PoC Exploit For Unpatched Windows 10 Zero-Day Flaw Published Online

May 23, 2019 - Vulnerability
PoC Exploit For Unpatched Windows 10 Zero-Day Flaw Published Online

An anonymous hacker with an online alias “Sandbox Escaper” released a proof of concept vulnerability code [PoC] for a new zero-day vulnerability affecting Windows 10 OS today; this is the fifth edition of the publicly disclosed Zero-Day vulnerability of windows in less than a year.

Published on GitHub, the new Windows 10 Zero-Day vulnerability is the issue of a privilege escalation that could allow a local attacker or malware to acquire and run code with administrative system privileges on targeted machines, eventually securing full control of the machine to the attacker allows to.

The vulnerability remains in Task Scheduler, a utility that enables Windows users to determine the launch of programs or scripts at a predetermined time or at a specified time interval.

The exploit code of the SandboxEscaper’s uses SchrpcRegisterTask, which is a method to register tasks with the server in the Task Scheduler, which does not properly check for permissions and, therefore, is used to set an arbitrary DACL (discretionary access control list).

This will  call to the following RPC “_SchRpcRegisterTask,” which is exposed by the task scheduler service,” SandboxEscaper said.

A malicious program or a less-privileged attacker could run a malformed .job file to get the system privileged, eventually allowing the attacker to gain full access to the targeted system.

The SandboxEscaper also shared a proof-of-concept video showing the new Windows zero-day exploit in action.

The vulnerability has been tested and it is being confirmed that it is working successfully on a fully patch and updated version of Windows 10, 32-bit and 64-bit, as well as Windows Server 2016 and 2019.

More Windows Zero-Day Exploits to Come

In addition, the hacker also teased that he/she still has more than 4 undeclared zero-day bugs in Windows, three of which increase local privileges and the fourth to bypass sandbox security to attackers.

The details and exploit code for the new Windows zero-day came just a week after Microsoft’s monthly patch update, which means that there is currently no patch present for this vulnerability, which could lead to the exploitation and misuse of someone.

Windows 10 users need to wait for security improvements for this vulnerability until Microsoft’s next month’s security update-unless the company comes up with emergency updates.

Leave a Reply

Your email address will not be published. Required fields are marked *