[BreachExchange] Hackers Publish PoC of Zero-day Vulnerability in Windows on Twitter
Destry Winant
destry at riskbasedsecurity.com
Thu Aug 30 08:59:17 EDT 2018
https://www.hackread.com/hackers-publishes-poc-of-zero-day-vulnerability-in-windows-on-twitter/
New Privilege Escalation Bug Identified in Windows OS.
Recently a Twitter user, using the handle SandboxEscaper, disclosed
that the Microsoft Windows OS has a zero-day vulnerability, which is
yet unknown to the company. Tweeting on the microblogging platform,
the user stated:
“Here is the alpc bug as 0day. I don’t f**king care about life
anymore. Neither do I ever again want to submit to MSFT anyway. F**k
all of this shit.”
The user also claimed that a proof-of-concept (PoC) is also available
at GitHub. The page link was shared in the tweet that contained the
PoC for the zero-day flaw.
The bug was later verified by CERT/CC’s vulnerability analyst Phil
Dormann. In his vulnerability note, Dormann wrote:
“I’ve confirmed that this works well in a fully-patched 64-bit Windows
10 system. LPE right to SYSTEM! The CERT/CC is currently unaware of a
practical solution to this problem.”
The company investigated further and released an advisory to provide
details about the bug. It was identified that the Microsoft Windows
task scheduler was the main culprit. It contained a vulnerability that
existed in the way scheduler handled the ALPC (Advanced Local
Procedure Call). The flaw allowed a local user to obtain SYSTEM
privileges. The ALPC can restrain the impact of this bug to some
extent considering that it is a local bug.
But, the fact cannot be overlooked that the bug has paved the way for
a much familiar attack vector. An attacker can target a device to
download and install an app and using local privilege escalation the
malware can reach from the user context up to the system privilege.
Dormann also noted that the bug can impact a “fully-patched 64-bit
Windows 10 system.”
Microsoft’s spokesperson states that the company will be updating the
impacted devices “proactively” as soon as possible. Microsoft’s Update
Tuesday is already up for release on Sep 11 but the company may
release it sooner. The vulnerability has been given a CVSS score of
6.4-6.8.
More information about the BreachExchange
mailing list