Recently a new vulnerability was reported in
the Windows
10 operating system that, if exploited, would allow attackers to gain high
privileges on the compromised computer. Now, experts from the IICS’s information security
course have reported about the publishing of the code to exploit the
vulnerability on GitHub to perform several malicious activities.
Experts mention that this is local privileges escalation
zero-day vulnerability. In the report, it is explained that its exploitation
does not consist of accessing to the device, because it is necessary that the
hacker already has access to the compromised machine; so, when exploiting the
vulnerability, attackers will be able to seize full control of the machine,
increasing their privileges at system level.
The specialists from the information security course say that this problem is more serious than it seems because, regularly, a malware infects only a user account and cannot rid itself of that constraint. On the other hand, if the attacker gets this escalation of privileges, these restrictions are eliminated and even the simplest malware variants can cause great damage to the system.
The expert, known with the alias of “SandboxEscaper”,
discovered this flaw in the Microsoft operating system Task Scheduler: “An
attacker could create a malicious file with .job extension, delete it, and then
address a file of Kernel-level controller from which this malicious file was
located to recreate the task and initiate a process of reduced privileges in
the system kernel”, says the specialist.
At the end of this process, the attackers will
have high privileges in the system, so they can perform any operation on the
compromised machine.
Information security course specialists from
the International Institute of Cyber Security (IICS) consider that the main
problem is that there are no known solutions or workarunds, because it is zero-day
vulnerability. Until the company decides to launch updates to correct these
failures, users are in a compromising situation. Although there is still no
evidence of exploitation of this flaw in the wind, sufficient information
circulates about it, so the possibility of an attack being present is
considerable.
