Published exploit for an open vulnerability in the Windows task scheduler (translation)
One of the security researchers published
on Twitter information about the vulnerability in Windows.
The vulnerability is escalation of privileges on the local system, which allows an attacker to increase the level of access of malicious code running from the account of an ordinary user to the level of a SYSTEM account that has full access.
Original of the article
Will Dormann, a CERT /CC engineer, confirmed this vulnerability and yesterday published the official warning CERT /CC .
Dormann says that the vulnerability is subject to the Windows task scheduler, or more precisely, the extended local procedure call (ALPC) interface.
The ALPC interface is an internal Windows mechanism that organizes interaction between processes. ALPC allows a client process running on the OS to request a server process running on the same OS to provide specific information or perform some action.
The researcher with the nickname SandboxEscaper published on GitHub PoC code is , demonstrating the use of the ALPC interface, in order to gain access to the SYSTEM level in the Windows system.
It is very likely that these malicious programs will be of interest to this PoC code, as it allows malicious software to easily gain administrative access on the attacked systems using an exploit more reliable than many other existing methods.
SandboxEscaper has not notified Microsoft of this vulnerability, which means that there is no patch yet. Currently, users of all 64-bit Windows systems are vulnerable.
The next scheduled security update package, which Microsoft traditionally releases every second Tuesday of the month, is due on September 11th.
After the vulnerability was exposed, the researcher also deleted his Twitter account.
Only registered users can participate in the survey. Enter , you are welcome.
What do we do?
Wait for the patch
Edit access rights for% WINDIR% Tasks
Go to Linux
36 people have been voted. Abstained 6 users.