Buzz
The new zero-day vulnerability on Windows 10 is also referred to as 'local privilege escalation.' When exploited, the vulnerability will grant attackers or malicious software full control over the victim's computer by elevating their privileges to the System level.
This issue poses a significant challenge because most malware can be constrained by the limitations of the user accounts it infects. The privilege escalation is breached, providing malware with higher access rights.
A newly discovered vulnerability in Windows Task Scheduler has surfaced. Attackers can craft malicious .job files, delete them, and then point to a kernel-level driver file from the deleted location. Subsequently, they stealthily re-create tasks to allow low-level processes into the system kernel.
This technique effectively grants system privileges to attackers across the entire device, enabling them to perform any actions on the victim's computer.
The tests are functional on both Windows 32-bit and 64-bit systems. Additionally, according to ZDNet's Catalin Cimpanu, after some tweaking, successful attacks can be carried out on all Windows versions from Windows XP and earlier, except for Windows 7 and Windows 8.
With the newly reported zero-day vulnerability, it's highly likely that Microsoft will release a patch on the upcoming Patch Tuesday, expected on 11/6. However, until then, no one can be certain whether the Windows 10 vulnerability will be exploited in the wild.
Additional Information: SandboxEscaper has recently added two new local privilege escalation vulnerabilities on GitHub on May 22. One of them, named 'angrypolarbearbug2', is a challenging strain to replicate and operates only on specific hardware components. The other vulnerability is called 'sandboxescape', and its purpose remains unclear. However, it is related to infecting malicious code into Internet Explorer 11 to grant remote attackers permission to escape the sandbox.
