Hacker Discloses Unpatched Windows Zero-Day Vulnerability (With PoC)
A security researcher has publicly disclosed the details of a previously unknown zero-day vulnerability in the Microsoft’s Windows operating system that could help a local user or malicious program obtain system privileges on the targeted machine.
And guess what? The zero-day flaw has been confirmed working on a “fully-patched 64-bit Windows 10 system.”
The vulnerability is a privilege escalation issue which resides in the Windows’ task scheduler program and occured due to errors in the handling of Advanced Local Procedure Call (ALPC) systems.
Advanced local procedure call (ALPC) is an internal mechanism, available only to Windows operating system components, that facilitates high-speed and secure data transfer between one or more processes in the user mode.
The revelation of the Windows zero-day came earlier today from a Twitter user with online alias SandboxEscaper, who also posted a link to a Github page hosting a proof-of-concept (PoC) exploit for the privilege escalation vulnerability in Windows.
“Here is the alpc bug as 0day: https://t.co/m1T3wDSvPX I don’t fucking care about life anymore. Neither do I ever again want to submit to MSFT anyway. Fuck all of this shit,” SandboxEscaper tweeted (archive), which has now been deleted.
Zero-Day Works Well on Fully-Patched 64-Bit Windows 10 PC
Shortly after that, CERT/CC vulnerability analyst Will Dormann verified the authenticity of the zero-day bug, and tweeted:
“I’ve confirmed that this works well in a fully-patched 64-bit Windows 10 system. LPE right to SYSTEM!”
According to a short online advisory published by CERT/CC, the zero-day flaw, if exploited, could allow local users to obtain elevated (SYSTEM) privileges.
Since Advanced Local Procedure Call (ALPC) interface is a local system, the impact of the vulnerability is limited with a CVSS score of 6.4 to 6.8, but the PoC exploit released by the researcher could potentially help malware authors to target Windows users.
SandboxEscaper did not notify Microsoft of the zero-day vulnerability, leaving all Windows users vulnerable to the hackers until a security patch is release by the tech giant to address the issue.
Microsoft is likely to patch the vulnerability in its next month’s security Patch Tuesday, which is scheduled for September 11.
The CERT/CC notes it is currently unaware of any practical solution to this zero-day bug.