Outra prova de conceito sobre um zero-day exploit afetando o Windows 10 foi lançado.
O código PoC é publicado no GitHub e vem de um pesquisador anônimo ou possível hacker conhecido como SandboxEscaper, and that’s the fifth time the hacker releases a Windows zero-day.
More about the New Windows 10 Zero-Dia Exploração
The zero-day is located in Task Scheduler which enables users to automatically perform routine tasks on their machines. The flaw exploits the so-called SchRpcRegisterTask, a component in Task Scheduler which registers tasks with the server. It appears that the component doesn’t properly check for permissions and can be exploited to set an arbitrary DACL (discretionary access control list) permissão.
According to SandboxEscaper, the exploit will “result in a call to the following RPC “_SchRpcRegisterTask, which is exposed by the task scheduler service”.
A malicious program or an attacker with low privileges can run a malformed .job file to obtain system privileges, thus enabling the attacker to gain full access to the targeted system. A proof-of-concept video reveales how the exploit works in real time. além disso, the flaw was tested and confirmed by Will Dormann, Vulnerability Analyst at the CERT/CC. The researcher successfully tested the exploit on a fully patched and up-to-date version of Windows 10, both 32-bit and 64-bit, as well as on Windows Server 2016 e 2018.
This is not the only zero-day exploit SandboxEscaper discovered, as the researcher/hacker has 4 Mais. Three of them lead to local privilege escalation and the other one enables attackers to bypass sandbox protection.
Currently there is no patch for the latest zero-day the hacker disclosed, as the round of security updates was already released for this month. Infelizmente, what Windows 10 users can do now is wait for a patch. Maybe Microsoft will release an emergency fix before next month’s Patch Tuesday.