The researcher SandboxEscaper has again posted a zero-day vulnerability for the Windows operating system. The new flaw pertains to local privilege escalation (LPE) and a proof of concept video has also been posted demonstrating how it works. While the exploit isn't of the sort that enables an attacker to gain access to your computer, it does demo how one could, at a later stage, gain administrator-level system privileges. If an intruder finds a way to get into your system, this LPE exploit can be used to gain access over the complete system. As the flaw is said to be a zero-day vulnerability, there’s a good chance threat actors are already in action to use it for nefarious purposes.
Microsoft recently started rolling out Windows 10 May Update 1903 so it could take some time before a fix for the LPE is made available. A vulnerability analyst at CERT/CC, Will Dormann, confirmed that the flaw is working. He tweets, “I can confirm that this works as-is on a fully patched (May 2019) Windows 10 x86 system. A file that is formerly under full control by only SYSTEM and TrustedInstaller is now under full control by a limited Windows user. Works quickly, and 100% of the time in my testing." Dormann also confirms that the vulnerability works on 64-bit Windows 10 as well. SandboxEscaper also mentions that there are four more unpatched bugs that are yet to be disclosed, three LPEs and one sandbox escape.
It is unlikely that any real fix is available for the LPE until Microsoft issues a patch but as mentioned above, it can’t be used until someone gains access to your system. The best bet right now then seems to be protecting a system from external agencies. Users should avoid downloading malicious files and keep their system up to date.
SandboxEscaper is infamous for releasing zero-day vulnerabilities. The researcher previously announced a flaw that’s capable of deleting system files and it was said to be affecting the Microsoft Data Sharing service (dssvc.dll) file, which is a local service for data exchange between applications. Exploiting the flaw, an attacker can gain admin permissions to compromise protected data on the computer. They can then delete system DLLs or replace them with malicious ones.
