A zero-day vulnerability that could give an attacker escalated privileges on Windows systems was disclosed today. Initially revealed by Twitter user SandboxEscaper, who posted a proof-of-concept to their GitHub, the vulnerability has since been verified by US-CERT.
According to US-CERT, the exploit is rooted in the Windows task scheduler, and it has been confirmed to work on 64-bit Windows 10 and Windows Server 2016 systems. From US-CERT:
Microsoft Windows task scheduler contains a local privilege escalation vulnerability in the Advanced Local Procedure Call (ALPC) interface, which can allow a local user to obtain SYSTEM privileges.
There's no known solution to the problem yet, and it currently works on fully-patched systems. However, Microsoft said in a statement to The Register that it will "proactively update impacted devices as soon as possible." A fix is most likely to arrive during Microsoft's next Patch Tuesday cycle, scheduled for September 11.
The Window Central 2020 Awards are in — these are all our winners
We review hundreds of phones, tablets, PCs, accessories, and more each year, and for the past few weeks, our team has been debating which products and services stood out in 2019. These are all of our Best of 2019 Award winners!
Windows Central Game Awards 2020
It's awards season and this year we're coming in hot. Welcome to the Windows Central Game Awards of 2020, voted for by our illustrious cadence of gamers within Windows Central.
These are all of the best laptops Lenovo has to offer
Looking to pick out a new Lenovo laptop? The Yoga C940 is no doubt the best option for most people, but there are a bunch of other great laptops if you need something a bit different for the task at hand.
The NFL is back! Check out these must-have Windows apps for football fans
After months of waiting through a unique offseason and no preseason games, the NFL is finally back this week. With these Windows 10 apps, you won't miss a snap of the NFL action.