UPDATED 21:10 EDT / AUGUST 28 2018

INFRA

New Windows task scheduler vulnerability revealed on Twitter

A newly discovered flaw in Microsoft Corp.’s Windows operating system that could enable a hacker to gain elevated privileges in a network has been revealed on Twitter, with no solution in sight.

Revealed Monday by a Twitter user going by the name SandBoxEscaper and since certified as legitimate by CERT/CC vulnerability analyst Will Dormann, the vulnerability is a local privilege escalation security flaw in the Microsoft Windows task scheduler. It’s caused by errors in the handling of Advanced Local Procedure Call or ALPC systems.

Allan Liska, solutions architect at Recorded Future Inc., explained to SiliconANGLE that both the 64-bit versions of Microsoft Windows 10 and Windows Server 2016 suffer from a local privilege escalation vulnerability that will allow an attacker who already has access to the system to execute any code as an administrator, in effect giving the attacker full access to the compromised system. The flaw could go back to Windows 2007 and Windows Servers 2008, he said.

Sammy Migues, principal scientist at Synopsys Inc., noted that although the disclosure and the release of a proof-of-concept exploit add a layer of scandal to this news, it’s a fairly common discovery.

“This appears to be a Windows local system privilege escalation bug,” he said. “A Windows box has some built-in ‘user’ accounts that the OS uses to get various things done. One of those is ‘LocalSystem’ and there are many pieces of software in the Windows OS that run under that account. That account has elevated privileges compared to a ‘normal’ user (e.g., you on your work laptop).”

Even if you’re a normal user on a Windows box that has this vulnerable software, you can exploit the vulnerability to get elevated privileges, Migues added. “So local users can get extra privileges even when their IT Security folks made them normal users, and anyone else who can run software on that box (e.g., remote attackers tricking the local user) can do the same,” he added.

Glen Pendley, deputy chief technology officer at Tenable Inc., said that the so-called zero-day is a serious issue “as it impacts fully patched ubiquitous software — Windows 10 — which means almost all organizations are vulnerable to it.”

For concerned enterprises, Pendley says that it’s not a question of whether a patch will be released but when. “What you do between now and then is largely what will determine your level of exposure and risk,” he said. “Organizations that take a defense-in-depth approach and those that are closely attuned to their system configurations and user behavior are the best positioned to reduce their overall risk.”

Photo: U.S. Air Force

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU