Windows zero-day flaw and PoC unveiled via Twitter

A Windows zero-day local privilege escalation flaw and a Proof-of-Concept exploit for it have been revealed on Monday by someone who goes by SandboxEscaper on Twitter.

The user in question deleted the account soon after, but not before sharp-eyed security researchers were able to follow the link to the GitHub repository hosting the PoC exploit.

Will Dormann, a vulnerability analyst at the CERT/CC, tested the exploit and confirmed that it “works well in a fully-patched 64-bit Windows 10 system.”

About the vulnerability

He also prepared a vulnerability note detailing the flaw: a local privilege escalation vulnerability in the Advanced Local Procedure Call (ALPC) interface used by the Microsoft Windows task scheduler, the exploitation of which can allow a local user to obtain SYSTEM privileges on the target computer.

“The CERT/CC is currently unaware of a practical solution to this problem,” he wrote, and later remarked on Twitter that he’s currently unaware of any workarounds.

UK-based security architect Kevin Beaumont also confirmed the exploit works.

The vulnerability has yet to receive a CVE number but has bee awarded a CVSS score that puts it in the “medium” risk category.

According to The Register, a Microsoft spokesperson acknowledged the existence of the vulnerability and said the company will “proactively update impacted advices as soon as possible”.

UPDATE (August 28, 11:07 PDT): The researcher who dropped the flaw and PoC is back on Twitter. Some additional details on the issue can be found in this thread.