A zero-day vulnerability that could give an attacker escalated privileges on Windows systems was disclosed today. Initially revealed by Twitter user SandboxEscaper, who posted a proof-of-concept to their GitHub, the vulnerability has since been verified by US-CERT.
According to US-CERT, the exploit is rooted in the Windows task scheduler, and it has been confirmed to work on 64-bit Windows 10 and Windows Server 2016 systems. From US-CERT:
Microsoft Windows task scheduler contains a local privilege escalation vulnerability in the Advanced Local Procedure Call (ALPC) interface, which can allow a local user to obtain SYSTEM privileges.
There's no known solution to the problem yet, and it currently works on fully-patched systems. However, Microsoft said in a statement to The Register that it will "proactively update impacted devices as soon as possible." A fix is most likely to arrive during Microsoft's next Patch Tuesday cycle, scheduled for September 11.
Review: Twin Mirror, the first self-published game from Dontnod, is a miss
Twin Mirror follows the standard Dontnod formula with some twists, but it ultimately fails because of its lackluster and selfish lead character.
NVIDIA's $399 RTX 3060 Ti is here, and it demolishes the RTX 2080 SUPER
NVIDIA has unveiled the latest product in the RTX 30 series, the RTX 3060 Ti. The GPU will go on sale starting December 2 for just $399, and it is faster than the $699 RTX 2080 SUPER.
Dragon Quest XI Xbox review: Old school JRPG fun fun for a new generation
The legendary Dragon Quest series has finally made its Xbox debut. Can it win the hearts of an entirely new generation of gamers? Let's find out.
These are the best PC sticks for when you're on the move
Instant computer, just add a screen! That’s the general idea of the ultra-portable PC Compute Sticks, but it can be hard to know which one you want. Relax, we’ve got you covered.