Delaware, USA – August 28, 2018 – The researcher under the pseudonym SandboxEscaper published on GitHub Proof-of-concept (PoC) of the new zero-day vulnerability in the Microsoft Windows task scheduler. The exploitation of this vulnerability leads to a local privilege escalation and allows a local user to gain SYSTEM privileges. Will Dormann from CERT/CC confirmed the efficiency of the PoC on a system running fully patched Windows 10 and reached out to Microsoft to solve this threat as quickly as possible, but Software Giant promises to fix this flaw only in September Update Tuesday. The vulnerability is associated with Advanced Local Procedure Call, and it is likely to be adopted by cybercriminals, as this PoC dramatically facilitates the infection of computers enabling attackers to run malware or execute malicious code on vulnerable systems. SandboxEscaper reported the publication of PoC via Twitter and deleted his account.
At the moment, there is no way to protect against this vulnerability, and all Windows users can be affected by this flaw. Before the release of the updates on September 11th, it is necessary to tighten security controls for systems running Microsoft Windows, and it is also desirable to conduct security awareness training to reduce the likelihood of infection via phishing emails with malicious attachments. SIEM tool with Windows Security Monitor rule pack can help to detect suspicious security events in the areas of access control, user management, group management and maintenance of systems and services: https://my.socprime.com/en/integrations/windows-security-monitor-arcsight