Microsoft Windows task scheduler 0-day outed on Twitter
A privilege escalation bug has been discovered in Windows' task scheduler and revealed on Twitter. A proof-of-concept has been published, and the vulnerability has been confirmed to be present in a "fully-patched 64-bit Windows 10 system".
The security flaw was exposed on Twitter by user SandboxEscaper -- who has since deleted his or her account. An advisory about the vulnerability has been posted on CERT/CC, and Microsoft says that it is working to fix the problem.
In a tweet posted from a now-deleted account, @SandboxExplorer linked to a proof-of-concept on GitHub saying: "Here is the alpc bug as 0day: https://t.co/m1T3wDSvPX I don't fucking care about life anymore. Neither do I ever again want to submit to MSFT anyway. Fuck all of this shit."
Shortly afterwards, CERT/CC vulnerability analyst Will Dormann confirmed the existence of the problem:
I've confirmed that this works well in a fully-patched 64-bit Windows 10 system.
LPE right to SYSTEM! https://t.co/My1IevbWbz
— Will Dormann (@wdormann) August 27, 2018
Noting that there is no practical solution available to the problem at the moment, a posting on CERT/CC explains that:
Microsoft Windows task scheduler contains a local privilege escalation vulnerability in the Advanced Local Procedure Call (ALPC) interface, which can allow a local user to obtain SYSTEM privileges.
The Vulnerability Note VU#906424 post goes on to say:
Microsoft Windows task scheduler contains a vulnerability in the handling of ALPC, which can allow a local user to gain SYSTEM privileges.
A local user may be able to gain elevated (SYSTEM) privileges.
In a statement given to the Register, a spokesperson for Microsoft said it would "proactively update impacted advices as soon as possible".