Windows 10 Security Flaw Goes Public, Users Vulnerable to Attacks

Microsoft has just been caught off guard, as a security researcher published on Twitter a zero-day flaw in Windows that allows an attacker to gain system privileges on an affected computer.

Disclosed in a tweet by @SandboxEscaper (the original post and the account have both been removed), the vulnerability exists in the task scheduler, and a successful attack requires the user to download a malicious app on a target machine.

CERT researcher Phil Dormann confirmed the bug on the social network and explained that it works “on a fully-patched 64-bit Windows 10 system. LPE right to SYSTEM!.”

An advisory published by CERT provides more details regarding the vulnerability, but emphasizes that a patch is not yet available for Windows 10 systems.

“Microsoft Windows task scheduler contains a local privilege escalation vulnerability in the Advanced Loc... (read more)

Comments