It currently works only to fully updated 64bit Windows 10 1803.
A few days ago, the security researcher who handles the Twitter account @SandboxEscaper has disclosed the details of zero-day privilege escalation vulnerability affecting Microsoft’s Windows operating systems that could be exploited by a local attacker or malicious program to obtain system privileges on the vulnerable system.
The vulnerability resides in the Windows’ task scheduler program and ties to errors in the handling of Advanced Local Procedure Call (ALPC) systems.
Microsoft is expected to address the vulnerability in September security Patch Tuesday, that is scheduled for September 11, meantime a patch was released by 0patch, a community of experts that aims at addressing software flaws.
The community is known to develop tiny patches, usually less than 30 bytes in size, it released a fix within 24 hours after the public disclosure of the issue.
The fix for the Windows zero-day recently disclosed is only 13 bytes in size.
Experts explained that they have validated and verified the micropatch for @SandboxEscaper’s LPE in Task Scheduler.
“As the researcher’s POC demonstrates, one can use this vulnerability to replace a system executable file and wait for a privileged process to execute it. In particular, it was shown that a printing-related DLL could be replaced and then executed by triggering the Print Spooler Service to load it,” reads the analysis published by 0patch.
“SandboxEscaper’s documentation properly identifies the problem being in Task Scheduler’s SchRpcSetSecurity method, which is externally accessible via Advanced Local Procedure Call (ALPC)facility. “
This is just a temporary fix, Windows users are advised to apply the official Microsoft updates as soon as one becomes available.
0patch warns of unexpected errors that could be caused by the unofficial fix they released.
“Can we keep using this micropatch instead of applying Microsoft’s update?
We strongly recommend against that. Microsoft’s update will not only fix this issue in a more informed way, but will also bring fixes for other vulnerabilities that we don’t have micropatches for. Yes, we hate losing hours of our lives to updating our systems too, but wouldn’t dream of outright replacing official updates with our micropatches 😉 ” concludes oparch.
[adrotate banner=”9″] | [adrotate banner=”12″] |
(Security Affairs – Windows Zero-Day, micropatch)
[adrotate banner=”5″]
[adrotate banner=”13″]
Nation-state actor UAT4356 has been exploiting two zero-days in ASA and FTD firewalls since November…
A malware campaign has been exploiting the updating mechanism of the eScan antivirus to distribute…
The Treasury Department's Office of Foreign Assets Control (OFAC) sanctioned four Iranian nationals for their…
A cyber attack on Leicester City Council resulted in certain street lights remaining illuminated all…
The National Police Agency in South Korea warns that North Korea-linked threat actors are targeting…
The U.S. Department of State imposed visa restrictions on 13 individuals allegedly linked to the…
This website uses cookies.