A zero-day vulnerability that could give an attacker escalated privileges on Windows systems was disclosed today. Initially revealed by Twitter user SandboxEscaper, who posted a proof-of-concept to their GitHub, the vulnerability has since been verified by US-CERT.
According to US-CERT, the exploit is rooted in the Windows task scheduler, and it has been confirmed to work on 64-bit Windows 10 and Windows Server 2016 systems. From US-CERT:
Microsoft Windows task scheduler contains a local privilege escalation vulnerability in the Advanced Local Procedure Call (ALPC) interface, which can allow a local user to obtain SYSTEM privileges.
There's no known solution to the problem yet, and it currently works on fully-patched systems. However, Microsoft said in a statement to The Register that it will "proactively update impacted devices as soon as possible." A fix is most likely to arrive during Microsoft's next Patch Tuesday cycle, scheduled for September 11.
Xbox FY21 Q2 revenue surges 51% with Xbox Series X, Series S launch
Microsoft enters the next console generation strong with Xbox Series X and Xbox Series S, pushing steady growth across its hardware, software, and subscriptions in Q2 financials.
Review: Lords of the West adds new content, bugs to Age of Empires 2: DE
Two new civilizations, three new campaigns, and a bunch of new units and techs have just entered the battle. The first official Age of Empires 2: Definitive Edition expansion has arrived.
Surface revenue was not a 'stunning disappointment,' but expected
Microsoft had an outstanding quarter due to the rapidly shifting market and "digital transformation." But was Surface revenue lower than expected considering the seemingly large bump in PC sales for 2020? Not really. Here's why.
These are the best PC sticks for when you're on the move
Instant computer, just add a screen! That’s the general idea of the ultra-portable PC Compute Sticks, but it can be hard to know which one you want. Relax, we’ve got you covered.