Windows Zero Day Pops Up On Twitter

Local privilege escalation in procedure calls It's not bad enough to take Microsoft out-of-cycle, but CERT/CC has jus

Triple your privacy with a Chromebook and two VPNs
Dixons Carphone Says Data Breach Affected 10 Million
1 Million Gmail Users Impacted by Google Docs Phishing Attack

Local privilege escalation in procedure calls

It’s not bad enough to take Microsoft out-of-cycle, but CERT/CC has just put out a warning of a new privilege escalation bug in Windows.

According to the Tweet that set the hounds running, it’s a zero-day with a proof-of-concept at GitHub:

CERT/CC vulnerability analyst Phil Dormann quickly verified the bug, Tweeting: “I’ve confirmed that this works well in a fully-patched 64-bit Windows 10 system. LPE right to SYSTEM!” (LPE – local privilege escalation – El Reg).

CERT/CC has finished its more formal investigation, and has just posted a vulnerability note.

“Microsoft Windows task scheduler contains a vulnerability in the handling of ALPC, which can allow a local user to gain SYSTEM privileges”, the advisory stated.

ALPC, Advanced Local Procedure Call, restricts the impact somewhat, since it’s a local bug.

However, it opens an all-too-familiar attack vector: if an attacker can get a target to download and run an app, local privilege escalation gets the malware out of the user context up to (in this case) system privilege. Ouch.

The vulnerability note says: “The CERT/CC is currently unaware of a practical solution to this problem.”

Responding to The Register’s e-mail inquiry, a Microsoft spokesperson it will “proactively update impacted advices as soon as possible”, and pointed to its Update Tuesday schedule. ®

Sponsored:
How Machine Data Supports GDPR Compliance

Go to Source

COMMENTS