Zero-Day Flaw in Windows 10 Task Scheduler Gets Micropatch

[ June 03, 2019 ]

An unpatched local privilege escalation zero-day vulnerability in Windows 10 received a temporary patch today. The fix is delivered through the 0patch platform and can be applied on systems without rebooting them.

Exploit code is available for this zero-day flaw from researcher SandboxEscaper, who named it BearLPE when she published it ten days ago, and targets the Task Scheduler component in Windows 10.

An attacker can use this bug after they compromised the target host to take control of files that are reserved for high-privilege users such as SYSTEM and TrustedInstaller. This way, they can act with increased rights on vulnerable systems.

Cyber Security Tips :

At the moment it is available for Windows 10 v1809 32bit, Windows 10 v1809 64bit, and Windows Server 2019 but it will be available for other versions.

 


 

 

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Blog at WordPress.com.

Up ↑

%d bloggers like this: