Skip to main content

Windows 10 zero-day exploit uncovered

(Image credit: Shutterstock)

Windows 10, the 32-bit version, and possibly all other Windows versions back to Windows 7 (with a few exceptions), have a zero day vulnerability which allows potential hackers to elevate their low-privileged accounts to admin status on a compromised system.

In other words, there is a way for hackers to completely take over your system, regardless of which version of Microsoft's OS you're running at the moment.

This is according to a cybersecurity researcher going by the name SandboxEscaper. He/she has published the demo exploit code on GitHub, for pretty much everyone to see.  The description in the GitHub says the vulnerability is found in the Windows Task Scheduler process.

Even though the vulnerability has only been confirmed to work on the 32-bit version of Windows 10, ZDNet was told that all other versions, all the way to Windows 7, should be vulnerable at pretty much identical the same way.

Will Dormann, a vulnerability analyst at the CERT Coordination Center, part of the US government-funded Software Engineering Institute, confirmed the exploit works against a fully patched and up-to-date version of Windows 10, 32 and 64-bit, as well as Windows Server 2016 and 2019.

So far, Windows 8 and 7 seem to be safe.

Image Credit: Shutterstock