Recently, a hacker published demo exploit code on GitHub for a Windows 10 zero-day vulnerability. This particular zero-day vulnerability can be exploited to cause local privilege escalation (LPE), a condition in which a logged-in user can acquire additional privileges without having to authenticate as an administrator. This vulnerability cannot be exploited to break into a system, however. Rather, a hacker could use it at later stages in his or her attacks in order to elevate access on an already-compromised host (i.e., transition from low-privileged to an admin-level account).
According to the zero-day posted on GitHub, the vulnerability resides in the Windows Task Scheduler process. Attackers can run a malformed .job file that exploits a flaw in the Task Scheduler process permissions for an individual file. When exploited, a hacker can elevate his or her low-privileged account access to admin level, giving the hacker control over the entire system.
To make matters worse, the hacker published two more zero-day vulnerabilities; one local privilege escalation vulnerability in Windows Error Reporting and a sandbox escape vulnerability for Internet Explorer. There are no known mitigations for these vulnerabilities and users will need to wait for Microsoft to release a software update.
As of now, the zero-day exploit has only been tested and confirmed to work on Windows 10 32-bit systems. Windows 10 computers subscribed to Symplexity’s automated patch management service will be patched after Microsoft releases the corresponding software update.