This O day made my day. The exploit for the big man of the software companies ( The microsoft) was recently released. This vulnerability is due to the Windows task scheduler and more importantly on the ALPC (Advanced Local Procedure Call) interface which works as an (IPC) inter process communication system with in the operating system.
The ALPC is a remote procedure call used for high-speed message passing with in the OS. RPC is a network protocol or IPC used for point to point communication between software applications. It is basically a communication between two processes on the same system.
The vulnerability in the system call leads to the local privilege escalation which allows a normal user to a root user or administrator in the windows operating system.
This is where the main vulnerability lies according to the researcher who goes by the online name sandboxescaper.
She reveals the POC on the github and does’nt particularly report it to the The Microsoft since she knows it is unpatchable.The researchers on the Microsoft doesn’t really have a clue to find the patch or solution for this exploit.
The security researcher from CERT/CC confirms that this exploit was purely tested in the update systems till now ( windows 10 64 bit fully patched systems).
This vulnerability on windows task scheduler was already found on september, 2014 but the later one was more severe since it come along with the ALPC procedure call. Since the malware users can use it on any windows operating systems , it becomes a major threat for the Microsoft.
So that is now that simple to climb the administrator privileges in your lab classes from your system connected to that network by making use of the exploit. That’s all i need as a typical engineering student :). Since the name Windows implies that , it has a big hole in it, therefore more vulnerabilities to come..
The next update of the Microsoft is expected to be rolling out on September of 2018.