Windows 10 May Update hit by major zero-day vulnerability

Windows & Software Expert

Milan has been enthusiastic about technology ever since his childhood days, and this led him to take interest in all PC-related technologies. He's a PC enthusiast and he... read more

Updated on June 5, 2019

960

Microsoft recently rolled out a new Windows 10 feature update. Apparently, the company ignored a major security flaw that existed in Windows 10.

The flaw was spotted in advanced Task Scheduler settings. This vulnerability allows hackers to get complete administrative privileges over your files.

A researcher named SandboxEscaper first spotted the vulnerability and posted it online. The researcher took it to Github and posted the zero-day vulnerability on the platform.

As of now, Microsoft didn’t acknowledge the security flaw within the Task Scheduler. Once the company acknowledges the bug, a security patch will be available very soon.

Surprisingly, a Twitter user revealed the zero-day vulnerability targets those Windows 10 system that recently installed Windows 10 v1903. Furthermore, the user stated that anyone can easily exploit the vulnerability.

I can confirm that this works as-is on a fully patched (May 2019) Windows 10 x86 system. A file that is formerly under full control by only SYSTEM and TrustedInstaller is now under full control by a limited Windows user.
Works quickly, and 100% of the time in my testing. pic.twitter.com/5C73UzRqQk

— Will Dormann (@wdormann) May 21, 2019

SandboxEscaper also released a video to demonstrate the proof-of-concept (POC) attack.

SandboxEscaper just released this video as well as the POC for a Windows 10 priv esc pic.twitter.com/IZZzVFOBZc

— Chase Dardaman (@CharlesDardaman) May 21, 2019

Notably, the researcher further claims to identify 4 additional flaws in the Windows 10 OS. One of these vulnerabilities allows the exploiter to bypass the security of sandbox. Microsoft needs to act fast and patch this vulnerability before it causes some serious damage.

SandboxEscaper previously spotted several zero-day vulnerabilities. However, the user never informed Microsoft about the issues before releasing them.

Reddit users wanted her to first notify Microsoft about the issues.

Scary! Is there a reason she released it publicly? Wish she would at least notify Microsoft and give them a chance. At least these are just LPEs.

As far as the recent vulnerability is concerned, Microsoft is expected to release the necessary patches on Patch Tuesday.

RELATED ARTICLES YOU NEED TO CHECK OUT:

Was this page helpful?

Start a conversation

comments

Windows 10 May Update hit by major zero-day vulnerability

Leave a Reply Cancel reply

0x80090302 iTunes Error: How to Fix It

Want to delegate a call on Teams? We’ve got some good news

Visio App on Microsoft Teams: How to set up & use

Windows End of Support: Experts Unveil Risks & Implications

You’ll be able to preview and play videos in Teams chats

Microsoft really doesn’t want you to use Chrome at all

European users will be able to uninstall Microsoft Teams Chat

How to wirelessly transfer files from PC to Android

You can now access Teams shared device license on Android