Local privilege escalation in procedure calls It's not bad enough to take Microsoft out-of-cycle, but CERT/CC has jus
Local privilege escalation in procedure calls
It’s not bad enough to take Microsoft out-of-cycle, but CERT/CC has just put out a warning of a new privilege escalation bug in Windows.
According to the Tweet that set the hounds running, it’s a zero-day with a proof-of-concept at GitHub:
Here is the alpc bug as 0day: https://t.co/m1T3wDSvPX I don’t fucking care about life anymore. Neither do I ever again want to submit to MSFT anyway. Fuck all of this shit.
â SandboxEscaper (@SandboxEscaper) August 27, 2018
CERT/CC vulnerability analyst Phil Dormann quickly verified the bug, Tweeting: âI’ve confirmed that this works well in a fully-patched 64-bit Windows 10 system. LPE right to SYSTEM!â (LPE â local privilege escalation â El Reg).
CERT/CC has finished its more formal investigation, and has just posted a vulnerability note.
âMicrosoft Windows task scheduler contains a vulnerability in the handling of ALPC, which can allow a local user to gain SYSTEM privilegesâ, the advisory stated.
ALPC, Advanced Local Procedure Call, restricts the impact somewhat, since it’s a local bug.
However, it opens an all-too-familiar attack vector: if an attacker can get a target to download and run an app, local privilege escalation gets the malware out of the user context up to (in this case) system privilege. Ouch.
The vulnerability note says: âThe CERT/CC is currently unaware of a practical solution to this problem.â
Responding to The Register’s e-mail inquiry, a Microsoft spokesperson it will âproactively update impacted advices as soon as possibleâ, and pointed to its Update Tuesday schedule. Â®
How Machine Data Supports GDPR Compliance