Windows 10 vulnerability disclosed by security researcher, posts exploit code to GitHub

The vulnerability arises from the Windows Task Scheduler, wherein the hacker can run a specific .job file.

While Microsoft announced the latest Windows 10 May 2019 Update which included a host of new improvements and features, a security researcher has disclosed a new zero-day vulnerability that may be used to execute a malicious attack.

Windows 10 vulnerability disclosed by security researcher, posts exploit code to GitHub

Windows 10 with Redstone 4. Image: Microsoft

For those unfamiliar with the terminology, a zero-day vulnerability happens to be a vulnerability that is unknown to the developer of the software/hardware, which in this case happens to be Microsoft. As per a report by ZDNetsecurity researcher SandboxEscaper has published the exploit code on Github and also made public a video which showed how the vulnerability can be exploited.

SandboxEscaper explained that the exploit by itself cannot be used to access user computers but it can be used in conjunction with other methods to make the exploit quite lethal. The vulnerability arises from the Windows Task Scheduler, wherein the hacker can run a specific .job file within the Task Scheduler to grant himself administrator privileges. There is no word on when a patch for this exploit will be released by Microsoft.

In more news regarding Windows, the 21 May cumulative update called as  KB4497934 has introduced a functionality which stops automatic feature updates and instead gives you the option to download it manually when you have the time.

The new feature update gets a new box on the Windows Update page, with a 'Download and install' link below it.

Tech2 is now on WhatsApp. For all the buzz on the latest tech and science, sign up for our WhatsApp services. Just go to Tech2.com/Whatsapp and hit the Subscribe button.

Loading...





also see

science