Connect with us

Internet

Windows 10 Task Scheduler Zero-Day Vulnerability Exploit Leaked, Can Help Gain Admin-Level Access

Published

on

Windows 10 has been hit by yet another zero-day vulnerability that can allow malicious parties to gain admin-level privileges. The yet unnamed zero-day vulnerability can be exploited to break into a system and gain full control over it. The newly discovered threat to Microsoft’s operating system can be classified as a Local Privilege Escalation (LPE) that can help hackers change the privilege level of an account to admin level, and it is associated with the native Task Scheduler process. The exploit can reportedly work on previous versions like Windows XP and Windows Server as well.

The vulnerability was spotted by a security researcher going by the name SandboxEscaper, the same person who also discovered another zero-day vulnerability affecting the Microsoft Data Sharing service last year. SandboxEscaper shared the demo exploit code for the vulnerability on Github, which is a little ironic since Github is owned by Microsoft, alongside a proof-of-concept video detailing the process of exploiting the flaw.

As mentioned above, the vulnerability is associated with the Windows Task Scheduler process wherein bad actors can run a malicious command to promote the account level from low-privilege to admin control level. Once admin access is achieved, the malicious party can gain control over the entire system and target other system files. Will Dormann, a vulnerability analyst at CERT, has confirmed that the exploit is functional even on the latest Windows 10 May 2019 build. The exploit affects 32-bit and 64-bit versions of Windows 10, Windows Server 2016 and Windows Server 2019.

Theoretically, the flaw can reportedly be exploited on all versions of Windows such as Windows XP, and dating all the way back to Windows Server 2003. The vulnerability is yet to be patched, which means it is open to exploit. SandboxEscaper also claims to have discovered four more unpatched Windows bugs, with three of them being LPEs and the last one being associated with the Sandbox process.



Source link

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Internet

Bose SoundControl Hearing Aids target the biggest headache in hearing loss

Published

on

Bose has launched a new set of hearing aids, with the Bose SoundControl Hearing Aids billed as the first FDA-cleared option for people with mild to moderate hearing loss but who don’t want to visit an audiologist in-person. Instead, the new buds are configured using the Bose app itself, which also has the ability to adjust automatically according to the … Continue reading

Continue Reading

Internet

Akai MPC One Retro gives a modern music icon a classic color makeover

Published

on

Akai’s MPC is an iconic of electronic music, but while the sound might be achievable today, for the style you’ve had to step up to the plate with your own retro wardrobe as you hit its familiar pads. That all changes with the Akai MPC One Retro, combining modern MPC functionality with a classic retro colorway. So, you get the … Continue reading

Continue Reading

Internet

Razer Blade 15 Advanced refreshed: 11th Gen Core H-Series and all the details

Published

on

Coinciding with Intel’s reveal of the new 11th Gen Core H-Series CPU lineup for laptops, Razer has revealed new Blade 15 Advanced configurations. While it seems that the standard model Blade 15 – released earlier this year – will be sticking with 10th Gen processors for the time being, the new Advanced model comes outfitted with those 11th Gen CPUs … Continue reading

Continue Reading

Trending