Posted on

Windows 0 Day Flaw

A privilege escalation flaw in Windows 10 was disclosed earlier this week on Twitter. The flaw allows anyone with the ability to run code on a system to elevate their privileges to “SYSTEM” level, the nearest thing that Windows has to an all-powerful superuser. This kind of security flaw enables attackers to escalate their privileges on a given system so they can more thoroughly compromise the target machine.

Microsoft has not exactly acknowledged the flaw exists; instead it offered a vague and generic statement online.

The tweet links to a GitHub repository that contains a brief article on the issue and demonstration code to exploit the flaw. The bug lies in the Task Scheduler service.. By overwriting a file that’s subsequently loaded into a SYSTEM-level process, the attacker can run code of their choosing with SYSTEM privileges. The proof of concept overwrites a file used by Window’s print spooler—Windows will then run the attacker’s code when an attempt is made to print.

Works Cited
Peter Bright – Aug 29, 2018 4:18 pm UTC. (2018, August 29). Microsoft obliquely acknowledges Windows 0-day bug published on Twitter. Retrieved August 29, 2018, from


Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.