According to reports, a security researcher has discovered an
unpatched vulnerability in the Windows 10 operating system. The
security researcher reportedly revealed the vulnerability on
It’s a zero-day flaw that exists in Windows 10 and it could
allow an attacker to gain system privileges on an affected
computer, according to CERT/CC vulnerability analyst Phil
Dormann. The vulnerability was disclosed in a tweet by
@SandboxEscaper and the account has been removed.
It appears that vulnerability exists in task scheduler on
Windows 10 but there’s no easy way to exploit the security
flaw. The successful exploitation of the vulnerability requires
the user to download a malicious app on a machine.
I’ve confirmed that this works well in a fully-patched 64-bit
Windows 10 system.
LPE right to SYSTEM! https://t.co/My1IevbWbz
— Will Dormann (@wdormann)
August 27, 2018
“Microsoft Windows task scheduler contains a local privilege
escalation vulnerability in the Advanced Local Procedure Call
(ALPC) interface, which can allow a local user to obtain SYSTEM
privileges,” the advisory reads.
“Microsoft Windows task scheduler contains a vulnerability in
the handling of ALPC, which can allow a local user to gain
SYSTEM privileges. A local user may be able to gain elevated
(SYSTEM) privileges.” “A local user may be able to gain
elevated (SYSTEM) privileges,” the advisory explains.
Another report claims that the patch for the said vulnerability
may land soon. There’s a chance that Microsoft will deploy
updates to address this vulnerability on next Patch Tuesday,
which takes place on September 11.
Disclaimer: The information contained in this article
is based on a report from The Register and CERT/CC analysts.
Windows Latest makes no claims, guarantees about the accuracy
or completeness in this article or linked pages, and
shall not be held responsible for
anything we say in this article.