An anonymous hacker with an online alias “SandboxEscaper” today released proof-of-concept (PoC) exploit code for a new zero-day vulnerability affecting Windows 10 operating system—that’s his/her 5th publicly disclosed Windows zero-day exploit [1, 2, 3] in less than a year.
Published on GitHub, the new Windows 10 zero-day vulnerability is a privilege escalation issue that could allow a local attacker or malware to gain and run code with administrative system privileges on the targeted machines, eventually allowing the attacker to gain full control of the machine.
The vulnerability resides in Task Scheduler, a utility that enables Windows users to schedule the launch of programs or scripts at a predefined time or after specified time intervals.
SandboxEscaper’s exploit code makes use of SchRpcRegisterTask, a method in Task Scheduler to register tasks with the server, which doesn’t properly check for permissions and can, therefore, be used to set an arbitrary DACL (discretionary access control list) permission.
“This will result in a call to the following RPC “_SchRpcRegisterTask,” which is exposed by the task scheduler service,” SandboxEscaper said.
A malicious program or a low-privileged attacker can run a malformed .job file to obtain SYSTEM privileges, eventually allowing the attacker to gain full access to the targeted system.
images from Hacker News