New Privilege Escalation Bug Identified in Windows OS.
Recently a Twitter user, using the handle SandboxEscaper, disclosed that the Microsoft Windows OS has a zero-day vulnerability, which is yet unknown to the company. Tweeting on the microblogging platform, the user stated:
“Here is the alpc bug as 0day. I don’t f**king care about life anymore. Neither do I ever again want to submit to MSFT anyway. F**k all of this shit.”
The user also claimed that a proof-of-concept (PoC) is also available at GitHub. The page link was shared in the tweet that contained the PoC for the zero-day flaw.
https://twitter.com/SandboxEscaper/status/1034125195148255235
The bug was later verified by CERT/CC’s vulnerability analyst Phil Dormann. In his vulnerability note, Dormann wrote:
“I’ve confirmed that this works well in a fully-patched 64-bit Windows 10 system. LPE right to SYSTEM! The CERT/CC is currently unaware of a practical solution to this problem.”
The company investigated further and released an advisory to provide details about the bug. It was identified that the Microsoft Windows task scheduler was the main culprit. It contained a vulnerability that existed in the way scheduler handled the ALPC (Advanced Local Procedure Call). The flaw allowed a local user to obtain SYSTEM privileges. The ALPC can restrain the impact of this bug to some extent considering that it is a local bug.
But, the fact cannot be overlooked that the bug has paved the way for a much familiar attack vector. An attacker can target a device to download and install an app and using local privilege escalation the malware can reach from the user context up to the system privilege. Dormann also noted that the bug can impact a “fully-patched 64-bit Windows 10 system.”
Microsoft’s spokesperson states that the company will be updating the impacted devices “proactively” as soon as possible. Microsoft’s Update Tuesday is already up for release on Sep 11 but the company may release it sooner. The vulnerability has been given a CVSS score of 6.4-6.8.