See also 10 dangerous app vulnerabilities to watch out for (free PDF) A security researcher has published today demo exploit code on GitHub for a Windows 10 zero-day vulnerability. The zero-day is what security researchers call a local privilege escalation (LPE). LPE vulnerabilities can’t be used to break into systems, but hackers can use them at later stages in their attacks to elevate their access on compromised hosts from low-privileged to admin-level accounts. According to a description of the zero-day posted on GitHub, this vulnerability resides in the Windows Task Scheduler process. Attackers can run a malformed .job file that exploits a flaw in the way the Task Scheduler process changes DACL (discretionary access control list) permissions for an individual file. When exploited, the vulnerability can elevate a hacker’s low-privileged account to admin access, which, in turn, grants the intruder access over the entire system. The zero-day has only been tested and confirmed to work on Windows 10 32-bit systems. However, ZDNet was told today that, in theory, the zero-day should also work, with some fine-tuning, on all Windows versions — going back to XP and Server 2003 — although this might require some testing and further confirmation over the coming days. A demo of the proof-of-concept exploit code is embedded below. SandboxEscaper strikes again The researcher who released this zero-day is named SandboxEscaper and has a reputation for releasing Windows zero-days online, without notifying Microsoft of these security flaws. In 2018, she released four other Windows zero-days, which included:… [Read full story]
ZDNet is a business technology news website published by CBS Interactive, along with TechRepublic. The brand was founded on April 1, 1991, as a general interest technology portal from Ziff Davis and evolved into an enterprise IT-focused online publication owned by CNET Networks.