Select Page

A security researcher has publicly disclosed the details of a previously unknown zero-day vulnerability in the Microsoft’s Windows operating system that could help a local user or malicious program obtain system privileges on the targeted machine.

And guess what? The zero-day flaw has been confirmed working on a “fully-patched 64-bit Windows 10 system.”

The vulnerability is a privilege escalation issue which resides in the Windows’ task scheduler program and occurred due to errors in the handling of Advanced Local Procedure Call (ALPC) systems.

Advanced local procedure call (ALPC) is an internal mechanism, available only to Windows operating system components, that facilitates high-speed and secure data transfer between one or more processes in the user mode.

The revelation of the Windows zero-day came earlier today from a Twitter user with online alias SandboxEscaper, who also posted a link to a Github page hosting a proof-of-concept (PoC) exploit for the privilege escalation vulnerability in Windows.

images from Hacker News