STE WILLIAMS

It’s not bad enough to take Microsoft out-of-cycle, but CERT/CC has just put out a warning of a new privilege escalation bug in Windows.

According to the Tweet that set the hounds running, it’s a zero-day with a proof-of-concept at GitHub:

Here is the alpc bug as 0day: https://t.co/m1T3wDSvPX I don’t fucking care about life anymore. Neither do I ever again want to submit to MSFT anyway. Fuck all of this shit.

— SandboxEscaper (@SandboxEscaper) August 27, 2018

CERT/CC vulnerability analyst Phil Dormann quickly verified the bug, Tweeting: “I’ve confirmed that this works well in a fully-patched 64-bit Windows 10 system. LPE right to SYSTEM!” (LPE – local privilege escalation – El Reg).

CERT/CC has finished its more formal investigation, and has just posted a vulnerability note.

“Microsoft Windows task scheduler contains a vulnerability in the handling of ALPC, which can allow a local user to gain SYSTEM privileges”, the advisory stated.

ALPC, Advanced Local Procedure Call, restricts the impact somewhat, since it’s a local bug.

However, it opens an all-too-familiar attack vector: if an attacker can get a target to download and run an app, local privilege escalation gets the malware out of the user context up to (in this case) system privilege. Ouch.

The vulnerability note says: “The CERT/CC is currently unaware of a practical solution to this problem.”

Responding to The Register’s e-mail inquiry, a Microsoft spokesperson it will “proactively update impacted advices as soon as possible”, and pointed to its Update Tuesday schedule. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2018/08/28/windows_0day_pops_up_out_of_span_classstrikenowherespan_twitter/