Windows 10 Zero-Day Exploit ReleasedWritten on May 22, 2019 by Chad Warmenhoven
What's the point of this article?
A rather dangerous vulnerability has been uploaded to GitHub by SandboxEscaper demonstrating how a malicious hacker could access higher permissions on a Windows 10 machine and potentially cause a lot of damage. We wanted to make sure our users were aware of this as well as the steps to take to avoid a problem. This is referred to as a zero-day vulnerability or a LPE (local privilege escalation) and provides the ability to point to kernel-level driver files and secretly initiate low-privilege processes in the system kernel causing utter bedlam. Keep in mind an LPE is exactly what it sounds like and requires local access to your system usually meaning physical access but a remote session could provide this access as well.
A well known security researcher has uploaded a demo exploit code on GitHub for a Windows 10 zero-day vulnerability. The vulnerability utilizes the Windows Task Scheduler process. When exploited this vulnerability will elevate a hacker's low-privileged account to ADMIN which then allows the intruder access to the entire system and all services/processes and files/folders!
While this zero-day requires access to your system, all that's really required is for you to accidentally install a small bit of malware with limited or low-privilege access this zero-day grants it the ability to recreate itself as a higher-privilege process within the system kernel which could then potentially grant full admin access, not ideal. Since most malware currently out there isn't restricted to a specific user account but instead can propagate between accounts at a system level. This grants would-be hackers full system privileges within the entire system demonstrated by twitter user CharlesDardaman
SandboxEscaper just released this video as well as the POC for a Windows 10 priv esc pic.twitter.com/IZZzVFOBZc— Chase Dardaman (@CharlesDardaman) May 21, 2019
The bad news here obviously is that no real protections is available until Microsoft patches the bug. The most important thing to remember is to use safe internet practices. Be very careful what links you click, which emails you open, which files you download and launch and which websites you go to. If you are unsure about a link, file, email or website the safe bet is to avoid it. Google actually released an AWESOME quiz that will help identify phishing scams which generally are geared toward obtaining personalized information but could also be used to infect your system with malware. Check it out HERE
We hope you found this article helpful!
If you own a Puget System and would like further assistance with this issue, please go here to submit a support request.
This article will be updated as new information is obtained.