An exploit has been published for an unpatched vulnerability in Windows Task Scheduler (translation)

One security researcher posted information about a Windows vulnerability on Twitter .

The vulnerability lies in the escalation of privileges on the local system, which allows an attacker to increase the level of access of malicious code running under an ordinary user account to the level of the SYSTEM account with full access.

→ The original article by

Will Dormann, a CERT / CC engineer, confirmed this vulnerability and published an official CERT / CC warning yesterday .

Dormann says that the Windows Task Scheduler is vulnerable, more precisely, the Advanced Local Procedure Call Interface (ALPC).

The ALPC interface is the internal mechanism of Windows, which organizes the interaction between processes. ALPC allows a client process running on an OS to request a server process running on the same OS to provide specific information or perform some action.

The user with the nickname SandboxEscaper was also posted on the GitHub PoC codedemonstrating how to use the ALPC interface to gain access to the SYSTEM level on a Windows system.

It is highly likely that malware developers will be interested in this PoC code, as it allows malware to easily gain administrative access to the systems under attack using an exploit that is more reliable than many other existing methods.

SandboxEscaper did not notify Microsoft about this vulnerability, which means that there is no patch for the flaw detected. Currently, users of all 64-bit Windows systems are vulnerable.

The next scheduled security update package, which Microsoft traditionally releases every second Tuesday of the month, should be released on September 11th.

After the disclosure of the vulnerability account on Twitter has been removed.

UPD (from translator) Who wants technical details and does not want to join holivary on gender identity, please go here