Unknown zero-day vulnerability affects all Windows versions, source code offered for $90,000

by Madalina Dinita
Madalina Dinita
Madalina Dinita
Windows & Software Expert
Madalina has been a Windows fan ever since she got her hands on her first Windows XP computer. She is interested in all things technology, especially emerging technologies... read more
Affiliate Disclosure

Microsoft proudly boasts that both its Windows 10 and Edge browser are the most secure systems in the world. However, we all know there is no such thing as malware-proof software and recently discovered that even Microsoft’s latest OS and its components are vulnerable to threats.

For one, the Windows God Mode hack makes it possible for hackers to command Control Panel options and Settings, using the vulnerability as an access gate for serious malware attacks. Microsoft also warned users about a new macro trick used to activate ransomware. All this while a large swath of user continue to run unsupported Windows XP and IE versions, turning their computers into sitting ducks for hackers.

These are only a few specific examples of vulnerabilities — and the worst is yet to come. According to a recent disclosure, there is a zero-day exploit for all 32 and 64-bit versions of Windows versions. The information was revealed by a well-known user, BuggiCorp, who is also willing to sell the source-code of this exploit for $90,000. The user requests the payment to be done in Bitcoin.

Exploit for local privilege escalation (LPE) for a 0day vulnerability in win32k.sys. The vulnerability exists in the incorrect handling of window objects, which have certain properties, and [the vulnerability] exists in all OS [versions], starting from Windows 2000. [The] exploit is implemented for all OS architectures (x86 and x64), starting from Windows XP, including Windows Server versions, and up to current variants of Windows 10. The vulnerability is of “write-what-where” type, and as such allows one to write a certain value to any address [in memory], which is sufficient for a full exploit. The exploit successfully escapes from ILL/appcontainer (LOW), bypassing (more precisely: doesn’t get affected at all [by]) all existing protection mechanisms such as ASLR, DEP, SMEP, etc.

This vulnerability is extremely dangerous since it allegedly lets hackers elevate the privileges of any software process to the system level. It would be interesting to see who buys the code as anyone, from Microsoft to hackers, could do so. For the time being, there is no certainty about whether the exploit is authentic or not. Microsoft is already aware of the existence of this code, but has yet to issue any comments.


This article covers:Topics: