Buzz
James Forshaw, a security researcher with Google's Project Zero security initiative, stated that the privilege escalation vulnerability could be exploited due to the way the operating system handles calls to Advanced Local Procedure Call (ALPC).
This implies that standard users could obtain Admin privileges on Windows 10 computers. In the event of an attack, the attacker could gain full control over the affected system.
However, Neowin notes that this is the second issue discovered in the same feature, both marked as bugs 1427 and 1428, reported by Microsoft on 10/11/2017. Microsoft stated they addressed these issues in the Patch Tuesday update released in February 2018, although only bug 1427 was resolved.
Google announces a vulnerability in Windows 10 Fall Creators Update
Not remotely exploitable
Although the vulnerability remains unpatched, and Microsoft does not consider it severe. According to researchers, this vulnerability's exploitability is related to additional steps and cannot be executed remotely unless the attacker has previously accessed target systems by exploiting other vulnerabilities.
'To exploit, you must execute code on the system at the normal user privilege level. Remote attacks are not possible (not exploiting an entire vulnerability to execute code remotely) and sandboxing, as used in Edge and Chrome browsers, cannot be utilized,' according to Forshaw.
Readers, please refer to: install Windows 10 Fall Creators Update here
The next Windows security update will be released on March 13th, as part of the Patch Tuesday cycle. However, following Google's disclosure of the vulnerability in Windows 10 Fall Creators Update with the exploitability disclosed, Microsoft may quickly release patches for affected Windows versions sooner.
If you are a developer and are exploring .NET Framework as well as other languages, you definitely cannot overlook the valuable .NET Framework Notes Professionals eBook compiled by Stack Overflow experts. Users can still download .NET Framework Notes Professionals eBook for free, so take advantage of this opportunity to gain more knowledge and enhance interaction between .NET Framework and other languages.
