A security researcher has published today demo exploit code on GitHub for a Windows 10 zero-day vulnerability. The zero-day is what security researchers call a local privilege escalation (LPE), ZDNet reported.
LPE vulnerabilities can’t be used to break into systems, but hackers can use them at later stages in their attacks to elevate their access on compromised hosts from low-privileged to admin-level accounts.According to a description of the zero-day posted on GitHub, this vulnerability resides in the Windows Task Scheduler process.
Craig Young, Principal Security Researcher at Tripwire:
“Although this is not the type of flaw which could readily be abused by malware or remote attackers, it is still quite important that Microsoft releases a fix for this quickly.
The biggest limiting factor of this attack is that it requires the attacker to have knowledge of a valid username and password for the targeted system. This means that an attacker who has simply achieved code execution on a target (rather than compromising a password) would not be able to gain elevated permissions with this technique.
The biggest risk that I see from this vulnerability is that of insider threat. For example, employees typically do not have administrative rights on their workstations as this might allow them to install unauthorized software or remove critical security controls. These users of course know their own password and so can trivially exploit this flaw. Bad practices like password reuse or falling for social engineering tactics like phishing could also allow an attacker to exploit this, but only if they have a way to get an interactive login on the system. (e.g. WinRMI, RDP, SSH, VNC, etc)”