Thread Rating:
  • 1 Vote(s) - 5 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Researcher Drops Windows 10 Zero-Day Exploit
#1
Quote:A researcher has made public technical details, a video and proof-of-concept (PoC) exploit code for an unpatched local privilege escalation (LPE) vulnerability affecting Windows.
 
The flaw, disclosed by a researcher who uses the online moniker SandboxEscaper, is related to discretionary access control lists (DACL) and the Task Scheduler, and the exploit has been confirmed to work reliably on a fully patched Windows 10 machine, including 64-bit systems.
 
The vulnerability allows an attacker with limited privileges to change permissions for a specified file by importing a .job file into the Task Scheduler using schtasks.

SecurityWeek has reached out to Microsoft for comment and will update this article if the company responds. Unless in-the-wild exploitation is detected, the company will likely address the flaw with Patch Tuesday updates.

SOURCE: https://www.securityweek.com/researcher-...ay-exploit
[-] The following 1 user says Thank You to silversurfer for this post:
  • harlan4096
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)
[-]
Welcome
You have to register before you can post on our site.

Username/Email:


Password:





[-]
Recent Posts
AWZ Screen Recorder
AWZ Screen Recorder ...zevish — 11:05
Website X5 Go 2024.1
Website X5 Go 2024.1...zevish — 09:32
Apple's rules to allow third-party app ...
Apple has announ...alison30 — 09:28
Intel: Microsoft AI PCs need a Copilot K...
Microsoft hopes th...harlan4096 — 08:55
Synchredible 8 Professional Edition v8.2...
          Synchredib...zevish — 08:54

[-]
Birthdays
Today's Birthdays
No birthdays today.
Upcoming Birthdays
No upcoming birthdays.

[-]
Online Staff
There are no staff members currently online.

>