[ June 03, 2019 ]
An unpatched local privilege escalation zero-day vulnerability in Windows 10 received a temporary patch today. The fix is delivered through the 0patch platform and can be applied on systems without rebooting them.
Exploit code is available for this zero-day flaw from researcher SandboxEscaper, who named it BearLPE when she published it ten days ago, and targets the Task Scheduler component in Windows 10.
An attacker can use this bug after they compromised the target host to take control of files that are reserved for high-privilege users such as SYSTEM and TrustedInstaller. This way, they can act with increased rights on vulnerable systems.
Cyber Security Tips :
At the moment it is available for Windows 10 v1809 32bit, Windows 10 v1809 64bit, and Windows Server 2019 but it will be available for other versions.