0patch beats Microsoft to patching Windows 10 task scheduler 0-day vulnerability


Just 24 hours after a zero-day bug in Windows task scheduler was revealed by @SandboxEscaper on Twitter, the vulnerability has been patched. While Microsoft said it would "proactively update impacted advices as soon as possible" the patch has not come from the Windows-maker.

Instead, it was left to micro-patching specialists 0patch to produce a fix for the Task Scheduler ALPC Local Privilege Execution (VU#906424) security flaw -- one that is a mere 13 bytes in size.

See also:

While the severity of the security flaw was limited by the fact that a computer already had to be compromised to a degree in order for it to be exploited, it was still relatively serious as it made it possible for an attacker to gain high level privileges with a local account.

0patch had a patch available for testing yesterday, and today the group has published its verified version of the fix for anyone to use free of charge.

0patch shared the news about its patch on Twitter:

If you already have the 0patch Agent installed, you should find that you already have the micropatch available. If not, you can download the patching software from 0patch.com. If you're interested in viewing the source code, it has been shared in another tweet:

© 1998-2020 BetaNews, Inc. All Rights Reserved. Privacy Policy - Cookie Policy.