UPDATED to add that SandboxEscaper has posted two more local-privilege-escalation vulnerabilities on GitHub.
Microsoft's Windows 10 is suffering from a serious security issue, according to a new report.
A security researcher who goes by the handle SandboxEscaper published code to GitHub that allegedly shows how a malicious hacker can gain higher privileges on a Windows 10 machine and wreak havoc. The security vulnerability was earlier reported on by ZDNet.
The zero-day vulnerability is what's called a "local privilege escalation." That means that the vulnerability won't necessarily allow hackers or malware to gain access to your machine. They have to already be on your machine. Instead, the vulnerability, when exploited, will give them full control over your machine by upping their privileges to the System level.
This is a bigger problem than it seems, because most malware can be constrained by the limits of the user account it has infected. Privilege escalation busts out of that straitjacket and gives even low-level malware godlike powers.
SandboxEscaper discovered the vulnerability in Microsoft's Windows Task Scheduler. An attacker can create a malicious .job file, then delete it, then point to a kernel-level driver file from where the deleted file was, then recreate the task to sneak a low-privilege process into the system kernel.
This effectively gives the attacker system privileges over the entire machine and the opportunity to do what he, she or it wants on the computer. You can watch a video demonstration of the attack here on Twitter.
SandboxEscaper tested this only on 32-bit Windows 10, but security researcher Will Dormann got it working on 64-bit Windows 10 as well. ZDNet's Catalin Cimpanu said he had been told, without citing sources, that a bit of tweaking could run the attack successfully on all versions of Windows back to XP, although Dormann said his attempts had failed on Windows 7 and Windows 8.
The problem with zero-day vulnerabilities, of course, is that you don't really have any way of protecting yourself until Microsoft patches the bug. Until then, it's open season on Windows users. It's unclear whether the Windows 10 vulnerability has yet been exploited in the wild, but since the details are out there for anyone to see, that should just be a matter of time.
SandboxEscaper is known for revealing vulnerabilities before telling Microsoft. It's unknown when, or even if, Microsoft will respond with a patch, though the company's next Patch Tuesday is scheduled for June 11.
UPDATE: SandboxEscaper added two more local-privilege-escalation flaws to GitHub early May 22. One, called "angrypolarbearbug2," appears to be a difficult-to-reproduce race condition that works only on certain pieces of hardware. We're not quite clear on what the other one, called just "sandboxescape," does, but it involves injects code into Internet Explorer 11 to grant sandbox escapes to remote attackers.