According to reports, a security researcher has discovered an unpatched vulnerability in the Windows 10 operating system. The security researcher reportedly revealed the vulnerability on Twitter.
It’s a zero-day flaw that exists in Windows 10 and it could allow an attacker to gain system privileges on an affected computer, according to CERT/CC vulnerability analyst Phil Dormann. The vulnerability was disclosed in a tweet by @SandboxEscaper and the account has been removed.
It appears that vulnerability exists in task scheduler on Windows 10 but there’s no easy way to exploit the security flaw. The successful exploitation of the vulnerability requires the user to download a malicious app on a machine.
I've confirmed that this works well in a fully-patched 64-bit Windows 10 system.
LPE right to SYSTEM! https://t.co/My1IevbWbz
— Will Dormann (@wdormann) August 27, 2018
“Microsoft Windows task scheduler contains a local privilege escalation vulnerability in the Advanced Local Procedure Call (ALPC) interface, which can allow a local user to obtain SYSTEM privileges,” the advisory reads.
“Microsoft Windows task scheduler contains a vulnerability in the handling of ALPC, which can allow a local user to gain SYSTEM privileges. A local user may be able to gain elevated (SYSTEM) privileges.” “A local user may be able to gain elevated (SYSTEM) privileges,” the advisory explains.
Another report claims that the patch for the said vulnerability may land soon. There’s a chance that Microsoft will deploy updates to address this vulnerability on next Patch Tuesday, which takes place on September 11.
Disclaimer: The information contained in this article is based on a report from The Register and CERT/CC analysts. Windows Latest makes no claims, guarantees about the accuracy or completeness in this article or linked pages, and shall not be held responsible for anything we say in this article.