A security researcher who handles the Twitter account @SandboxEscaper has disclosed the details of zero-day privilege escalation vulnerability affecting Microsoft’s Windows operating systems that could be exploited by a local attacker or malicious program to obtain system privileges on the vulnerable system.
According to the expert who disclosed the flaw, the issue also affects a “fully-patched 64-bit Windows 10 system.”
The vulnerability resides in the Windows’ task scheduler program and ties to errors in the handling of Advanced Local Procedure Call (ALPC) systems.
The Advanced Local Procedure Call (ALPC) is an undocumented Inter-Process Communication facility provided by the Microsoft Windows kernel for lightweight (or local) Inter-Process Communication (IPC) between processes on the same computer.
The Advanced local procedure improves high-speed and secure data transfer between one or more processes in the user mode.
SandboxEscaper posted a proof-of-concept (PoC) exploit code for the zero-day that was published on GitHub.
The vulnerability was verified by the CERT/CC analyst Will Dormann that posted the following message:
The CERT/CC published a security advisory explaining that It could be exploited by a local user to obtain elevated (SYSTEM) privileges.
“Microsoft Windows task scheduler contains a vulnerability in the handling of ALPC, which can allow a local user to gain SYSTEM privileges. We have confirmed that the public exploit code works on 64-bit Windows 10 and Windows Server 2016 systems. Compatibility with other Windows versions may be possible with modification of the publicly-available exploit source code” reads the alert issued by the CERT/CC.
The CERT/CC confirmed that currently there is no workaround for the flaw. The Advanced Local Procedure Call (ALPC) interface is a local system, this limit the impact of the vulnerability. Experts warn of malware that could include the PoC code to gain system privileges on Windows systems.
SandboxEscaper did not report the zero-day to Microsoft, now all Windows systems are vulnerable until the Company will release security updates for its systems.
At the time of writing it is still unclear if the Windows zero-day effects all supported Windows versions, some experts, in fact, said that the PoC code doesn’t work on Windows 7.
Microsoft is expected to address the vulnerability in September security Patch Tuesday, that is scheduled for September 11.
| [adrotate banner=”9″] | [adrotate banner=”12″] |
(Security Affairs – Windows zero-day, hacking)
[adrotate banner=”5″]
[adrotate banner=”13″]
A critical vulnerability in the WordPress Automatic plugin is being exploited to inject backdoors and…
As cryptocurrencies have grown in popularity, there has also been growing concern about cybercrime involvement…
Healthcare service provider Kaiser Permanente disclosed a security breach that may impact 13.4 million individuals…
Over 1,400 CrushFTP internet-facing servers are vulnerable to attacks exploiting recently disclosed CVE-2024-4040 vulnerability. Over…
A ransomware attack on a Swedish logistics company Skanlog severely impacted the country's liquor supply. …
CISA adds Cisco ASA and FTD and CrushFTP VFS vulnerabilities to its Known Exploited Vulnerabilities…
This website uses cookies.
