Windows 10 May Update Hit By Major Zero Day Vulnerability

Microsoft recently rolled out a new Windows 10 feature update. Apparently, the company ignored a major security flaw that existed in Windows 10.

The flaw was spotted in advanced Task Scheduler settings. This vulnerability allows hackers to get complete administrative privileges over your files.

A researcher named SandboxEscaper first spotted the vulnerability and posted it online. The researcher took it to Github and posted the zero-day vulnerability on the platform.

As of now, Microsoft didn’t acknowledge the security flaw within the Task Scheduler. Once the company acknowledges the bug, a security patch will be available very soon.

Surprisingly, a Twitter user revealed the zero-day vulnerability targets those Windows 10 system that recently installed Windows 10 v1903. Furthermore, the user stated that anyone can easily exploit the vulnerability. 

I can confirm that this works as-is on a fully patched (May 2019) Windows 10 x86 system. A file that is formerly under full control by only SYSTEM and TrustedInstaller is now under full control by a limited Windows user.Works quickly, and 100% of the time in my testing. pic.twitter.com/5C73UzRqQk

— Will Dormann (@wdormann) May 21, 2019

SandboxEscaper also released a video to demonstrate the proof-of-concept (POC) attack. 

SandboxEscaper just released this video as well as the POC for a Windows 10 priv esc pic.twitter.com/IZZzVFOBZc

— Chase Dardaman (@CharlesDardaman) May 21, 2019

Notably, the researcher further claims to identify 4 additional flaws in the Windows 10 OS. One of these vulnerabilities allows the exploiter to bypass the security of sandbox. Microsoft needs to act fast and patch this vulnerability before it causes some serious damage. 

SandboxEscaper previously spotted several zero-day vulnerabilities. However, the user never informed Microsoft about the issues before releasing them.

Reddit users wanted her to first notify Microsoft about the issues.

As far as the recent vulnerability is concerned, Microsoft is expected to release the necessary patches on Patch Tuesday.

Scary! Is there a reason she released it publicly? Wish she would at least notify Microsoft and give them a chance. At least these are just LPEs.

RELATED ARTICLES YOU NEED TO CHECK OUT:

• Yet another Windows zero-day vulnerability found by Kaspersky
• 5 of the best antivirus with website blocker/ web filtering

If the advices above haven’t solved your issue, your PC may experience deeper Windows problems. We recommend downloading this PC Repair tool (rated Great on TrustPilot.com) to easily address them. After installation, simply click the Start Scan button and then press on Repair All.

Still having issues? Fix them with this tool:

SPONSORED

• Cybersecuritywindows 10Windows 10 May 2019 Update

Email *

Commenting as . Not you?

Comment