Skip to main content

Windows 10 zero-day exploit uncovered

(Image credit: Shutterstock)

Windows 10, the 32-bit version, and possibly all other Windows versions back to Windows 7 (with a few exceptions), have a zero day vulnerability which allows potential hackers to elevate their low-privileged accounts to admin status on a compromised system.

In other words, there is a way for hackers to completely take over your system, regardless of which version of Microsoft's OS you're running at the moment.

This is according to a cybersecurity researcher going by the name SandboxEscaper. He/she has published the demo exploit code on GitHub, for pretty much everyone to see.  The description in the GitHub says the vulnerability is found in the Windows Task Scheduler process.

Even though the vulnerability has only been confirmed to work on the 32-bit version of Windows 10, ZDNet was told (opens in new tab) that all other versions, all the way to Windows 7, should be vulnerable at pretty much identical the same way.

Will Dormann, a vulnerability analyst at the CERT Coordination Center, part of the US government-funded Software Engineering Institute, confirmed (opens in new tab) the exploit works against a fully patched and up-to-date version of Windows 10, 32 and 64-bit, as well as Windows Server 2016 and 2019.

So far, Windows 8 and 7 seem to be safe.

Image Credit: Shutterstock

Sead Fadilpašić
Sead Fadilpašić

Sead Fadilpašić is a freelance tech writer and journalist with more than 17 years experience writing technology-focussed news, blogs, whitepapers, reviews, and ebooks. And his work has featured in online media outlets from all over the world, including Al Jazeera Balkans (where he was a Multimedia Journalist), Crypto News, TechRadar Pro, and IT Pro Portal, where he has written news and features for over five years. Sead's experience also includes writing for inbound marketing, where he creates technology-based content for clients from London to Singapore. Sead is a HubSpot-certified content creator.