Expert publicly disclosed exploit code for Windows Task Scheduler Zero-Day
29.8.18 securityaffairs
Exploit  Vulnerebility

A security researcher has publicly disclosed the details of zero-day privilege escalation vulnerability affecting all Microsoft’s Windows operating systems
A security researcher who handles the Twitter account @SandboxEscaper has disclosed the details of zero-day privilege escalation vulnerability affecting Microsoft’s Windows operating systems that could be exploited by a local attacker or malicious program to obtain system privileges on the vulnerable system.

SandboxEscaper
@SandboxEscaper
Here is the alpc bug as 0day: https://github.com/SandboxEscaper/randomrepo/blob/master/PoC-LPE.rar … I don't fucking care about life anymore. Neither do I ever again want to submit to MSFT anyway. Fuck all of this shit.

7:07 PM - Aug 27, 18

SandboxEscaper/randomrepo
Repo for random stuff. Contribute to SandboxEscaper/randomrepo development by creating an account on GitHub.

github.com
1,338
834 people are talking about this
Twitter Ads info and privacy
According to the expert who disclosed the flaw, the issue also affects a “fully-patched 64-bit Windows 10 system.”

The vulnerability resides in the Windows’ task scheduler program and ties to errors in the handling of Advanced Local Procedure Call (ALPC) systems.

The Advanced Local Procedure Call (ALPC) is an undocumented Inter-Process Communication facility provided by the Microsoft Windows kernel for lightweight (or local) Inter-Process Communication (IPC) between processes on the same computer.

The Advanced local procedure improves high-speed and secure data transfer between one or more processes in the user mode.

Windows zero-day
SandboxEscaper posted a proof-of-concept (PoC) exploit code for the zero-day that was published on GitHub.

The vulnerability was verified by the CERT/CC analyst Will Dormann that posted the following message:

Will Dormann
@wdormann
I've confirmed that this works well in a fully-patched 64-bit Windows 10 system.
LPE right to SYSTEM!

SandboxEscaper
@SandboxEscaper
Here is the alpc bug as 0day: https://github.com/SandboxEscaper/randomrepo/blob/master/PoC-LPE.rar … I don't fucking care about life anymore. Neither do I ever again want to submit to MSFT anyway. Fuck all of this shit.

12:08 AM - Aug 28, 18
193
132 people are talking about this
Twitter Ads info and privacy
The CERT/CC published a security advisory explaining that It could be exploited by a local user to obtain elevated (SYSTEM) privileges.

“Microsoft Windows task scheduler contains a vulnerability in the handling of ALPC, which can allow a local user to gain SYSTEM privileges. We have confirmed that the public exploit code works on 64-bit Windows 10 and Windows Server 2016 systems. Compatibility with other Windows versions may be possible with modification of the publicly-available exploit source code” reads the alert issued by the CERT/CC.

The flaw received a CVSS score of 6.4 to 6.8.
The CERT/CC confirmed that currently there is no workaround for the flaw. The Advanced Local Procedure Call (ALPC) interface is a local system, this limit the impact of the vulnerability. Experts warn of malware that could include the PoC code to gain system privileges on Windows systems.

SandboxEscaper did not report the zero-day to Microsoft, now all Windows systems are vulnerable until the Company will release security updates for its systems.

At the time of writing it is still unclear if the Windows zero-day effects all supported Windows versions, some experts, in fact, said that the PoC code doesn’t work on Windows 7.

Microsoft is expected to address the vulnerability in September security Patch Tuesday, that is scheduled for September 11.