Hacker puts zero day for Windows 10 online
An anonymous hacker has put a zero day for Windows online. The vulnerability could allow an attacker to gain admin access to Windows. The exploit was immediately put online without informing Microsoft. There is therefore no patch available yet.
The vulnerability was posted on GitHub. This is a local privilege escalation. This cannot simply be broken into a system, but an attacker can increase the user rights of an account to admin level.
The vulnerability is in Windows Task Scheduler. An attacker could exploit a flaw in the way the Task Scheduler grants discretionary access control list permissions to a file. By doing so, the permissions of files can be changed from user level to admin level. The hacker has published a proof-of-concept where the leak is exploited. That proof-of-concept only applies to 32-bit versions of Windows 10, but the discoverer says that with some adjustments it is easy to try the leak on other versions of the operating system.
The leak was discovered by an anonymous hacker named SandboxEscaper. It is not the first time that she has put a zero day for Windows online. Last year, the hacker already published four other leaks that use local privilege escalation. The hacker did not report the vulnerability to Microsoft, which is common in such cases. The hacker sometimes blogs about the leaks. In it she states that she wants to sell LPEs to ‘non-Western persons’. “I don’t owe society anything, I just want to get rich and show everyone in the west my middle finger,” it reads.
Microsoft has not yet commented on the news. The leak was published two days after the last Patch Tuesday. The next patch day is scheduled for June 11, but Microsoft may come up with a solution sooner. The National Cyber Security Center is now also warning about the leak and the fact that no solution is yet available.