On Monday evening, a public-facing link was posted by the Twitter alias “SandboxEscaper” leading to the discovery of a virtually unknown zero-day flaw in the operating system of Windows. Ultimately if this vulnerability is implemented correctly, it has the ability to give local users or a malicious program access to system privileges on the targeted machine. It has since been confirmed that the inadequacy worked very well on a “fully-patched 64-bit Windows 10 system.” The privilege escalation lies within the Windows’ task scheduler and is a result of mishandling of the Advanced Local Procedure Call (ALPC). Fortunately, the ALPC interface is a local system which makes the vulnerability limited with a CVSS score of 6.4 to 6.8, but due to the release of the PoC exploit it gives malware authors the ability to go after Windows users. It is believed that Microsoft will deactivate the vulnerabilities on the next patch Tuesday, which is scheduled for September 11th. But until that time CERT/CC does not know of a practical solution to the zero-day bug.
Written by: Nataliia Zdrok, Threat Intelligence Analyst at Binary Defense Russia’s invasion of Ukraine increased