Microsoft Windows zero-day vulnerability disclosed through Twitter
نوشته شده توسط : jiajiasnow

Microsoft has quickly reacted with the disclosure of a previously unknown zero-day vulnerability within your Windows operating system.

On Monday, Twitter user SandboxEscaper revealed a good the bug concerning the microblogging platform. As reported by the Register, users said:

"Here may possibly be the alpc bug as 0day. I don't f**king care about life anymore. Neither need to ever again want to submit to MSFT anyway. F**k considerable time shit."

The buyer linked to an internet site on GitHub which is contain a proof-of-concept (PoC) for a vulnerability.

Right after the disclosure, on Tuesday, Will Dormann, vulnerability analyst at CERT/CC verified the bug, adding that a zero-day flaw works "well from a fully-patched 64-bit Windows 10 system."

The Windows vulnerability is termed a local privilege escalation security flaw on the Microsoft Windows task scheduler a result from errors at the handling of Advanced Local Procedure Call (ALPC) systems.

If exploited, the zero-day bug permits local users to purchase system privileges. As ALPC is regarded as a local system, the outcome is limited, however, the public disclosure on the zero-day is still likely a headache for the Redmond giant.

There isn't known workarounds on your vulnerability, which was awarded a CVSS score of 6.4 -- 6.8.

SandboxEscaper's tweet has since been deleted. However, Microsoft has acknowledged the zero-day flaw.

Truly likely to manifest on September 11, your next scheduled Microsoft Patch Tuesday, unless the firm decides to issue an out-of-schedule patch.

Update 16.28 BST: A Microsoft spokesperson told Softwareonlinedeal:

"Windows does have a customer deal with investigate reported security issues, and proactively update impacted devices at the earliest opportunity. Our standard policy shall be to provide solutions via our current Update Tuesday schedule."

Update 17.38 BST: It would appear that the discoverer with the vulnerability are going to have attempted to sell or even enquire about selling the zero-day vulnerability recently. A Reddit user with just one name, SandboxEscaper, posted numerous times on Reddit asking about "selling Windows 0days." However, in the time writing, the posts appear to have been deleted.





:: بازدید از این مطلب : 717
|
امتیاز مطلب : 0
|
تعداد امتیازدهندگان : 0
|
مجموع امتیاز : 0
تاریخ انتشار : سه شنبه 6 شهريور 1397 | نظرات ()
مطالب مرتبط با این پست
لیست
می توانید دیدگاه خود را بنویسید


نام
آدرس ایمیل
وب سایت/بلاگ
:) :( ;) :D
;)) :X :? :P
:* =(( :O };-
:B /:) =DD :S
-) :-(( :-| :-))
نظر خصوصی

 کد را وارد نمایید:

آپلود عکس دلخواه: