A zero-day vulnerability in Windows 10 has just been made public, and its a hole that could potentially be exploited to take control of your PC.The security flaw was revealed by Twitter user SandboxEscaper in controversial fashion more on that later and its a privilege escalation bug (with a proof of concept provided).CERT/CC (the US cybersecurity organization which looks to counter emerging threats) has confirmed that this vulnerability can be leveraged against a 64-bit Windows 10 PC which has been fully patched up to date, as The Register reports.It offers a route to gain local privilege escalation, as mentioned, meaning a malicious party could hijack the PC, but the good news such as it is is that its a local bug, so the attacker would have to be already logged into the PC to exploit it, or be running code on the machine.However, the latter means theres the potential avenue of getting a user to download a malicious app, and infecting the PC that way, of course.
So this isnt something that should fly under your radar as ever, be careful what you download, and where you download it from.Colorful revelationSandboxEscaper revealed the bug using, shall we say, colorful language, so we wont reproduce the tweet here, but assuming youre not offended by profanity, you can check it out.Suffice it to say it seems that someone got frustrated with Microsofts procedures for submitting bugs and vulnerabilities, and decided just to go ahead and publicly out the vulnerability instead.
SandboxEscaper now seems to regret her actions, though, as she subsequently tweeted: I screwed up, not MSFT (they are actually a cool company).
Depression sucks.On its part, Microsoft has declared that it will proactively update impacted devices as soon as possible, so that means a patch is doubtless in the works, although the software giant hasnt deemed it necessary to release any kind of emergency fix for this issue.
We can probably expect the cure for the flaw to arrive in next months round of security updates.Meanwhile, in other security-related news, last week Microsoft deployed a fresh batch of Intels microcode updates for Windows 10 which defend against the recently discovered Foreshadow vulnerability (and further variants of Spectre).