Geeks for your information News Privacy & Security News v
Researcher Drops Windows 10 Zero-Day Exploit
Researcher Drops Windows 10 Zero-Day Exploit
silversurfer Offline
Staff Member
******
Posts: 3,885
Threads: 3,283
Thanks Received: 5,064 in 3,838 posts
Thanks Given: 6,200
Joined: 12 September 18
#1
22 May 19, 12:21
Quote:A researcher has made public technical details, a video and proof-of-concept (PoC) exploit code for an unpatched local privilege escalation (LPE) vulnerability affecting Windows.
 
The flaw, disclosed by a researcher who uses the online moniker SandboxEscaper, is related to discretionary access control lists (DACL) and the Task Scheduler, and the exploit has been confirmed to work reliably on a fully patched Windows 10 machine, including 64-bit systems.
 
The vulnerability allows an attacker with limited privileges to change permissions for a specified file by importing a .job file into the Task Scheduler using schtasks.

SecurityWeek has reached out to Microsoft for comment and will update this article if the company responds. Unless in-the-wild exploitation is detected, the company will likely address the flaw with Patch Tuesday updates.

SOURCE: https://www.securityweek.com/researcher-...ay-exploit
[-] The following 1 user says Thank You to silversurfer for this post:
  • harlan4096
Find
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)
[-]
Welcome
You have to register before you can post on our site.

Username/Email:


Password:

[-]
Recent Posts
K-Lite Codec Pack 19.6.0 / 19.6.1 Update
Changes in 19.6.0:...harlan4096 — 11:42
Free Download Manager 6.33.2.6656
Changes in 6.33.2....harlan4096 — 11:41
Vivaldi 7.9 Build 3970.45
Vivaldi 7.9 Build ...harlan4096 — 11:40
Apples Releases the 26.4 Versions of iOS...
Apple has just rel...harlan4096 — 11:38
Opera 129.0.5823.22
Hello! Opera st...harlan4096 — 11:37

[-]
Birthdays
Today's Birthdays
avatar (44)gapedDow
avatar (38)snorydar
Upcoming Birthdays
avatar (46)qaqapeti

[-]
Online Staff
harlan4096's profile harlan4096
Administrator

>