According to CERT, a concerning zero-day has been revealed to exist in Microsoft Windows. Earning a Common Vulnerability Scoring System (CVSS) score of 6.8, the zero-day exists in Windows’ task scheduler and has the ability to allow local privilege escalation. In their note on the exploit, CERT stated that there is currently no workaround for this particular Windows zero-day issue. Additionally, they explained in depth how the zero-day works:
The Microsoft Windows task scheduler SchRpcSetSecurity API contains a vulnerability in the handling of ALPC, which can allow a local user to gain SYSTEM privileges. We have confirmed that the public exploit code works on 64-bit Windows 10 and Windows Server 2016 systems. We have also confirmed compatibility with 32-bit Windows 10 with minor modifications to the public exploit code. Compatibility with other Windows versions is possible with further modifications.
As reported by Kaspersky Lab’s Threatpost, the Windows zero-day was initially discovered by an InfoSec researcher who posted the findings on a since-deleted tweet from the account @SandboxEscaper. Other researchers, most notably vulnerability analyst Will Dormann, proceeded to test the exploit and report on their findings. It is these findings that CERT was able to base their statement on when discussing the task scheduler vulnerability.
Microsoft is reported to be working on a patch that is most likely going to be released on their Patch Tuesday. In a statement to Kaspersky Lab, Microsoft said that “Windows has a customer commitment to investigate reported security issues, and proactively update impacted devices as soon as possible.”
Since there is no workaround, it would be advisable to avoid the task scheduler as much as possible. Also, monitor your Windows machine, be it a computer or server, for any suspicious activity that would indicate unauthorized access via local privilege escalation. It is likely that this issue will be dealt with soon as Microsoft is pretty efficient with their patch schedule. It will just require a little patience.
Featured image: Pexels