Microsoft Windows Task Scheduler Vulnerability Revealed by SandboxEscaper
- Security researcher SandboxEscaper revealed a critical Windows bug on Twitter without notifying Microsoft.
- The vulnerability has not been patched yet, and Microsoft is due to release its next security patch on September 11.
- The vulnerability is present in the Windows Task Scheduler which can allow attackers elevated access to the system using malicious code.
A critical vulnerability residing in the Windows task Scheduler was revealed on Monday by security researcher SandboxEscaper on Twitter. A GitHub link containing the Proof of Concept was also posted showcasing the vulnerability.
After the vulnerability was disclosed CERT/CC vulnerability analyst Will Dormann verified the bug and stated that the zero-day flaw was found to be functional even on fully patched versions of 64-bit Windows 10 systems. The vulnerability has been described as an escalation security flaw that takes advantage of local privileges. It takes advantage of how the Windows Task Scheduler handles errors of ALPC (Advanced Local Procedure Call) systems.
https://twitter.com/SandboxEscaper/status/1034125195148255235
CERT/CC revealed after a formal investigation “Microsoft Windows task scheduler contains a vulnerability in the handling of ALPC, which can allow a local user to gain SYSTEM privileges. If an attacker can get a target to download and run an app, local privilege escalation gets the malware out of the user context up to (in this case) system privilege.”
If attackers are able to exploit the vulnerability, they can obtain system privileges. The public disclosure is definitely concerning for Microsoft as most security researchers choose to submit their findings of exploits and bugs to the developer instead of making them public. Currently, there are no workarounds available to secure yourself from the Windows vulnerability. Microsoft revealed that the company would “proactively update impacted devices as soon as possible."
The next batch of Microsoft Windows updates is scheduled for September 11, which will bring patches to fix the exploit. It is also likely that the tech giant will go out of schedule to fix the vulnerability to avoid cybercriminals from exploiting the operating system. SandboxEscaper’s Twitter account was deactivated shortly after the tweet was posted.
What do you think about the new Day 0 exploit found by SandboxEscaper? Let us know in the comments below. Also, to get instant tech updates, follow TechNadu’s Facebook page, and Twitter handle.