Windows 8.1 vulnerability discovered by Google security researcher
When you are the top anything in this world it not only brings fame or notoriety, but it also provides a target. In the case of Microsoft's Windows, it has become the bullseye that bad guys aim for. Sometimes it's the bad guys who get there first, sometimes it's the security researchers who report the issues. In the latest case, it was thankfully the good guys.
The problem with this flaw is that it would allow a bad guy to bypass authentication on a system by using a generated token. Worse, while the flaw isn't part of User Account Control, the proof of concept released does use this part of Windows.
The demonstration, when successful, launches the Windows Calculator and it's running in administrator mode. "If it doesn't work first time (and you get the ComputerDefaults program) re-run the exploit from [step] 3, there seems to be a caching/timing issue sometimes on first run", the report states.
"On Windows 8.1 update the system call NtApphelpCacheControl (the code is actually in ahcache.sys) allows application compatibility data to be cached for quick reuse when new processes are created", though that's only a partial explanation of how this exploit works.
The research was done using only Windows 8.1 Update -- both 32 and 64 bit versions. So there is no word on if the vulnerability exists in other versions of the operating system. According to Hacker News, Microsoft is working on a fix, but none is yet available.