A privilege escalation bug has been discovered in Windows’ task scheduler and revealed on Twitter. A proof-of-concept has been published, and the vulnerability has been confirmed to be present in a
A privilege escalation bug has been discovered in Windows’ task scheduler and revealed on Twitter. A proof-of-concept has been published, and the vulnerability has been confirmed to be present in a « fully-patched 64-bit Windows 10 system ».
The security flaw was exposed on Twitter by user SandboxEscaper — who has since deleted his or her account. An advisory about the vulnerability has been posted on CERT/CC, and Microsoft says that it is working to fix the problem.
In a tweet posted from a now-deleted account, @SandboxExplorer linked to a proof-of-concept on GitHub saying: « Here is the alpc bug as 0day: https://t.co/m1T3wDSvPX I don’t fucking care about life anymore. Neither do I ever again want to submit to MSFT anyway. Fuck all of this shit. »
Shortly afterwards, CERT/CC vulnerability analyst Will Dormann confirmed the existence of the problem:
Noting that there is no practical solution available to the problem at the moment, a posting on CERT/CC explains that:
The Vulnerability Note VU#906424 post goes on to say:
It adds:
In a statement given to the Register, a spokesperson for Microsoft said it would « proactively update impacted advices as soon as possible ».
Image credit: spatuletail / Shutterstock
