A newly discovered flaw in Microsoft Corp.’s Windows operating system that could enable a hacker to gain elevated privileges in a network has been revealed on Twitter, with no solution in sight.

Revealed Monday by a Twitter user going by the name SandBoxEscaper and since certified as legitimate by CERT/CC vulnerability analyst Will Dormann, the vulnerability is a local privilege escalation security flaw in the Microsoft Windows task scheduler. It’s caused by errors in the handling of Advanced Local Procedure Call or ALPC systems.

Allan Liska, solutions architect at Recorded Future Inc., explained to SiliconANGLE that both the 64-bit versions of Microsoft Windows 10 and Windows Server 2016 suffer from a local privilege escalation vulnerability that will allow an attacker who already has access to the system to execute any code as an administrator, in effect giving the attacker full access to the compromised system. The flaw could go back to Windows 2007 and Windows Servers 2008, he said.

Sammy Migues, principal scientist at Synopsys Inc., noted that although the disclosure and the release of a proof-of-concept exploit add a layer of scandal to this news, it’s a fairly common discovery.

“This appears to be a Windows local system privilege escalation bug,” he said. “A Windows box has some built-in ‘user’ accounts that the OS uses to get various things done. One of those is ‘LocalSystem’ and there are many pieces of software in the Windows OS that run under that account. That account has elevated privileges compared to a ‘normal’ user (e.g., you on your work laptop).”

Even if you’re a normal user on a Windows box that has this vulnerable software, you can exploit the vulnerability to get elevated privileges, Migues added. “So local users can get extra privileges even when their IT Security folks made them normal users, and anyone else who can run software on that box (e.g., remote attackers tricking the local user) can do the same,” he added.

Glen Pendley, deputy chief technology officer at Tenable Inc., said that the so-called zero-day is a serious issue “as it impacts fully patched ubiquitous software — Windows 10 — which means almost all organizations are vulnerable to it.”

For concerned enterprises, Pendley says that it’s not a question of whether a patch will be released but when. “What you do between now and then is largely what will determine your level of exposure and risk,” he said. “Organizations that take a defense-in-depth approach and those that are closely attuned to their system configurations and user behavior are the best positioned to reduce their overall risk.”

Photo: U.S. Air Force