Software developers face a daunting challenge with each new product they create. Not only does their software need to work well and accomplish what it promises to consumers, it also needs to be safe. No flaws. No gaps. No vulnerabilities within the code that hackers can exploit.
And this is not easy, of course. It’s a game of cat and mouse as hackers continuously poke holes in popular software and developers patch them as they come. This is why software companies typically need the help of software bug bounty hunters since it’s impossible to catch all the potential flaws and bugs in its products.
The worst of these bugs are what are known as “zero-day” bugs. These are previously unknown bugs that hackers are already actively exploiting.
Read on and I’ll tell you about the latest one that’s currently affecting Windows machines that can potentially let someone take over your machine.
New Windows zero-day bug revealed
A new zero-day flaw has been discovered in Windows and it can allow a local user to gain elevated administrator access and take full control of a machine.
The flaw was revealed on Twitter by a researcher who goes by the name SandboxEscaper and it has been independently verified by the United States Computer Emergency Readiness Team (US-CERT).
The bug appears to be a local privilege escalation flaw in Windows Task Scheduler. The exploit is said to be due to errors in its Advanced Local Procedure Call (ALPC) interface. With this bug, it’s possible for a local attacker to run a script to gain elevated administrator rights to a Windows machine.
According to Will Dormann, an engineer and vulnerability analyst at the CERT Coordination Center, the vulnerability exists even in a fully patched and updated Windows 10 system. However, it’s still not known if it affects other versions of Windows.
The fix will not come anytime soon
Although the flaw is now publicly known and it already has an available proof of concept attack, Microsoft may not patch the flaw until September 11, the day of Microsoft’s Patch Tuesday.
Note: Patch Tuesday is when Microsoft issues its monthly patches and updates, usually to fix various vulnerabilities and it normally falls on the second Tuesday of each month.
Here’s what a Microsoft spokesperson’s official statement to ZDNET: “Windows has a customer commitment to investigate reported security issues, and proactively update impacted devices as soon as possible. Our standard policy is to provide solutions via our current Update Tuesday schedule.”
What you can do (for now)
Since the exploit is local, there is no immediate remote threat from this flaw right now. Just be careful with other users logging in to your computer since they can install malware or change system settings with this exploit.
Publicly available computers (such as in libraries, hotels, etc.) can be exploited too, so avoid these as much as possible.
How to update Windows
Since there is no known fix or workaround to this vulnerability yet, please update your Windows machine as soon as the latest patches are released.
Most Windows machines are set to download and install updates automatically by default. If you haven’t changed your automatic update settings, then you should be fine.
But if you want to check, here’s how:
- Click Start (Windows logo)
- Go to Settings
- Go to Update & Security
- On the “Windows Update” section, click on “Advanced Options.” (Note: the “Windows Update” section is also handy for showing you updates that are currently being downloaded or applied.)
- Under “Advanced Options,” just make sure the drop down box is set to “Automatic.”