Windows 10 has been hit by yet another zero-day vulnerability that can allow malicious parties to gain admin-level privileges. The yet unnamed zero-day vulnerability can be exploited to break into a system and gain full control over it. The newly discovered threat to Microsoft’s operating system can be classified as a Local Privilege Escalation (LPE) that can help hackers change the privilege level of an account to admin level, and it is associated with the native Task Scheduler process. The exploit can reportedly work on previous versions like Windows XP and Windows Server as well.
The vulnerability was spotted by a security researcher going by the name SandboxEscaper, the same person who also discovered another zero-day vulnerability affecting the Microsoft Data Sharing service last year. SandboxEscaper shared the demo exploit code for the vulnerability on Github, which is a little ironic since Github is owned by Microsoft, alongside a proof-of-concept video detailing the process of exploiting the flaw.
As mentioned above, the vulnerability is associated with the Windows Task Scheduler process wherein bad actors can run a malicious command to promote the account level from low-privilege to admin control level. Once admin access is achieved, the malicious party can gain control over the entire system and target other system files. Will Dormann, a vulnerability analyst at CERT, has confirmed that the exploit is functional even on the latest Windows 10 May 2019 build. The exploit affects 32-bit and 64-bit versions of Windows 10, Windows Server 2016 and Windows Server 2019.
Theoretically, the flaw can reportedly be exploited on all versions of Windows such as Windows XP, and dating all the way back to Windows Server 2003. The vulnerability is yet to be patched, which means it is open to exploit. SandboxEscaper also claims to have discovered four more unpatched Windows bugs, with three of them being LPEs and the last one being associated with the Sandbox process.
Apex Legends Mobile Released At Last: Here's How To Get It
The mobile iteration of EA Games and Respawn Entertainment’s Apex Legends has been released for iOS, iPadOS, and Android devices of all sorts.
How To Fix A PS5 Controller That Won't Connect, Sync, Or Charge
The PlayStation 5’s DualSense controller is an excellent device, but as with any gadget, it can present issues at times. Fixing them is usually simple.
How To Clear Cache On Mac
Clearing the cache on your Mac will have the same benefits as with any other device. However the steps are a little more involved.
Buffalo shooter invited others to his private Discord ‘diary’ 30 minutes before attack – TechCrunch
Discord has provided more insight into how the shooter who opened fire in a Buffalo, New York supermarket over the...
North Korea’s COVID outbreak taking “favorable turn” as cases exceed 1.7M
Enlarge / People watch a television broadcast showing a file image of North Korean leader Kim Jong Un during a...
How To Back Up Your Mac To iCloud
iCloud can come in clutch in a variety of situations. For example, you may not need to wrestle with Migration...
Apple details new iPhone features like door detection, live captions
Door detection will use the lidar scanner and machine learning to identify doors and relay information about their location, labeling,...
The Real Reason Betamax Lost The Format Wars
JVC officially announced the VHS-format VCR in 1976 and with two formats on the market, both sides dug in (via...
Social2 years ago
CrashPlan for Small Business Review
Social1 month ago
Web.com website builder review
Gadgets4 years ago
A fictional Facebook Portal videochat with Mark Zuckerberg – TechCrunch
Mobile4 years ago
Memory raises $5M to bring AI to time tracking – TechCrunch
Cars3 years ago
What’s the best cloud storage for you?
Social4 years ago
iPhone XS priciest yet in South Korea
Security3 years ago
Google latest cloud to be Australian government certified
Social4 years ago
Apple’s new iPad Pro aims to keep enterprise momentum