Jump to content

Recommended Posts

Posted

A zero-day vulnerability in Windows 10 has just been made public, and it’s a hole that could potentially be exploited to take control of your PC.

The security flaw was revealed by Twitter user SandboxEscaper in controversial fashion – more on that later – and it’s a privilege escalation bug (with a proof of concept provided).

CERT/CC (the US cybersecurity organization which looks to counter emerging threats) has confirmed that this vulnerability can be leveraged against a 64-bit Windows 10 PC which has been fully patched up to date, as The Register reports.

It offers a route to gain local privilege escalation, as mentioned, meaning a malicious party could hijack the PC, but the good news – such as it is – is that it’s a local bug, so the attacker would have to be already logged into the PC to exploit it, or be running code on the machine.

However, the latter means there’s the potential avenue of getting a user to download a malicious app, and infecting the PC that way, of course. So this isn’t something that should fly under your radar – as ever, be careful what you download, and where you download it from.

Colorful revelation

SandboxEscaper revealed the bug using, shall we say, colorful language, so we won’t reproduce the tweet here, but assuming you’re not offended by profanity, you can check it out.

Suffice it to say it seems that someone got frustrated with Microsoft’s procedures for submitting bugs and vulnerabilities, and decided just to go ahead and publicly out the vulnerability instead. SandboxEscaper now seems to regret her actions, though, as she subsequently tweeted: “I screwed up, not MSFT (they are actually a cool company). Depression sucks.”

On its part, Microsoft has declared that it will “proactively update impacted devices as soon as possible”, so that means a patch is doubtless in the works, although the software giant hasn’t deemed it necessary to release any kind of emergency fix for this issue. We can probably expect the cure for the flaw to arrive in next month’s round of security updates.

Meanwhile, in other security-related news, last week Microsoft deployed a fresh batch of Intel’s microcode updates for Windows 10 which defend against the recently discovered Foreshadow vulnerability (and further variants of Spectre).

RDcGflgEEnY

View the full article

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.