Disgruntled Security Researcher discloses Zero-Day vulnerability.
28 Aug 2018; A security researcher known as “SandboxEscaper”, apparently frustrated at trying to communicate a Zero Day exploit to Microsoft’s “Report a Computer Security Vulnerability” service today released Proof of Concept (POC) details of the vulnerability on GitHub. GitHub is used mainly by software developers.
Vulnerable is the Windows Task Scheduler. A second security researcher has confirmed that this exploit works well even on a fully patched 64-bit Windows 10 system.
Normally exploits are disclosed to the software developer and not publicised. In most cases this gives the manufacturer time to develop and release a patch to fix the vulnerability.
Microsoft is likely to release a patch in next month’s patch Tuesday, scheduled September 11th.
Be real careful until then, and make sure you don't skip patching.
Back...