New Microsoft Windows zero-day found: What you need to know

According to CERT, a concerning zero-day has been revealed to exist in Microsoft Windows. Earning a Common Vulnerability Scoring System (CVSS) score of 6.8, the zero-day exists in Windows’ task scheduler and has the ability to allow local privilege escalation. In their note on the exploit, CERT stated that there is currently no workaround for this particular Windows zero-day issue. Additionally, they explained in depth how the zero-day works:

The Microsoft Windows task scheduler SchRpcSetSecurity API contains a vulnerability in the handling of ALPC, which can allow a local user to gain SYSTEM privileges. We have confirmed that the public exploit code works on 64-bit Windows 10 and Windows Server 2016 systems. We have also confirmed compatibility with 32-bit Windows 10 with minor modifications to the public exploit code. Compatibility with other Windows versions is possible with further modifications.

As reported by Kaspersky Lab’s Threatpost, the Windows zero-day was initially discovered by an InfoSec researcher who posted the findings on a since-deleted tweet from the account @SandboxEscaper. Other researchers, most notably vulnerability analyst Will Dormann, proceeded to test the exploit and report on their findings. It is these findings that CERT was able to base their statement on when discussing the task scheduler vulnerability.

Microsoft is reported to be working on a patch that is most likely going to be released on their Patch Tuesday. In a statement to Kaspersky Lab, Microsoft said that “Windows has a customer commitment to investigate reported security issues, and proactively update impacted devices as soon as possible.”

Since there is no workaround, it would be advisable to avoid the task scheduler as much as possible. Also, monitor your Windows machine, be it a computer or server, for any suspicious activity that would indicate unauthorized access via local privilege escalation. It is likely that this issue will be dealt with soon as Microsoft is pretty efficient with their patch schedule. It will just require a little patience.

Featured image: Pexels

Derek Kortepeter

Derek Kortepeter is a graduate of UCLA and tech journalist that is committed to creating an informed society with regards to Information Security. Kortepeter specializes in areas such as penetration testing, cryptography, cyber warfare, and governmental InfoSec policy.

Published by
Derek Kortepeter

Recent Posts

Hold the phone! Voice communication is becoming cool again

Business telephone conversations have largely been supplanted by email. But voice communication is far from dead — and it may…

1 hour ago

What are the potential disadvantages of SSL/TLS?

There’s wide consensus on the benefits of SSL/TLS. However, not as much attention has been given to SSL/TLS disadvantages.

3 days ago

Exploring native software inventory logging in Windows Server

Windows Server has built-software inventory logging that can be very useful. Here’s how to use this little-known feature.

3 days ago

Passwordless authentication: Safer, better, and about time

Passwordless authentication has quickly become one of the primary means by which users access their laptops, phones, and tablets because…

3 days ago

Automated Incident Response in Office 365 ATP simplifies cybersecurity

Microsoft has pumped up Office 365 Advanced Threat Protection with a new feature, Automated Incident Response. Here’s what you need…

4 days ago

IFA 2019: Smart TVs and even smarter wearables unveiled

What will be in your living room or on your wrist this year? It may very likely be one of…

4 days ago