embedded below.



    Read more: Windows 10 zero-day exploit code released online | ZDNet
      My ComputersSystem Spec

  2. Brink's Avatar
    Posts : 39,709
    64-bit Windows 10 Pro build 18917
       #1

    A security researcher going online by the pseudonym of SandboxEscaper has published today demo exploit code for two more Microsoft zero-days after releasing a similar fully-working exploit the day before.

    These two mark the sixth and seventh zero-days impacting Microsoft products this security researcher has published in the past ten months, with the first four being released last year, and three over the past two days...




    Read more: Two more Microsoft zero-days uploaded on GitHub | ZDNet
      My ComputersSystem Spec

  3.    #2

    Worth adding there's more to follow soon - and from the same source.

    So, more patching, which may have a detrimental impact on 1903 release timelines & volumes as somebody will be rather busy getting these exploits addressed (and tested, surely...?).
      My ComputersSystem Spec

  4. Brink's Avatar
    Posts : 39,709
    64-bit Windows 10 Pro build 18917
    Thread Starter
       #3

    A security researcher and exploit seller going by the name of SandboxEscaper has published today new Windows zero-days for the third day in a row.

    On her GitHub account, the researcher published proof-of-concept code for two zero-days, but also short explainers on how to use the two exploits.

    These two new exploits mark the seventh and eight zero-days the researcher has published in the last ten months.

    To summarize, over the course of the last three days, she also published:
    - LPE exploit in the Windows Task Scheduler process [May 21]
    - Sandbox escape for Internet Explorer 11 [May 22]
    - an LPE in the Windows Error Reporting service [May 22] -- technically not a zero-day. It was revealed that Microsoft had already patched the issue before SandboxEscaper released her demo exploit code.

    Before this week's releases, SandboxEscaper had also published four other Windows zero-days last year, which included:
    - LPE in Advanced Local Procedure Call (ALPC)
    - LPE in Microsoft Data Sharing (dssvc.dll)
    - LPE in ReadFile
    - LPE in the Windows Error Reporting (WER) system




    Read more: Researcher publishes Windows zero-days for the third day in a row | ZDNet
      My ComputersSystem Spec

  5.    #4

    I guess the slogan of "Windows 10 is the most secure version..." does not mean much. Especially, when you consider that MS has been using that slogan every time, when a new version came out since W95, or NT...
      My ComputerSystem Spec


 

Related Threads
"A publicly disclosed Windows zero-day vulnerability could allow attackers to take full control of systems once they compromise a low-privilege account. Here's a fix." Source: Temporary micropatch available for zero-day Windows exploit
Read more: Visual Studio Code September 2018
Does Windows Defender Exploit Protection log anywhere? in AntiVirus, Firewalls and System Security
I've used EMET quite a bit in the past. I recently started using the Fall Creators Update "Exploit Protection" feature. I have the settings as aggressive as possible, and I'm not changing them. This post is not asking what Exploit Protection...
Can Malwarebytes Anti-Exploit run on Windows 10? in AntiVirus, Firewalls and System Security
I tried to run Malwarebytes Anti-Exploit on my Windows 10, several times, and it will not start. Anyone else have this problem? See image. 140485
>>Many thanks to Kari for his input<< ZDNet warns of Windows 10 email scam; encrypts data for ransom http://www.zdnet.com/article/windows-10-scam-email-will-encrypt-your-files-for-ransom/?tag=nl.e589&s_cid=e589&ttag=e589&ftag=TREc64629f ...
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd
All times are GMT -5. The time now is 01:58.
Find Us