Disgruntled user exposes unpatched Windows zero-day exploit via Twitter

1 min. read

Published on August 28, 2018

published on August 28, 2018

Readers help support Windows Report. We may get a commission if you buy through our links.

It’s always best to keep your Windows 10 system up to date with the latest updates from Microsoft, but sometimes, there are still some unpatched vulnerabilities which hackers can take advantage of. That is exactly what one disgruntled Windows user recently discovered, and decided to out Microsoft for on Twitter for (via ZDNet.)

The user who goes by the name of “Sandbox Escaper” disclosed the vulnerability which permits any software running on your PC to gain system privileges. It is actually a local exploit and involves a security flaw in the Microsoft Windows task scheduler and Advanced Local Procedure Call. Sandbox Escaper noted the local exploit on GitHub, including a proof-of-concept. It has since been verified by US-CERT, which notes that the exploit code works on 64-bit Windows 10 and Windows Server 2016 systems.

There’s currently no known solution for the exploit, but Microsoft has acknowledged the issue. In a statement to The Register, the company explained that they will “proactively update impacted devices as soon as possible.” This could likely mean that we can see a fix in time for the next September Patch Tuesday updates, so best keep tuned for more.

Radu Tyrsina

Radu Tyrsina has been a Windows fan ever since he got his first PC, a Pentium III (a monster at that time). For most of the kids of his age, the Internet was an amazing way to play and communicate with others, but he was deeply impressed by the flow of information and how easily you can find anything on the web. Prior to founding Windows Report, this particular curiosity about digital content enabled him to grow a number of sites that helped hundreds of millions reach faster the answer they're looking for.