New zero-day vulnerability found in Windows 10, no currently known fix

A zero-day vulnerability that could give an attacker escalated privileges on Windows systems was disclosed today. Initially revealed by Twitter user SandboxEscaper, who posted a proof-of-concept to their GitHub, the vulnerability has since been verified by US-CERT.

According to US-CERT, the exploit is rooted in the Windows task scheduler, and it has been confirmed to work on 64-bit Windows 10 and Windows Server 2016 systems. From US-CERT:

Microsoft Windows task scheduler contains a local privilege escalation vulnerability in the Advanced Local Procedure Call (ALPC) interface, which can allow a local user to obtain SYSTEM privileges.

There's no known solution to the problem yet, and it currently works on fully-patched systems. However, Microsoft said in a statement to The Register that it will "proactively update impacted devices as soon as possible." A fix is most likely to arrive during Microsoft's next Patch Tuesday cycle, scheduled for September 11.

Dan Thorp-Lancaster

Dan Thorp-Lancaster is the former Editor-in-Chief of Windows Central. He began working with Windows Central, Android Central, and iMore as a news writer in 2014 and is obsessed with tech of all sorts. You can follow Dan on Twitter @DthorpL and Instagram @heyitsdtl

  • Back to Win 8.1 pro until this flaw is cured!
  • Like everyone has time to reinstall another OS every time a flaw is discovered!!!!
  • Dual booting is the solution...
  • Why do you assume its not a flaw in 8.1 as well?
  • It's not tested for 8.1 yet...
  • If you read it on Microsoft's blog page, then this affects all computers on Windows 7, 8, 8.1, and 10.
    So your logic of going back to Win8.1 will not help you at all
  • Maybe he meant 3.1.
  • Nah, IBM's PS/2 would be a safer bet lol. /sarcasm
  • How about IBM PC-DOS?
  • I appreciate that it's sarcasm but PS/2 was an architecture not an OS. Just thought I would point that out ;-D
  • Lol, that was the point 🤣. It's useless without any sort of o/s so much safer to use haha.
  • Link to the blog?
  • Yah man. Win 8.1 to the rescue.
  • Not really considering this affects ALL versions of Windows as far back as 7 so Vista would be a safer bet.
  • This has probably been around for a while, and had it not been made public, no one would even know about it, let alone be worried. The chances of actually getting a compromised system is very low, and as I said, you'd probably go years and never be hit with it. It's only now it's been made public that it's suddenly a huge problem for everyone.
  • Yeah. "The sky is falling!" Like 8.1 doesn't have its undiscovered or undisclosed vulnerabilities too. Why not back to 95. There's an app for that. :)
  • Windows 386
  • :))))) wait for Microshaft to fix year
  • Another prime example why having a robust firewall alongside a antivirus is necessary in this day and age.
  • Back to Windows 95...still runs...browser can still use some
  • There, quite literally, is an app for that.
  • "... next Patch Tuesday cycle, scheduled for September 11." It sounds like...