Another zero-day vulnerability discovered in Windows 10

• A security researcher known as ‘SandboxEscaper’ revealed this new zero-day and also publoshed an exploit code.
• The vulnerability could be abused by malware or by malicious actors logged into Windows 10 systems, to gain admin-level privileges.

A new zero-day vulnerability in Windows 10 has been revealed online. The vulnerability was disclosed by a bug hunter called ‘SandboxEscaper’, who had earlier exposed other Windows zero-day flaws. This recent one is a privilege escalation vulnerability, which upon successful exploitation, can allow attackers to take full control of Windows 10 systems.

A proof-of-concept(PoC) exploit for this flaw was also published by the bug hunter on GitHub. Apparently, this exploit has been found to work against a fully-patched, latest version of Windows 10 (both 32-bit and 64-bit). It is also reported to affect Windows Server 2016 and 2019.

Worth noting

• The zero-day vulnerability exists in the Windows Task Scheduler process for Windows 10.
• The PoC exploit posted by SandboxEscaper abuses a Windows application called schtasks to import a legacy job file into Windows Task Scheduler. This job file is used to modify a system file ‘pci.sys’ in order to change access permissions for users. Therefore, it can lead to attackers have admin-level privileges of the vulnerable Windows system.
• The exploit was found to work on Windows 10 32-bit systems but has not been tested on 64-bit systems.
• As of now, there are no patches available to fix this vulnerability.

More zero-days to come

SandboxEscaper mentions that there are four other bugs present in Windows systems, which have not been made public. “Oh and I have 4 more unpatched bugs where that one came from. 3 LPEs (all gaining code exec as system, not lame delete bugs or whatever), and one sandbox escape,” she said, in a blog.