A security researcher has in public disclosed the main points of a previously unknown zero-day vulnerability within the Microsoft’s Windows software system that might facilitate a local user or worm get system privileges on the targeted machine.
And guess what? The zero-day flaw has been confirmed functioning on a “fully-patched 64-bit Windows ten system.”
The vulnerability could be a privilege step-up issue that resides within the Windows’ task computer hardware program and occurred thanks to errors within the handling of Advanced native Procedure decision (ALPC) systems.
Advanced local procedure call (ALPC) is an indoor mechanism, out there solely to Windows operating system parts, that facilitates high-speed and secure knowledge transfer between one or additional processes within the user mode.
The revelation of the Windows zero-day came earlier nowadays from a Twitter user with on-line alias SandboxEscaper, who additionally posted a link to a Github page hosting a proof-of-concept (PoC) exploit for the privilege step-up vulnerability in Windows.
Zero-Day Works Well on Fully-Patched 64-Bit Windows 10 PC
Shortly after that, CERT/CC vulnerability analyst Will Dormann verified the authenticity of the zero-day bug.
According to a short online advisory published by SCS, the zero-day flaw, if exploited, could allow local users to obtain elevated (SYSTEM) privileges.
Since Advanced Local Procedure Call (ALPC) interface is a local system, the impact of the vulnerability is limited with a CVSS score of 6.4 to 6.8, but the PoC exploit released by the researcher could potentially help malware authors to target Windows users.
SandboxEscaper did not notify Microsoft of the zero-day vulnerability, leaving all Windows users vulnerable to the hackers until a security patch is release by the tech giant to address the issue.
Microsoft is likely to patch the vulnerability in its next month’s security Patch Tuesday, which is scheduled for September 11.
The CERT/CC notes it is currently unaware of any practical solution to this zero-day bug.