Another proof-of-concept about a zero-day exploit affecting Windows 10 has been released.
The PoC code is published on GitHub and comes from an anonymous researcher or possible hacker known as SandboxEscaper, and that’s the fifth time the hacker releases a Windows zero-day.
More about the New Windows 10 Zero-Day Exploit
The zero-day is located in Task Scheduler which enables users to automatically perform routine tasks on their machines. The flaw exploits the so-called SchRpcRegisterTask, a component in Task Scheduler which registers tasks with the server. It appears that the component doesn’t properly check for permissions and can be exploited to set an arbitrary DACL (discretionary access control list) permission.
According to SandboxEscaper, the exploit will “result in a call to the following RPC “_SchRpcRegisterTask, which is exposed by the task scheduler service”.
A malicious program or an attacker with low privileges can run a malformed .job file to obtain system privileges, thus enabling the attacker to gain full access to the targeted system. A proof-of-concept video reveales how the exploit works in real time. Furthermore, the flaw was tested and confirmed by Will Dormann, Vulnerability Analyst at the CERT/CC. The researcher successfully tested the exploit on a fully patched and up-to-date version of Windows 10, both 32-bit and 64-bit, as well as on Windows Server 2016 and 2018.
This is not the only zero-day exploit SandboxEscaper discovered, as the researcher/hacker has 4 more. Three of them lead to local privilege escalation and the other one enables attackers to bypass sandbox protection.
Currently there is no patch for the latest zero-day the hacker disclosed, as the round of security updates was already released for this month. Unfortunately, what Windows 10 users can do now is wait for a patch. Maybe Microsoft will release an emergency fix before next month’s Patch Tuesday.