Just now, a new vulnerability was discovered in the Windows Task Scheduler by a Twitter user.
Vulnerability in the Windows Task Scheduler Was Discovered
Here is the alpc bug as 0day.
I dont fucking care about life anymore.
Neither do I ever again want to submit to MSFT anyway.
Fuck all of this shit.
Twitter user SandboxEscaper
SandboxEscaper is claimed to be tired of IT security work.
And he or she linked to a page on GitHub containing a proof-of-concept (PoC) for the vulnerability.
This local privilege escalation security flaw allows hackers to gain administrative access on Windows systems.
This vulnerability in Windows system is said to be due to errors in the handling of ALPC systems.
As I said before, the zero-day flaw allows local users to obtain system privileges.
But, the impact is not so large since ALPC is a local system.
Even though, disclosing this zero-day bug to the public is still a headache for the Redmond giant.
CERT/CC Analyst Confirms Windows Zero-day Exploit
Till now, there is no workaround for the vulnerability.
This makes it possible for a local user to gain system privileges with negligible effort.
The CERT/CC is currently unaware of a practical solution to this problem, according to the vulnerability note.
The next round of patches of Microsoft is scheduled to be issued on Sept. 11.
Therefore, users have to wait until then unless Microsoft finally decides to release a patch out of schedule.
