A new Windows 10 zero-day flaw has surfaced online which is a part of the Windows Task Scheduler and could allow an attacker to obtain system privileges.
The latest Windows 10 zero-day flaw has rather strangely found its way online and was released on Twitter by a retired vulnerability researcher which goes by the handle SandboxEscaper.
The post also includes proof-of-concept (POC) posted on GitHub and it is described by the CERT Coordination Center (CERT/CC) advisory as a local privilege escalation vulnerability in the Advanced Local Procedure Call (ALPC) interface.
Will Dormann, vulnerability analyst for CERT/CC, noted in an advisory that they have confirmed that the public exploit code works on Windows 10 64-bit and Windows Server 2016 systems, adding that the compatibility with other Windows versions may be possible with some amount of modification, even on 32-bit systems.
What makes the situation even worse is that the exploit was posted on Twitter without any notice to Microsoft, which means that there is no patch in sight, at least so far.
While such exploits are considered a risk but not sever, since the Task Scheduler Windows 10 zero-day exploit requires local access, or somehow trick a user to download and run a malicious program, the latest flaw allows malware to take complete control after the malware has been loaded as otherwise it would depend on users clicking through access control alerts or entering administration credentials.
The latest POC code, which is now publicly available on GitHub, also changes the risk profile for the Windows 10 zero-day vulnerability, and currently, since there is no patch, security advisors say that it is advisable to monitor suspicious activity from Task Scheduler.
Unfortunately, Microsoft still did not provide any official details or any details when a possible patch could be coming. On a similar note, 0patch has released an unofficial fix which you can find over at their website.