Microsoft are hopefully hot to trot – as they quickly address a widely disclosed Windows 10 vulnerability that has cyber security web sites and twitter feeds lighting up like Christmas trees around the globe.
The public availability of a PoC for this privilege escalation vulnerability has created a lot of interest online and in hacker forums, and it won’t be long before we see weaponized exploits being actively used in the wild.
All it will take is an attacker using a phishing email to trick a potential victim into downloading and executing the malicious zero day code – capable of exploiting this new vulnerability. It’s text book cyber hacking stuff.
This zero-day is a serious issue, as it impacts fully patched Windows 10 systems. This basically means that pretty much ALL businesses, homes and organisations are vulnerable to it.
Information on the bug and a link to proof-of-concept code published on GitHub was posted by a security researcher who claims to be very frustrated with Microsoft’s bug submission process:
Here is the alpc bug as 0day: https://t.co/m1T3wDSvPX I don't fucking care about life anymore. Neither do I ever again want to submit to MSFT anyway. Fuck all of this shit.
— SandboxEscaper (@SandboxEscaper) August 27, 2018
The researcher’s Twitter account was no longer accessible shortly after she posted the tweet, but it’s unclear whether it was suspended or deleted. The flaw, however, has been already confirmed by security researchers, including Will Dormann (a vulnerability analyst at CERT).
The question on everyone’s cyber lips is not whether a patch will be released, but how quickly it will get released. What you do between now and then is largely what will determine your level of exposure, and how quickly you get to patch exposed systems.
Get ready to patch people!