A couple of days back, I wrote about a Security Researcher, that goes by the handle SandboxEscaper, that disclosed a serious Windows bug and proof of concept code to exploit it via Twitter. The bug was found in the Windows Task Scheduler’s Advanced Local Procedure Call (ALPC) interface and the proof of concept code could be used to exploit it to allow a local user to gain system level privileges on Windows 10 x64 systems. That code was later validated and then modified to work on 32-bit Windows 10 systems and Windows Server 2016 as well. ACROS identified a couple of instances where Microsoft’s code made impersonation calls in the wrong order during some permission-setting functions (this is a vastly simplified explanation) and by remedying those issues, the proof of concept code no longer worked. It works by patching running processes using function hooks without any downtime or reboots.

Source: Forbes August 31, 2018 22:41 UTC