Hacker reveals zero-day vulnerability in Windows

Share this…

The flaw was found in a completely updated system

cyber security organization researcher has publicly disclosed the details about new zero-day vulnerability present in Microsoft’s Windows operating system that could help a local user or malicious programmer gain system privileges on the targeted machine. It was also confirmed that the zero-day vulnerability was found on a fully patched 64-bit Windows 10 system.

The vulnerability is a privilege escalation problem persistent in the Windows Task Scheduler program and occurred due to errors in handling Advanced Local Procedure Call (ALPC) system.

ALPC is an internal mechanism, available only for Windows operating system components, which makes it easy to transfer data quickly and securely between one or more processes in user mode.

The zero-day vulnerability of Windows was revealed via Twitter by the user SandboxEscaper, who also posted a link to a Github page that hosts an exploit’s proof of concept.

Vulnerability works on devices updated to the latest versions

Shortly after its publication, Will Dormann, a cyber security organization expert from the CERT Coordination Center (CERT CC) verified the vulnerability’s authenticity and mentioned: “I have been able to confirm that this works well on a fully patched 64-bit Windows 10 system”. According to a brief online notice published by the CERT CC, if the vulnerability is exploited, it could allow local users to gain elevated system privileges.

Since the ALPC interface is a local system, the vulnerability impact is limited, with a Common Vulnerability Scoring System (CVSS) rate of 6.4/10, but the published proof of concept test might be useful for malware developers to target Windows users. SandboxEscaper did not notify Microsoft about the zero-day vulnerability, leaving all of its users susceptible to hackers until the company releases a security patch to fix the flaw.

Cyber security organization specialists from the International Institute of Cyber Security commented that Microsoft is likely to fix the vulnerability in the security patch scheduled for September 11th.

On the other hand, the CERT CC points out that it currently has no knowledge of any practical solution for this zero-day flaw, so Microsoft users can just wait for the update patch to be released.