New Microsoft Windows zero-day found: What you need to know

According to CERT, a concerning zero-day has been revealed to exist in Microsoft Windows. Earning a Common Vulnerability Scoring System (CVSS) score of 6.8, the zero-day exists in Windows’ task scheduler and has the ability to allow local privilege escalation. In their note on the exploit, CERT stated that there is currently no workaround for this particular Windows zero-day issue. Additionally, they explained in depth how the zero-day works:

The Microsoft Windows task scheduler SchRpcSetSecurity API contains a vulnerability in the handling of ALPC, which can allow a local user to gain SYSTEM privileges. We have confirmed that the public exploit code works on 64-bit Windows 10 and Windows Server 2016 systems. We have also confirmed compatibility with 32-bit Windows 10 with minor modifications to the public exploit code. Compatibility with other Windows versions is possible with further modifications.

As reported by Kaspersky Lab’s Threatpost, the Windows zero-day was initially discovered by an InfoSec researcher who posted the findings on a since-deleted tweet from the account @SandboxEscaper. Other researchers, most notably vulnerability analyst Will Dormann, proceeded to test the exploit and report on their findings. It is these findings that CERT was able to base their statement on when discussing the task scheduler vulnerability.

Microsoft is reported to be working on a patch that is most likely going to be released on their Patch Tuesday. In a statement to Kaspersky Lab, Microsoft said that “Windows has a customer commitment to investigate reported security issues, and proactively update impacted devices as soon as possible.”

Since there is no workaround, it would be advisable to avoid the task scheduler as much as possible. Also, monitor your Windows machine, be it a computer or server, for any suspicious activity that would indicate unauthorized access via local privilege escalation. It is likely that this issue will be dealt with soon as Microsoft is pretty efficient with their patch schedule. It will just require a little patience.

Featured image: Pexels

Derek Kortepeter

Derek Kortepeter is a graduate of UCLA and tech journalist that is committed to creating an informed society with regards to Information Security. Kortepeter specializes in areas such as penetration testing, cryptography, cyber warfare, and governmental InfoSec policy.

Published by
Derek Kortepeter

Recent Posts

Microsoft 365 administration: Configure your admin portal

Microsoft 365 is loaded with configurations, policies, and settings—some obvious, some buried. This Microsoft 365…

11 hours ago

Using Group Policy settings to enforce PowerShell execution policies

Setting PowerShell execution policies at the Group Policy level can greatly enhance your organization’s security.…

19 hours ago

Exchange 2013/2016/2019: Configure your receive connectors correctly

Ah, the good old days — when Exchange 2010 was king. But with each new…

2 days ago

CCPA and GDPR: Similarities and differences you must know

The GDPR and the CCPA are both aimed at protecting privacy. Although many similarities exist…

2 days ago

How to manage and automate Azure DevOps using Azure CLI

Azure DevOps is fast becoming the next big thing. This Azure DevOps Quick Tip shows…

5 days ago