Windows 10 zero-day exploit code released online

    Windows 10 zero-day exploit code released online

    Windows 10 zero-day exploit code released online


    Posted: 22 May 2019
    A security researcher has published today demo exploit code on GitHub for a Windows 10 zero-day vulnerability.

    The zero-day is what security researchers call a local privilege escalation (LPE).

    LPE vulnerabilities can't be used to break into systems, but hackers can use them at later stages in their attacks to elevate their access on compromised hosts from low-privileged to admin-level accounts.

    According to a description of the zero-day posted on GitHub, this vulnerability resides in the Windows Task Scheduler process.

    Attackers can run a malformed .job file that exploits a flaw in the way the Task Scheduler process changes DACL (discretionary access control list) permissions for an individual file.

    When exploited, the vulnerability can elevate a hacker's low-privileged account to admin access, which, in turn, grants the intruder access over the entire system.

    The zero-day has only been tested and confirmed to work on Windows 10 32-bit systems.

    However, ZDNet was told today that, in theory, the zero-day should also work, with some fine-tuning, on all Windows versions -- going back to XP and Server 2003 -- although this might require some testing and further confirmation over the coming days.

    A demo of the proof-of-concept exploit code is embedded below.



    Read more: Windows 10 zero-day exploit code released online | ZDNet
    Brink's Avatar Posted By: Brink
    22 May 2019

  1. Brink's Avatar
    Posts : 48,772
    64-bit Windows 10 Pro for Workstations build 19635
       #1

    A security researcher going online by the pseudonym of SandboxEscaper has published today demo exploit code for two more Microsoft zero-days after releasing a similar fully-working exploit the day before.

    These two mark the sixth and seventh zero-days impacting Microsoft products this security researcher has published in the past ten months, with the first four being released last year, and three over the past two days...




    Read more: Two more Microsoft zero-days uploaded on GitHub | ZDNet
      My Computers

  2. krzemien's Avatar
    Posts : 564
    Windows 10 Home x64
       #2

    Worth adding there's more to follow soon - and from the same source.

    So, more patching, which may have a detrimental impact on 1903 release timelines & volumes as somebody will be rather busy getting these exploits addressed (and tested, surely...?).
      My Computers

  3. Brink's Avatar
    Posts : 48,772
    64-bit Windows 10 Pro for Workstations build 19635
    Thread Starter
       #3

    A security researcher and exploit seller going by the name of SandboxEscaper has published today new Windows zero-days for the third day in a row.

    On her GitHub account, the researcher published proof-of-concept code for two zero-days, but also short explainers on how to use the two exploits.

    These two new exploits mark the seventh and eight zero-days the researcher has published in the last ten months.

    To summarize, over the course of the last three days, she also published:
    - LPE exploit in the Windows Task Scheduler process [May 21]
    - Sandbox escape for Internet Explorer 11 [May 22]
    - an LPE in the Windows Error Reporting service [May 22] -- technically not a zero-day. It was revealed that Microsoft had already patched the issue before SandboxEscaper released her demo exploit code.

    Before this week's releases, SandboxEscaper had also published four other Windows zero-days last year, which included:
    - LPE in Advanced Local Procedure Call (ALPC)
    - LPE in Microsoft Data Sharing (dssvc.dll)
    - LPE in ReadFile
    - LPE in the Windows Error Reporting (WER) system




    Read more: Researcher publishes Windows zero-days for the third day in a row | ZDNet
      My Computers

  4. Cr00zng's Avatar
    Posts : 640
    Windows 10 64-bits
       #4

    I guess the slogan of "Windows 10 is the most secure version..." does not mean much. Especially, when you consider that MS has been using that slogan every time, when a new version came out since W95, or NT...
      My Computer


 

Related Threads
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd
All times are GMT -5. The time now is 06:58.
Find Us




Windows 10 Forums