Unpatched Zero-Day Flaw in Windows Disclosed via Twitter

No featured articles available

Check back soon for the latest updates and featured content.

Proof-of-concept and details of an unpatched zero-day flaw in Windows 10 was made public via Twitter by a security researcher on Monday

Proof-of-concept and details of an unpatched zero-day flaw in Windows 10 was made public via Twitter by a security researcher on Monday. The security researcher goes by the handler SandboxEscaper in twitter posted the details on the vulnerability and a link to the Github page hosting the proof-of-concept (PoC).

The flaw is a local privilege escalation issue in the Windows Task Scheduler’s Advanced Local Procedure Call (ALPC) interface which can help a local user to gain system privileges. Advanced Local Procedure Call (ALPC) interface is an internal mechanism only available to Windows operating system components and works as an interprocess communication system. Will Dormann, a vulnerability analyst in CERT/CC, said that he has checked and verified the flaw and it works in an in a fully-patched 64-bit Windows 10 system. "I've confirmed that this works well in a fully-patched 64-bit Windows 10 system. LPE right to SYSTEM!" said in the tweet posted by Will Dormann.

After some time CERT/CC also published an advisory related to the zero-day vulnerability saying that “Microsoft Windows task scheduler contains a vulnerability in the handling of ALPC, which can allow a local user to gain SYSTEM privileges. We have confirmed that the public exploit code works on 64-bit Windows 10 and Windows Server 2016 systems. Compatibility with other Windows versions may be possible with modification of the publicly-available exploit source code.” The CERT/CC also said in the advisory that right now they are unaware of any practical solution to the issue. Although the flaw was rated with a score of 6.4 to 6.8, but the public availability of proof-of-concept (PoC) can be used by attackers to target Windows users. It is not yet clear whether the flaw affects all the version of Windows and when Microsoft will release the patch for the vulnerability.

Google Ads Exploited in Cyberattack: Hackers Steal Login Details and 2FA Codes

Murdoc Botnet Exploits AVTECH Cameras and Huawei Routers

Authquake Attack Bypasses Microsoft MFA, Exposing Critical Security Vulnerabilities

Strategies for Mitigating Cyber Threats in 2025

Cybersecurity Threats in Social Media Networks: Protecting User Data

AI in Data Privacy Compliance

Secure Boot Bypass Flaw Found in Palo Alto Firewalls

Volkswagen Faces Major Breach: Data of 800K EV Customers Leaked

Successful CISO – Is a Business Enabler the Need of the Hour?

Behind the Job Title: Information Security Consultant

Cybersecurity Threats in Social Media Networks: Protecting User Data

AI in Data Privacy Compliance

No featured articles available

Unpatched Zero-Day Flaw in Windows Disclosed via Twitter

Proof-of-concept and details of an unpatched zero-day flaw in Windows 10 was made public via Twitter by a security researcher on Monday

Share Your Story!

No featured articles available

Proof-of-concept and details of an unpatched zero-day flaw in Windows 10 was made public via Twitter by a security researcher on Monday

Stay Updated with the Latest Cybersecurity News