In late May, an information security specialist, known under the pseudonym SandboxEscaper, published in open access exploits for a number of unresolved issues in Windows.
One of the vulnerabilities was local privilege escalation in Windows 10, which does not allow an attacker to penetrate the system, but allows it to gain a foothold in it and develop the already started attack further. The problem is related to the work of the Task Scheduler (Windows Task Scheduler): an attacker can run a malicious .job file and use the bug to make changes to the DACL (discretionary access control list). As a result, the attacker will be able to control files destined for SYSTEM and TrustedInstaller.
According to CERT/CC analysts, SandboxEscaper exploit is 100% suitable for x86 systems, but for x64 it will have to be recompiled.
Since there is no news of Microsoft yet, specialists for ACROS Security, which is developing the 0patch solution, prepared a micropatch for the vulnerability. This platform is designed specifically for such situations, that is, fixes 0-day and other unpatched vulnerabilities, to support products that are no longer supported by manufacturers, custom software, and so on.
Currently, the fix is ready for 32-bit Windows 10 (1809) systems, 64-bit Windows 10 (1809) systems, and Windows Server 2019.
Thinking about protection your data and infrastructure? There are security services you may be interested in. Give us a call and book an on-site consultation, it is free!