Home » News » Mysterious woman-hacker published exploit for increasing vulnerability of rights increase in Windows 10

Mysterious woman-hacker published exploit for increasing vulnerability of rights increase in Windows 10

On GitHub published PoC-code for vulnerability of privileges increase in Windows 10 that affects Windows Task Scheduler.

Despite vulnerabilities of rights’ shift do not allow hacking the system, attackers can use them on further stages to rise privileges from low level to level of administrator.

According to vulnerability description, published on GitHub, this bug is linked with the way Task Scheduler changes DACL extensions (Discretionary Access Control List, list of selective access management) for separate files.

Vulnerability allows attacker to rise rights on the system to administrator’s level and can be exploited with the use of specially formed .job file.

PoC–code published famous Internet-security expert SandboxEscaper. According to her words, exploit was tested on 32-bit Windows 10 systems, but, in theory, with certain adjustments can work on Windows XP and Server 2003 powered machines.

“That what starts with limited privileges ends up with SYSTEM rights when a particular function is encountered”, — said SandboxEscaper.

Old twitter post. Now SandboxEscaper microblog blocked.
Old twitter post. Now SandboxEscaper microblog blocked.

Will Dormann, a vulnerability analyst at CERT/CC checked exploit’s code and confirmed that is works without changes in improved Windows 10×86 with 100% success. For working with 64-bit Windows 10 it is necessary to recompile a code.

“The exploit calls the code once, deletes the file, and then calls it again with an NTFS hard link pointing to the file that gets permissions clobbered with SetSecurityInfo()”, — Will Dormann told.

For Windows 7 and 8 exploit does not work.

SandboxEscaper wrote in her blog that she has four more undisclosed 0-day bugs for Windows, but she wants to sale them to “non-western” companies and interested partied for $60 000.

“I don’t owe society a single thing. Just want to get rich and give you *** in the west the middlefinger”, — said SandboxEscaper.

Source: https://www.bleepingcomputer.com

About Trojan Killer

Carry Trojan Killer Portable on your memory stick. Be sure that you’re able to help your PC resist any cyber threats wherever you go.

Check Also

Metasploit published an exploit for BlueKeep

Metasploit developers publish exploit for BlueKeep vulnerability

Metasploit developers published an exploit for the BlueKeep vulnerability. It allows code execution and it …

Vulnerabilities in D-Link and Comba Routers

Vulnerabilities in some D-Link and Comba routers reveal credentials in format of plain text

Trustwave specialists discovered a number of vulnerabilities in D-Link and Comba Telecom routers. Bugs allow …

Leave a Reply