A hacker which specializes in sandbox escapes and local privilege escalation exploits has released another zero-day exploit for all versions of Windows 10 and Windows 10 Server.
The system allows a regular logged in user to elevate themselves into an admin, which would allow them full control over the server or computer.
The exploit takes advantage of a bug in Windows Task scheduler by running a malformed .job file that exploits a flaw in the way the Task Scheduler process changes DACL (discretionary access control list) permissions for an individual file.
The hacker, SandboxEscaper, has released the exploit on GitHub and is known not to warn Microsoft first. Her exploits have been used in malware before, and she says she has found 3 more local privilege escalation exploits which she intends to release later.
The exploit has been confirmed by Will Dormann, a vulnerability analyst at the CERT Coordination Center, and can be seen demonstrated in video below;
SandboxEscaper just released this video as well as the POC for a Windows 10 priv esc pic.twitter.com/IZZzVFOBZc
— Chase Dardaman (@CharlesDardaman) May 21, 2019
Microsoft is likely to patch the bug in routine Patch Tuesdays next month or the month after.