Security researchers have discovered a serious privilege escalation bug in Microsoft"s Windows task scheduler that could let hackers get administrative access to a Windows system. The vulnerability was first revealed on Twitter by SandboxEscaper, with a link to the proof-of-concept that"s available on GitHub.
The Twitter user, who works in the IT security segment, seems frustrated with Microsoft"s bug bounty program, though no specific reason is given. In one of her tweets, SandboxEscaper said:
The vulnerability was confirmed by the United States Computer Emergency Readiness Team (US-CERT), which provided additional details about the problem. According to the computer security team, the bug lies in the handling of the Advanced Local Procedure Call (ALPC) interface. For the uninitiated, ALPC is provided by the Microsoft Windows kernel and responsible for aiding a client process in communicating with a server process.
Basically, the vulnerability can authorize a local user to obtain elevated privileges to a system. The US-CERT further noted that the exploit works on 64-bit Windows 10 and Windows Server 2016 systems. This is not the first time that an elevation-of-privilege vulnerability has hit a Microsoft system. In June, researchers at McAfee found a critical flaw in Cortana which enabled the execution of PowerShell commands on locked devices.
There"s currently no known fix to the bug, though a Microsoft representative reportedly told The Register that the company will "proactively update impacted devices as soon as possible." It remains unclear, though, when the update will arrive.
Source: SandboxEscaper (Twitter) and US-CERT via The Register