Microsoft Windows Task Scheduler zero-day and PoC exploit disclosed via Twitter

There’s a Windows zero-day in the wild thanks to Twitter user “SandboxEscaper” who revealed the local privilege escalation vulnerability and proof-of-concept (PoC) exploit via Twitter. The researcher, who claims to be tired of IT security work, added:

After tweeting about the local privilege escalation vulnerability in the ALPC interface for Microsoft Windows Task Scheduler, and linking to the PoC on GitHub, SandboxEscaper claimed she or he would be “gone” for a bit.

CERT/CC analyst confirms Windows zero-day exploit

Will Dormann, a vulnerability analyst at CERT/CC, tested the exploit and confirmed that it works on a fully-patched 64-bit Windows 10 system.

Dormann then published a vulnerability note on CERT: “Microsoft Windows task scheduler contains a local privilege escalation vulnerability in the Advanced Local Procedure Call (ALPC) interface, which can allow a local user to obtain SYSTEM privileges.”