Recently a new vulnerability was reported in the Windows 10 operating system that, if exploited, would allow attackers to gain high privileges on the compromised computer. Now, experts from the IICS’s information security course have reported about the publishing of the code to exploit the vulnerability on GitHub to perform several malicious activities.
Experts mention that this is local privileges escalation zero-day vulnerability. In the report, it is explained that its exploitation does not consist of accessing to the device, because it is necessary that the hacker already has access to the compromised machine; so, when exploiting the vulnerability, attackers will be able to seize full control of the machine, increasing their privileges at system level.
The specialists from the information security course say that this problem is more serious than it seems because, regularly, a malware infects only a user account and cannot rid itself of that constraint. On the other hand, if the attacker gets this escalation of privileges, these restrictions are eliminated and even the simplest malware variants can cause great damage to the system.
The expert, known with the alias of “SandboxEscaper”, discovered this flaw in the Microsoft operating system Task Scheduler: “An attacker could create a malicious file with .job extension, delete it, and then address a file of Kernel-level controller from which this malicious file was located to recreate the task and initiate a process of reduced privileges in the system kernel”, says the specialist.
At the end of this process, the attackers will have high privileges in the system, so they can perform any operation on the compromised machine.
Information security course specialists from the International Institute of Cyber Security (IICS) consider that the main problem is that there are no known solutions or workarunds, because it is zero-day vulnerability. Until the company decides to launch updates to correct these failures, users are in a compromising situation. Although there is still no evidence of exploitation of this flaw in the wind, sufficient information circulates about it, so the possibility of an attack being present is considerable.