Windows 10 Security Flaw Goes Public, Users Vulnerable to Attacks

[nir]

Zero-day discovered and published on Twitter

 

Microsoft has just been caught off guard, as a security researcher published on Twitter a zero-day flaw in Windows that allows an attacker to gain system privileges on an affected computer.

 

Disclosed in a tweet by @SandboxEscaper (the original post and the account have both been removed), the vulnerability exists in the task scheduler, and a successful attack requires the user to download a malicious app on a target machine.

 

CERT researcher Phil Dormann confirmed the bug on the social network and explained that it works “on a fully-patched 64-bit Windows 10 system. LPE right to SYSTEM!.”

 

An advisory published by CERT provides more details regarding the vulnerability, but emphasizes that a patch is not yet available for Windows 10 systems.

 

“Microsoft Windows task scheduler contains a local privilege escalation vulnerability in the Advanced Local Procedure Call (ALPC) interface, which can allow a local user to obtain SYSTEM privileges,” the advisory reads. “Microsoft Windows task scheduler contains a vulnerability in the handling of ALPC, which can allow a local user to gain SYSTEM privileges. A local user may be able to gain elevated (SYSTEM) privileges.”

 

Patch possibly landing next month

 

Microsoft said in a statement for The Register that a fix for the vulnerability may land on the next Patch Tuesday, which in September takes place on the 11th.

 

By the looks of things, all Windows 10 versions are affected, regardless of the level of patching, as fully up-to-date systems are said to be vulnerable as well. Older Windows releases, like Windows 7 and Windows 8.1, aren’t impacted by the issue.

 

In the meantime, users are recommended to avoid downloading and running apps and files coming from untrusted sources, as a successful exploit requires the local privilege escalation to be powered by an application already running on the target system.

 

Source

[steven36]

LOL censored the idiot used big tech to post i hear its still up at github but that's owned by Microsoft so i guess will be removed too.

 

I'm reading that this guy posted this 0day  to Microsoft last year and the DJI threaten him if its so and they know who he is he will be in jail before long

 

They say its based on this Man gets threats—not bug bounty—after finding DJI customer data in public view

https://arstechnica.com/information-technology/2017/11/dji-left-private-keys-for-ssl-cloud-storage-in-public-view-and-exposed-customers/

 

Yes the exploit is still up at githib   you can read more about it here

https://old.reddit.com/r/netsec/comments/9awgl5/microsoft_windows_task_scheduler_contains_a_local/

 

Lol this dude was a idiot he tired to sell 0day exploits on Reddit so that explains about him posting it on Twitter...

 

 

 

[steven36]

Here some more stuff i found about him / her this guy suffers from depression and is transgender  and help Microsoft before  this is one of the bugs he released to Microsoft .

 

 

Quote

 

MS16-149 Windows Installer Elevation of Privilege Vulnerability CVE-2016-7292

Acknowledgment Thomas Vanhoutte (@SandboxEscaper)

 

https://docs.microsoft.com/en-us/security-updates/acknowledgments/2016/acknowledgments2016

https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2016/ms16-149

 

They are 100s of researchers who release bugs to Microsoft ,Google , Apple and others and that's what they do for a living is make malware and virus its very easy for some of them to be selling malware on the side and some  are and this person just snapped and posted one in public because there unstable and yes the feds know who  he is or do i say she is?  wtf .

 

From the kind of research  he wrote he was targeting  the Edge Browser and How to escape sandboxes without technical skills  he was targeting the windows universal platform legacy win 32  apps dont have sandboxes unless you use them with a 3rd party program . He  targets  people who uses sandboxes on windows.

 

[straycat19]

More vulnerabilities in the safest version of Windows ever made.  Microsoft tells better jokes than the comedy club. 

[steven36]

8 minutes ago, straycat19 said:

More vulnerabilities in the safest version of Windows ever made.  Microsoft tells better jokes than the comedy club. 

Zero Day Initiative paid him 2.5k for his Escaping the edge sandbox POC he said most sandbox escape bugs don't pay very well like Kernel exploits do and there less likely to get patched.

[steven36]

More 0 days by him

 

Quote

 

Disclosures

 

-CVE-2018-8314: Windows filepicker sandbox escape
-CVE-2018-8339: Windows Installer LPE
-CVE-2018-0868: Windows Installer LPE
-CVE-2018-4872: Adobe reader sandbox escape
-CVE-2017-8633: Windows Error Reporting LPE
-CVE-2017-0226: IE11 EPM sandbox escape
-CVE-2017-8503: Edge sandbox escape
-CVE-2017-3080: Flash broker sandbox escape
-CVE-2016-7292: Windows installer LPE
-CVE-2016-0194: IE11 EPM sandbox escape
-CVE-2016-3292: IE11 EPM sandbox escape
-CVE-2015-1739: IE11 EPM sandbox escape
-CVE-2015-1743: IE11 EPM sandbox escape

upcoming

-win10 LPE (CVE-2018-8440)

Note: All adobe CVEs are uncredited because I dropped them as 0days (but you can refer to my write-ups). Some CVEs are also credited under my 'old name' (you figure it out) instead of SandboxEscaper. CVE-2018-8314 is also not credited but you can refer to my filepicker writeup.

 

http://sandboxescaper.blogspot.com/p/disclosures_8.html

[Karlston]

14 hours ago, straycat19 said:

More vulnerabilities in the safest version of Windows ever made.  Microsoft tells better jokes than the comedy club.

 

I hear Nadella and Microsoft's management team are having weekly nosejobs.

 

Spoiler

Pinocchio

 

[straycat19]

3 hours ago, Karlston said:

 

I hear Nadella and Microsoft's management team are having weekly nosejobs.

 

  Reveal hidden contents

Pinocchio

 

 

Now that's a good joke....Microsoft Management Team.  ROFLMAO!!!