Windows 10 May Update hit by major zero-day vulnerability

2 min. read

Updated on June 5, 2019

updated on June 5, 2019

Readers help support Windows Report. We may get a commission if you buy through our links.

Microsoft recently rolled out a new Windows 10 feature update. Apparently, the company ignored a major security flaw that existed in Windows 10.

The flaw was spotted in advanced Task Scheduler settings. This vulnerability allows hackers to get complete administrative privileges over your files.

A researcher named SandboxEscaper first spotted the vulnerability and posted it online. The researcher took it to Github and posted the zero-day vulnerability on the platform.

As of now, Microsoft didn’t acknowledge the security flaw within the Task Scheduler. Once the company acknowledges the bug, a security patch will be available very soon.

Surprisingly, a Twitter user revealed the zero-day vulnerability targets those Windows 10 system that recently installed Windows 10 v1903. Furthermore, the user stated that anyone can easily exploit the vulnerability.

I can confirm that this works as-is on a fully patched (May 2019) Windows 10 x86 system. A file that is formerly under full control by only SYSTEM and TrustedInstaller is now under full control by a limited Windows user.
Works quickly, and 100% of the time in my testing. pic.twitter.com/5C73UzRqQk

— Will Dormann (@wdormann) May 21, 2019

SandboxEscaper also released a video to demonstrate the proof-of-concept (POC) attack.

SandboxEscaper just released this video as well as the POC for a Windows 10 priv esc pic.twitter.com/IZZzVFOBZc

— Chase Dardaman (@CharlesDardaman) May 21, 2019

Notably, the researcher further claims to identify 4 additional flaws in the Windows 10 OS. One of these vulnerabilities allows the exploiter to bypass the security of sandbox. Microsoft needs to act fast and patch this vulnerability before it causes some serious damage.

SandboxEscaper previously spotted several zero-day vulnerabilities. However, the user never informed Microsoft about the issues before releasing them.

Reddit users wanted her to first notify Microsoft about the issues.

Scary! Is there a reason she released it publicly? Wish she would at least notify Microsoft and give them a chance. At least these are just LPEs.

As far as the recent vulnerability is concerned, Microsoft is expected to release the necessary patches on Patch Tuesday.

RELATED ARTICLES YOU NEED TO CHECK OUT:

Yet another Windows zero-day vulnerability found by Kaspersky
5 of the best antivirus with website blocker/ web filtering

More about the topics: Cybersecurity, windows 10, Windows 10 May 2019 Update

Milan Stanojevic

Windows Toubleshooting Expert

Milan has been enthusiastic about technology ever since his childhood days, and this led him to take interest in all PC-related technologies. He's a PC enthusiast and he spends most of his time learning about computers and technology. Before joining WindowsReport, he worked as a front-end web developer. Now, he's one of the Troubleshooting experts in our worldwide team, specializing in Windows errors & software issues.