Wednesday | May 14 2025 |

Microsoft Windows Zero-day Vulnerability Disclosed through Twitter

BW Online Bureau Aug 29, 2018

Security researchers have discovered a serious privilege escalation bug in Microsoft's Windows task scheduler that could let hackers get administrative access to a Windows system.

The vulnerability was first revealed on Twitter by SandboxEscaper, with a link to the proof-of-concept that's available on GitHub.

Sammy Migues, principal consultant at Synopsys, said: “While the disclosure of this vulnerability and the release of a proof-of-concept exploit add a layer of scandal to this news, it’s a fairly common discovery.

"This appears to be a Windows local system privilege escalation bug. A Windows box has some built-in “user” accounts that the OS uses to get various things done. One of those is “LocalSystem” and there are many pieces of software in the Windows OS that run under that account. That account has elevated privileges compared to a “normal” user (e.g., you on your work laptop).

"Even if you are a normal user on a Windows box that has this vulnerable software (handling of ALPC in task scheduler), you can exploit the vulnerability to get elevated privileges. So, local users can get extra privileges even when their IT Security folks made them normal users, and anyone else who can run software on that box (e.g., remote attackers tricking the local user) can do the same.

"Having a working exploit out in the world makes this easier for everyone. A remote attacker would have to get someone to run their attack code (e.g., in a phishing email), and I’m sure anti-virus vendors are already working on updates to do whatever they can to spot this particular attack.

"The CERT vulnerability note (https://www.kb.cert.org/vuls/id/906424) says this is a “local privilege escalation vulnerability” that can allow a “local user” to get elevated privileges. That’s technically accurate. However, some people might read that as “there’s no way a remote attacker can take advantage of this problem.” That’s not accurate. If the local user executes the attacker’s code (e.g., via phishing or downloading some Trojaned software) then, yes, the “local user” did it but the “remote attacker” probably now owns their system.

"For me, this is just another of the dozens, if not hundreds, of privilege escalation bugs that have been found on Windows over the years. They get found, they get patched. Life goes on.”

Also Read

SECURITY
Sep 11, 2024
CIA’s CIO La’Naia Jones Discusses AI Driving National Security
3 mins read
SECURITY
Aug 27, 2024
OpenAI backs California's AI legislation mandating "watermarking" of synthetic material.
2 mins read
SECURITY
Sep 08, 2021
Wipro and Securonix Announce Partnership to Deliver Managed Security Services
3 mins read
SECURITY
Jun 16, 2021
Factors To Consider For The Security Of Cloud Infrastructure
5 mins read
SECURITY
Feb 25, 2021
Digitalization Brings Forth A New Area Of Expertise For CFOs: Cybersecurity
5 mins read
SECURITY
Dec 29, 2020
Cybersecurity Tips For The Household CIO Of 2020
4 mins read

Subscribe to our newsletter to get updates on our latest news