Microsoft Windows task manager contains local privilege escalation vulnerability

By on
Microsoft Windows task manager contains local privilege escalation vulnerability

A vulnerability in Microsoft Windows task manager could allow a local user to gain elevated (SYSTEM) privileges.  

The privilege escalation vulnerability is in the task manager's Advanced Local Procedure Call (ALPC) interface and can allow a local user to obtain SYSTEM privileges, according to the 27 August Cert advisory.

“Microsoft Windows task scheduler contains a vulnerability in the handling of ALPC, which can allow a local user to gain SYSTEM privileges,” the advisory said. “We have confirmed that the public exploit code works on 64-bit Windows 10 and Windows Server 2016 systems.”

There is currently no practical solution to address the vulnerability.

Justin Jett, director of audit and compliance for Plixer told SC Media the vulnerability signals a need to be extra vigilant regarding network users' behavior.

“The PoC released by “researcher” SandboxEscaper on Twitter gives malicious actors leverage needed to break into organisations to steal valuable information,” Jett said.

“Network traffic analytics should continue to be used to detect anomalous traffic going across the network and to spot where users are behaving in a way that they historically don't.”

Jett added that such behavior could be a strong indicator that the glitch may already have been actively exploited. Ultimately, he said, will have to wait for Microsoft's response to the vulnerability but stressed that if they were to wait until the scheduled 11 September Patch Tuesday release, threat actors would have a two-week window to exploit the vulnerability.

This article originally appeared at scmagazineus.com

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition
Tags:

Most Read Articles

You must be a registered member of CRN to post a comment.
| Register

Poll

What's your reaction to Microsoft shifting Azure prices into $US?
Upset that we'll pay more
We'll manage it, but wish prices were consistent
Not a problem - we already purchase in $US
We'll move to other clouds
View poll archive

Log In

Username / Email:
Password:
  |  Forgot your password?